Improved Optical Document Security Techniques Based on Volume Holography and Lippmann Photography

Science.gov (United States)

Bjelkhagen, Hans I.

Optical variable devices (OVDs), such as holograms, are now common in the field of document security. Up until now mass-produced embossed holograms or other types of mass-produced OVDs are used not only for banknotes but also for personalized documents, such as passports, ID cards, travel documents, driving licenses, credit cards, etc. This means that identical OVDs are used on documents issued to individuals. Today, there is need for a higher degree of security on such documents and this chapter covers new techniques to make improved mass-produced or personalized OVDs.

Fluor Daniel Hanford contract standards/requirements identification document

Energy Technology Data Exchange (ETDEWEB)

Bennett, G.L.

1997-04-24

This document, the Standards/Requirements Identification Document (S/RID) for the Fluor Daniel Hanford Contract, represents the necessary and sufficient requirements to provide an adequate level of protection of the worker, public health and safety, and the environment.

Fluor Daniel Hanford company standards requirements identification document

International Nuclear Information System (INIS)

Bennett, G.L.

1997-01-01

This document, the Standards/Requirements Identification Document (S/RID) for the Fluor Daniel Hanford Contract, represents the necessary and sufficient requirements to provide an adequate level of protection of the worker, public health and safety, and the environment

Identification of the Level of Financial Security of an Insurance Company

Directory of Open Access Journals (Sweden)

Kozmenko Serhiy M.

2014-02-01

Full Text Available The article is devoted to theoretical and practical aspects of identification of financial security of the insurer. The article justifies urgency of identification of the level of financial security of the insurer and its qualitative assessment. It offers a scientific and methodical approach to identification of the level of financial security of the insurer on the basis of the conducted analysis of advantages and shortcomings of the existing approaches. The basis of the developed methods is a generalised assessment of the level of financial security of the insurer, which is offered to be carried out on the basis of calculation of statistical and dynamic integral indicators of financial security of the insurance company. The obtained integral assessments allow making a conclusion about efficiency of the selected strategy of the insurer and its ability to oppose to negative influence of threats to financial security. Results of calculation of integral indicators of financial security of the insurer allow identification of influence of fraud as the main threat to financial security of domestic insurance companies. The proposed approach was realised in practice of Ukrainian insurers and proved its efficiency.

Identification of Strategies to Leverage Public and Private Resources for National Security Workforce Development

Energy Technology Data Exchange (ETDEWEB)

None

2009-02-01

This report documents the identification of strategies to leverage public and private resources for the development of an adequate national security workforce as part of the National Security Preparedness Project (NSPP).There are numerous efforts across the United States to develop a properly skilled and trained national security workforce. Some of these efforts are the result of the leveraging of public and private dollars. As budget dollars decrease and the demand for a properly skilled and trained national security workforce increases, it will become even more important to leverage every education and training dollar. The leveraging of dollars serves many purposes. These include increasing the amount of training that can be delivered and therefore increasing the number of people reached, increasing the number and quality of public/private partnerships, and increasing the number of businesses that are involved in the training of their future workforce.

Security guide for subcontractors

Energy Technology Data Exchange (ETDEWEB)

Adams, R.C.

1991-01-01

This security guide of the Department of Energy covers contractor and subcontractor access to DOE and Mound facilities. The topics of the security guide include responsibilities, physical barriers, personnel identification system, personnel and vehicular access controls, classified document control, protecting classified matter in use, storing classified matter repository combinations, violations, security education clearance terminations, security infractions, classified information nondisclosure agreement, personnel security clearances, visitor control, travel to communist-controlled or sensitive countries, shipment security, and surreptitious listening devices.

Biometric National Identification Number Generation for Secure ...

African Journals Online (AJOL)

Biometric National Identification Number Generation for Secure Network Authentication Based Fingerprint. ... Username, Password, Remember me, or Register ... In this paper an authentication based finger print biometric system is proposed ...

Vulnerability Identification Errors in Security Risk Assessments

OpenAIRE

Taubenberger, Stefan

2014-01-01

At present, companies rely on information technology systems to achieve their business objectives, making them vulnerable to cybersecurity threats. Information security risk assessments help organisations to identify their risks and vulnerabilities. An accurate identification of risks and vulnerabilities is a challenge, because the input data is uncertain. So-called ’vulnerability identification errors‘ can occur if false positive vulnerabilities are identified, or if vulnerabilities remain u...

A security review of proximity identification based smart cards

CSIR Research Space (South Africa)

Lefophane, S

2015-03-01

Full Text Available International Conference on Cyber warfare and Security, Mpumalanga, Kruger National Park, South Africa, 24-25 March 2015 A SECURITY REVIEW OF PROXIMITY IDENTIFICATION BASED SMART CARDS S.Lefophane, J. Van der Merwe Modelling and Digital Science: CSIR...

Integration of holography into the design of bank notes and security documents

Science.gov (United States)

Dunn, Paul

2000-10-01

The use of holograms and other diffractive optically variable devices have been used successfully in the fight against counterfeiting of security documents for several years. More recently they have become globally accepted as a key security feature on banknotes as reflected in their prime use on the Euronotes to be issues in 2002. The success of the design and origination of these images depends upon their strong visual appeal, their overt and covert content and the ability to offer unique features that provides an extremely difficult barrier for the would be counterfeiter to overcome. The basic design principles both for banknote and general security print application are discussed in this review document. TO be effective as a security device the image must be fit for the purpose. This means that the image must contain the level of overt and covert features that are easy to recognize, containing high level security features and form part of an educational program aimed at the product user and specifically trained security personnel. More specifically it must meet a clearly defined performance criteria.

24 CFR 5.216 - Disclosure and verification of Social Security and Employer Identification Numbers.

Science.gov (United States)

2010-04-01

... Social Security and Employer Identification Numbers. 5.216 Section 5.216 Housing and Urban Development...; WAIVERS Disclosure and Verification of Social Security Numbers and Employer Identification Numbers; Procedures for Obtaining Income Information Disclosure and Verification of Social Security Numbers and...

Efficient and Provable Secure Pairing-Free Security-Mediated Identity-Based Identification Schemes

Directory of Open Access Journals (Sweden)

Ji-Jian Chin

2014-01-01

Full Text Available Security-mediated cryptography was first introduced by Boneh et al. in 2001. The main motivation behind security-mediated cryptography was the capability to allow instant revocation of a user’s secret key by necessitating the cooperation of a security mediator in any given transaction. Subsequently in 2003, Boneh et al. showed how to convert a RSA-based security-mediated encryption scheme from a traditional public key setting to an identity-based one, where certificates would no longer be required. Following these two pioneering papers, other cryptographic primitives that utilize a security-mediated approach began to surface. However, the security-mediated identity-based identification scheme (SM-IBI was not introduced until Chin et al. in 2013 with a scheme built on bilinear pairings. In this paper, we improve on the efficiency results for SM-IBI schemes by proposing two schemes that are pairing-free and are based on well-studied complexity assumptions: the RSA and discrete logarithm assumptions.

Efficient and provable secure pairing-free security-mediated identity-based identification schemes.

Science.gov (United States)

Chin, Ji-Jian; Tan, Syh-Yuan; Heng, Swee-Huay; Phan, Raphael C-W

2014-01-01

Security-mediated cryptography was first introduced by Boneh et al. in 2001. The main motivation behind security-mediated cryptography was the capability to allow instant revocation of a user's secret key by necessitating the cooperation of a security mediator in any given transaction. Subsequently in 2003, Boneh et al. showed how to convert a RSA-based security-mediated encryption scheme from a traditional public key setting to an identity-based one, where certificates would no longer be required. Following these two pioneering papers, other cryptographic primitives that utilize a security-mediated approach began to surface. However, the security-mediated identity-based identification scheme (SM-IBI) was not introduced until Chin et al. in 2013 with a scheme built on bilinear pairings. In this paper, we improve on the efficiency results for SM-IBI schemes by proposing two schemes that are pairing-free and are based on well-studied complexity assumptions: the RSA and discrete logarithm assumptions.

New OVDs for Personalized Documents Based on Color Holography and Lippmann Photography

Science.gov (United States)

Bjelkhagen, Hans I.

Optical variable devices (OVDs), such as holograms, are now common in the field of document security. Up until now mass-produced embossed holograms or other types of mass-produced OVDs are used not only for banknotes but also for personalized documents, such as passports, identification cards, travel documents, driving licenses, credit cards, etc. This means that identical OVDs are used on documents issued to individuals. Today, there is a need for a higher degree of security on such documents and this chapter covers new techniques to make personalized OVDs.

24 CFR 242.68 - Disclosure and verification of Social Security and Employer Identification Numbers.

Science.gov (United States)

2010-04-01

... Social Security and Employer Identification Numbers. 242.68 Section 242.68 Housing and Urban Development... Requirements § 242.68 Disclosure and verification of Social Security and Employer Identification Numbers. The requirements set forth in 24 CFR part 5, regarding the disclosure and verification of Social Security Numbers...

Program Management at the National Nuclear Security Administration Office of Defense Nuclear Security: A Review of Program Management Documents and Underlying Processes

International Nuclear Information System (INIS)

Madden, Michael S.

2010-01-01

The scope of this paper is to review the National Nuclear Security Administration Office of Defense Nuclear Security (DNS) program management documents and to examine the underlying processes. The purpose is to identify recommendations for improvement and to influence the rewrite of the DNS Program Management Plan (PMP) and the documentation supporting it. As a part of this process, over 40 documents required by DNS or its stakeholders were reviewed. In addition, approximately 12 other documents produced outside of DNS and its stakeholders were reviewed in an effort to identify best practices. The complete list of documents reviewed is provided as an attachment to this paper.

Script Identification from Printed Indian Document Images and Performance Evaluation Using Different Classifiers

OpenAIRE

Sk Md Obaidullah; Anamika Mondal; Nibaran Das; Kaushik Roy

2014-01-01

Identification of script from document images is an active area of research under document image processing for a multilingual/ multiscript country like India. In this paper the real life problem of printed script identification from official Indian document images is considered and performances of different well-known classifiers are evaluated. Two important evaluating parameters, namely, AAR (average accuracy rate) and MBT (model building time), are computed for this performance analysi...

36 CFR 1254.76 - What procedures do I follow to copy formerly national security-classified documents?

Science.gov (United States)

2010-07-01

... to copy formerly national security-classified documents? 1254.76 Section 1254.76 Parks, Forests, and Public Property NATIONAL ARCHIVES AND RECORDS ADMINISTRATION PUBLIC AVAILABILITY AND USE USING RECORDS... § 1254.76 What procedures do I follow to copy formerly national security-classified documents? (a) We...

High level waste storage tanks 242-A evaporator standards/requirement identification document

International Nuclear Information System (INIS)

Biebesheimer, E.

1996-01-01

This document, the Standards/Requirements Identification Document (S/RIDS) for the subject facility, represents the necessary and sufficient requirements to provide an adequate level of protection of the worker, public health and safety, and the environment. It lists those source documents from which requirements were extracted, and those requirements documents considered, but from which no requirements where taken. Documents considered as source documents included State and Federal Regulations, DOE Orders, and DOE Standards

Safeguarding critical e-documents implementing a program for securing confidential information assets

CERN Document Server

Smallwood, Robert F

2012-01-01

Practical, step-by-step guidance for corporations, universities and government agencies to protect and secure confidential documents and business records Managers and public officials are looking for technology and information governance solutions to "information leakage" in an understandable, concise format. Safeguarding Critical E-Documents provides a road map for corporations, governments, financial services firms, hospitals, law firms, universities and other organizations to safeguard their internal electronic documents and private communications.Provides practical, step-by-step guidance o

Asset Identification for Security Risk Assessment in Web Applications

OpenAIRE

Hisham M. Haddad; Brunil D. Romero

2009-01-01

As software applications become more complex they require more security, allowing them to reach an appropriate level of quality to manage information, and therefore achieving business objectives. Web applications represent one segment of software industry where security risk assessment is essential. Web engineering must address new challenges to provide new techniques and tools that guarantee high quality application development. This work focuses asset identification, the initial step in sec...

Job security and work performance in Chinese employees: The mediating role of organisational identification.

Science.gov (United States)

Ma, Bing; Liu, Shanshi; Liu, Donglai; Wang, Hongchun

2016-04-01

This research focuses on investigating whether organisational identification mediates the effects of job security on in-role behaviour and extra-role behaviour and how these mediation mechanisms differ according to gender. Through analysing 212 supervisor-subordinate dyads from a Chinese air transportation group, the research indicated that organisational identification partially mediated the effect of job security on in-role behaviour and fully mediated the effect of job security on extra-role behaviour. A multi-group analysis also showed that there were significant differences between male and female employees in these relationships. In addition, moderated mediation analyses showed that gender moderated the indirect effects of job security on in-role behaviour and extra-role behaviour through organisational identification. Limitations and implications of these findings are discussed. © 2015 International Union of Psychological Science.

Authentication systems for securing clinical documentation workflows. A systematic literature review.

Science.gov (United States)

Schwartze, J; Haarbrandt, B; Fortmeier, D; Haux, R; Seidel, C

2014-01-01

Integration of electronic signatures embedded in health care processes in Germany challenges health care service and supply facilities. The suitability of the signature level of an eligible authentication procedure is confirmed for a large part of documents in clinical practice. However, the concrete design of such a procedure remains unclear. To create a summary of usable user authentication systems suitable for clinical workflows. A Systematic literature review based on nine online bibliographic databases. Search keywords included authentication, access control, information systems, information security and biometrics with terms user authentication, user identification and login in title or abstract. Searches were run between 7 and 12 September 2011. Relevant conference proceedings were searched manually in February 2013. Backward reference search of selected results was done. Only publications fully describing authentication systems used or usable were included. Algorithms or purely theoretical concepts were excluded. Three authors did selection independently. DATA EXTRACTION AND ASSESSMENT: Semi-structured extraction of system characteristics was done by the main author. Identified procedures were assessed for security and fulfillment of relevant laws and guidelines as well as for applicability. Suitability for clinical workflows was derived from the assessments using a weighted sum proposed by Bonneau. Of 7575 citations retrieved, 55 publications meet our inclusion criteria. They describe 48 different authentication systems; 39 were biometric and nine graphical password systems. Assessment of authentication systems showed high error rates above European CENELEC standards and a lack of applicability of biometric systems. Graphical passwords did not add overall value compared to conventional passwords. Continuous authentication can add an additional layer of safety. Only few systems are suitable partially or entirely for use in clinical processes. Suitability

The Need for an Implant Identification Card at Airport Security Check.

Science.gov (United States)

Ali, Erden; Kosuge, Dennis; MacDowell, Andrew

2017-06-01

Joint replacement surgery is having an increasing demand as national healthcare systems confront an ever ageing population. Surgical complications associated with lower limb arthroplasty are well known but less investigation has been performed examining its effect on air travel, more specifically, unwanted and significant inconvenience caused to travelers going through airport security. In lower limb arthroplasty clinics, 50 patients who met our selection criteria were given questionnaires. Ten airport security officers from 4 international airports (London Stansted, London Gatwick, London Heathrow, and Amsterdam Schiphol International Airport) were also given a separate questionnaire. The opinion of the Civil Aviation Authority was also sought. All 50 patients (mean age, 70.4 years; range, 55 to 84 years) who were presenting in lower limb arthroplasty clinics and who met our selection criteria volunteered to enter the study. Twenty-eight of these patients were female (mean age, 69.1 years; range, 55 to 84 years) and 22 were male (mean age, 71.2 years; range, 58 to 81 years). Of the patients, 14% stated that their joint replacements did not set off the airport security alarm. Responses were received from 10 airport security officers as well. Six airport security officers were male and 4 were female. All of the airport officers were aware of some form of implant identification card with 90% stating that these were useful to them at airport security. Eight-four percent of the patients stated that an implant identification card outlining what joint replacement they possessed and when this had been done would be very useful. Sixteen percent of the patients did not think a card would be beneficial since all of them had set off the airport alarm system only once or less in their lifetime. It is the opinion of airport security officers and patients that joint replacement implant identification cards streamline airport security checks and decrease the need for more

24 CFR 5.218 - Penalties for failing to disclose and verify Social Security and Employer Identification Numbers.

Science.gov (United States)

2010-04-01

... and verify Social Security and Employer Identification Numbers. 5.218 Section 5.218 Housing and Urban... REQUIREMENTS; WAIVERS Disclosure and Verification of Social Security Numbers and Employer Identification Numbers; Procedures for Obtaining Income Information Disclosure and Verification of Social Security...

DOE Integrated Safeguards and Security (DISS) historical document archival and retrieval analysis, requirements and recommendations

Energy Technology Data Exchange (ETDEWEB)

Guyer, H.B.; McChesney, C.A.

1994-10-07

The overall primary Objective of HDAR is to create a repository of historical personnel security documents and provide the functionality needed for archival and retrieval use by other software modules and application users of the DISS/ET system. The software product to be produced from this specification is the Historical Document Archival and Retrieval Subsystem The product will provide the functionality to capture, retrieve and manage documents currently contained in the personnel security folders in DOE Operations Offices vaults at various locations across the United States. The long-term plan for DISS/ET includes the requirement to allow for capture and storage of arbitrary, currently undefined, clearance-related documents that fall outside the scope of the ``cradle-to-grave`` electronic processing provided by DISS/ET. However, this requirement is not within the scope of the requirements specified in this document.

B plant standards/requirements identification document (S/RID)

Energy Technology Data Exchange (ETDEWEB)

Maddox, B.S., Westinghouse Hanford

1996-07-29

This Standards/Requirements Identification Document (S/RID) set forth the Environmental Safety and Health (ES{ampersand}H) standards/requirements for the B Plant. This S/RID is applicable to the appropriate life cycle phases of design, construction,operation, and preparation for decommissioning. These standards/requirements are adequate to ensure the protection of the health and safety of workers, the public, and the environment.

Generating WS-SecurityPolicy documents via security model transformation

DEFF Research Database (Denmark)

Jensen, Meiko

2009-01-01

When SOA-based business processes are to be enhanced with security properties, the model-driven business process development approach enables an easier and more reliable security definition compared to manually crafting the security realizations afterwards. In this paper, we outline an appropriat...... security model definition and transformation approach, targeting the WS-SecurityPolicy and WS-BPEL specifications, in order to enable a Web-Service-based secure business process development.......When SOA-based business processes are to be enhanced with security properties, the model-driven business process development approach enables an easier and more reliable security definition compared to manually crafting the security realizations afterwards. In this paper, we outline an appropriate...

BoB, a best-of-breed automated text de-identification system for VHA clinical documents.

Science.gov (United States)

Ferrández, Oscar; South, Brett R; Shen, Shuying; Friedlin, F Jeffrey; Samore, Matthew H; Meystre, Stéphane M

2013-01-01

De-identification allows faster and more collaborative clinical research while protecting patient confidentiality. Clinical narrative de-identification is a tedious process that can be alleviated by automated natural language processing methods. The goal of this research is the development of an automated text de-identification system for Veterans Health Administration (VHA) clinical documents. We devised a novel stepwise hybrid approach designed to improve the current strategies used for text de-identification. The proposed system is based on a previous study on the best de-identification methods for VHA documents. This best-of-breed automated clinical text de-identification system (aka BoB) tackles the problem as two separate tasks: (1) maximize patient confidentiality by redacting as much protected health information (PHI) as possible; and (2) leave de-identified documents in a usable state preserving as much clinical information as possible. We evaluated BoB with a manually annotated corpus of a variety of VHA clinical notes, as well as with the 2006 i2b2 de-identification challenge corpus. We present evaluations at the instance- and token-level, with detailed results for BoB's main components. Moreover, an existing text de-identification system was also included in our evaluation. BoB's design efficiently takes advantage of the methods implemented in its pipeline, resulting in high sensitivity values (especially for sensitive PHI categories) and a limited number of false positives. Our system successfully addressed VHA clinical document de-identification, and its hybrid stepwise design demonstrates robustness and efficiency, prioritizing patient confidentiality while leaving most clinical information intact.

6 CFR 5.45 - Procedure when testimony or production of documents is sought; general.

Science.gov (United States)

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Procedure when testimony or production of... Procedure when testimony or production of documents is sought; general. (a) If official information is... requiring oral testimony, and identification of potentially relevant documents. (c) The appropriate...

Authentic leadership, group cohesion and group identification in security and emergency teams.

Science.gov (United States)

García-Guiu López, Carlos; Molero Alonso, Fernando; Moya Morales, Miguel; Moriano León, Juan Antonio

2015-01-01

Authentic leadership (AL) is a kind of leadership that inspires and promotes positive psychological capacities, underlining the moral and ethical component of behavior. The proposed investigation studies the relations among AL, cohesion, and group identification in security and emergency teams. A cross-sectional research design was conducted in which participated 221 members from 26 fire departments and operative teams from the local police of three Spanish provinces. The following questionnaires were administered: Authentic Leadership (ALQ), Group Cohesion (GEQ), and Mael and Ashford's Group Identification Questionnaire. A direct and positive relation was found between AL, cohesion, and group identification. An indirect relation was also found between AL and group cohesion through group identification, indicating the existence of partial mediation. The utility of the proposed model based on AL is considered; this model can be employed by those in charge of the fire departments and operative groups in organizations to improve workteams' cohesion. Both AL and group identification help to explain group cohesion in organizations committed to security and emergencies.

Security guide for subcontractors

Energy Technology Data Exchange (ETDEWEB)

Adams, R.C.

1993-06-01

This guide is provided to aid in the achievement of security objectives in the Department of Energy (DOE) contractor/subcontractor program. The objectives of security are to protect information that, if released, would endanger the common defense and security of the nation and to safeguard plants and installations of the DOE and its contractors to prevent the interruption of research and production programs. The security objective and means of achieving the objective are described. Specific security measures discussed in this guide include physical barriers, personnel identification systems, personnel and vehicular access control, classified document control, protection of classified matter in use, storing classified matter, and repository combinations. Means of dealing with security violations and security infractions are described. Maintenance of a security education program is discussed. Also discussed are methods of handling clearance terminations, visitor control, travel to sensitive countries, and shipment security. The Technical Surveillance Countermeasures Program (TSCM), the Computer Security Program, and the Operations Security Plan (OPSEC) are examined.

Evaluating current automatic de-identification methods with Veteran’s health administration clinical documents

Directory of Open Access Journals (Sweden)

Ferrández Oscar

2012-07-01

Full Text Available Abstract Background The increased use and adoption of Electronic Health Records (EHR causes a tremendous growth in digital information useful for clinicians, researchers and many other operational purposes. However, this information is rich in Protected Health Information (PHI, which severely restricts its access and possible uses. A number of investigators have developed methods for automatically de-identifying EHR documents by removing PHI, as specified in the Health Insurance Portability and Accountability Act “Safe Harbor” method. This study focuses on the evaluation of existing automated text de-identification methods and tools, as applied to Veterans Health Administration (VHA clinical documents, to assess which methods perform better with each category of PHI found in our clinical notes; and when new methods are needed to improve performance. Methods We installed and evaluated five text de-identification systems “out-of-the-box” using a corpus of VHA clinical documents. The systems based on machine learning methods were trained with the 2006 i2b2 de-identification corpora and evaluated with our VHA corpus, and also evaluated with a ten-fold cross-validation experiment using our VHA corpus. We counted exact, partial, and fully contained matches with reference annotations, considering each PHI type separately, or only one unique ‘PHI’ category. Performance of the systems was assessed using recall (equivalent to sensitivity and precision (equivalent to positive predictive value metrics, as well as the F2-measure. Results Overall, systems based on rules and pattern matching achieved better recall, and precision was always better with systems based on machine learning approaches. The highest “out-of-the-box” F2-measure was 67% for partial matches; the best precision and recall were 95% and 78%, respectively. Finally, the ten-fold cross validation experiment allowed for an increase of the F2-measure to 79% with partial matches

Automatic public access to documents and maps stored on and internal secure system.

Science.gov (United States)

Trench, James; Carter, Mary

2013-04-01

The Geological Survey of Ireland operates a Document Management System for providing documents and maps stored internally in high resolution and in a high level secure environment, to an external service where the documents are automatically presented in a lower resolution to members of the public. Security is devised through roles and Individual Users where role level and folder level can be set. The application is an electronic document/data management (EDM) system which has a Geographical Information System (GIS) component integrated to allow users to query an interactive map of Ireland for data that relates to a particular area of interest. The data stored in the database consists of Bedrock Field Sheets, Bedrock Notebooks, Bedrock Maps, Geophysical Surveys, Geotechnical Maps & Reports, Groundwater, GSI Publications, Marine, Mine Records, Mineral Localities, Open File, Quaternary and Unpublished Reports. The Konfig application Tool is both an internal and public facing application. It acts as a tool for high resolution data entry which are stored in a high resolution vault. The public facing application is a mirror of the internal application and differs only in that the application furnishes high resolution data into low resolution format which is stored in a low resolution vault thus, making the data web friendly to the end user for download.

Combined optical/digital security devices

Science.gov (United States)

Girnyk, Vladimir I.; Tverdokhleb, Igor V.; Ivanovsky, Andrey A.

2000-04-01

Modern holographic security devices used as emblems against counterfeiting are being more difficult as they should oppress criminal world. 2D, 3D, 3D rainbow holograms or simple diffraction structures protecting documents can not be acceptable against illegal copying of important documents, banknotes or valuable products. Recent developments in technology of Optical variable devices permit world leaders to create more advanced security elements: Kinegrams, Exelgrams, Pixelgrams, Kineforms. These products are used for protecting the most confidential documents and banknotes, but now even their security level can not be enough and besides their automatic identification is vulnerable to factors of instability. We elaborate new visual security devices based on the usage of expensive and advanced technology of combined optical/digital security devices. The technology unites digital and analogue methods of synthesis and recording of visual security devices. The analogue methods include techniques of optical holography - different combinations of 2D/3D, 3D, 2D/3D + 3D structures. Basing on them the design with elements of 3D graphics including security elements and hidden machine- readable images are implemented. The digital methods provide synthesis of optical variable devices including special security elements, computer generated holograms and Kineforms. Using them we create determined and quasi-random machine-readable images. Recordings are carried out using the combined optical and electronic submicrometer technology elaborated by Optronics, Ltd. The results obtained show effectiveness of the combined technology permitting to increase the security level essentially that should increase tamper and counterfeit resistance during many years.

Threat Prioritization Process for the Czech Security Strategy Making

Directory of Open Access Journals (Sweden)

Milos Balaban

2012-06-01

Full Text Available This article offers systematic view of a process of identification of security threats and, subsequently, their use in the making of strategic documents, notably the Security Strategy of the Czech Republic. It is not the aim of the authors to name or define such threats, but to present the process itself. It is paramount to any credible security strategy that it deals with the threat identification in the most precise fashion. The authors take reservations against the “catalogue” approach and claim the processes of prioritization and categorization to be essential for any policies derived from the security strategy, especially in times of economic need. It is also the 2011 final paper of the project “Trends, Risks, and Scenarios of the Security Developments in the World, Europe, and the Czech Republic – Impacts on the Policy and Security System of the Czech Republic” (TRS / VG20102013009.

Security risks associated with radio frequency identification in medical environments.

Science.gov (United States)

Hawrylak, Peter J; Schimke, Nakeisha; Hale, John; Papa, Mauricio

2012-12-01

Radio frequency identification (RFID) is a form of wireless communication that is used to identify assets and people. RFID has significant benefits to the medical environment. However, serious security threats are present in RFID systems that must be addressed in a medical environment. Of particular interest are threats to patient privacy and safety based on interception of messages, interruption of communication, modification of data, and fabrication of messages and devices. This paper presents an overview of these security threats present in RFID systems in a medical environment and provides guidance on potential solutions to these threats. This paper provides a roadmap for researchers and implementers to address the security issues facing RFID in the medical space.

Westinghouse Hanford Company (WHC) standards/requirements identification document (S/RID)

Energy Technology Data Exchange (ETDEWEB)

Bennett, G.L.

1996-03-15

This Standards/Requirements Identification Document (S/RID) set forth the Environmental Safety and Health (ES&H) standards/requirements for Westinghouse Hanford Company Level Programs, where implementation and compliance is the responsibility of these organizations. These standards/requirements are adequate to ensure the protection of the health and safety of workers, the public, and the environment.

Westinghouse Hanford Company (WHC) standards/requirements identification document (S/RID)

International Nuclear Information System (INIS)

Bennett, G.L.

1996-01-01

This Standards/Requirements Identification Document (S/RID) set forth the Environmental Safety and Health (ES ampersand amp;H) standards/requirements for Westinghouse Hanford Company Level Programs, where implementation and compliance is the responsibility of these organizations. These standards/requirements are adequate to ensure the protection of the health and safety of workers, the public, and the environment

Plutonium Finishing Plant (PFP) Standards/Requirements Identification Document (S/RID)

Energy Technology Data Exchange (ETDEWEB)

Maddox, B.S.

1996-01-01

This Standards/Requirements Identification Document (S/RID) sets forth the Environmental Safety and Health (ESH) standards/requirements for the Plutonium Finishing Plant (PFP). This S/RID is applicable to the appropriate life cycle phases of design, construction, operation, and preparation for decommissioning. These standards/requirements are adequate to ensure the protection of the health and safety of workers, the public, and the environment.

Plutonium Finishing Plant (PFP) Standards/Requirements Identification Document (S/RID)

International Nuclear Information System (INIS)

Maddox, B.S.

1996-01-01

This Standards/Requirements Identification Document (S/RID) sets forth the Environmental Safety and Health (ESH) standards/requirements for the Plutonium Finishing Plant (PFP). This S/RID is applicable to the appropriate life cycle phases of design, construction, operation, and preparation for decommissioning. These standards/requirements are adequate to ensure the protection of the health and safety of workers, the public, and the environment

A Secure Watermarking Scheme for Buyer-Seller Identification and Copyright Protection

Science.gov (United States)

Ahmed, Fawad; Sattar, Farook; Siyal, Mohammed Yakoob; Yu, Dan

2006-12-01

We propose a secure watermarking scheme that integrates watermarking with cryptography for addressing some important issues in copyright protection. We address three copyright protection issues—buyer-seller identification, copyright infringement, and ownership verification. By buyer-seller identification, we mean that a successful watermark extraction at the buyer's end will reveal the identities of the buyer and seller of the watermarked image. For copyright infringement, our proposed scheme enables the seller to identify the specific buyer from whom an illegal copy of the watermarked image has originated, and further prove this fact to a third party. For multiple ownership claims, our scheme enables a legal seller to claim his/her ownership in the court of law. We will show that the combination of cryptography with watermarking not only increases the security of the overall scheme, but it also enables to associate identities of buyer/seller with their respective watermarked images.

Combination of advanced encryption standard 256 bits with md5 to secure documents on android smartphone

Science.gov (United States)

Pasaribu, Hendra; Sitanggang, Delima; Rizki Damanik, Rudolfo; Rudianto Sitompul, Alex Chandra

2018-04-01

File transfer by using a smartphone has some security issues like data theft by irresponsible parties. To improve the quality of data security systems on smartphones, in this research the integration of AES 256 bit algorithm by using MD5 hashing is proposed. The use of MD5 aims to increase the key strength of the encryption and decryption process of document files. The test results show that the proposed method can increase the key strength of the encryption and decryption process in the document file. Encryption and decryption time by using AES and MD5 combination is faster than using AES only on *.txt file type and reverse results for *.docx, *.xlsx, *.pptx and *.pdf file files.

Model-Based Security Testing

Directory of Open Access Journals (Sweden)

Ina Schieferdecker

2012-02-01

Full Text Available Security testing aims at validating software system requirements related to security properties like confidentiality, integrity, authentication, authorization, availability, and non-repudiation. Although security testing techniques are available for many years, there has been little approaches that allow for specification of test cases at a higher level of abstraction, for enabling guidance on test identification and specification as well as for automated test generation. Model-based security testing (MBST is a relatively new field and especially dedicated to the systematic and efficient specification and documentation of security test objectives, security test cases and test suites, as well as to their automated or semi-automated generation. In particular, the combination of security modelling and test generation approaches is still a challenge in research and of high interest for industrial applications. MBST includes e.g. security functional testing, model-based fuzzing, risk- and threat-oriented testing, and the usage of security test patterns. This paper provides a survey on MBST techniques and the related models as well as samples of new methods and tools that are under development in the European ITEA2-project DIAMONDS.

The electronic identification, signature and security of information systems

Directory of Open Access Journals (Sweden)

Horovèák Pavel

2002-12-01

Full Text Available The contribution deals with the actual methods and technologies of information and communication systems security. It introduces the overview of electronic identification elements such as static password, dynamic password and single sign-on. Into this category belong also biometric and dynamic characteristics of verified person. Widespread is authentication based on identification elements ownership, such as various cards and authentication calculators. In the next part is specified a definition and characterization of electronic signature, its basic functions and certificate categories. Practical utilization of electronic signature consists of electronic signature acquirement, signature of outgoing email message, receiving of electronic signature and verification of electronic signature. The use of electronic signature is continuously growing and in connection with legislation development it exercises in all resorts.

Machine printed text and handwriting identification in noisy document images.

Science.gov (United States)

Zheng, Yefeng; Li, Huiping; Doermann, David

2004-03-01

In this paper, we address the problem of the identification of text in noisy document images. We are especially focused on segmenting and identifying between handwriting and machine printed text because: 1) Handwriting in a document often indicates corrections, additions, or other supplemental information that should be treated differently from the main content and 2) the segmentation and recognition techniques requested for machine printed and handwritten text are significantly different. A novel aspect of our approach is that we treat noise as a separate class and model noise based on selected features. Trained Fisher classifiers are used to identify machine printed text and handwriting from noise and we further exploit context to refine the classification. A Markov Random Field-based (MRF) approach is used to model the geometrical structure of the printed text, handwriting, and noise to rectify misclassifications. Experimental results show that our approach is robust and can significantly improve page segmentation in noisy document collections.

Waste encapsulation storage facility (WESF) standards/requirements identification document (S/RIDS)

Energy Technology Data Exchange (ETDEWEB)

Maddox, B.S., Westinghouse Hanford

1996-07-29

This Standards/Requirements Identification Document (S/RID) sets forth the Environmental Safety and Health (ES{ampersand}H) standards/requirements for the Waste Encapsulation Storage Facility (WESF). This S/RID is applicable to the appropriate life cycle phases of design, construction, operation, and preparation for decommissioning. These standards/requirements are adequate to ensure the protection of the health and safety of workers, the public, and the environment.

Automatic de-identification of textual documents in the electronic health record: a review of recent research

Directory of Open Access Journals (Sweden)

South Brett R

2010-08-01

Full Text Available Abstract Background In the United States, the Health Insurance Portability and Accountability Act (HIPAA protects the confidentiality of patient data and requires the informed consent of the patient and approval of the Internal Review Board to use data for research purposes, but these requirements can be waived if data is de-identified. For clinical data to be considered de-identified, the HIPAA "Safe Harbor" technique requires 18 data elements (called PHI: Protected Health Information to be removed. The de-identification of narrative text documents is often realized manually, and requires significant resources. Well aware of these issues, several authors have investigated automated de-identification of narrative text documents from the electronic health record, and a review of recent research in this domain is presented here. Methods This review focuses on recently published research (after 1995, and includes relevant publications from bibliographic queries in PubMed, conference proceedings, the ACM Digital Library, and interesting publications referenced in already included papers. Results The literature search returned more than 200 publications. The majority focused only on structured data de-identification instead of narrative text, on image de-identification, or described manual de-identification, and were therefore excluded. Finally, 18 publications describing automated text de-identification were selected for detailed analysis of the architecture and methods used, the types of PHI detected and removed, the external resources used, and the types of clinical documents targeted. All text de-identification systems aimed to identify and remove person names, and many included other types of PHI. Most systems used only one or two specific clinical document types, and were mostly based on two different groups of methodologies: pattern matching and machine learning. Many systems combined both approaches for different types of PHI, but the

Automatic de-identification of textual documents in the electronic health record: a review of recent research.

Science.gov (United States)

Meystre, Stephane M; Friedlin, F Jeffrey; South, Brett R; Shen, Shuying; Samore, Matthew H

2010-08-02

In the United States, the Health Insurance Portability and Accountability Act (HIPAA) protects the confidentiality of patient data and requires the informed consent of the patient and approval of the Internal Review Board to use data for research purposes, but these requirements can be waived if data is de-identified. For clinical data to be considered de-identified, the HIPAA "Safe Harbor" technique requires 18 data elements (called PHI: Protected Health Information) to be removed. The de-identification of narrative text documents is often realized manually, and requires significant resources. Well aware of these issues, several authors have investigated automated de-identification of narrative text documents from the electronic health record, and a review of recent research in this domain is presented here. This review focuses on recently published research (after 1995), and includes relevant publications from bibliographic queries in PubMed, conference proceedings, the ACM Digital Library, and interesting publications referenced in already included papers. The literature search returned more than 200 publications. The majority focused only on structured data de-identification instead of narrative text, on image de-identification, or described manual de-identification, and were therefore excluded. Finally, 18 publications describing automated text de-identification were selected for detailed analysis of the architecture and methods used, the types of PHI detected and removed, the external resources used, and the types of clinical documents targeted. All text de-identification systems aimed to identify and remove person names, and many included other types of PHI. Most systems used only one or two specific clinical document types, and were mostly based on two different groups of methodologies: pattern matching and machine learning. Many systems combined both approaches for different types of PHI, but the majority relied only on pattern matching, rules, and

75 FR 7546 - Foreign Trade Regulations (FTR): Eliminate the Social Security Number (SSN) as an Identification...

Science.gov (United States)

2010-02-22

... DEPARTMENT OF COMMERCE Census Bureau 15 CFR Part 30 [Docket Number: 090422707-91445-02] RIN 0607-AA48 Foreign Trade Regulations (FTR): Eliminate the Social Security Number (SSN) as an Identification... Trade Regulations (FTR) to eliminate the requirement to report a Social Security Number (SSN) as an...

High-level waste storage tank farms/242-A evaporator standards/requirements identification document (S/RID), Vol. 7

Energy Technology Data Exchange (ETDEWEB)

1994-04-01

This Requirements Identification Document (RID) describes an Occupational Health and Safety Program as defined through the Relevant DOE Orders, regulations, industry codes/standards, industry guidance documents and, as appropriate, good industry practice. The definition of an Occupational Health and Safety Program as specified by this document is intended to address Defense Nuclear Facilities Safety Board Recommendations 90-2 and 91-1, which call for the strengthening of DOE complex activities through the identification and application of relevant standards which supplement or exceed requirements mandated by DOE Orders. This RID applies to the activities, personnel, structures, systems, components, and programs involved in maintaining the facility and executing the mission of the High-Level Waste Storage Tank Farms.

High-level waste storage tank farms/242-A evaporator standards/requirements identification document (S/RID), Vol. 7

International Nuclear Information System (INIS)

1994-04-01

This Requirements Identification Document (RID) describes an Occupational Health and Safety Program as defined through the Relevant DOE Orders, regulations, industry codes/standards, industry guidance documents and, as appropriate, good industry practice. The definition of an Occupational Health and Safety Program as specified by this document is intended to address Defense Nuclear Facilities Safety Board Recommendations 90-2 and 91-1, which call for the strengthening of DOE complex activities through the identification and application of relevant standards which supplement or exceed requirements mandated by DOE Orders. This RID applies to the activities, personnel, structures, systems, components, and programs involved in maintaining the facility and executing the mission of the High-Level Waste Storage Tank Farms

High-level waste storage tank farms/242-A evaporator Standards/Requirements Identification Document (S/RID), Volume 4

Energy Technology Data Exchange (ETDEWEB)

1994-04-01

The High-Level Waste Storage Tank Farms/242-A Evaporator Standards/Requirements Identification Document (S/RID) is contained in multiple volumes. This document (Volume 4) presents the standards and requirements for the following sections: Radiation Protection and Operations.

High-level waste storage tank farms/242-A evaporator Standards/Requirements Identification Document (S/RID), Volume 4

International Nuclear Information System (INIS)

1994-04-01

The High-Level Waste Storage Tank Farms/242-A Evaporator Standards/Requirements Identification Document (S/RID) is contained in multiple volumes. This document (Volume 4) presents the standards and requirements for the following sections: Radiation Protection and Operations

Speaker identification for the improvement of the security communication between law enforcement units

Science.gov (United States)

Tovarek, Jaromir; Partila, Pavol

2017-05-01

This article discusses the speaker identification for the improvement of the security communication between law enforcement units. The main task of this research was to develop the text-independent speaker identification system which can be used for real-time recognition. This system is designed for identification in the open set. It means that the unknown speaker can be anyone. Communication itself is secured, but we have to check the authorization of the communication parties. We have to decide if the unknown speaker is the authorized for the given action. The calls are recorded by IP telephony server and then these recordings are evaluate using classification If the system evaluates that the speaker is not authorized, it sends a warning message to the administrator. This message can detect, for example a stolen phone or other unusual situation. The administrator then performs the appropriate actions. Our novel proposal system uses multilayer neural network for classification and it consists of three layers (input layer, hidden layer, and output layer). A number of neurons in input layer corresponds with the length of speech features. Output layer then represents classified speakers. Artificial Neural Network classifies speech signal frame by frame, but the final decision is done over the complete record. This rule substantially increases accuracy of the classification. Input data for the neural network are a thirteen Mel-frequency cepstral coefficients, which describe the behavior of the vocal tract. These parameters are the most used for speaker recognition. Parameters for training, testing and validation were extracted from recordings of authorized users. Recording conditions for training data correspond with the real traffic of the system (sampling frequency, bit rate). The main benefit of the research is the system developed for text-independent speaker identification which is applied to secure communication between law enforcement units.

High-level waste storage tank farms/242-A evaporator Standards/Requirements Identification Document (S/RID), Volume 5

International Nuclear Information System (INIS)

1994-04-01

The High-Level Waste Storage Tank Farms/242-A Evaporator Standards/Requirements Identification Document (S/RID) is contained in multiple volumes. This document (Volume 5) outlines the standards and requirements for the Fire Protection and Packaging and Transportation sections

Cooperative Monitoring Center Occasional Paper/8: Cooperative Border Security for Jordan: Assessment and Options

Energy Technology Data Exchange (ETDEWEB)

Qojas, M.

1999-03-01

This document is an analysis of options for unilateral and cooperative action to improve the security of Jordan's borders. Sections describe the current political, economic, and social interactions along Jordan's borders. Next, the document discusses border security strategy for cooperation among neighboring countries and the adoption of confidence-building measures. A practical cooperative monitoring system would consist of hardware for early warning, command and control, communications, and transportation. Technical solutions can expand opportunities for the detection and identification of intruders. Sensors (such as seismic, break-wire, pressure-sensing, etc.) can warn border security forces of intrusion and contribute to the identification of the intrusion and help formulate the response. This document describes conceptual options for cooperation, offering three scenarios that relate to three hypothetical levels (low, medium, and high) of cooperation. Potential cooperative efforts under a low cooperation scenario could include information exchanges on military equipment and schedules to prevent misunderstandings and the establishment of protocols for handling emergency situations or unusual circumstances. Measures under a medium cooperation scenario could include establishing joint monitoring groups for better communications, with hot lines and scheduled meetings. The high cooperation scenario describes coordinated responses, joint border patrols, and sharing border intrusion information. Finally, the document lists recommendations for organizational, technical, and operational initiatives that could be applicable to the current situation.

48 CFR 227.7203-10 - Contractor identification and marking of computer software or computer software documentation to...

Science.gov (United States)

2010-10-01

... operation of the software to display a restrictive rights legend or other license notice; and (2) Requires a... and marking of computer software or computer software documentation to be furnished with restrictive... Rights in Computer Software and Computer Software Documentation 227.7203-10 Contractor identification and...

Identification and categorisation of critical digital assets of I and C systems at nuclear facilities: implementation guide - TAFICS/IG/1

International Nuclear Information System (INIS)

2015-06-01

This document is the first in a series of documents being developed by TAFICS for protecting computer-based I and C systems of Indian nuclear facilities from cyber attacks. This document identifies the Indian nuclear facilities and the types of computer systems within facilities - called Critical Digital Assets (CDA) - that are to be covered by security program. It also describes the process for identification and categorisation of CDA. The document covers operational facilities - such as reactors - as well as development facilities - such as I and C design organisations. The CDA identification and categorisation would help to implement a robust security program in a graded manner - as stipulated by international standards such as that of IAEA. It is recommended that all applicable Indian nuclear facilities should implement the process described in this document to generate a list of CD As of the respective facility. (author)

Polish Security Printing Works in the system of public and economic security

OpenAIRE

Remigiusz Lewandowski

2013-01-01

The article raises the issue of placing PWPW in the system of economic and public security. Two particular categories of security connected with PWPW business activity, i.e. identification and transactional security, have been defined and discussed in the article. The most essential factors affecting the above security categories as well as relations between identification/transactional security and economic/public security. The article indicates that PWPW plays an important role in the state...

High level waste storage tank farms/242-A evaporator Standards/Requirements Identification Document (S/RID), Volume 6

Energy Technology Data Exchange (ETDEWEB)

1994-04-01

The High-Level Waste Storage Tank Farms/242-A Evaporator Standards/Requirements Identification Document (S/RID) is contained in multiple volumes. This document (Volume 6) outlines the standards and requirements for the sections on: Environmental Restoration and Waste Management, Research and Development and Experimental Activities, and Nuclear Safety.

High level waste storage tank farms/242-A evaporator Standards/Requirements Identification Document (S/RID), Volume 6

International Nuclear Information System (INIS)

1994-04-01

The High-Level Waste Storage Tank Farms/242-A Evaporator Standards/Requirements Identification Document (S/RID) is contained in multiple volumes. This document (Volume 6) outlines the standards and requirements for the sections on: Environmental Restoration and Waste Management, Research and Development and Experimental Activities, and Nuclear Safety

Safety and Security Interface Technology Initiative

International Nuclear Information System (INIS)

Dr. Michael A. Lehto; Kevin J. Carroll; Dr. Robert Lowrie

2007-01-01

implementation plan includes: (1) A recommended process for handling the documentation of the security and safety disciplines, including an appropriate change control process and participation by all stakeholders. (2) A means to package security systems with sufficient information to help expedite the flow of that system through the process. In addition, a means to share successes among sites, to include information and safety basis to the extent such information is transportable. (3) Identification of key security systems and associated essential security elements being installed and an arrangement for the sites installing these systems to host an appropriate team to review a specific system and determine what information is exportable. (4) Identification of the security systems essential elements and appropriate controls required for testing of these essential elements in the facility. (5) The ability to help refine and improve an agreed to control set at the manufacture stage

Script Identification from Printed Indian Document Images and Performance Evaluation Using Different Classifiers

Directory of Open Access Journals (Sweden)

Sk Md Obaidullah

2014-01-01

multiscript country like India. In this paper the real life problem of printed script identification from official Indian document images is considered and performances of different well-known classifiers are evaluated. Two important evaluating parameters, namely, AAR (average accuracy rate and MBT (model building time, are computed for this performance analysis. Experiment was carried out on 459 printed document images with 5-fold cross-validation. Simple Logistic model shows highest AAR of 98.9% among all. BayesNet and Random Forest model have average accuracy rate of 96.7% and 98.2% correspondingly with lowest MBT of 0.09 s.

Corrective Action Decision Document/Closure Report for Corrective Action Unit 567: Miscellaneous Soil Sites - Nevada National Security Site, Nevada

Energy Technology Data Exchange (ETDEWEB)

Matthews, Patrick [Navarro-Intera, LLC (N-I), Las Vegas, NV (United States)

2014-12-01

This Corrective Action Decision Document/Closure Report presents information supporting the closure of Corrective Action Unit (CAU) 567: Miscellaneous Soil Sites, Nevada National Security Site, Nevada. The purpose of this Corrective Action Decision Document/Closure Report is to provide justification and documentation supporting the recommendation that no further corrective action is needed for CAU 567 based on the implementation of the corrective actions. The corrective actions implemented at CAU 567 were developed based on an evaluation of analytical data from the CAI, the assumed presence of COCs at specific locations, and the detailed and comparative analysis of the CAAs. The CAAs were selected on technical merit focusing on performance, reliability, feasibility, safety, and cost. The implemented corrective actions meet all requirements for the technical components evaluated. The CAAs meet all applicable federal and state regulations for closure of the site. Based on the implementation of these corrective actions, the DOE, National Nuclear Security Administration Nevada Field Office provides the following recommendations: • No further corrective actions are necessary for CAU 567. • The Nevada Division of Environmental Protection issue a Notice of Completion to the DOE, National Nuclear Security Administration Nevada Field Office for closure of CAU 567. • CAU 567 be moved from Appendix III to Appendix IV of the FFACO.

Secure fingerprint identification based on structural and microangiographic optical coherence tomography.

Science.gov (United States)

Liu, Xuan; Zaki, Farzana; Wang, Yahui; Huang, Qiongdan; Mei, Xin; Wang, Jiangjun

2017-03-10

Optical coherence tomography (OCT) allows noncontact acquisition of fingerprints and hence is a highly promising technology in the field of biometrics. OCT can be used to acquire both structural and microangiographic images of fingerprints. Microangiographic OCT derives its contrast from the blood flow in the vasculature of viable skin tissue, and microangiographic fingerprint imaging is inherently immune to fake fingerprint attack. Therefore, dual-modality (structural and microangiographic) OCT imaging of fingerprints will enable more secure acquisition of biometric data, which has not been investigated before. Our study on fingerprint identification based on structural and microangiographic OCT imaging is, we believe, highly innovative. In this study, we performed OCT imaging study for fingerprint acquisition, and demonstrated the capability of dual-modality OCT imaging for the identification of fake fingerprints.

High-level waste storage tank farms/242-A evaporator Standards/Requirements Identification Document (S/RID), Volume 7. Revision 1

Energy Technology Data Exchange (ETDEWEB)

Burt, D.L.

1994-04-01

The High-Level Waste Storage Tank Farms/242-A Evaporator Standards/Requirements Identification Document (S/RID) is contained in multiple volumes. This document (Volume 7) presents the standards and requirements for the following sections: Occupational Safety and Health, and Environmental Protection.

High-level waste storage tank farms/242-A evaporator Standards/Requirements Identification Document (S/RID), Volume 7. Revision 1

International Nuclear Information System (INIS)

Burt, D.L.

1994-04-01

The High-Level Waste Storage Tank Farms/242-A Evaporator Standards/Requirements Identification Document (S/RID) is contained in multiple volumes. This document (Volume 7) presents the standards and requirements for the following sections: Occupational Safety and Health, and Environmental Protection

A forensic identification case and DPid - can it be a useful tool?

Science.gov (United States)

Queiroz, Cristhiane Leão de; Bostock, Ellen Marie; Santos, Carlos Ferreira; Guimarães, Marco Aurélio; Silva, Ricardo Henrique Alves da

2017-01-01

The aim of this study was to show DPid as an important tool of potential application to solve cases with dental prosthesis, such as the forensic case reported, in which a skull, denture and dental records were received for analysis. Human identification is still challenging in various circumstances and Dental Prosthetics Identification (DPid) stores the patient's name and prosthesis information and provides access through an embedded code in dental prosthesis or an identification card. All of this information is digitally stored on servers accessible only by dentists, laboratory technicians and patients with their own level of secure access. DPid provides a complete single-source list of all dental prosthesis features (materials and components) under complete and secure documentation used for clinical follow-up and for human identification. If DPid tool was present in this forensic case, it could have been solved without requirement of DNA exam, which confirmed the dental comparison of antemortem and postmortem records, and concluded the case as a positive identification.

Identification of Factors of Influence upon the Cost of Fixed Coupon Securities

Directory of Open Access Journals (Sweden)

Hlotov Yevhen O.

2014-01-01

Full Text Available The article studies fixed coupon securities (bonds. It provides a calculation of the cash flow, generated by fixed coupon securities, with enclosed discounted face value of securities. It analyses time indicator – average weighted duration of payments, which characterises sensitivity of the price of securities to changes of interest rates in the market. It proves availability of two groups of interconnections between the cost of a bond, coupon rate, market rate (rate of return and term of its payment. The first group of interconnections reflects interconnections between the cost of a bond, coupon rate and market rate (rate of return. The second group characterises connection between the bond cost and term of its payment. The authors study the average weighted duration of payments. It plays an important role in analysis of long-term securities with fixed income. To simplify calculations it was accepted that the coupon payment is done once a year. The article offers a formula for identifying inaccuracy of the bond price depending on the expected change of profitability on payment. Analysing duration properties the article identifies shortcomings inherent in this indicator. Taking into account the average weighted duration of payments the article recommends a formula, as more efficient, for identification of the future bond price depending on change of profitability. The conducted studies are a theoretical ground for development of models of management of fixed income securities portfolios. The obtained scientific results could be used in the educational process both in colleges and specialised trainings of securities specialists. The scientific results could be used for developing information technologies when identifying cost of securities (fixed coupon bonds.

Guidance Document - Full-cost Recovery for Molybdenum-99 Irradiation Services: Methodology and Implementation

International Nuclear Information System (INIS)

Westmacott, Chad; Cameron, Ron

2012-02-01

At the request of its member countries, the OECD Nuclear Energy Agency (NEA) became involved in global efforts to ensure a reliable supply of molybdenum-99 ( 99 Mo) and its decay product, technetium-99m (' 99m Tc), the most widely used medical radioisotope. The NEA established the High-level Group on the Security of Supply of Medical Radioisotopes (HLG-MR) in 2009. Under its first mandate (June 2009-2011), the HLG-MR examined the major issues that affect the short-, medium- and long-term reliability of 99 Mo/' 99m Tc supply and then developed a policy approach to move the supply chain to a sustainable basis and ensure security of supply. The objectives of the HLG-MR during its second mandate (July 2011-2013) are to work towards increasing the long-term security of supply of 99 Mo and ' 99m Tc, especially through the implementation of the HLG-MR policy approach and its associated recommendations. This will entail actions to maintain transparency on global developments, continue communication with the supply chain and end users, evaluate progress toward implementation and provide additional information and analysis where necessary. A key action under the second mandate is to provide guidance on the implementation of the HLG-MR policy approach. This document provides guidance to reactor and alternative production technology (e.g., cyclotrons, accelerators) operators on how to undertake full-cost identification and implement full-cost recovery. The document also discusses issues related to levelling the playing field between old and new reactors. In order to move toward a long-term secure supply of 99 Mo and ' 99m Tc, the HLG-MR policy approach will need to be implemented by all countries that have an impact on the global market - as producers or consumers. A key recommendation of the policy approach is the implementation of full-cost identification and recovery by operators of 99 Mo-producing research reactors or alternative technologies. This document provides the

A Student Information Management System Based on Fingerprint Identification and Data Security Transmission

Directory of Open Access Journals (Sweden)

Pengtao Yang

2017-01-01

Full Text Available A new type of student information management system is designed to implement student information identification and management based on fingerprint identification. In order to ensure the security of data transmission, this paper proposes a data encryption method based on an improved AES algorithm. A new S-box is cleverly designed, which can significantly reduce the encryption time by improving ByteSub, ShiftRow, and MixColumn in the round transformation of the traditional AES algorithm with the process of look-up table. Experimental results show that the proposed algorithm can significantly improve the encryption time compared with the traditional AES algorithm.

EMI Security Architecture

CERN Document Server

White, J.; Schuller, B.; Qiang, W.; Groep, D.; Koeroo, O.; Salle, M.; Sustr, Z.; Kouril, D.; Millar, P.; Benedyczak, K.; Ceccanti, A.; Leinen, S.; Tschopp, V.; Fuhrmann, P.; Heyman, E.; Konstantinov, A.

2013-01-01

This document describes the various architectures of the three middlewares that comprise the EMI software stack. It also outlines the common efforts in the security area that allow interoperability between these middlewares. The assessment of the EMI Security presented in this document was performed internally by members of the Security Area of the EMI project.

27 CFR 73.12 - What security controls must I use for identification codes and passwords?

Science.gov (United States)

2010-04-01

... Firearms ALCOHOL AND TOBACCO TAX AND TRADE BUREAU, DEPARTMENT OF THE TREASURY (CONTINUED) PROCEDURES AND PRACTICES ELECTRONIC SIGNATURES; ELECTRONIC SUBMISSION OF FORMS Electronic Signatures § 73.12 What security controls must I use for identification codes and passwords? If you use electronic signatures based upon use...

6 CFR 13.20 - Disclosure of Documents.

Science.gov (United States)

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Disclosure of Documents. 13.20 Section 13.20 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY PROGRAM FRAUD CIVIL REMEDIES § 13.20 Disclosure of Documents. (a) Upon written request to the Reviewing Official, the Defendant may...

Safety and Security Interface Technology Initiative

Energy Technology Data Exchange (ETDEWEB)

Dr. Michael A. Lehto; Kevin J. Carroll; Dr. Robert Lowrie

2007-05-01

Documentation Integration, Configuration Control, and development of a shared ‘tool box’ of information/successes. Specific Benefits. The expectation or end state resulting from the topical report and associated implementation plan includes: (1) A recommended process for handling the documentation of the security and safety disciplines, including an appropriate change control process and participation by all stakeholders. (2) A means to package security systems with sufficient information to help expedite the flow of that system through the process. In addition, a means to share successes among sites, to include information and safety basis to the extent such information is transportable. (3) Identification of key security systems and associated essential security elements being installed and an arrangement for the sites installing these systems to host an appropriate team to review a specific system and determine what information is exportable. (4) Identification of the security systems’ essential elements and appropriate controls required for testing of these essential elements in the facility. (5) The ability to help refine and improve an agreed to control set at the manufacture stage.

Taking aim at medical identity theft. Document security key element to comply with government regulations.

Science.gov (United States)

Raymond, Colette

2010-01-01

Sensitive paper documents, such as patient records, customer data, and legal information, must be securely stored and destroyed when no longer needed. This is not only a good business practice that reduces costs and protects reputations, but also a legal and regulatory imperative. According to some experts, medical identity theft is the fastest-growing form of identity theft in North America. The Federal Trade Commission's Red Flags Rule, due to take effect June 1, 2010, requires banks; credit card companies; and, in some situations, retailers, hospitals, insurance companies, health clinics, and other organizations to store confidential personal information that can expose consumers to significant identity theft risks. This also includes healthcare providers and other organizations that are considered creditors according to their billing/payment procedures. This article highlights the steps healthcare providers must take to ensure data security.

Teaching Case: IS Security Requirements Identification from Conceptual Models in Systems Analysis and Design: The Fun & Fitness, Inc. Case

Science.gov (United States)

Spears, Janine L.; Parrish, James L., Jr.

2013-01-01

This teaching case introduces students to a relatively simple approach to identifying and documenting security requirements within conceptual models that are commonly taught in systems analysis and design courses. An introduction to information security is provided, followed by a classroom example of a fictitious company, "Fun &…

Secure automated canning and identification task (SACIT)

International Nuclear Information System (INIS)

Quintana, G.R.; Thunborg, S.; Morimoto, A.K.

1991-01-01

Many nuclear facilities manually remove and package, or bagout, radioactive materials from a glove box. Up to four operators are involved in removing the can and sealing it in a plastic bag, sealing it in a second can and placing it on a cart for transport. This paper reports that a major objective of the Secure Automated Canning and Identification Task (SACIT) is to provide protection from an insider threat at bagout stations where nuclear materials are vulnerable to diversion and substitution. The SACIT system consists of a robot system, an inner glove box transfer device, a shrink wrap heat ring, specialized robot end effectors, supervisory computer systems, and an operator's control station. The robot performs functions such as removing and weighing the can, separating the bagged can from the rest of the bag after it is sealed, transferring it into a second can, and setting up the application of a shrink wrap seal to the second can. The computer performs real time monitoring of the robots movements while screening the operator's input for validity and safety

Second Wave of Biometric ID-documents in Europe: The Residence Permit for non-EU/EEA Nationals

Science.gov (United States)

Houdeau, Detlef

The first implementation of biometric documents, called biometric passports, based on a regulation is running, the second implementation since end of CY 2008 is coming to Europe. The focus is on persons staying for business, study or leisure for more than 3 months in Europe and coming from a state outside Europe and not being a member of the Visa-Waiver-Program of the EU. This second wave increases the demand for the security industry for certified security microcontroller chips, secure smart cards, readers and supporting infrastructure on top of the biometric Passport business. It underlines the continuing advance of contactless identification technology in the public sector. The article gives an overview on the application, the technology, the EU regulation, the EU roadmap and the implementations.

Software For Computer-Security Audits

Science.gov (United States)

Arndt, Kate; Lonsford, Emily

1994-01-01

Information relevant to potential breaches of security gathered efficiently. Automated Auditing Tools for VAX/VMS program includes following automated software tools performing noted tasks: Privileged ID Identification, program identifies users and their privileges to circumvent existing computer security measures; Critical File Protection, critical files not properly protected identified; Inactive ID Identification, identifications of users no longer in use found; Password Lifetime Review, maximum lifetimes of passwords of all identifications determined; and Password Length Review, minimum allowed length of passwords of all identifications determined. Written in DEC VAX DCL language.

Architecture and Assessment: Privacy Preserving Biometrically Secured Electronic Documents

Science.gov (United States)

2015-01-01

very large public and private fingerprint databases comprehensive risk analysis and system security contribution to developing international ...Safety and Security Program which is led by Defence Research and Development Canada’s Centre for Security Science, in partnership with Public Safety...201 © Sa Majesté la Reine (en droit du Canada), telle que représentée par le ministre de la Défense nationale, 201 Science and Engineering

Computer Security at Nuclear Facilities

International Nuclear Information System (INIS)

Cavina, A.

2013-01-01

This series of slides presents the IAEA policy concerning the development of recommendations and guidelines for computer security at nuclear facilities. A document of the Nuclear Security Series dedicated to this issue is on the final stage prior to publication. This document is the the first existing IAEA document specifically addressing computer security. This document was necessary for 3 mains reasons: first not all national infrastructures have recognized and standardized computer security, secondly existing international guidance is not industry specific and fails to capture some of the key issues, and thirdly the presence of more or less connected digital systems is increasing in the design of nuclear power plants. The security of computer system must be based on a graded approach: the assignment of computer system to different levels and zones should be based on their relevance to safety and security and the risk assessment process should be allowed to feed back into and influence the graded approach

Towards fraud-proof ID documents using multiple data hiding technologies and biometrics

Science.gov (United States)

Picard, Justin; Vielhauer, Claus; Thorwirth, Niels

2004-06-01

Identity documents, such as ID cards, passports, and driver's licenses, contain textual information, a portrait of the legitimate holder, and eventually some other biometric characteristics such as a fingerprint or handwritten signature. As prices for digital imaging technologies fall, making them more widely available, we have seen an exponential increase in the ease and the number of counterfeiters that can effectively forge documents. Today, with only limited knowledge of technology and a small amount of money, a counterfeiter can effortlessly replace a photo or modify identity information on a legitimate document to the extent that it is very diffcult to differentiate from the original. This paper proposes a virtually fraud-proof ID document based on a combination of three different data hiding technologies: digital watermarking, 2-D bar codes, and Copy Detection Pattern, plus additional biometric protection. As will be shown, that combination of data hiding technologies protects the document against any forgery, in principle without any requirement for other security features. To prevent a genuine document to be used by an illegitimate user,biometric information is also covertly stored in the ID document, to be used for identification at the detector.

Cloud Security Requirements - A checklist with security and privacy requirements for public cloud services

OpenAIRE

Bernsmed, Karin; Meland, Per Håkon; Jaatun, Martin Gilje

2015-01-01

- This document contains a checklist that can be used to develop or evaluate security and privacy requirements for Cloud computing services. The content has been gathered from established industry standards and best practices, supplemented with requirements from European data protection legislation, and taking into account security issues identified in recent research on Cloud security. The document is intended to be used by potential cloud customers that need to assess the security of a c...

Standards/requirements identification documents (S/RIDS)

International Nuclear Information System (INIS)

Beckman, W.H.; Alhadeff, N.

1994-01-01

This paper describes the Fernald Environmental Restoration Management Corporation's (FERMCO) Standards/Requirement Identification Documents (S/RIDs) Development Program, the unique process used to implement it, and the status of the program. We will also discuss the lessons learned as the development program was implemented. The Department of Energy (DOE) established the Fernald site to produce uranium metals for the nation's defense programs in 1953. In 1989, DOE suspended production and, in 1991, the mission of the site was formally changed to one of environmental cleanup and restoration. The site was renamed the Fernald Environmental Management Project (FEMP) to reflect this change. From its inception until November 1992, the site was managed under a Management and Operating contract. As a result in the change in mission, DOE awarded an Environmental Restoration Management Contract (ERMC), focusing on restoration. FERMCO assumed management of the site December 1, 1992. The joint DOE/FERMCO mission is to protect human health and the environment through the safe, early, and least-cost final clean-up of the site in compliance with all applicable regulations and commitments while addressing stakeholder concerns. DOE has managed nuclear facilities primarily through its oversight of Management and Operating contractors. These contractors were responsible for formulating, selecting, and administering standards controlling design, construction, operations, and maintenance. The DOE Operations Office Manager was responsible for approving individual contractor practices and the governing site standards and requirements to be met. Due to the absence of comprehensive nuclear industry standards when most DOE sites were first established, Management and Operating contractors had to apply existing non-nuclear industry standards and, in many cases, formulate new technical standards to address unique applications

Visible and NIR spectral band combination to produce high security ID tags for automatic identification

Science.gov (United States)

Pérez-Cabré, Elisabet; Millán, María S.; Javidi, Bahram

2006-09-01

Verification of a piece of information and/or authentication of a given object or person are common operations carried out by automatic security systems that can be applied, for instance, to control the entrance to restricted areas, access to public buildings, identification of cardholders, etc. Vulnerability of such security systems may depend on the ease of counterfeiting the information used as a piece of identification for verification and authentication. To protect data against tampering, the signature that identifies an object is usually encrypted to avoid an easy recognition at human sight and an easy reproduction using conventional devices for imaging or scanning. To make counterfeiting even more difficult, we propose to combine data from visible and near infrared (NIR) spectral bands. By doing this, neither the visible content nor the NIR data by theirselves are sufficient to allow the signature recognition and thus, the identification of a given object. Only the appropriate combination of both signals permits a satisfactory authentication. In addition, the resulting signature is encrypted following a fully-phase encryption technique and the obtained complex-amplitude distribution is encoded on an ID tag. Spatial multiplexing of the encrypted signature allows us to build a distortion-invariant ID tag, so that remote authentication can be achieved even if the tag is captured under rotation or at different distances. We also explore the possibility of using partial information of the encrypted signature to simplify the ID tag design.

Utilization of IR laser pumped anti-Stokes emission of Er-Yb doped systems for identification of securities

International Nuclear Information System (INIS)

Kuzmin, A.N.; Ryabtsev, G.I.; Ketko, G.A.; Gorelenko, A.Yu.; Demidovich, A.A.; Strek, W.; Maruszewicz, K.; Deren, P.

1996-01-01

In this paper we present a utilization of anti-Stokes luminescence of Er-Yb systems for identification of securities. A simple method of detection of an up-conversion phenomenon in such system by means of IR laser operating in the region 960-1010 nm is proposed. (author)

Hanford surplus facilities hazards identification document

International Nuclear Information System (INIS)

Egge, R.G.

1997-01-01

This document provides general safety information needed by personnel who enter and work in surplus facilities managed by Bechtel Hanford, Inc. The purpose of the document is to enhance access control of surplus facilities, educate personnel on the potential hazards associated with these facilities prior to entry, and ensure that safety precautions are taken while in the facility

Embossing of optical document security devices

Science.gov (United States)

Muke, Sani

2004-06-01

Embossing in the transparent window area of polymer banknotes, such as those seen on the Australian, New Zealand and Romanian currencies, have enormous potential for the development of novel optical security devices. The intaglio printing process can provide an efficient means for embossing of optical security structures such as micro lenses. Embossed micro lens arrays in the transparent window of a polymer banknote can be folded over a corresponding printed image array elsewhere on the note to reveal a series of moire magnified images. Analysis of samples of embossed micro lenses showed that the engraving side and impression side had a similar embossed profile. The embossed micro lens profiles were modelled using Optalix-LX commercial optical ray tracing software in order to determine the focal length of the lenses and compare with the focal length of desired embossed lenses. A fundamental understanding of how the polymer deforms during the embossing process is critical towards developing a micro lens embossing tool which can achieve the desired embossed micro lenses. This work also looks at extending the early research of the Intaglio Research Group (IRG) to better understand the embossibility of polymer substrates such as biaxially oriented polypropylene (BOPP).

Secure ADS-B authentication system and method

Science.gov (United States)

Viggiano, Marc J (Inventor); Valovage, Edward M (Inventor); Samuelson, Kenneth B (Inventor); Hall, Dana L (Inventor)

2010-01-01

A secure system for authenticating the identity of ADS-B systems, including: an authenticator, including a unique id generator and a transmitter transmitting the unique id to one or more ADS-B transmitters; one or more ADS-B transmitters, including a receiver receiving the unique id, one or more secure processing stages merging the unique id with the ADS-B transmitter's identification, data and secret key and generating a secure code identification and a transmitter transmitting a response containing the secure code and ADSB transmitter's data to the authenticator; the authenticator including means for independently determining each ADS-B transmitter's secret key, a receiver receiving each ADS-B transmitter's response, one or more secure processing stages merging the unique id, ADS-B transmitter's identification and data and generating a secure code, and comparison processing comparing the authenticator-generated secure code and the ADS-B transmitter-generated secure code and providing an authentication signal based on the comparison result.

The Efficiency of Requesting Process for Formal Business-Documents in Indonesia: An Implementation of Web Application Base on Secure and Encrypted Sharing Process

Directory of Open Access Journals (Sweden)

Aris Budi Setyawan

2014-12-01

Full Text Available In recent business practices, the need of the formal document for business, such as the business license documents, business domicile letters, halal certificates, and other formal documents, is desperately needed and becomes its own problems for businesses, especially for small and medium enterprises. One stop service unit that was conceived and implemented by the government today, has not been fully integrated yet. Not all permits (related with formal document for business can be completed and finished in one place, businesses are still have to move from one government department to another government department to get a formal document for their business. With these practices, not only a lot of the time and cost will be sacrificed, but also businesses must always fill out a form with the same field. This study aims to assess and identify the problem, especially on applying the formal document for business, and use it as inputs for the development of a web application based on secure and encrypted sharing process. The study starts with a survey of 200 businesses that have applied the formal document for their business, to map the initial conditions of applying the formal document for business in Indonesia . With these applications that are built based on these needs, it is expected that not only the time, cost, and physical effort from both parties are becoming more efficient, but also the negative practices of bureaucratic and economic obstacles in business activities can be minimized, so the competitiveness of business and their contribution for national economy will increase.Keywords : Formal documents, Efficiencies, Web application, Secure and encrypted sharing process, SMEs

Testing System Encryption-Decryption Method to RSA Security Documents

International Nuclear Information System (INIS)

Supriyono

2008-01-01

A model of document protection which was tested as one of the instruments, especially text document. The principle of the document protection was how the system was able to protect the document storage and transfer processes. Firstly, the text-formed document was encrypted; therefore, the document cannot be read for the text was transformed into random letters. The letter-randomized text was then unfolded by the description in order that the document owner was able to read it. In the recent research, the method adopted was RSA method, in which it used complicated mathematics calculation and equipped with initial protection key (with either private key or public key), thus, it was more difficult to be attacked by hackers. The system was developed by using the software of Borland Delphi 7. The results indicated that the system was capable to save and transfer the document, both via internet and intranet in the form of encrypted letter and put it back to the initial form of document by way of description. The research also tested for encrypted and decrypted process for various memory size documents. (author)

LCS Content Document Application

Science.gov (United States)

Hochstadt, Jake

2011-01-01

My project at KSC during my spring 2011 internship was to develop a Ruby on Rails application to manage Content Documents..A Content Document is a collection of documents and information that describes what software is installed on a Launch Control System Computer. It's important for us to make sure the tools we use everyday are secure, up-to-date, and properly licensed. Previously, keeping track of the information was done by Excel and Word files between different personnel. The goal of the new application is to be able to manage and access the Content Documents through a single database backed web application. Our LCS team will benefit greatly with this app. Admin's will be able to login securely to keep track and update the software installed on each computer in a timely manner. We also included exportability such as attaching additional documents that can be downloaded from the web application. The finished application will ease the process of managing Content Documents while streamlining the procedure. Ruby on Rails is a very powerful programming language and I am grateful to have the opportunity to build this application.

Self-authentication of value documents

Science.gov (United States)

Hayosh, Thomas D.

1998-04-01

To prevent fraud it is critical to distinguish an authentic document from a counterfeit or altered document. Most current technologies rely on difficult-to-print human detectable features which are added to a document to prevent illegal reproduction. Fraud detection is mostly accomplished by human observation and is based upon the examiner's knowledge, experience and time allotted for examination of a document. Another approach to increasing the security of a value document is to add a unique property to each document. Data about that property is then encoded on the document itself and finally secured using a public key based digital signature. In such a scheme, machine readability of authenticity is possible. This paper describes a patent-applied-for methodology using the unique property of magnetic ink printing, magnetic remanence, that provides for full self- authentication when used with a recordable magnetic stripe for storing a digital signature and other document data. Traditionally the authenticity of a document is determined by physical examination for color, background printing, paper texture, printing resolution, and ink characteristics. On an initial level, there may be numerous security features present on a value document but only a few can be detected and evaluated by the untrained individual. Because security features are normally not standardized except on currency, training tellers and cashiers to do extensive security evaluation is not practical, even though these people are often the only people who get a chance to closely examine the document in a payment system which is back-end automated. In the context of this paper, one should be thinking about value documents such as commercial and personal checks although the concepts presented here can easily be applied to travelers cheques, credit cards, event tickets, passports, driver's licenses, motor vehicle titles, and even currency. For a practical self-authentication system, the false alarms

Overview of security culture

International Nuclear Information System (INIS)

Matulanya, M. A.

2014-04-01

Nuclear Security culture concept has been aggressively promoted over the past several years as a tool to improve the physical protection of the nuclear and radioactive materials due to growing threats of catastrophic terrorism and other new security challenges. It is obvious that, the scope of nuclear security and the associated cultures need to be extended beyond the traditional task of protecting weapons-usable materials. The role of IAEA is to strengthen the nuclear security framework globally and in leading the coordination of international activities in this field. Therefore all governments should work closely with the IAEA to take stronger measures to ensure the physical protection, the safety and security of the nuclear and radioactive materials. In the effort to reflect this new realities and concerns, the IAEA in 2008 came up with the document, the Nuclear Security Culture, Nuclear Security Series No. 7, Implementing Guide to the member states which urged every member state to take appropriate measures to promote security culture with respect to nuclear and radioactive materials. The document depicted this cultural approach as the way to protect individual, society and the environment. Among other things, the document defined nuclear security culture as characteristics and attitudes in organizations and of individuals which establishes that, nuclear security issues receives attention warranted by their significance. (au)

Training programs for the systems approach to nuclear security

International Nuclear Information System (INIS)

Ellis, D.

2005-01-01

Full text: In support of United States Government (USG) and International Atomic Energy Agency (IAEA) nuclear security programs, Sandia National Laboratories (SNL) has advocated and practiced a risk-based, systematic approach to nuclear security. The risk equation has been developed and implemented as the basis for a performance-based methodology for the design and evaluation of physical protection systems against a design basis threat (DBT) for theft and sabotage of nuclear and/or radiological materials. Integrated systems must include technology, people, and the man-machine interface. A critical aspect of the human element is training on the systems-approach for all the stakeholders in nuclear security. Current training courses and workshops have been very beneficial but are still rather limited in scope. SNL has developed two primary international classes - the international training course on the physical protection of nuclear facilities and materials, and the design basis threat methodology workshop. SNL is also completing the development of three new courses that will be offered and presented in the near term. They are vital area identification methodology focused on nuclear power plants to aid in their protection against radiological sabotage, insider threat analysis methodology and protection schemes, and security foundations for competent authority and facility operator stakeholders who are not security professionals. In the long term, we envision a comprehensive nuclear security curriculum that spans policy and technology, regulators and operators, introductory and expert levels, classroom and laboratory/field, and local and offsite training options. This training curriculum will be developed in concert with a nuclear security series of guidance documents that is expected to be forthcoming from the IAEA. It is important to note that while appropriate implementation of systems based on such training and documentation can improve the risk reduction, such a

Unix Security Cookbook

Science.gov (United States)

Rehan, S. C.

This document has been written to help Site Managers secure their Unix hosts from being compromised by hackers. I have given brief introductions to the security tools along with downloading, configuring and running information. I have also included a section on my recommendations for installing these security tools starting from an absolute minimum security requirement.

Alternatives for Developing User Documentation for Applications Software

Science.gov (United States)

1991-09-01

08sIili!llllill1$11ilt UNCLASSIFIE) SECURITY CLASSIFICATION OF THIS PAGE REPORT DOCUMENTATION PAGE la REPORT SECURITY CLASSIFICATION lb RESTRICTIVE ...adults spontaneously adopt " Natural egoism Many writers have had difficulty adjusting to the change in the place and function of user documentation. In...become problematic. [Brockmann, 1990] Natural egoism is the final factor that can adversely affect documentation. A writer will not be effective until he

Grand Strategy for the United States in the 21st Century? (A Look at the National Security Strategy Document of 2002 and Beyond)

National Research Council Canada - National Science Library

Tinsley, Peter G

2005-01-01

This paper examines the National Security Strategy (NSS) document of September 2002 and determines whether it provides a grand strategic framework that can be sustained for the rest of the Bush presidency and beyond...

Radio frequency identification (RFID) in health care: privacy and security concerns limiting adoption.

Science.gov (United States)

Rosenbaum, Benjamin P

2014-03-01

Radio frequency identification (RFID) technology has been implemented in a wide variety of industries. Health care is no exception. This article explores implementations and limitations of RFID in several health care domains: authentication, medication safety, patient tracking, and blood transfusion medicine. Each domain has seen increasing utilization of unique applications of RFID technology. Given the importance of protecting patient and data privacy, potential privacy and security concerns in each domain are discussed. Such concerns, some of which are inherent to existing RFID hardware and software technology, may limit ubiquitous adoption. In addition, an apparent lack of security standards within the RFID domain and specifically health care may also hinder the growth and utility of RFID within health care for the foreseeable future. Safeguarding the privacy of patient data may be the most important obstacle to overcome to allow the health care industry to take advantage of the numerous benefits RFID technology affords.

Systems Security Engineering Capability Maturity Model SSE-CMM Model Description Document

National Research Council Canada - National Science Library

1999-01-01

The Systems Security Engineering Capability Maturity Model (SSE-CMM) describes the essential characteristics of an organization's security engineering process that must exist to ensure good security engineering...

An Exploration of the Legal and Regulatory Environment of Privacy and Security through Active Research, Guided Study, Blog Creation, and Discussion

Science.gov (United States)

Peslak, Alan R.

2010-01-01

One of the most important topics for today's information technology professional is the study of legal and regulatory issues as they relate to privacy and security of personal and business data and identification. This manuscript describes the topics and approach taken by the instructors that focuses on independent research of source documents and…

The Problem of Informational Object Identification in Case of the Considerable Quantity of Identifying Features

Directory of Open Access Journals (Sweden)

S. D. Kulik

2010-03-01

Full Text Available The modification of the algorithm of identification of the informational object, used for identification of the hand-written texts performer in an automated workplace of the forensic expert, is presented. As modification, it is offered to use a method of association rules discovery for definition of statistically dependent sets of feature of hand-written capital letters of the Russian language. The algorithm is approved on set of 691 samples of hand-written documents for which about 2000 identifying feature are defined. The modification of the identification algorithm allows to lower level of errors and to raise quality of accepted decisions for information security.

Integrated security system definition

International Nuclear Information System (INIS)

Campbell, G.K.; Hall, J.R. II

1985-01-01

The objectives of an integrated security system are to detect intruders and unauthorized activities with a high degree of reliability and the to deter and delay them until effective response/engagement can be accomplished. Definition of an effective integrated security system requires proper application of a system engineering methodology. This paper summarizes a methodology and describes its application to the problem of integrated security system definition. This process includes requirements identification and analysis, allocation of identified system requirements to the subsystem level and provides a basis for identification of synergistic subsystem elements and for synthesis into an integrated system. The paper discusses how this is accomplished, emphasizing at each step how system integration and subsystem synergism is considered. The paper concludes with the product of the process: implementation of an integrated security system

Security administration plan for HANDI 2000 business management system

Energy Technology Data Exchange (ETDEWEB)

Wilson, D.

1998-09-29

This document encompasses and standardizes the integrated approach for security within the PP and Ps applications, It also identifies the security tools and methods to be used. The Security Administration Plan becomes effective as of this document`s acceptance and will provide guidance through implementation efforts and, as a ``living document`` will support the operations and maintenance of the system.

Model-based security testing

OpenAIRE

Schieferdecker, Ina; Großmann, Jürgen; Schneider, Martin

2012-01-01

Security testing aims at validating software system requirements related to security properties like confidentiality, integrity, authentication, authorization, availability, and non-repudiation. Although security testing techniques are available for many years, there has been little approaches that allow for specification of test cases at a higher level of abstraction, for enabling guidance on test identification and specification as well as for automated test generation. Model-based security...

Optimization of airport security lanes

Science.gov (United States)

Chen, Lin

2018-05-01

Current airport security management system is widely implemented all around the world to ensure the safety of passengers, but it might not be an optimum one. This paper aims to seek a better security system, which can maximize security while minimize inconvenience to passengers. Firstly, we apply Petri net model to analyze the steps where the main bottlenecks lie. Based on average tokens and time transition, the most time-consuming steps of security process can be found, including inspection of passengers' identification and documents, preparing belongings to be scanned and the process for retrieving belongings back. Then, we develop a queuing model to figure out factors affecting those time-consuming steps. As for future improvement, the effective measures which can be taken include transferring current system as single-queuing and multi-served, intelligently predicting the number of security checkpoints supposed to be opened, building up green biological convenient lanes. Furthermore, to test the theoretical results, we apply some data to stimulate the model. And the stimulation results are consistent with what we have got through modeling. Finally, we apply our queuing model to a multi-cultural background. The result suggests that by quantifying and modifying the variance in wait time, the model can be applied to individuals with various habits customs and habits. Generally speaking, our paper considers multiple affecting factors, employs several models and does plenty of calculations, which is practical and reliable for handling in reality. In addition, with more precise data available, we can further test and improve our models.

17 CFR 232.306 - Foreign language documents and symbols.

Science.gov (United States)

2010-04-01

... symbols. 232.306 Section 232.306 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION... § 232.306 Foreign language documents and symbols. (a) All electronic filings and submissions must be in... words or letters in the English language rather than representative symbols, except that HTML documents...

Network perimeter security building defense in-depth

CERN Document Server

Riggs, Cliff

2003-01-01

PREFACEWho is this Book For?The Path to Network SecurityWho Should Read This Book?MANAGING NETWORK SECURITYThe Big Picture: Security Policies from A to ZAdministrative CountermeasuresPhysical CountermeasuresTechnological CountermeasuresCreating the Security Standards DocumentCreating the Configuration Guide DocumentPulling it All Together: Sample Security Policy CreationProteris Security Standards and ProceduresTHE NETWORK STACK AND SECURITYConnecting the NetworkProtocolsServers and HostsCRYPTOGRAPHY AND VPN TERMINOLOGYKeysCertificatesHashingDigital SignaturesCommon Encryption AlgorithmsSplit

The Work of Inscription: Antenatal Care, Birth Documents, and Shan Migrant Women in Chiang Mai.

Science.gov (United States)

Seo, Bo Kyeong

2017-12-01

For transnational migrant populations, securing birth documents of newly born children has crucial importance in avoiding statelessness for new generations. Drawing on discussions of sovereignty and political subjectivization, I ask how the fact of birth is constituted in the context of transnational migration. Based on ethnographic data collected from an antenatal clinic in Thailand, this article describes how Shan migrant women from Myanmar (also known as Burma) utilize reproductive health services as a way of assuring a safe birth while acquiring identification documents. Paying close attention to technologies of inscription adopted for maternal care and birth registration, I argue that enacting bureaucratic documents offers a chance for migrant women to bridge the interstice between human and citizen. Birth certificates for migrant children, while embodying legal ambiguity and uncertainty, epitomize non-citizen subjects' assertion of their political relationship with the state. © 2016 by the American Anthropological Association.

Business Information Exchange System with Security, Privacy, and Anonymity

Directory of Open Access Journals (Sweden)

Sead Muftic

2016-01-01

Full Text Available Business Information Exchange is an Internet Secure Portal for secure management, distribution, sharing, and use of business e-mails, documents, and messages. It has three applications supporting three major types of information exchange systems: secure e-mail, secure instant messaging, and secure sharing of business documents. In addition to standard security services for e-mail letters, which are also applied to instant messages and documents, the system provides innovative features of privacy and full anonymity of users and their locations, actions, transactions, and exchanged resources. In this paper we describe design, implementation, and use of the system.

6 CFR 7.29 - Documents of permanent historical value.

Science.gov (United States)

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Documents of permanent historical value. 7.29... NATIONAL SECURITY INFORMATION Classified Information § 7.29 Documents of permanent historical value. The... contained in records determined to have permanent historical value under 44 U.S.C. 2107 before they are...

A framework for fast and secure packaging identification on mobile phones

Science.gov (United States)

Diephuis, Maurits; Voloshynovskiy, Svyatoslav; Holotyak, Taras; Stendardo, Nabil; Keel, Bruno

2014-02-01

In this paper, we address the problem of fast and secure packaging identification on mobile phones. It is a well known fact that consumer goods are counterfeited on a massive scale in certain regions of the world, illustrating how existing counter measures fall short or don't exist at all, as can be seen in the local absence of laws pertaining to brand protection. This paper introduces a technological tool that allows the consumer to quickly identify a product or package with a mobile device using a physical non-cloneable features in the form of a surface micro- structure image. This natural occurring identifier allows a producer or brand owner to track and trace all its products and gives the consumer a powerful tool to confirm the authenticity of an offered product.

78 FR 48457 - Correction of Document Revoking Customs Broker Licenses

Science.gov (United States)

2013-08-08

... DEPARTMENT OF HOMELAND SECURITY U.S. Customs and Border Protection Correction of Document Revoking Customs Broker Licenses AGENCY: U.S. Customs and Border Protection, Department of Homeland Security. ACTION: Correction of document revoking certain customs broker licenses. SUMMARY: In a notice published...

17 CFR 200.507 - Declassification dates on derivative documents.

Science.gov (United States)

2010-04-01

... 17 Commodity and Securities Exchanges 2 2010-04-01 2010-04-01 false Declassification dates on derivative documents. 200.507 Section 200.507 Commodity and Securities Exchanges SECURITIES AND EXCHANGE... of National Security Information and Material § 200.507 Declassification dates on derivative...

DOD/COCOM Water Security Program Strategy Document

Science.gov (United States)

2011-04-22

treatment and disposal. DOD/COCOM Water Security Program Strategy 22 18. Toxic Minerals In regions where there are naturally occurring unsafe...surface hydrologic observations using remote sensing to provide data on precipitation, radiation, temperature, soil moisture, groundwater, snowcover...habitat alteration and aquaculture . 13. Centers for Disease Control (CDC) Works with partners throughout the nation and the world to monitor health

Security, insecurity and health.

Science.gov (United States)

Coupland, Robin

2007-03-01

An examination of the nexus of security, insecurity and health shows that security is a prerequisite for health. The many and varied ways that armed violence--including threats of armed violence--can affect people's health can be documented by formal studies; however, valuable data also exist in other reports, such as media reports. The health community needs to recognize that people's insecurity is a massive global health issue. The foreign policies of donor governments should incorporate recognition that documentation, analysis and publication of data describing the impact of insecurity on people's health can lead to the creation of policies to enhance people's security.

Radioisotope identification method for poorly resolved gamma-ray spectrum of nuclear security concern

Energy Technology Data Exchange (ETDEWEB)

Ninh, Giang Nguyen; Phongphaeth, Pengvanich, E-mail: phongphaeth.p@chula.ac.th; Nares, Chankow [Nuclear Engineering Department, Faculty of Engineering, Chulalongkorn University, 254 Phayathai Road, Pathumwan, Bangkok 10330 (Thailand); Hao, Quang Nguyen [Vietnam Atomic Energy Institute, Ministry of Science and Technology, Hanoi (Viet Nam)

2016-01-22

Gamma-ray signal can be used as a fingerprint for radioisotope identification. In the context of radioactive and nuclear materials security at the border control point, the detection task can present a significant challenge due to various constraints such as the limited measurement time, the shielding conditions, and the noise interference. This study proposes a novel method to identify the signal of one or several radioisotopes from a poorly resolved gamma-ray spectrum. In this method, the noise component in the raw spectrum is reduced by the wavelet decomposition approach, and the removal of the continuum background is performed using the baseline determination algorithm. Finally, the identification of radioisotope is completed using the matrix linear regression method. The proposed method has been verified by experiments using the poorly resolved gamma-ray signals from various scenarios including single source, mixing of natural uranium with five of the most common industrial radioactive sources (57Co, 60Co, 133Ba, 137Cs, and 241Am). The preliminary results show that the proposed algorithm is comparable with the commercial method.

Radioisotope identification method for poorly resolved gamma-ray spectrum of nuclear security concern

International Nuclear Information System (INIS)

Ninh, Giang Nguyen; Phongphaeth, Pengvanich; Nares, Chankow; Hao, Quang Nguyen

2016-01-01

Gamma-ray signal can be used as a fingerprint for radioisotope identification. In the context of radioactive and nuclear materials security at the border control point, the detection task can present a significant challenge due to various constraints such as the limited measurement time, the shielding conditions, and the noise interference. This study proposes a novel method to identify the signal of one or several radioisotopes from a poorly resolved gamma-ray spectrum. In this method, the noise component in the raw spectrum is reduced by the wavelet decomposition approach, and the removal of the continuum background is performed using the baseline determination algorithm. Finally, the identification of radioisotope is completed using the matrix linear regression method. The proposed method has been verified by experiments using the poorly resolved gamma-ray signals from various scenarios including single source, mixing of natural uranium with five of the most common industrial radioactive sources (57Co, 60Co, 133Ba, 137Cs, and 241Am). The preliminary results show that the proposed algorithm is comparable with the commercial method

Teaching RFID Information Systems Security

Science.gov (United States)

Thompson, Dale R.; Di, Jia; Daugherty, Michael K.

2014-01-01

The future cyber security workforce needs radio frequency identification (RFID) information systems security (INFOSEC) and threat modeling educational materials. A complete RFID security course with new learning materials and teaching strategies is presented here. A new RFID Reference Model is used in the course to organize discussion of RFID,…

Digital security technology simplified.

Science.gov (United States)

Scaglione, Bernard J

2007-01-01

Digital security technology is making great strides in replacing analog and other traditional security systems including CCTV card access, personal identification and alarm monitoring applications. Like any new technology, the author says, it is important to understand its benefits and limitations before purchasing and installing, to ensure its proper operation and effectiveness. This article is a primer for security directors on how digital technology works. It provides an understanding of the key components which make up the foundation for digital security systems, focusing on three key aspects of the digital security world: the security network, IP cameras and IP recorders.

Using the safety/security interface to the security manager's advantage

International Nuclear Information System (INIS)

Stapleton, B.W.

1993-01-01

Two aspects of the safety/security interface are discussed: (1) the personal safety of nuclear security officers; and (2) how the security manager can effectively deal with the safety/security interface in solving today's requirements yet supporting the overall mission of the facility. The basis of this presentation is the result of interviews, document analyses, and observations. The conclusion is that proper planning and communication between the players involved in the security/safety interface can benefit the two programs and help achieve overall system integration, ultimately contributing to the bottom line. This is especially important in today's cost conscious environment

Security Policy for a Generic Space Exploration Communication Network Architecture

Science.gov (United States)

Ivancic, William D.; Sheehe, Charles J.; Vaden, Karl R.

2016-01-01

This document is one of three. It describes various security mechanisms and a security policy profile for a generic space-based communication architecture. Two other documents accompany this document- an Operations Concept (OpsCon) and a communication architecture document. The OpsCon should be read first followed by the security policy profile described by this document and then the architecture document. The overall goal is to design a generic space exploration communication network architecture that is affordable, deployable, maintainable, securable, evolvable, reliable, and adaptable. The architecture should also require limited reconfiguration throughout system development and deployment. System deployment includes subsystem development in a factory setting, system integration in a laboratory setting, launch preparation, launch, and deployment and operation in space.

21st Century Security Manager

OpenAIRE

Stelian ARION

2010-01-01

We live in world of uncertainty that generates major paradigms changing that affect security risk management. Modern organization’s security risks management can’t be done without a profound knowlegde and daily practice for security governance, security risk management and resilience. 21st Century security manager need to deal with several areas of konwledge in order to succesfully manage security risks. The document presents the advantages, disadvantages and challenges for security managers ...

49 CFR 1552.23 - Security awareness training programs.

Science.gov (United States)

2010-10-01

... employee to identify— (i) Uniforms and other identification, if any are required at the flight school, for... SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY FLIGHT SCHOOLS Flight School Security Awareness Training § 1552.23 Security awareness training programs. (a) General. A flight...

78 FR 73868 - Privacy Act of 1974; Department of Homeland Security Transportation Security Administration-DHS...

Science.gov (United States)

2013-12-09

... security screening and identity verification of individuals, including identification media and identifying... undergoing screening of their person (including identity verification) or property; individuals against whom... addresses, phone numbers); Social Security Number, Fingerprints or other biometric identifiers; Photographs...

Modified Small Business Network Security

OpenAIRE

Md. Belayet Ali; Oveget Das; Md. Shamim Hossain

2012-01-01

This paper covers some likely threats and effectivesteps for a secure small business. It also involves a flowchart tocomprehend the overall small business network security easilyand we identify a set of security issues and applyappropriate techniques to satisfy the correspondingsecurity requirements. In respect of all, this document isstrong enough for any small business network security.

Security Scheme Based on Parameter Hiding Technic for Mobile Communication in a Secure Cyber World

Directory of Open Access Journals (Sweden)

Jong Hyuk Park

2016-10-01

Full Text Available Long Term Evolution (LTE and Long Term Evolution-Advanced (LTE-A support a better data transmission service than 3G dose and are globally commercialized technologies in a cyber world that is essential for constructing a future mobile environment, since network traffics have exponentially increased as people have started to use more than just one mobile device. However, when User Equipment (UE is executing initial attach processes to access LTE networks, there is a vulnerability in which identification parameters like International Mobile Subscriber Identity (IMSI and Radio Network Temporary Identities (RNTI are transmitted as plain texts. It can threat various services that are commercialized therewith in a cyber world. Therefore, a security scheme is proposed in this paper where identification parameters can be securely transmitted and hidden in four cases where initial attach occurs between UE and Mobility Management Entity (MME. The proposed security scheme not only supports encrypted transmission of identification parameters but also mutual authentication between Evolved Node B (eNB and MME to make a secure cyber world. Additionally, performance analysis results using an OPNET simulator showed the satisfaction of the average delay rate that is specified in LTE standards.

EPICS: Channel Access security design

International Nuclear Information System (INIS)

Kraimer, M.; Hill, J.

1994-05-01

This document presents the design for implementing the requirements specified in: EPICS -- Channel Access Security -- functional requirements, Ned. D. Arnold, 03/09/92. Use of the access security system is described along with a summary of the functional requirements. The programmer's interface is given. Security protocol is described and finally aids for reading the access security code are provided

Security and Privacy in a DACS.

Science.gov (United States)

Delgado, Jaime; Llorente, Silvia; Pàmies, Martí; Vilalta, Josep

2016-01-01

The management of electronic health records (EHR), in general, and clinical documents, in particular, is becoming a key issue in the daily work of Healthcare Organizations (HO). The need for providing secure and private access to, and storage for, clinical documents together with the need for HO to interoperate, raises a number of issues difficult to solve. Many systems are in place to manage EHR and documents. Some of these Healthcare Information Systems (HIS) follow standards in their document structure and communications protocols, but many do not. In fact, they are mostly proprietary and do not interoperate. Our proposal to solve the current situation is the use of a DACS (Document Archiving and Communication System) for providing security, privacy and standardized access to clinical documents.

How to implement security controls for an information security program at CBRN facilities

International Nuclear Information System (INIS)

Lenaeus, Joseph D.; O'Neil, Lori Ross; Leitch, Rosalyn M.; Glantz, Clifford S.; Landine, Guy P.; Bryant, Janet L.; Lewis, John; Mathers, Gemma; Rodger, Robert; Johnson, Christopher

2015-01-01

This document was prepared by PNNL within the framework of Project 19 of the European Union Chemical Biological Radiological and Nuclear Risk Mitigation Centres of Excellence Initiative entitled, ''Development of procedures and guidelines to create and improve secure information management systems and data exchange mechanisms for CBRN materials under regulatory control.'' It provides management and workers at CBRN facilities, parent organization managers responsible for those facilities, and regulatory agencies (governmental and nongovernmental) with guidance on the best practices for protecting information security. The security mitigation approaches presented in this document were chosen because they present generally accepted guidance in an easy-to-understand manner, making it easier for facility personnel to grasp key concepts and envision how security controls could be implemented by the facility. This guidance is presented from a risk management perspective.

How to implement security controls for an information security program at CBRN facilities

Energy Technology Data Exchange (ETDEWEB)

Lenaeus, Joseph D. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); O' Neil, Lori Ross [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Leitch, Rosalyn M. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Glantz, Clifford S. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Landine, Guy P. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Bryant, Janet L. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Lewis, John [National Nuclear Lab., Workington (United Kingdom); Mathers, Gemma [National Nuclear Lab., Workington (United Kingdom); Rodger, Robert [National Nuclear Lab., Workington (United Kingdom); Johnson, Christopher [National Nuclear Lab., Workington (United Kingdom)

2015-12-01

This document was prepared by PNNL within the framework of Project 19 of the European Union Chemical Biological Radiological and Nuclear Risk Mitigation Centres of Excellence Initiative entitled, ''Development of procedures and guidelines to create and improve secure information management systems and data exchange mechanisms for CBRN materials under regulatory control.'' It provides management and workers at CBRN facilities, parent organization managers responsible for those facilities, and regulatory agencies (governmental and nongovernmental) with guidance on the best practices for protecting information security. The security mitigation approaches presented in this document were chosen because they present generally accepted guidance in an easy-to-understand manner, making it easier for facility personnel to grasp key concepts and envision how security controls could be implemented by the facility. This guidance is presented from a risk management perspective.

Dynamic Security Assessment Of Computer Networks In Siem-Systems

Directory of Open Access Journals (Sweden)

Elena Vladimirovna Doynikova

2015-10-01

Full Text Available The paper suggests an approach to the security assessment of computer networks. The approach is based on attack graphs and intended for Security Information and Events Management systems (SIEM-systems. Key feature of the approach consists in the application of the multilevel security metrics taxonomy. The taxonomy allows definition of the system profile according to the input data used for the metrics calculation and techniques of security metrics calculation. This allows specification of the security assessment in near real time, identification of previous and future attacker steps, identification of attackers goals and characteristics. A security assessment system prototype is implemented for the suggested approach. Analysis of its operation is conducted for several attack scenarios.

Forest service access to and use of the Germplasm Information Network (GRIN-Global) database and security backup at the National Laboratory for Genetic Resource Preservation

Science.gov (United States)

B. Loth; R.P. Karrfalt

2017-01-01

The U.S. Department of Agriculture Forest Service (USDA FS) National Seed Laboratory (NSL) began long term seed storage for genetic conservation, in 2005, for USDA FS units and cooperators. This program requires secure storage of both seeds and the data documenting the identification of the seeds. The Agricultural Research Service (ARS) has provided both of these...

Nuclear power plants documentation system

International Nuclear Information System (INIS)

Schwartz, E.L.

1991-01-01

Since the amount of documents (type and quantity) necessary for the entire design of a NPP is very large, this implies that an overall and detailed identification, filling and retrieval system shall be implemented. This is even more applicable to the FINAL QUALITY DOCUMENTATION of the plant, as stipulated by IAEA Safety Codes and related guides. For such a purpose it was developed a DOCUMENTATION MANUAL, which describes in detail the before mentioned documentation system. Here we present the expected goals and results which we have to reach for Angra 2 and 3 Project. (author)

About machine-readable travel documents

International Nuclear Information System (INIS)

Vaudenay, S; Vuagnoux, M

2007-01-01

Passports are documents that help immigration officers to identify people. In order to strongly authenticate their data and to automatically identify people, they are now equipped with RFID chips. These contain private information, biometrics, and a digital signature by issuing authorities. Although they substantially increase security at the border controls, they also come with new security and privacy issues. In this paper, we survey existing protocols and their weaknesses

About machine-readable travel documents

Energy Technology Data Exchange (ETDEWEB)

Vaudenay, S; Vuagnoux, M [EPFL, Lausanne (Switzerland)

2007-07-15

Passports are documents that help immigration officers to identify people. In order to strongly authenticate their data and to automatically identify people, they are now equipped with RFID chips. These contain private information, biometrics, and a digital signature by issuing authorities. Although they substantially increase security at the border controls, they also come with new security and privacy issues. In this paper, we survey existing protocols and their weaknesses.

Secure and documented screwing down of Castor containers

International Nuclear Information System (INIS)

Yilmaz, Asir; Junkers, Patrick

2011-01-01

The castor container is sealed using a multiple lid system comprising a primary lid and a secondary lid. The two lids are positioned one above the other and screwed securely to the body of the container. In addition, the tightness of the lids is guaranteed by a special metal seal. A further steel plate is screwed securely over the lids providing additional protection for the lids from moisture and various influences. The central element connecting the lids to the container comprises fixed threaded connections which must be accurately tightened with a torque of 900 Nm, 1500 Nm or more. The basic function of a threaded connection, in terms of a positive fit and detachable joint, is to join together two or more parts in such a way that they always behave as a single part whatever operational forces are present. This can only be achieved by means of an accurate and sufficient pre-tensioning force. This pretensioning force is transferred to the threaded connection with the help of a particular torque and presses the components together. This loading brought about by the pretensioning force is referred to as the prestress. In order to create a correct and high quality connection, this prestress must be arrived at in an optimum manner. The prestress must therefore be high enough to withstand the full loading for which the connection is designed. In addition the connection should not come loose unintentionally if it is exposed to externally acting forces. Since under no circumstances should threaded connections on a castor container fail, a suitable screwing process must guarantee that this does not happen. The securing of threaded joints can only be ensured by introducing and maintaining a constant and accurate prestress. VDI Guideline 2230, Part 1, mentions various threaded connection or tightening processes, including torque-controlled tightening, angle-controlled tightening and yield-controlled tightening. (orig.)

Secure and documented screwing down of Castor containers

Energy Technology Data Exchange (ETDEWEB)

Yilmaz, Asir; Junkers, Patrick [HYTORC - Barbarino und Kilp GmbH, Krailling (Germany)

2011-07-01

The castor container is sealed using a multiple lid system comprising a primary lid and a secondary lid. The two lids are positioned one above the other and screwed securely to the body of the container. In addition, the tightness of the lids is guaranteed by a special metal seal. A further steel plate is screwed securely over the lids providing additional protection for the lids from moisture and various influences. The central element connecting the lids to the container comprises fixed threaded connections which must be accurately tightened with a torque of 900 Nm, 1500 Nm or more. The basic function of a threaded connection, in terms of a positive fit and detachable joint, is to join together two or more parts in such a way that they always behave as a single part whatever operational forces are present. This can only be achieved by means of an accurate and sufficient pre-tensioning force. This pretensioning force is transferred to the threaded connection with the help of a particular torque and presses the components together. This loading brought about by the pretensioning force is referred to as the prestress. In order to create a correct and high quality connection, this prestress must be arrived at in an optimum manner. The prestress must therefore be high enough to withstand the full loading for which the connection is designed. In addition the connection should not come loose unintentionally if it is exposed to externally acting forces. Since under no circumstances should threaded connections on a castor container fail, a suitable screwing process must guarantee that this does not happen. The securing of threaded joints can only be ensured by introducing and maintaining a constant and accurate prestress. VDI Guideline 2230, Part 1, mentions various threaded connection or tightening processes, including torque-controlled tightening, angle-controlled tightening and yield-controlled tightening. (orig.)

Security seal

Science.gov (United States)

Gobeli, Garth W.

1985-01-01

Security for a package or verifying seal in plastic material is provided by a print seal with unique thermally produced imprints in the plastic. If tampering is attempted, the material is irreparably damaged and thus detectable. The pattern of the imprints, similar to "fingerprints" are recorded as a positive identification for the seal, and corresponding recordings made to allow comparison. The integrity of the seal is proved by the comparison of imprint identification records made by laser beam projection.

Secure and Fair Cluster Head Selection Protocol for Enhancing Security in Mobile Ad Hoc Networks

Directory of Open Access Journals (Sweden)

B. Paramasivan

2014-01-01

Full Text Available Mobile ad hoc networks (MANETs are wireless networks consisting of number of autonomous mobile devices temporarily interconnected into a network by wireless media. MANETs become one of the most prevalent areas of research in the recent years. Resource limitations, energy efficiency, scalability, and security are the great challenging issues in MANETs. Due to its deployment nature, MANETs are more vulnerable to malicious attack. The secure routing protocols perform very basic security related functions which are not sufficient to protect the network. In this paper, a secure and fair cluster head selection protocol (SFCP is proposed which integrates security factors into the clustering approach for achieving attacker identification and classification. Byzantine agreement based cooperative technique is used for attacker identification and classification to make the network more attack resistant. SFCP used to solve this issue by making the nodes that are totally surrounded by malicious neighbors adjust dynamically their belief and disbelief thresholds. The proposed protocol selects the secure and energy efficient cluster head which acts as a local detector without imposing overhead to the clustering performance. SFCP is simulated in network simulator 2 and compared with two protocols including AODV and CBRP.

Secure and fair cluster head selection protocol for enhancing security in mobile ad hoc networks.

Science.gov (United States)

Paramasivan, B; Kaliappan, M

2014-01-01

Mobile ad hoc networks (MANETs) are wireless networks consisting of number of autonomous mobile devices temporarily interconnected into a network by wireless media. MANETs become one of the most prevalent areas of research in the recent years. Resource limitations, energy efficiency, scalability, and security are the great challenging issues in MANETs. Due to its deployment nature, MANETs are more vulnerable to malicious attack. The secure routing protocols perform very basic security related functions which are not sufficient to protect the network. In this paper, a secure and fair cluster head selection protocol (SFCP) is proposed which integrates security factors into the clustering approach for achieving attacker identification and classification. Byzantine agreement based cooperative technique is used for attacker identification and classification to make the network more attack resistant. SFCP used to solve this issue by making the nodes that are totally surrounded by malicious neighbors adjust dynamically their belief and disbelief thresholds. The proposed protocol selects the secure and energy efficient cluster head which acts as a local detector without imposing overhead to the clustering performance. SFCP is simulated in network simulator 2 and compared with two protocols including AODV and CBRP.

Global food and fibre security threatened by current inefficiencies in fungal identification

Science.gov (United States)

2016-01-01

Fungal pathogens severely impact global food and fibre crop security. Fungal species that cause plant diseases have mostly been recognized based on their morphology. In general, morphological descriptions remain disconnected from crucially important knowledge such as mating types, host specificity, life cycle stages and population structures. The majority of current fungal species descriptions lack even the most basic genetic data that could address at least some of these issues. Such information is essential for accurate fungal identifications, to link critical metadata and to understand the real and potential impact of fungal pathogens on production and natural ecosystems. Because international trade in plant products and introduction of pathogens to new areas is likely to continue, the manner in which fungal pathogens are identified should urgently be reconsidered. The technologies that would provide appropriate information for biosecurity and quarantine already exist, yet the scientific community and the regulatory authorities are slow to embrace them. International agreements are urgently needed to enforce new guidelines for describing plant pathogenic fungi (including key DNA information), to ensure availability of relevant data and to modernize the phytosanitary systems that must deal with the risks relating to trade-associated plant pathogens. This article is part of the themed issue ‘Tackling emerging fungal threats to animal health, food security and ecosystem resilience’. PMID:28080994

Mobile visual object identification: from SIFT-BoF-RANSAC to Sketchprint

Science.gov (United States)

Voloshynovskiy, Sviatoslav; Diephuis, Maurits; Holotyak, Taras

2015-03-01

Mobile object identification based on its visual features find many applications in the interaction with physical objects and security. Discriminative and robust content representation plays a central role in object and content identification. Complex post-processing methods are used to compress descriptors and their geometrical information, aggregate them into more compact and discriminative representations and finally re-rank the results based on the similarity geometries of descriptors. Unfortunately, most of the existing descriptors are not very robust and discriminative once applied to the various contend such as real images, text or noise-like microstructures next to requiring at least 500-1'000 descriptors per image for reliable identification. At the same time, the geometric re-ranking procedures are still too complex to be applied to the numerous candidates obtained from the feature similarity based search only. This restricts that list of candidates to be less than 1'000 which obviously causes a higher probability of miss. In addition, the security and privacy of content representation has become a hot research topic in multimedia and security communities. In this paper, we introduce a new framework for non- local content representation based on SketchPrint descriptors. It extends the properties of local descriptors to a more informative and discriminative, yet geometrically invariant content representation. In particular it allows images to be compactly represented by 100 SketchPrint descriptors without being fully dependent on re-ranking methods. We consider several use cases, applying SketchPrint descriptors to natural images, text documents, packages and micro-structures and compare them with the traditional local descriptors.

19 CFR 24.5 - Filing identification number.

Science.gov (United States)

2010-04-01

... TREASURY CUSTOMS FINANCIAL AND ACCOUNTING PROCEDURE § 24.5 Filing identification number. (a) Generally..., the Social Security number. (2) If neither an Internal Revenue Service employer identification number nor a Social Security number has been assigned, the word “None” shall be written on the line provided...

Security planning an applied approach

CERN Document Server

Lincke, Susan

2015-01-01

This book guides readers through building an IT security plan. Offering a template, it helps readers to prioritize risks, conform to regulation, plan their defense and secure proprietary/confidential information. The process is documented in the supplemental online security workbook. Security Planning is designed for the busy IT practitioner, who does not have time to become a security expert, but needs a security plan now. It also serves to educate the reader of a broader set of concepts related to the security environment through the Introductory Concepts and Advanced sections. The book serv

Security research roadmap; Security-tutkimuksen roadmap

Energy Technology Data Exchange (ETDEWEB)

Naumanen, M.; Rouhiainen, V. (eds.)

2006-02-15

security products and technologies needed are, for example, management of total security, detection, identification, localisation and communication, protection of information networks and systems, and physical protection. This report presents in more detail the knowledge and development needs as well as future development potentials seen in the security area. (orig.)

49 CFR 237.155 - Documents and records.

Science.gov (United States)

2010-10-01

..., DEPARTMENT OF TRANSPORTATION BRIDGE SAFETY STANDARDS Documentation, Records, and Audits of Bridge Management Programs § 237.155 Documents and records. Each track owner required to implement a bridge management... protected by a security system that incorporates a user identity and password, or a comparable method, to...

Reformulating Component Identification as Document Analysis Problem

NARCIS (Netherlands)

Gross, H.G.; Lormans, M.; Zhou, J.

2007-01-01

One of the first steps of component procurement is the identification of required component features in large repositories of existing components. On the highest level of abstraction, component requirements as well as component descriptions are usually written in natural language. Therefore, we can

Script identification in printed bilingual documents

Indian Academy of Sciences (India)

R. Narasimhan (Krishtel eMaging) 1461 1996 Oct 15 13:05:22

and lower zones, together with the character density, is used to identify the script. ... our work, we assume bilingual documents which require script recognition at word level. ... Thus, all the reported studies accomplish script recognition either at the line level ... In this paper, we make an attempt to separate the English and.

Security analysis of Microsoft RMS

Directory of Open Access Journals (Sweden)

Joanna Dmitruk

2017-12-01

Full Text Available Microsoft Rights Management Services (RMS is a system designed to ensure the protection and proper use of electronic documents. RMS allows to apply different access policies for documents, thus allowing to control their use in time. The system allows not only defining access policies at document creation, but also after its distribution. Microsoft RMS uses a number of advanced cryptographic mechanisms and primitives to ensure overall service security. In this paper, we have analyzed the security of RMS, indicating a number of possible gaps. The methods of solving those problems, especially those related to data integrity, have been proposed. Keywords: DRM, cryptography, cryptanalysis, RMS, Microsoft

26 CFR 1.475(b)-2 - Exemptions-identification requirements.

Science.gov (United States)

2010-04-01

... requirements. (a) Identification of the basis for exemption. An identification of a security as exempt from mark to market does not satisfy section 475(b)(2) if it fails to state whether the security is described in— (1) Either of the first two subparagraphs of section 475(b)(1) (identifying a security as held...

ACE - Manufacturer Identification Code (MID)

Data.gov (United States)

Department of Homeland Security — The ACE Manufacturer Identification Code (MID) application is used to track and control identifications codes for manufacturers. A manufacturer is identified on an...

ADP Security Plan, Math Building, Room 1139

Energy Technology Data Exchange (ETDEWEB)

Melton, R.

1985-08-27

This document provides the draft copy of an updated (ADP) Security Plan for an IBM Personal Computer to be used in the Math Building at PNL for classified data base management. Using the equipment specified in this document and implementing the administrative and physical procedures as outlined will provide the secure environment necessary for this work to proceed.

High-level waste storage tank farms/242-A evaporator standards/requirements identification document (S/RID), Vol. 1

Energy Technology Data Exchange (ETDEWEB)

1994-04-01

The purpose of this Requirements Identification Document (RID) section is to identify, in one location, all of the facility specific requirements and good industry practices which are necessary or important to establish an effective Issues Management Program for the Tank Farm Facility. The Management Systems Functional Area includes the site management commitment to environmental safety and health (ES&H) policies and controls, to compliance management, to development and management of policy and procedures, to occurrence reporting and corrective actions, resource and issue management, and to the self-assessment process.

High-level waste storage tank farms/242-A evaporator standards/requirements identification document (S/RID), Vol. 1

International Nuclear Information System (INIS)

1994-04-01

The purpose of this Requirements Identification Document (RID) section is to identify, in one location, all of the facility specific requirements and good industry practices which are necessary or important to establish an effective Issues Management Program for the Tank Farm Facility. The Management Systems Functional Area includes the site management commitment to environmental safety and health (ES ampersand H) policies and controls, to compliance management, to development and management of policy and procedures, to occurrence reporting and corrective actions, resource and issue management, and to the self-assessment process

On the Security of Mexican Digital Fiscal Documents

OpenAIRE

González García, Vladimir; Rodríguez Henríquez, Francisco; Cruz Cortés, Nareli

2008-01-01

In January 2005, the Mexican Tributary Administration System (SAT) introduced an official norm that stipulates how to generate electronic invoices that were termed by SAT, Comprobante Fiscal Digital (CFD). Supporting the CFD service implies the exchange of confidential information over Internet and other communication channels that are intrinsically highly vulnerable. Therefore, it becomes indispensable to incorporate to this service reliable and sound information security mechanisms. In the ...

Secure and Efficient Routable Control Systems

Energy Technology Data Exchange (ETDEWEB)

Edgar, Thomas W.; Hadley, Mark D.; Manz, David O.; Winn, Jennifer D.

2010-05-01

This document provides the methods to secure routable control system communication in the electric sector. The approach of this document yields a long-term vision for a future of secure communication, while also providing near term steps and a roadmap. The requirements for the future secure control system environment were spelled out to provide a final target. Additionally a survey and evaluation of current protocols was used to determine if any existing technology could achieve this goal. In the end a four-step path was described that brought about increasing requirement completion and culminates in the realization of the long term vision.

Identification of documented medication non-adherence in physician notes.

Science.gov (United States)

Turchin, Alexander; Wheeler, Holly I; Labreche, Matthew; Chu, Julia T; Pendergrass, Merri L; Einbinder, Jonathan S; Einbinder, Jonathan Seth

2008-11-06

Medication non-adherence is common and the physicians awareness of it may be an important factor in clinical decision making. Few sources of data on physician awareness of medication non-adherence are available. We have designed an algorithm to identify documentation of medication non-adherence in the text of physician notes. The algorithm recognizes eight semantic classes of documentation of medication non-adherence. We evaluated the algorithm against manual ratings of 200 randomly selected notes of hypertensive patients. The algorithm detected 89% of the notes with documented medication non-adherence with specificity of 84.7% and positive predictive value of 80.2%. In a larger dataset of 1,000 documents, notes that documented medication non-adherence were more likely to report significantly elevated systolic (15.3% vs. 9.0%; p = 0.002) and diastolic (4.1% vs. 1.9%; p = 0.03) blood pressure. This novel clinically validated tool expands the range of information on medication non-adherence available to researchers.

Design-Efficiency in Security

DEFF Research Database (Denmark)

Yuksel, Ender; Nielson, Hanne Riis; Nielson, Flemming

In this document, we present our applied results on balancing security and performance using a running example, which is based on sensor networks. These results are forming a basis for a new approach to balance security and performance, and therefore provide design-­efficiency of key updates. We...

76 FR 46668 - Business Conduct Standards for Security-Based Swap Dealers and Major Security-Based Swap...

Science.gov (United States)

2011-08-03

... SECURITIES AND EXCHANGE COMMISSION 17 CFR Part 240 [Release No. 34-64766; File No. S7-25-11] RIN 3235-AL10 Business Conduct Standards for Security-Based Swap Dealers and Major Security-Based Swap Participants Correction In proposed rule document number 2011-16758, appearing on pages 42396-42455 in the...

Corrective Action Decision Document/Closure Report for Corrective Action Unit 570: Area 9 Yucca Flat Atmospheric Test Sites, Nevada National Security Site, Nevada, Revision 0

Energy Technology Data Exchange (ETDEWEB)

Matthews, Patrick [Navarro-Intera, LLC (N-I), Las Vegas, NV (United States)

2013-11-01

This Corrective Action Decision Document/Closure Report presents information supporting the closure of Corrective Action Unit (CAU) 570: Area 9 Yucca Flat Atmospheric Test Sites, Nevada National Security Site, Nevada. This complies with the requirements of the Federal Facility Agreement and Consent Order (FFACO) that was agreed to by the State of Nevada; U.S. Department of Energy (DOE), Environmental Management; U.S. Department of Defense; and DOE, Legacy Management. The purpose of the CADD/CR is to provide justification and documentation supporting the recommendation that no further corrective action is needed.

Access control and personal identification systems

CERN Document Server

Bowers, Dan M

1988-01-01

Access Control and Personal Identification Systems provides an education in the field of access control and personal identification systems, which is essential in selecting the appropriate equipment, dealing intelligently with vendors in purchases of the equipment, and integrating the equipment into a total effective system. Access control devices and systems comprise an important part of almost every security system, but are seldom the sole source of security. In order for the goals of the total system to be met, the other portions of the security system must also be well planned and executed

Non-disability Repository for Evidentiary Documents

Data.gov (United States)

Social Security Administration — Contains data that supports the electronic storage of paper documents or electronic files not addressed by other initiatives such as electronic Disability (eDib) and...

Security threads: effective security devices in the past, present, and future

Science.gov (United States)

Wolpert, Gary R.

2002-04-01

Security threads were first used to secure banknotes in the mid 1800's. The key to their anti-counterfeiting success was the fact that by being embedded in the paper, they became an integral part of the banknote substrate. Today, all major currencies still utilize this effective security feature. Technological developments have allowed security threads to evolve from a feature authenticated by only visual means to devices that incorporate both visual and machine detectable components. When viewed from the perspective of a thread being a carrier of various security technologies and the fact that they can be incorporated into the core substrate of banknotes, documents, labels, packaging and some high valued articles, it is clear that security threads will remain as effective security devices well into the future. This paper discusses a brief historical background of security threads, current visual and machine authentication technologies incorporated into threads today and a look to the future of threads as effective security devices.

Information technology - Security techniques - Information security management systems - Requirements

CERN Document Server

International Organization for Standardization. Geneva

2005-01-01

ISO/IEC 27001:2005 covers all types of organizations (e.g. commercial enterprises, government agencies, not-for profit organizations). ISO/IEC 27001:2005 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization's overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof. ISO/IEC 27001:2005 is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties. ISO/IEC 27001:2005 is intended to be suitable for several different types of use, including the following: use within organizations to formulate security requirements and objectives; use within organizations as a way to ensure that security risks are cost effectively managed; use within organizations to ensure comp...

Shoulder dystocia documentation: an evaluation of a documentation training intervention.

Science.gov (United States)

LeRiche, Tammy; Oppenheimer, Lawrence; Caughey, Sharon; Fell, Deshayne; Walker, Mark

2015-03-01

To evaluate the quality and content of nurse and physician shoulder dystocia delivery documentation before and after MORE training in shoulder dystocia management skills and documentation. Approximately 384 charts at the Ottawa Hospital General Campus involving a diagnosis of shoulder dystocia between the years of 2000 and 2006 excluding the training year of 2003 were identified. The charts were evaluated for 14 key components derived from a validated instrument. The delivery notes were then scored based on these components by 2 separate investigators who were blinded to delivery note author, date, and patient identification to further quantify delivery record quality. Approximately 346 charts were reviewed for physician and nurse delivery documentation. The average score for physician notes was 6 (maximum possible score of 14) both before and after the training intervention. The nurses' average score was 5 before and after the training intervention. Negligible improvement was observed in the content and quality of shoulder dystocia documentation before and after nurse and physician training.

Performance of an optical identification and interrogation system

Science.gov (United States)

Venugopalan, A.; Ghosh, A. K.; Verma, P.; Cheng, S.

2008-04-01

A free space optics based identification and interrogation system has been designed. The applications of the proposed system lie primarily in areas which require a secure means of mutual identification and information exchange between optical readers and tags. Conventional RFIDs raise issues regarding security threats, electromagnetic interference and health safety. The security of RF-ID chips is low due to the wide spatial spread of radio waves. Malicious nodes can read data being transmitted on the network, if they are in the receiving range. The proposed system provides an alternative which utilizes the narrow paraxial beams of lasers and an RSA-based authentication scheme. These provide enhanced security to communication between a tag and the base station or reader. The optical reader can also perform remote identification and the tag can be read from a far off distance, given line of sight. The free space optical identification and interrogation system can be used for inventory management, security systems at airports, port security, communication with high security systems, etc. to name a few. The proposed system was implemented with low-cost, off-the-shelf components and its performance in terms of throughput and bit error rate has been measured and analyzed. The range of operation with a bit-error-rate lower than 10-9 was measured to be about 4.5 m. The security of the system is based on the strengths of the RSA encryption scheme implemented using more than 1024 bits.

Information security management handbook

CERN Document Server

Tipton, Harold F

2003-01-01

Since 1993, the Information Security Management Handbook has served not only as an everyday reference for information security practitioners but also as an important document for conducting the intense review necessary to prepare for the Certified Information System Security Professional (CISSP) examination. Now completely revised and updated and in its fifth edition, the handbook maps the ten domains of the Information Security Common Body of Knowledge and provides a complete understanding of all the items in it. This is a ...must have... book, both for preparing for the CISSP exam and as a c

Design of the XML Security System for Electronic Commerce Application

Institute of Scientific and Technical Information of China (English)

无

2003-01-01

The invocation of World Wide Web (www) first triggered mass adoption of the Internet for public access to digital information exchanges across the globe. To get a big market on the Web, a special security infrastructure would need to be put into place transforming the wild-and-woolly Internet into a network with end-to-end protections. XML (extensible Markup Language) is widely accepted as powerful data representation standard for electronic documents, so a security mechanism for XML documents must be provided in the first place to secure electronic commerce over Internet. In this paper the authors design and implement a secure framework that provides XML signature function, XML Element-wise Encryption function, smart card based crypto API library and Public Key Infrastructure (PKI) security functions to achieve confidentiality, integrity, message authentication, and/or signer authentication services for XML documents and existing non-XML documents that are exchanged by Internet for E-commerce application.

Security of Nuclear Information. Implementing Guide

International Nuclear Information System (INIS)

2015-01-01

This publication provides guidance on implementing the principle of confidentiality and on the broader aspects of information security (i.e. integrity and availability). It assists States in bridging the gap between existing government and industry standards on information security, the particular concepts and considerations that apply to nuclear security and the special provisions and conditions that exist when dealing with nuclear material and other radioactive material. Specifically it seeks to assist states in the identification, classification, and assignment of appropriate security controls to information that could adversely impact nuclear security if compromised

Documenting and disseminating agricultural indigenous knowledge ...

African Journals Online (AJOL)

Documenting and disseminating agricultural indigenous knowledge for sustainable food security in Uganda. ... University of Dar es Salaam Library Journal ... Moreover, small-scale farmers should be involved in agricultural extension services ...

Risk assessment techniques for civil aviation security

Energy Technology Data Exchange (ETDEWEB)

Tamasi, Galileo, E-mail: g.tamasi@enac.rupa.i [Ente Nazionale per l' Aviazione Civile-Direzione Progetti, Studi e Ricerche, Via di Villa Ricotti, 42, 00161 Roma (Italy); Demichela, Micaela, E-mail: micaela.demichela@polito.i [SAfeR-Centro Studi su Sicurezza, Affidabilita e Rischi, Dipartimento di Scienza dei Materiali e Ingegneria Chimica, Politecnico di Torino, Corso Duca degli Abruzzi, 24, 10129 Torino (Italy)

2011-08-15

Following the 9/11 terrorists attacks in New York a strong economical effort was made to improve and adapt aviation security, both in infrastructures as in airplanes. National and international guidelines were promptly developed with the objective of creating a security management system able to supervise the identification of risks and the definition and optimization of control measures. Risk assessment techniques are thus crucial in the above process, since an incorrect risk identification and quantification can strongly affect both the security level as the investments needed to reach it. The paper proposes a set of methodologies to qualitatively and quantitatively assess the risk in the security of civil aviation and the risk assessment process based on the threats, criticality and vulnerabilities concepts, highlighting their correlation in determining the level of risk. RAMS techniques are applied to the airport security system in order to analyze the protection equipment for critical facilities located in air-side, allowing also the estimation of the importance of the security improving measures vs. their effectiveness.

Risk assessment techniques for civil aviation security

International Nuclear Information System (INIS)

Tamasi, Galileo; Demichela, Micaela

2011-01-01

Following the 9/11 terrorists attacks in New York a strong economical effort was made to improve and adapt aviation security, both in infrastructures as in airplanes. National and international guidelines were promptly developed with the objective of creating a security management system able to supervise the identification of risks and the definition and optimization of control measures. Risk assessment techniques are thus crucial in the above process, since an incorrect risk identification and quantification can strongly affect both the security level as the investments needed to reach it. The paper proposes a set of methodologies to qualitatively and quantitatively assess the risk in the security of civil aviation and the risk assessment process based on the threats, criticality and vulnerabilities concepts, highlighting their correlation in determining the level of risk. RAMS techniques are applied to the airport security system in order to analyze the protection equipment for critical facilities located in air-side, allowing also the estimation of the importance of the security improving measures vs. their effectiveness.

49 CFR 659.23 - System security plan: contents.

Science.gov (United States)

2010-10-01

... 49 Transportation 7 2010-10-01 2010-10-01 false System security plan: contents. 659.23 Section 659... State Oversight Agency § 659.23 System security plan: contents. The system security plan must, at a... system security plan; and (e) Document the rail transit agency's process for making its system security...

Insecurity of quantum secure computations

Science.gov (United States)

Lo, Hoi-Kwong

1997-08-01

It had been widely claimed that quantum mechanics can protect private information during public decision in, for example, the so-called two-party secure computation. If this were the case, quantum smart-cards, storing confidential information accessible only to a proper reader, could prevent fake teller machines from learning the PIN (personal identification number) from the customers' input. Although such optimism has been challenged by the recent surprising discovery of the insecurity of the so-called quantum bit commitment, the security of quantum two-party computation itself remains unaddressed. Here I answer this question directly by showing that all one-sided two-party computations (which allow only one of the two parties to learn the result) are necessarily insecure. As corollaries to my results, quantum one-way oblivious password identification and the so-called quantum one-out-of-two oblivious transfer are impossible. I also construct a class of functions that cannot be computed securely in any two-sided two-party computation. Nevertheless, quantum cryptography remains useful in key distribution and can still provide partial security in ``quantum money'' proposed by Wiesner.

(In-)security of smartphone anti-virus and security apps

OpenAIRE

Huber, Stephan; Rasthofer, Siegfried

2016-01-01

Android is by far the most popular operating system for smartphones today. Many people entrust their Android-based phone with highly sensitive data such as business documents and credit card information, or perform critical tasks such as online banking on their devices. To protect their devices against threats from malware or attackers who aim to exploit security vulnerabilities, many users rely on anti-virus and security apps available from renowned vendors. In this paper, we show that those...

Information security management system planning for CBRN facilities

Energy Technology Data Exchange (ETDEWEB)

Lenaeu, Joseph D. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); O' Neil, Lori Ross [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Leitch, Rosalyn M. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Glantz, Clifford S. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Landine, Guy P. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Bryant, Janet L. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Lewis, John [National Nuclear Lab., Workington (United Kingdom); Mathers, Gemma [National Nuclear Lab., Workington (United Kingdom); Rodger, Robert [National Nuclear Lab., Workington (United Kingdom); Johnson, Christopher [National Nuclear Lab., Workington (United Kingdom)

2015-12-01

The focus of this document is to provide guidance for the development of information security management system planning documents at chemical, biological, radiological, or nuclear (CBRN) facilities. It describes a risk-based approach for planning information security programs based on the sensitivity of the data developed, processed, communicated, and stored on facility information systems.

Information security management system planning for CBRN facilities

International Nuclear Information System (INIS)

Lenaeu, Joseph D.; O'Neil, Lori Ross; Leitch, Rosalyn M.; Glantz, Clifford S.; Landine, Guy P.; Bryant, Janet L.; Lewis, John; Mathers, Gemma; Rodger, Robert; Johnson, Christopher

2015-01-01

The focus of this document is to provide guidance for the development of information security management system planning documents at chemical, biological, radiological, or nuclear (CBRN) facilities. It describes a risk-based approach for planning information security programs based on the sensitivity of the data developed, processed, communicated, and stored on facility information systems.

Transportation System Requirements Document

International Nuclear Information System (INIS)

1993-09-01

This Transportation System Requirements Document (Trans-SRD) describes the functions to be performed by and the technical requirements for the Transportation System to transport spent nuclear fuel (SNF) and high-level radioactive waste (HLW) from Purchaser and Producer sites to a Civilian Radioactive Waste Management System (CRWMS) site, and between CRWMS sites. The purpose of this document is to define the system-level requirements for Transportation consistent with the CRWMS Requirement Document (CRD). These requirements include design and operations requirements to the extent they impact on the development of the physical segments of Transportation. The document also presents an overall description of Transportation, its functions, its segments, and the requirements allocated to the segments and the system-level interfaces with Transportation. The interface identification and description are published in the CRWMS Interface Specification

Permission-based Index Clustering for Secure Multi-User Search

OpenAIRE

Eirini C. Micheli; Giorgos Margaritis; Stergios V. Anastasiadis

2015-01-01

Secure keyword search in shared infrastructures prevents stored documents from leaking sensitive information to unauthorized users. A shared index provides confidentiality if it is exclusively used by users authorized to search all the indexed documents. We introduce the Lethe indexing workflow to improve query and update efficiency in secure keyword search. The Lethe workflow clusters together documents with similar sets of authorized users, and creates shared indices for configurable docume...

78 FR 59706 - Secure Supply Chain Pilot Program; Correction

Science.gov (United States)

2013-09-27

...] Secure Supply Chain Pilot Program; Correction AGENCY: Food and Drug Administration, HHS. ACTION: Notice... Federal Register of August 20, 2013 (78 FR 51192). The document announced the start of the Secure Supply Chain Pilot Program (SSCPP). The document was published with an incorrect email address for the SSCPP...

Integrity Based Access Control Model for Multilevel XML Document

Institute of Scientific and Technical Information of China (English)

HONG Fan; FENG Xue-bin; HUANO Zhi; ZHENG Ming-hui

2008-01-01

XML's increasing popularity highlights the security demand for XML documents. A mandatory access control model for XML document is presented on the basis of investigation of the function dependency of XML documents and discussion of the integrity properties of multilevel XML document. Then, the algorithms for decomposition/recovery multilevel XML document into/from single level document are given, and the manipulation rules for typical operations of XQuery and XUpdate: QUERY, INSERT,UPDATE, and REMOVE, are elaborated. The multilevel XML document access model can meet the requirement of sensitive information processing application.

Economics and Security: Resourcing National Priorities

Science.gov (United States)

2010-05-21

Papers Number 5 N um ber 5 Econom ics and Security: R esourcing N ational Priorities http://www.usnwc.edu Report Documentation Page Form ApprovedOMB No...2010 William B. Ruger Chair of National Security Economics Papers Number 5 N um ber 5 Econom ics and Security: R esourcing N ational Priorities http://www.usnwc.edu

Hanford surplus facilities hazards identification document. Revision 2

International Nuclear Information System (INIS)

Egge, R.G.

1996-02-01

This document provides general safety information needed by personnel who enter and work in surplus facilities managed by Bechtel Hanford, Inc. (BHI). The purpose of the document is to enhance access control of surplus facilities, educate personnel on the potential hazards associated with these facilities prior to entry, and ensure that safety precautions are taken while in the facility. Questions concerning the currency of this information should be directed to the building administrator (as listed in BHI-FS-01, Field Support Administration, Section 1.1, ''Access Control for ERC Surplus Facilities'')

Combining overt and covert anti-counterfeiting technologies for securities

Science.gov (United States)

Uematsu, Tsuyoshi

2006-02-01

The National Printing Bureau of Japan has been developing new anti-counterfeiting technologies as a banknote printer. Some of our technologies have already been effectively introduced into Japan's new banknote series. Anti-counterfeiting technologies can be applied not only to banknotes but also to other security documents depending on desired features. In this presentation, I will introduce three of our newly developed overt and covert security techniques, which are intended for document security and brand protection, as well as banknotes. "Metallic View" is mainly for offset printing. "Copy Check" (micro-structural lines involving luminescence) is for plate making technology. "ImageSwitch" is for a new security solution which has unlimited printing applications. All three techniques create "latent images" (some of which may be better known as "carrier screen images") that are useful in preventing counterfeiting. While each of the techniques is effective by itself, all are more effective when applied together. Combining these techniques could make all security documents harder to copy using IT scanners, and provide cost-effective anti-counterfeiting solutions for all security users.

Nuclear security

International Nuclear Information System (INIS)

1991-12-01

This paper reports that despite their crucial importance to national security, safeguards at the Department of Energy's (DOE) weapons facilities may be falling short. DOE security inspections have identified many weaknesses, including poor performance by members of DOE's security force, poor accountability for quantities of nuclear materials, and the inability of personnel to locate documents containing classified information. About 13 percent of the 2,100 identified weakness resulted in DOE inspectors giving out unsatisfactory security ratings; another 38 percent led to marginal ratings. In addition, DOE's centralized safeguards and security information tracking system lacks current data on whether DOE field offices have corrected the identified weaknesses. Without reliable information, DOE has no way of knowing whether timely action was taken to correct problems, nor can it determine whether weaknesses are systematic. DOE has tried to minimize the impact of these security weaknesses at its facilities by establishing multiple layers of protection measures and instituting interim and compensatory measures for identified weaknesses. DOE is planning enhancements to the centralized tracking system that should improve its reliability and increase its effectiveness

21st Century Security Manager

Directory of Open Access Journals (Sweden)

Stelian ARION

2010-11-01

Full Text Available We live in world of uncertainty that generates major paradigms changing that affect security risk management. Modern organization’s security risks management can’t be done without a profound knowlegde and daily practice for security governance, security risk management and resilience. 21st Century security manager need to deal with several areas of konwledge in order to succesfully manage security risks. The document presents the advantages, disadvantages and challenges for security managers thah have government backgroud, or IT security backgroud, or are promoted from organization’s inside leaders. There are six different areas of knowledge that successful security programs of the future must incorporate, either in the knowledge base of their leaders or in the collective knowledge of the leading staff. They are government elements, security organization, emerging issue awareness, IT security, business elements and executive leadership.

Document Management and Exchange System – Supporting Education Process

Directory of Open Access Journals (Sweden)

Emil Egredzija

2010-03-01

Full Text Available Development and implementation of new technologies are very important in education. One of the most challenging tasks in the education process is to build efficient and cost-friendly system for content management and exchange. The system has to be reliable, easy manageable and open. Centralized storage, secured access, and ubiquitous client technologies have emerged as best-practice solutions in engineering that kind of services. Users can easily publish or exchange documents and not need to worry about their distribution, storage or technical skills required for efficient document management. The system that will be presented is built on open source technologies and is deployable on all today's popular web software platforms. The web server, the programming language and operating system that are used to build and deploy such a system are all non-proprietary and completely open because our mission was to build system that can be easily extended and not limited by its corporate license. The system uses security mechanisms such as user group access policy, operating system level security (file system and secured data storage in database. Because of the growing need for document management in education process we believe that this project will find its place in practice.

RFID Based Security Access Control System with GSM Technology

OpenAIRE

Peter Adole; Joseph M. Môm; Gabriel A. Igwue

2016-01-01

The security challenges being encountered in many places today require electronic means of controlling access to secured premises in addition to the available security personnel. Various technologies were used in different forms to solve these challenges. The Radio Frequency Identification (RFID) Based Access Control Security system with GSM technology presented in this work helps to prevent unauthorized access to controlled environments (secured premises). This is achieved mainly...

75 FR 10414 - Researcher Identification Card

Science.gov (United States)

2010-03-08

... capturing administrative information on the characteristics of our users. Other forms of identification are... use bar-codes on researcher identification cards in the Washington, DC, area. The plastic cards we... plastic researcher identification cards as part of their security systems, we issue a plastic card to...

Interagency Security Classification Appeals Panel (ISCAP) Decisions

Data.gov (United States)

National Archives and Records Administration — This online collection includes documents decided upon by the Interagency Security Classification Appeals Panel (ISCAP) starting in Fiscal Year 2012. The documents...

QuickCash: Secure Transfer Payment Systems

Directory of Open Access Journals (Sweden)

Abdulrahman Alhothaily

2017-06-01

Full Text Available Payment systems play a significant role in our daily lives. They are an important driver of economic activities and a vital part of the banking infrastructure of any country. Several current payment systems focus on security and reliability but pay less attention to users’ needs and behaviors. For example, people may share their bankcards with friends or relatives to withdraw money for various reasons. This behavior can lead to a variety of privacy and security issues since the cardholder has to share a bankcard and other sensitive information such as a personal identification number (PIN. In addition, it is commonplace that cardholders may lose their cards, and may not be able to access their accounts due to various reasons. Furthermore, transferring money to an individual who has lost their bankcard and identification information is not a straightforward task. A user-friendly person-to-person payment system is urgently needed to perform secure and reliable transactions that benefit from current technological advancements. In this paper, we propose two secure fund transfer methods termed QuickCash Online and QuickCash Offline to transfer money from peer to peer using the existing banking infrastructure. Our methods provide a convenient way to transfer money quickly, and they do not require using bank cards or any identification card. Unlike other person-to-person payment systems, the proposed methods do not require the receiving entity to have a bank account, or to perform any registration procedure. We implement our QuickCash payment systems and analyze their security strengths and properties.

QuickCash: Secure Transfer Payment Systems

Science.gov (United States)

Alhothaily, Abdulrahman; Alrawais, Arwa; Song, Tianyi; Lin, Bin; Cheng, Xiuzhen

2017-01-01

Payment systems play a significant role in our daily lives. They are an important driver of economic activities and a vital part of the banking infrastructure of any country. Several current payment systems focus on security and reliability but pay less attention to users’ needs and behaviors. For example, people may share their bankcards with friends or relatives to withdraw money for various reasons. This behavior can lead to a variety of privacy and security issues since the cardholder has to share a bankcard and other sensitive information such as a personal identification number (PIN). In addition, it is commonplace that cardholders may lose their cards, and may not be able to access their accounts due to various reasons. Furthermore, transferring money to an individual who has lost their bankcard and identification information is not a straightforward task. A user-friendly person-to-person payment system is urgently needed to perform secure and reliable transactions that benefit from current technological advancements. In this paper, we propose two secure fund transfer methods termed QuickCash Online and QuickCash Offline to transfer money from peer to peer using the existing banking infrastructure. Our methods provide a convenient way to transfer money quickly, and they do not require using bank cards or any identification card. Unlike other person-to-person payment systems, the proposed methods do not require the receiving entity to have a bank account, or to perform any registration procedure. We implement our QuickCash payment systems and analyze their security strengths and properties. PMID:28608846

QuickCash: Secure Transfer Payment Systems.

Science.gov (United States)

Alhothaily, Abdulrahman; Alrawais, Arwa; Song, Tianyi; Lin, Bin; Cheng, Xiuzhen

2017-06-13

Payment systems play a significant role in our daily lives. They are an important driver of economic activities and a vital part of the banking infrastructure of any country. Several current payment systems focus on security and reliability but pay less attention to users' needs and behaviors. For example, people may share their bankcards with friends or relatives to withdraw money for various reasons. This behavior can lead to a variety of privacy and security issues since the cardholder has to share a bankcard and other sensitive information such as a personal identification number (PIN). In addition, it is commonplace that cardholders may lose their cards, and may not be able to access their accounts due to various reasons. Furthermore, transferring money to an individual who has lost their bankcard and identification information is not a straightforward task. A user-friendly person-to-person payment system is urgently needed to perform secure and reliable transactions that benefit from current technological advancements. In this paper, we propose two secure fund transfer methods termed QuickCash Online and QuickCash Offline to transfer money from peer to peer using the existing banking infrastructure. Our methods provide a convenient way to transfer money quickly, and they do not require using bank cards or any identification card. Unlike other person-to-person payment systems, the proposed methods do not require the receiving entity to have a bank account, or to perform any registration procedure. We implement our QuickCash payment systems and analyze their security strengths and properties.

Protocols development for security and privacy of radio frequency identification systems

Science.gov (United States)

Sabbagha, Fatin

There are benefits to adopting radio frequency identification (RFID) technology, although there are methods of attack that can compromise the system. This research determined how that may happen and what possible solutions can keep that from happening. Protocols were developed to implement better security. In addition, new topologies were developed to handle the problems of the key management. Previously proposed protocols focused on providing mutual authentication and privacy between readers and tags. However, those protocols are still vulnerable to be attacked. These protocols were analyzed and the disadvantages shown for each one. Previous works assumed that the channels between readers and the servers were secure. In the proposed protocols, a compromised reader is considered along with how to prevent tags from being read by that reader. The new protocols provide mutual authentication between readers and tags and, at the same time, remove the compromised reader from the system. Three protocols are proposed. In the first protocol, a mutual authentication is achieved and a compromised reader is not allowed in the network. In the second protocol, the number of times a reader contacts the server is reduced. The third protocol provides authentication and privacy between tags and readers using a trusted third party. The developed topology is implemented using python language and simulates work to check the efficiency regarding the processing time. The three protocols are implemented by writing codes in C language and then compiling them in MSP430. IAR Embedded workbench is used, which is an integrated development environment with the C/C++ compiler to generate a faster code and to debug the microcontroller. In summary, the goal of this research is to find solutions for the problems on previously proposed protocols, handle a compromised reader, and solve key management problems.

Security research roadmap

Energy Technology Data Exchange (ETDEWEB)

Rouhiainen, V. (ed.)

2007-02-15

VTT has a broad range of security research ongoing in many areas of technology. The main areas have been concentrating on public safety and security, but VTT is also participating in several research projects related to defence technology. To identify and define expertise and research goals in more detail, the Security research roadmap was developed. The roadmap identified three particularly significant areas related to security. The assurance of a critical infrastructure emphasises the protection of energy networks, information networks, water supply, traffic and transport, and obviously also the citizens. For assuring the activities of entrepreneurship, significant areas include the security of production and services, the security of sites and assets, and information security for embedded systems. The most important security products and technologies needed are, for example, management of total security, detection, identification, localisation and communication, protection of information networks and systems, as well as physical protection. In the EU's Security programme, which aims at ensuring the security of society and its vital functions, it is stated that. Technology alone can not assure security, but security can not be assured without the support of technology. VTT is conducting security research in all its areas of expertise and clusters. The area has a significant research potential. The development of products and systems designed for the improvement of security has just started. There is still room for innovation. This report presents knowledge and development needs in more detail, as well as future development potential seen in the area of security. (orig.)

Optical Imaging Sensors and Systems for Homeland Security Applications

CERN Document Server

Javidi, Bahram

2006-01-01

Optical and photonic systems and devices have significant potential for homeland security. Optical Imaging Sensors and Systems for Homeland Security Applications presents original and significant technical contributions from leaders of industry, government, and academia in the field of optical and photonic sensors, systems and devices for detection, identification, prevention, sensing, security, verification and anti-counterfeiting. The chapters have recent and technically significant results, ample illustrations, figures, and key references. This book is intended for engineers and scientists in the relevant fields, graduate students, industry managers, university professors, government managers, and policy makers. Advanced Sciences and Technologies for Security Applications focuses on research monographs in the areas of -Recognition and identification (including optical imaging, biometrics, authentication, verification, and smart surveillance systems) -Biological and chemical threat detection (including bios...

NILDE, Network Inter Library Document Exchange: An Italian Document Delivery System

Science.gov (United States)

Brunetti, F.; Gasperini, A.; Mangiaracina, S.

2007-10-01

This poster presents NILDE, a document delivery system supporting the exchange of documents via the internet. The system has been set up by the Central Library of the National Research Council of Bologna (Italy) in order to make use of new internet technology, to promote cooperation between Italian university libraries and research libraries, and to achieve quick response times in satisfying DD requests. The Arcetri Astrophysical Observatory Library was the first astronomical library to join the NILDE project from its earliest days in 2002. Many were the reasons for this choice: automation of the DD processes, security and reliability of the network, creation of usage statistics and reports, reduction of DD System management costs and so on. This work describes the benefits of NILDE and discusses the role of an organized document delivery system as an important tool to cope with the difficult constraints of the publishing market.

webinos project deliverable: Phase 1 Security Framework

OpenAIRE

webinos consortium

2011-01-01

The webinos project aims to deliver a cross-device web application runtime environment, providing a unified development platform and standardized inter-device communication and interaction. This document contains the first iteration of the technical security and privacy framework designed for the webinos project. It accompanies two other documents - D3.1 System Specification and D3.2 API Specifications - and refers to concepts developed in them. The security and privacy architecture aims to p...

27 CFR 18.19 - Security.

Science.gov (United States)

2010-04-01

... 27 Alcohol, Tobacco Products and Firearms 1 2010-04-01 2010-04-01 false Security. 18.19 Section 18.19 Alcohol, Tobacco Products and Firearms ALCOHOL AND TOBACCO TAX AND TRADE BUREAU, DEPARTMENT OF THE... Provisions Document Requirements § 18.19 Security. The concentrate plant and equipment will be so constructed...

Molten Salt Reactor Experiment Facility (Building 7503) standards/requirements identification document adherence assessment plan at Oak Ridge National Laboratory, Oak Ridge, Tennessee

International Nuclear Information System (INIS)

1996-02-01

This is the Phase 2 (adherence) assessment plan for the Building 7503 Molten Salt Reactor Experiment (MSRE) Facility standards/requirements identification document (S/RID). This document outlines the activities to be conducted from FY 1996 through FY 1998 to ensure that the standards and requirements identified in the MSRE S/RID are being implemented properly. This plan is required in accordance with the Department of Energy Implementation Plan for Defense Nuclear Facilities Safety Board Recommendation 90-2, November 9, 1994, Attachment 1A. This plan addresses the major aspects of the adherence assessment and will be consistent with Energy Systems procedure QA-2. 7 ''Surveillances.''

I and C security program for nuclear facilities: implementation guide - TAFICS/IG/2

International Nuclear Information System (INIS)

2016-04-01

This is the second in a series of documents being developed by TAFICS for protecting computer-based I and C systems of Indian nuclear facilities from cyber attacks. The document provides guidance to nuclear facility management to establish, implement and maintain a robust I and C security program - consisting of security plan and a set of security controls. In order to provide a firm basis for the security program, the document also identifies the fundamental security principles and foundational security requirements related to computer-based I and C systems of nuclear facilities. It is recommended that all applicable Indian nuclear facilities should implement the security program - with required adaptation - so as to provide the necessary assurance that the I and C systems are adequately protected against cyber attacks. (author)

Non-diffractive optically variable security devices

NARCIS (Netherlands)

Renesse, R.L. van

1991-01-01

At the past optical security conferences attention was focused on diffractive structures, e.g. holograms, embossed gratings and thin—film devices, as security elements on valuable documents. The main reasons for this emphasis are, that the iridescent effect of such diffractive optically variable

High-level waste storage tank farms/242-A evaporator standards/requirements identification document (S/RID), Vol. 4

Energy Technology Data Exchange (ETDEWEB)

1994-04-01

Radiation protection of personnel and the public is accomplished by establishing a well defined Radiation Protection Organization to ensure that appropriate controls on radioactive materials and radiation sources are implemented and documented. This Requirements Identification Document (RID) applies to the activities, personnel, structures, systems, components, and programs involved in executing the mission of the Tank Farms. The physical boundaries within which the requirements of this RID apply are the Single Shell Tank Farms, Double Shell Tank Farms, 242-A Evaporator-Crystallizer, 242-S, T Evaporators, Liquid Effluent Retention Facility (LERF), Purgewater Storage Facility (PWSF), and all interconnecting piping, valves, instrumentation, and controls. Also included is all piping, valves, instrumentation, and controls up to and including the most remote valve under Tank Farms control at any other Hanford Facility having an interconnection with Tank Farms. The boundary of the structures, systems, components, and programs to which this RID applies, is defined by those that are dedicated to and/or under the control of the Tank Farms Operations Department and are specifically implemented at the Tank Farms.

High-level waste storage tank farms/242-A evaporator standards/requirements identification document (S/RID), Vol. 4

International Nuclear Information System (INIS)

1994-04-01

Radiation protection of personnel and the public is accomplished by establishing a well defined Radiation Protection Organization to ensure that appropriate controls on radioactive materials and radiation sources are implemented and documented. This Requirements Identification Document (RID) applies to the activities, personnel, structures, systems, components, and programs involved in executing the mission of the Tank Farms. The physical boundaries within which the requirements of this RID apply are the Single Shell Tank Farms, Double Shell Tank Farms, 242-A Evaporator-Crystallizer, 242-S, T Evaporators, Liquid Effluent Retention Facility (LERF), Purgewater Storage Facility (PWSF), and all interconnecting piping, valves, instrumentation, and controls. Also included is all piping, valves, instrumentation, and controls up to and including the most remote valve under Tank Farms control at any other Hanford Facility having an interconnection with Tank Farms. The boundary of the structures, systems, components, and programs to which this RID applies, is defined by those that are dedicated to and/or under the control of the Tank Farms Operations Department and are specifically implemented at the Tank Farms

High-level waste storage tank farms/242-A evaporator standards/requirements identification document (S/RID), Vol. 2

International Nuclear Information System (INIS)

1994-04-01

The Quality Assurance Functional Area Requirements Identification Document (RID), addresses the programmatic requirements that ensure risks and environmental impacts are minimized, ensure safety, reliability, and performance are maximized through the application of effective management systems commensurate with the risks posed by the Tank Farm Facility and its operation. This RID incorporates guidance intended to provide Tank Farms management with the necessary requirements information to develop, upgrade, or assess the effectiveness of a Quality Assurance Program in the performance of organizational and functional activities. Quality Assurance is defined as all those planned and systematic actions necessary to provide adequate confidence that a facility, structure, system, or component will perform satisfactorily and safely in service. This document will provide the specific requirements to meet DNFSB recommendations and the guidance provided in DOE Order 5700.6C, utilizing industry codes, standards, regulatory guidelines, and industry good practices that have proven to be essential elements for an effective and efficient Quality Assurance Program as the nuclear industry has matured over the last thirty years

High-level waste storage tank farms/242-A evaporator standards/requirements identification document (S/RID), Vol. 2

Energy Technology Data Exchange (ETDEWEB)

1994-04-01

The Quality Assurance Functional Area Requirements Identification Document (RID), addresses the programmatic requirements that ensure risks and environmental impacts are minimized, ensure safety, reliability, and performance are maximized through the application of effective management systems commensurate with the risks posed by the Tank Farm Facility and its operation. This RID incorporates guidance intended to provide Tank Farms management with the necessary requirements information to develop, upgrade, or assess the effectiveness of a Quality Assurance Program in the performance of organizational and functional activities. Quality Assurance is defined as all those planned and systematic actions necessary to provide adequate confidence that a facility, structure, system, or component will perform satisfactorily and safely in service. This document will provide the specific requirements to meet DNFSB recommendations and the guidance provided in DOE Order 5700.6C, utilizing industry codes, standards, regulatory guidelines, and industry good practices that have proven to be essential elements for an effective and efficient Quality Assurance Program as the nuclear industry has matured over the last thirty years.

Implementing an Information Security Program

Energy Technology Data Exchange (ETDEWEB)

Glantz, Clifford S.; Lenaeus, Joseph D.; Landine, Guy P.; O' Neil, Lori Ross; Leitch, Rosalyn; Johnson, Christopher; Lewis, John G.; Rodger, Robert M.

2017-11-01

The threats to information security have dramatically increased with the proliferation of information systems and the internet. Chemical, biological, radiological, nuclear, and explosives (CBRNe) facilities need to address these threats in order to protect themselves from the loss of intellectual property, theft of valuable or hazardous materials, and sabotage. Project 19 of the European Union CBRN Risk Mitigation Centres of Excellence Initiative is designed to help CBRN security managers, information technology/cybersecurity managers, and other decision-makers deal with these threats through the application of cost-effective information security programs. Project 19 has developed three guidance documents that are publically available to cover information security best practices, planning for an information security management system, and implementing security controls for information security.

33 CFR 181.29 - Hull identification number display.

Science.gov (United States)

2010-07-01

... 33 Navigation and Navigable Waters 2 2010-07-01 2010-07-01 false Hull identification number... SECURITY (CONTINUED) BOATING SAFETY MANUFACTURER REQUIREMENTS Identification of Boats § 181.29 Hull identification number display. Two identical hull identification numbers are required to be displayed on each...

Forensic document analysis using scanning microscopy

Science.gov (United States)

Shaffer, Douglas K.

2009-05-01

The authentication and identification of the source of a printed document(s) can be important in forensic investigations involving a wide range of fraudulent materials, including counterfeit currency, travel and identity documents, business and personal checks, money orders, prescription labels, travelers checks, medical records, financial documents and threatening correspondence. The physical and chemical characterization of document materials - including paper, writing inks and printed media - is becoming increasingly relevant for law enforcement agencies, with the availability of a wide variety of sophisticated commercial printers and copiers which are capable of producing fraudulent documents of extremely high print quality, rendering these difficult to distinguish from genuine documents. This paper describes various applications and analytical methodologies using scanning electron miscoscopy/energy dispersive (x-ray) spectroscopy (SEM/EDS) and related technologies for the characterization of fraudulent documents, and illustrates how their morphological and chemical profiles can be compared to (1) authenticate and (2) link forensic documents with a common source(s) in their production history.

Study of Security Attributes of Smart Grid Systems- Current Cyber Security Issues

Energy Technology Data Exchange (ETDEWEB)

Wayne F. Boyer; Scott A. McBride

2009-04-01

This document provides information for a report to congress on Smart Grid security as required by Section 1309 of Title XIII of the Energy Independence and Security Act of 2007. The security of any future Smart Grid is dependent on successfully addressing the cyber security issues associated with the nation’s current power grid. Smart Grid will utilize numerous legacy systems and technologies that are currently installed. Therefore, known vulnerabilities in these legacy systems must be remediated and associated risks mitigated in order to increase the security and success of the Smart Grid. The implementation of Smart Grid will include the deployment of many new technologies and multiple communication infrastructures. This report describes the main technologies that support Smart Grid and summarizes the status of implementation into the existing U.S. electrical infrastructure.

Information security cost management

CERN Document Server

Bazavan, Ioana V

2006-01-01

While information security is an ever-present challenge for all types of organizations today, most focus on providing security without addressing the necessities of staff, time, or budget in a practical manner.Information Security Cost Management offers a pragmatic approach to implementing information security, taking budgetary and real-world constraints into consideration. By providing frameworks, step-by-step processes, and project management breakdowns, this book demonstrates how to design the best security strategy with the resources you have available. Organized into five sections, the book-Focuses on setting the right road map so that you can be most effective in your information security implementationsDiscusses cost-effective staffing, the single biggest expense to the security organizationPresents practical ways to build and manage the documentation that details strategy, provides resources for operating annual audits, and illustrates how to advertise accomplishments to senior management effectivelyI...

42 CFR 435.910 - Use of social security number.

Science.gov (United States)

2010-10-01

... 42 Public Health 4 2010-10-01 2010-10-01 false Use of social security number. 435.910 Section 435... of social security number. (a) The agency must require, as a condition of eligibility, that each... religious objections, refuses to obtain a Social Security Number (SSN). The identification number may be...

Updating energy security and environmental policy: Energy security theories revisited.

Science.gov (United States)

Proskuryakova, L

2018-06-18

The energy security theories are based on the premises of sufficient and reliable supply of fossil fuels at affordable prices in centralized supply systems. Policy-makers and company chief executives develop energy security strategies based on the energy security theories and definitions that dominate in the research and policy discourse. It is therefore of utmost importance that scientists revisit these theories in line with the latest changes in the energy industry: the rapid advancement of renewables and smart grid, decentralization of energy systems, new environmental and climate challenges. The study examines the classic energy security concepts (neorealism, neoliberalism, constructivism and international political economy) and assesses if energy technology changes are taken into consideration. This is done through integrative literature review, comparative analysis, identification of 'international relations' and 'energy' research discourse with the use of big data, and case studies of Germany, China, and Russia. The paper offers suggestions for revision of energy security concepts through integration of future technology considerations. Copyright © 2018 Elsevier Ltd. All rights reserved.

8 CFR 341.4 - Surrender of immigration documents.

Science.gov (United States)

2010-01-01

... 8 Aliens and Nationality 1 2010-01-01 2010-01-01 false Surrender of immigration documents. 341.4... OF CITIZENSHIP § 341.4 Surrender of immigration documents. Each claimant shall surrender any immigration identification and permanent resident cards in his or her possession. [30 FR 5472, Apr. 16, 1965...

33 CFR 101.515 - TWIC/Personal Identification.

Science.gov (United States)

2010-07-01

....515 Section 101.515 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MARITIME SECURITY MARITIME SECURITY: GENERAL Other Provisions § 101.515 TWIC/Personal Identification. (a... TWIC must allow his or her TWIC to be read by a reader and must submit his or her reference biometric...

Draft secure medical database standard.

Science.gov (United States)

Pangalos, George

2002-01-01

Medical database security is a particularly important issue for all Healthcare establishments. Medical information systems are intended to support a wide range of pertinent health issues today, for example: assure the quality of care, support effective management of the health services institutions, monitor and contain the cost of care, implement technology into care without violating social values, ensure the equity and availability of care, preserve humanity despite the proliferation of technology etc.. In this context, medical database security aims primarily to support: high availability, accuracy and consistency of the stored data, the medical professional secrecy and confidentiality, and the protection of the privacy of the patient. These properties, though of technical nature, basically require that the system is actually helpful for medical care and not harmful to patients. These later properties require in turn not only that fundamental ethical principles are not violated by employing database systems, but instead, are effectively enforced by technical means. This document reviews the existing and emerging work on the security of medical database systems. It presents in detail the related problems and requirements related to medical database security. It addresses the problems of medical database security policies, secure design methodologies and implementation techniques. It also describes the current legal framework and regulatory requirements for medical database security. The issue of medical database security guidelines is also examined in detailed. The current national and international efforts in the area are studied. It also gives an overview of the research work in the area. The document also presents in detail the most complete to our knowledge set of security guidelines for the development and operation of medical database systems.

Evaluation of Rapid Stain IDentification (RSID™ Reader System for Analysis and Documentation of RSID™ Tests

Directory of Open Access Journals (Sweden)

Pravatchai W. Boonlayangoor

2013-08-01

Full Text Available The ability to detect the presence of body fluids is a crucial first step in documenting and processing forensic evidence. The Rapid Stain IDentification (RSID™ tests for blood, saliva, semen and urine are lateral flow immunochromatographic strip tests specifically designed for forensic use. Like most lateral flow strips, the membrane components of the test are enclosed in a molded plastic cassette with a sample well and an observation window. No specialized equipment is required to use these tests or to score the results seen in the observation window; however, the utility of these tests can be enhanced if an electronic record of the test results can be obtained, preferably by a small hand-held device that could be used in the field under low light conditions. Such a device should also be able to “read” the lateral flow strips and accurately record the results of the test as either positive, i.e., the body fluid was detected, or negative, i.e., the body fluid was not detected. Here we describe the RSID™ Reader System—a ruggedized strip test reader unit that allows analysis and documentation of RSID™ lateral flow strip tests using pre-configured settings, and show that the RSID™ Reader can accurately and reproducibly report and record correct results from RSID™ blood, saliva, semen, and urine tests.

Review on security issues in RFID systems

Directory of Open Access Journals (Sweden)

Mohamed El Beqqal

2017-12-01

Full Text Available Radio frequency Identification (RFID is currently considered as one of the most used technologies for an automatic identification of objects or people. Based on a combination of tags and readers, RFID technology has widely been applied in various areas including supply chain, production and traffic control systems. However, despite of its numerous advantages, the technology brings out many challenges and concerns still not being attracting more and more researchers especially the security and privacy issues. In this paper, we review some of the recent research works using RFID solutions and dealing with security and privacy issues, we define our specific parameters and requirements allowing us to classify for each work which part of the RFID system is being secured, the solutions and the techniques used besides the conformity to RFID standards. Finally, we present briefly a solution that consists of combining RFID with smartcard based biometric to enhance security especially in access control scenarios. Hence the result of our study aims to give a clear vision of available solutions and techniques used to prevent and secure the RFID system from specific threats and attacks.

Development and applications of diffractive optical security devices for banknotes and high value documents

Science.gov (United States)

Drinkwater, John K.; Holmes, Brian W.; Jones, Keith A.

2000-04-01

Embossed holograms and othe rdiffractive optically variable devices are increasingly familiar security items on plastic cards, banknotes, securyt documetns and on branded gods and media to protect against counterfeit, protect copyright and to evidence tamper. This paper outlines some of the diffractive optical seuryt and printed security develoepd for this rapidly growing field and provides examles of some current security applications.

Security in Wireless Sensor Networks for Open Controller

OpenAIRE

Engvall, Christoffer

2013-01-01

In this thesis we develop, evaluate and implement a security solution for Open Controllers wireless sensor network platform. A scenario is used to describe an exemplar application showing how our system is supposed to function. The security of the platform is analyzed using a well-established threat modeling process and attack trees which result in the identification of a number of risks, which could be security weaknesses. These attack trees visualize the security weaknesses in an easy to ac...

Nevada National Security Site Waste Acceptance Criteria

International Nuclear Information System (INIS)

2012-01-01

This document establishes the U.S. Department of Energy (DOE), National Nuclear Security Administration Nevada Site Office (NNSA/NSO), Nevada National Security Site Waste Acceptance Criteria (NNSSWAC). The NNSSWAC provides the requirements, terms, and conditions under which the Nevada National Security Site (NNSS) will accept DOE non-radioactive classified waste, DOE non-radioactive hazardous classified waste, DOE low-level radioactive waste (LLW), DOE mixed low-level waste (MLLW), and U.S. Department of Defense (DOD) classified waste for permanent disposal. Classified waste is the only waste accepted for disposal that may be non-radioactive and will be required to meet the waste acceptance criteria for radioactive waste as specified in this document. The NNSA/NSO and support contractors are available to assist you in understanding or interpreting this document. For assistance, please call the NNSA/NSO Waste Management Project (WMP) at (702) 295-7063, and your call will be directed to the appropriate contact.

Nevada National Security Site Waste Acceptance Criteria

Energy Technology Data Exchange (ETDEWEB)

NSTec Environmental Management

2012-02-28

This document establishes the U.S. Department of Energy (DOE), National Nuclear Security Administration Nevada Site Office (NNSA/NSO), Nevada National Security Site Waste Acceptance Criteria (NNSSWAC). The NNSSWAC provides the requirements, terms, and conditions under which the Nevada National Security Site (NNSS) will accept DOE non-radioactive classified waste, DOE non-radioactive hazardous classified waste, DOE low-level radioactive waste (LLW), DOE mixed low-level waste (MLLW), and U.S. Department of Defense (DOD) classified waste for permanent disposal. Classified waste is the only waste accepted for disposal that may be non-radioactive and will be required to meet the waste acceptance criteria for radioactive waste as specified in this document. The NNSA/NSO and support contractors are available to assist you in understanding or interpreting this document. For assistance, please call the NNSA/NSO Waste Management Project (WMP) at (702) 295-7063, and your call will be directed to the appropriate contact.

17 CFR 230.254 - Solicitation of interest document for use prior to an offering statement.

Science.gov (United States)

2010-04-01

... subject to the antifraud provisions of the federal securities laws. No solicitation or acceptance of money... document for use prior to an offering statement. 230.254 Section 230.254 Commodity and Securities Exchanges...-Conditional Small Issues Exemption § 230.254 Solicitation of interest document for use prior to an offering...

Retirement Income Security and Well-Being in Canada

OpenAIRE

Michael Baker; Jonathan Gruber; Kevin S. Milligan

2009-01-01

A large international literature has documented the labor market distortions associated with social security benefits for near-retirees. In this paper, we investigate the 'other side' of social security programs, seeking to document improvements in wellbeing arising from the provision of public pensions. To the extent households adjust their savings and employment behavior to account for enhanced retirement benefits, the positive impact of the benefits may be crowded out. We proceed by using ...

Privacy and Security Research Group workshop on network and distributed system security: Proceedings

Energy Technology Data Exchange (ETDEWEB)

1993-05-01

This report contains papers on the following topics: NREN Security Issues: Policies and Technologies; Layer Wars: Protect the Internet with Network Layer Security; Electronic Commission Management; Workflow 2000 - Electronic Document Authorization in Practice; Security Issues of a UNIX PEM Implementation; Implementing Privacy Enhanced Mail on VMS; Distributed Public Key Certificate Management; Protecting the Integrity of Privacy-enhanced Electronic Mail; Practical Authorization in Large Heterogeneous Distributed Systems; Security Issues in the Truffles File System; Issues surrounding the use of Cryptographic Algorithms and Smart Card Applications; Smart Card Augmentation of Kerberos; and An Overview of the Advanced Smart Card Access Control System. Selected papers were processed separately for inclusion in the Energy Science and Technology Database.

Software Security Assurance: A State-of-Art Report (SAR)

Science.gov (United States)

2007-07-31

analysis of security management processes: includes organizational assessment, asset valuation , threat identification, vulnerability assessment...Available from: http://www.cigital.com/papers/download/bsi2-misuse.pdf 200 Meledath Damodaran , “Secure Software Development Using Use Cases and Misuse

Summary Report on Unconditionally Secure Protocols

DEFF Research Database (Denmark)

Damgård, Ivan Bjerre; Salvail, Louis; Cachin, Christian

This document describes the state of the art snd some of the main open problems in the area of unconditionally secure cryptographic protocols. The most essential part of a cryptographic protocol is not its being secure. Imagine a cryptographic protocol which is secure, but where we do not know...... that it is secure. Such a protocol would do little in providing security. When all comes to all, cryptographic security is done for the sake of people, and the essential part of security is for people what it has always been, namely to feel secure. To feel secure employing a given cryptographic protocol we need...... to know that is is secure. I.e. we need a proof that it is secure. Today the proof of security of essentially all practically employed cryptographic protocols relies on computational assumptions. To prove that currently employed ways to communicate securely over the Internet are secure we e.g. need...

A scoping review of traditional food security in Alaska.

Science.gov (United States)

Walch, Amanda; Bersamin, Andrea; Loring, Philip; Johnson, Rhonda; Tholl, Melissa

2018-12-01

Food insecurity is a public health concern. Food security includes the pillars of food access, availability and utilisation. For some indigenous peoples, this may also include traditional foods. To conduct a scoping review on traditional foods and food security in Alaska. Google Scholar and the High North Research Documents were used to search for relevant primary research using the following terms: "traditional foods", "food security", "access", "availability", "utilisation", "Alaska", "Alaska Native" and "indigenous". Twenty four articles from Google Scholar and four articles from the High North Research Documents were selected. The articles revealed three types of research approaches, those that quantified traditional food intake (n=18), those that quantified food security (n=2), and qualitative articles that addressed at least one pillar of food security (n=8). Limited primary research is available on food security in Alaskan. Few studies directly measure food security while most provide a review of food security factors. Research investigating dietary intake of traditional foods is more prevalent, though many differences exist among participant age groups and geographical areas. Future research should include direct measurements of traditional food intake and food security to provide a more complete picture of traditional food security in Alaska.

Between security and military identities: The case of Israeli security experts.

Science.gov (United States)

Grassiani, Erella

2018-02-01

The relationship between private security professionals and the military in Israel is complex. While there is growing attention to the fact that security and military actors and their activities are becoming increasingly blurred, the Israeli case shows something different. In this ground-up analysis of the relationship between private security practices and the military, I investigate its constant negotiation by private security professionals through their identification with and differentiation from the military, whereby they reconfigure the meaning of military capital. This identity work should be understood, I propose, within the strongly militarist context of Israeli society, where military capital is highly valued. I argue that actors who exit the military system feel the need to demonstrate the added value of their work in the private sector in order for it to gain value in the light of the symbolic capital given to the military. I analyse these processes as leading to a new kind of militarism, which includes security skills and ideas about professionalism. Such an approach sheds new light on the ways in which security actors can actively reconfigure the workings of military capital in and outside the nation-state and produce a different kind of militarism.

Capturing security requirements for software systems.

Science.gov (United States)

El-Hadary, Hassan; El-Kassas, Sherif

2014-07-01

Security is often an afterthought during software development. Realizing security early, especially in the requirement phase, is important so that security problems can be tackled early enough before going further in the process and avoid rework. A more effective approach for security requirement engineering is needed to provide a more systematic way for eliciting adequate security requirements. This paper proposes a methodology for security requirement elicitation based on problem frames. The methodology aims at early integration of security with software development. The main goal of the methodology is to assist developers elicit adequate security requirements in a more systematic way during the requirement engineering process. A security catalog, based on the problem frames, is constructed in order to help identifying security requirements with the aid of previous security knowledge. Abuse frames are used to model threats while security problem frames are used to model security requirements. We have made use of evaluation criteria to evaluate the resulting security requirements concentrating on conflicts identification among requirements. We have shown that more complete security requirements can be elicited by such methodology in addition to the assistance offered to developers to elicit security requirements in a more systematic way.

Capturing security requirements for software systems

Directory of Open Access Journals (Sweden)

Hassan El-Hadary

2014-07-01

Full Text Available Security is often an afterthought during software development. Realizing security early, especially in the requirement phase, is important so that security problems can be tackled early enough before going further in the process and avoid rework. A more effective approach for security requirement engineering is needed to provide a more systematic way for eliciting adequate security requirements. This paper proposes a methodology for security requirement elicitation based on problem frames. The methodology aims at early integration of security with software development. The main goal of the methodology is to assist developers elicit adequate security requirements in a more systematic way during the requirement engineering process. A security catalog, based on the problem frames, is constructed in order to help identifying security requirements with the aid of previous security knowledge. Abuse frames are used to model threats while security problem frames are used to model security requirements. We have made use of evaluation criteria to evaluate the resulting security requirements concentrating on conflicts identification among requirements. We have shown that more complete security requirements can be elicited by such methodology in addition to the assistance offered to developers to elicit security requirements in a more systematic way.

Capturing security requirements for software systems

Science.gov (United States)

El-Hadary, Hassan; El-Kassas, Sherif

2014-01-01

Security is often an afterthought during software development. Realizing security early, especially in the requirement phase, is important so that security problems can be tackled early enough before going further in the process and avoid rework. A more effective approach for security requirement engineering is needed to provide a more systematic way for eliciting adequate security requirements. This paper proposes a methodology for security requirement elicitation based on problem frames. The methodology aims at early integration of security with software development. The main goal of the methodology is to assist developers elicit adequate security requirements in a more systematic way during the requirement engineering process. A security catalog, based on the problem frames, is constructed in order to help identifying security requirements with the aid of previous security knowledge. Abuse frames are used to model threats while security problem frames are used to model security requirements. We have made use of evaluation criteria to evaluate the resulting security requirements concentrating on conflicts identification among requirements. We have shown that more complete security requirements can be elicited by such methodology in addition to the assistance offered to developers to elicit security requirements in a more systematic way. PMID:25685514

FPGA Implementation for GMM-Based Speaker Identification

Directory of Open Access Journals (Sweden)

Phaklen EhKan

2011-01-01

Full Text Available In today's society, highly accurate personal identification systems are required. Passwords or pin numbers can be forgotten or forged and are no longer considered to offer a high level of security. The use of biological features, biometrics, is becoming widely accepted as the next level for security systems. Biometric-based speaker identification is a method of identifying persons from their voice. Speaker-specific characteristics exist in speech signals due to different speakers having different resonances of the vocal tract. These differences can be exploited by extracting feature vectors such as Mel-Frequency Cepstral Coefficients (MFCCs from the speech signal. A well-known statistical modelling process, the Gaussian Mixture Model (GMM, then models the distribution of each speaker's MFCCs in a multidimensional acoustic space. The GMM-based speaker identification system has features that make it promising for hardware acceleration. This paper describes the hardware implementation for classification of a text-independent GMM-based speaker identification system. The aim was to produce a system that can perform simultaneous identification of large numbers of voice streams in real time. This has important potential applications in security and in automated call centre applications. A speedup factor of ninety was achieved compared to a software implementation on a standard PC.

Social Influence for Security

Directory of Open Access Journals (Sweden)

Florin Iftode

2014-08-01

Full Text Available The main aim of this work marks the reveling of scientific premises intended to structure the issue of social influence for security. The approach has as aim the identification of those elements that define and characterize the social influence in order to manage conflict, from the perspective of public communication. The proposed approach establishes some synthetic, clear boundaries through the method of research and analysis of the concept of security, social influence, revealing the specifics of public communication in conflict management.

Document segmentation via oblique cuts

Science.gov (United States)

Svendsen, Jeremy; Branzan-Albu, Alexandra

2013-01-01

This paper presents a novel solution for the layout segmentation of graphical elements in Business Intelligence documents. We propose a generalization of the recursive X-Y cut algorithm, which allows for cutting along arbitrary oblique directions. An intermediate processing step consisting of line and solid region removal is also necessary due to presence of decorative elements. The output of the proposed segmentation is a hierarchical structure which allows for the identification of primitives in pie and bar charts. The algorithm was tested on a database composed of charts from business documents. Results are very promising.

Advanced synthetic holograms for security purposes

Science.gov (United States)

Kotačka, Libor; Vízdal, Petr; Behounek, Tomás

2009-05-01

Our paper deals with the recent advances in synthetically written optical security devices (DOVIDs) and holograms. The synthesized holographic security elements are recorded with a resolution reaching 500.000 dpi and are specially developed for the "layman-level" security of the most important state valuables and documents, like banknotes and identity cards. We especially pay an attention to such holographic features being impossible to originate through conventional optical holography of matrix based devices.

STATE REGULATION OF CARGO SECURING FOR ROAD TRANSPORT

Directory of Open Access Journals (Sweden)

Nikolay Anatolievich Atrokhov

2015-09-01

Full Text Available This article examines the legal documents governing the securing of cargo in road transport, provides an overview of international experience in the safety of road transport of goods by means of securing.

5 CFR 5801.102 - Prohibited securities.

Science.gov (United States)

2010-01-01

... securities list as a result of marriage, inheritance, gift or otherwise without specific intent to acquire..., which is available in the NRC Public Document Room. (6) Tax treatment of gain on divested securities... employee) may be eligible to defer the tax consequences of divestiture under subpart J of 5 CFR part 2634...

33 CFR 181.23 - Hull identification numbers required.

Science.gov (United States)

2010-07-01

... 33 Navigation and Navigable Waters 2 2010-07-01 2010-07-01 false Hull identification numbers... SECURITY (CONTINUED) BOATING SAFETY MANUFACTURER REQUIREMENTS Identification of Boats § 181.23 Hull... identify each boat produced or imported with two hull identification numbers that meet the requirements of...

US oil dependency and energy security

International Nuclear Information System (INIS)

Noel, P.

2002-01-01

The three papers of this document were written in the framework of a seminar organized the 30 may 2002 by the IFRI in the framework of its program Energy and Climatic Change. The first presentation deals with the american oil policy since 1980 (relation between the oil dependence and the energy security, the Reagan oil policy, the new oil policy facing the increase of the dependence). The second one deals with the US energy security (oil security, domestic energy security, policy implications). The last presentation is devoted to the US oil dependence in a global context and the problems and policies of international energy security. (A.L.B.)

Banner prints social security numbers

OpenAIRE

Robbins RA

2014-01-01

No abstract available. Article truncated at 150 words. The Monday edition of the Arizona Republic contained a story with potential interest to our readers. On the most recent address labels of Banner Health's magazine, Smart & Healthy, the addressee's Social Security or Medicare identification numbers, which are often identical to their Social Security numbers (1). The magazine was mailed to more than 50,000 recipients in Arizona late last week. The recipients are members of the Medicare Pion...

Physical layer approaches for securing wireless communication systems

CERN Document Server

Wen, Hong

2013-01-01

This book surveys the outstanding work of physical-layer (PHY) security, including  the recent achievements of confidentiality and authentication for wireless communication systems by channel identification. A practical approach to building unconditional confidentiality for Wireless Communication security by feedback and error correcting code is introduced and a framework of PHY security based on space time block code (STBC) MIMO system is demonstrated.  Also discussed is a scheme which combines cryptographic techniques implemented in the higher layer with the physical layer security approach

75 FR 15440 - Guidance for Industry on Standards for Securing the Drug Supply Chain-Standardized Numerical...

Science.gov (United States)

2010-03-29

...] Guidance for Industry on Standards for Securing the Drug Supply Chain--Standardized Numerical... industry entitled ``Standards for Securing the Drug Supply Chain-Standardized Numerical Identification for... the Drug Supply Chain-Standardized Numerical Identification for Prescription Drug Packages.'' In the...

17 CFR 4.31 - Required delivery of Disclosure Document to prospective clients.

Science.gov (United States)

2010-04-01

... Disclosure Document to prospective clients. 4.31 Section 4.31 Commodity and Securities Exchanges COMMODITY... Advisors § 4.31 Required delivery of Disclosure Document to prospective clients. (a) Each commodity trading... prospective client a Disclosure Document containing the information set forth in §§ 4.34 and 4.35 for the...

17 CFR 270.0-11 - Customer identification programs.

Science.gov (United States)

2010-04-01

... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Customer identification... (CONTINUED) RULES AND REGULATIONS, INVESTMENT COMPANY ACT OF 1940 § 270.0-11 Customer identification programs... implementing regulation at 31 CFR 103.131, which requires a customer identification program to be implemented...

PUREX Deactivation Health and Safety documentation

Energy Technology Data Exchange (ETDEWEB)

Dodd, E.N. III

1995-01-01

The purpose of the PUREX Deactivation Project is to establish a passively safe and environmentally secure configuration of PUREX at the Hanford Site, and to preserve that configuration for a 10-year horizon. The 10-year horizon is used to predict future maintenance requirements and represents they typical time duration expended to define, authorize, and initiate the follow-on Decontamination and Decommissioning (D&D) activities. This document was prepared to increase attention to worker safety issues during the deactivation project and, as such, identifies the documentation and programs associated with PUREX Deactivation Health and Safety.

Lidar and Dial application for detection and identification: a proposal to improve safety and security

International Nuclear Information System (INIS)

Gaudio, P.; Malizia, A.; Gelfusa, M.; Parracino, S.; Poggi, L.A.; Lungaroni, M.; Ciparisse, J.F.; Giovanni, D. Di; Cenciarelli, O.; Carestia, M.; Peluso, E.; Gabbarini, V.; Talebzadeh, S.; Bellecci, C.; Murari, A.

2017-01-01

Nowadays the intentional diffusion in air (both in open and confined environments) of chemical contaminants is a dramatic source of risk for the public health worldwide. The needs of a high-tech networks composed by software, diagnostics, decision support systems and cyber security tools are urging all the stakeholders (military, public, research and academic entities) to create innovative solutions to face this problem and improve both safety and security. The Quantum Electronics and Plasma Physics (QEP) Research Group of the University of Rome Tor Vergata is working since the 1960s on the development of laser-based technologies for the stand-off detection of contaminants in the air. Up to now, four demonstrators have been developed (two LIDAR-based and two DIAL-based) and have been used in experimental campaigns during all 2015. These systems and technologies can be used together to create an innovative solution to the problem of public safety and security: the creation of a network composed by detection systems: A low cost LIDAR based system has been tested in an urban area to detect pollutants coming from urban traffic, in this paper the authors show the results obtained in the city of Crotone (south of Italy). This system can be used as a first alarm and can be coupled with an identification system to investigate the nature of the threat. A laboratory dial based system has been used in order to create a database of absorption spectra of chemical substances that could be release in atmosphere, these spectra can be considered as the fingerprints of the substances that have to be identified. In order to create the database absorption measurements in cell, at different conditions, are in progress and the first results are presented in this paper.

Lidar and Dial application for detection and identification: a proposal to improve safety and security

Science.gov (United States)

Gaudio, P.; Malizia, A.; Gelfusa, M.; Murari, A.; Parracino, S.; Poggi, L. A.; Lungaroni, M.; Ciparisse, J. F.; Di Giovanni, D.; Cenciarelli, O.; Carestia, M.; Peluso, E.; Gabbarini, V.; Talebzadeh, S.; Bellecci, C.

2017-01-01

Nowadays the intentional diffusion in air (both in open and confined environments) of chemical contaminants is a dramatic source of risk for the public health worldwide. The needs of a high-tech networks composed by software, diagnostics, decision support systems and cyber security tools are urging all the stakeholders (military, public, research & academic entities) to create innovative solutions to face this problem and improve both safety and security. The Quantum Electronics and Plasma Physics (QEP) Research Group of the University of Rome Tor Vergata is working since the 1960s on the development of laser-based technologies for the stand-off detection of contaminants in the air. Up to now, four demonstrators have been developed (two LIDAR-based and two DIAL-based) and have been used in experimental campaigns during all 2015. These systems and technologies can be used together to create an innovative solution to the problem of public safety and security: the creation of a network composed by detection systems: A low cost LIDAR based system has been tested in an urban area to detect pollutants coming from urban traffic, in this paper the authors show the results obtained in the city of Crotone (south of Italy). This system can be used as a first alarm and can be coupled with an identification system to investigate the nature of the threat. A laboratory dial based system has been used in order to create a database of absorption spectra of chemical substances that could be release in atmosphere, these spectra can be considered as the fingerprints of the substances that have to be identified. In order to create the database absorption measurements in cell, at different conditions, are in progress and the first results are presented in this paper.

Collaborative trust evaluation for wiki security

DEFF Research Database (Denmark)

Lindberg, Kasper; Jensen, Christian D.

2012-01-01

Wiki systems form a subclass of the more general Open Collaborative Authoring Systems, where content is created and maintained by a user community. The ability of anyone to edit the content is, at the same time, their strength and their weakness. Anyone can write documents that improve the value...... of the wiki-system, but at the same time, anyone can also introduce errors into these documents, by accident or on purpose. A security model for wiki-style authoring systems has previously been proposed. This model is based on both static and dynamic document access controls that enforce a simple integrity......, but this is true for all soft security systems. We show that the system parameters can be tuned so that the amount of work required by malicious and colluding users to reach this level is well beyond most attackers' capabilities....

Efficient Aviation Security: Strengthening the Analytic Foundation for Making Air Transportation Security Decisions

Science.gov (United States)

2012-01-01

tenfold to account for uninsured and other costs unaccounted for, the result would be in the low billions of dollars rather than tens of billions...Aviation Security GAO—See U.S. Government Accountability Office or, prior to 2004, U.S. General Accounting Office. Ghylin, K. M., C. G . Drury , and A...outweigh their costs . This document seeks to contribute to the national debate on avia- tion security by examining a set of issues that are either

A secure approach for encrypting and compressing biometric information employing orthogonal code and steganography

Science.gov (United States)

Islam, Muhammad F.; Islam, Mohammed N.

2012-04-01

The objective of this paper is to develop a novel approach for encryption and compression of biometric information utilizing orthogonal coding and steganography techniques. Multiple biometric signatures are encrypted individually using orthogonal codes and then multiplexed together to form a single image, which is then embedded in a cover image using the proposed steganography technique. The proposed technique employs three least significant bits for this purpose and a secret key is developed to choose one from among these bits to be replaced by the corresponding bit of the biometric image. The proposed technique offers secure transmission of multiple biometric signatures in an identification document which will be protected from unauthorized steganalysis attempt.

Food Security Strategy Based on Computer Innovation

OpenAIRE

Ruihui Mu

2015-01-01

Case analysis to identify innovative strategies for food security occurred in the Oriental Hotel, voluntarily implement food safety control. Food security strategy investigation and the reasons for their use of multiple data sources, including accommodation and catering industry to implement and document interviews with key decision makers in the hotel performed to observe the business environment were examined. This finding suggests that addressing food security, not only is the food control...

[The maintenance of automatic analysers and associated documentation].

Science.gov (United States)

Adjidé, V; Fournier, P; Vassault, A

2010-12-01

The maintenance of automatic analysers and associated documentation taking part in the requirements of the ISO 15189 Standard and the French regulation as well have to be defined in the laboratory policy. The management of the periodic maintenance and documentation shall be implemented and fulfilled. The organisation of corrective maintenance has to be managed to avoid interruption of the task of the laboratory. The different recommendations concern the identification of materials including automatic analysers, the environmental conditions to take into account, the documentation provided by the manufacturer and documents prepared by the laboratory including procedures for maintenance.

Nevada National Security Site Waste Acceptance Criteria

Energy Technology Data Exchange (ETDEWEB)

NSTec Environmental Management

2010-09-03

This document establishes the U.S. Department of Energy, National Nuclear Security Administration Nevada Site Office (NNSA/NSO) Nevada National Security Site Waste Acceptance Criteria (NNSSWAC). The NNSSWAC provides the requirements, terms, and conditions under which the Nevada National Security Site (NNSS) will accept low-level radioactive waste and mixed low-level waste for disposal. The NNSSWAC includes requirements for the generator waste certification program, characterization, traceability, waste form, packaging, and transfer. The criteria apply to radioactive waste received at the NNSS Area 3 and Area 5 Radioactive Waste Management Complex for disposal. The NNSA/NSO and support contractors are available to assist you in understanding or interpreting this document. For assistance, please call the NNSA/NSO Waste Management Project at (702) 295-7063 or fax to (702) 295-1153.

Nevada National Security Site Waste Acceptance Criteria

International Nuclear Information System (INIS)

2010-01-01

This document establishes the U.S. Department of Energy, National Nuclear Security Administration Nevada Site Office (NNSA/NSO) Nevada National Security Site Waste Acceptance Criteria (NNSSWAC). The NNSSWAC provides the requirements, terms, and conditions under which the Nevada National Security Site (NNSS) will accept low-level radioactive waste and mixed low-level waste for disposal. The NNSSWAC includes requirements for the generator waste certification program, characterization, traceability, waste form, packaging, and transfer. The criteria apply to radioactive waste received at the NNSS Area 3 and Area 5 Radioactive Waste Management Complex for disposal. The NNSA/NSO and support contractors are available to assist you in understanding or interpreting this document. For assistance, please call the NNSA/NSO Waste Management Project at (702) 295-7063 or fax to (702) 295-1153.

Nevada National Security Site Waste Acceptance Criteria

International Nuclear Information System (INIS)

2011-01-01

This document establishes the U.S. Department of Energy, National Nuclear Security Administration Nevada Site Office (NNSA/NSO) Nevada National Security Site Waste Acceptance Criteria (NNSSWAC). The NNSSWAC provides the requirements, terms, and conditions under which the Nevada National Security Site (NNSS) will accept low-level radioactive waste and mixed low-level waste for disposal. The NNSSWAC includes requirements for the generator waste certification program, characterization, traceability, waste form, packaging, and transfer. The criteria apply to radioactive waste received at the NNSS Area 3 and Area 5 Radioactive Waste Management Complex for disposal. The NNSA/NSO and support contractors are available to assist you in understanding or interpreting this document. For assistance, please call the NNSA/NSO Waste Management Project at (702) 295-7063 or fax to (702) 295-1153.

78 FR 78462 - Open Government: Use of Genetic Information in Documenting and Evaluating Disability; Extension...

Science.gov (United States)

2013-12-26

..., Social Security Online, at http://www.socialsecurity.gov . SUPPLEMENTARY INFORMATION: On November 26... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA-2013-0054] Open Government: Use of Genetic Information in Documenting and Evaluating Disability; Extension of Comment Period AGENCY: Social Security...

Accounting for Marketable Securities and Corporate Financial ...

African Journals Online (AJOL)

First Lady

This study aimed at examining the systems of accounting for marketable securities in Nigeria with a view to determine the impact of the accounting systems .... control of a company, securities held for maintenance of business relations, .... historical documents, they provide valuable information bearing on all of ... An internal.

Cyber security of critical infrastructures

Directory of Open Access Journals (Sweden)

Leandros A. Maglaras

2018-03-01

Full Text Available Modern Supervisory Control and Data Acquisition (SCADA systems are essential for monitoring and managing electric power generation, transmission and distribution. In the age of the Internet of Things, SCADA has evolved into big, complex and distributed systems that are prone to be conventional in addition to new threats. Many security methods can be applied to such systems, having in mind that both high efficiency, real time intrusion identification and low overhead are required. Keywords: SCADA systems, Security

RFID security a lightweight paradigm

CERN Document Server

Khattab, Ahmed; Amini, Esmaeil; Bayoumi, Magdy

2017-01-01

This book provides a comprehensive treatment of security in the widely adopted, Radio Frequency Identification (RFID) technology. The authors present the fundamental principles of RFID cryptography in a manner accessible to a broad range of readers, enabling them to improve their RFID security design. This book also offers the reader a range of interesting topics portraying the current state-of-the-art in RFID technology and how it can be integrated with today’s Internet of Things (IoT) vision. The authors describe a first-of-its-kind, lightweight symmetric authenticated encryption cipher called Redundant Bit Security (RBS), which enables significant, multi-faceted performance improvements compared to existing cryptosystems. This book is a must-read for anyone aiming to overcome the constraints of practical implementation in RFID security technologies.

49 CFR 172.802 - Components of a security plan.

Science.gov (United States)

2010-10-01

... from origin to destination, including shipments stored incidental to movement. (b) The security plan must also include the following: (1) Identification by job title of the senior management official... business and must make the security plan available upon request, at a reasonable time and location, to an...

Process Models for Security Architectures

Directory of Open Access Journals (Sweden)

Floarea NASTASE

2006-01-01

Full Text Available This paper presents a model for an integrated security system, which can be implemented in any organization. It is based on security-specific standards and taxonomies as ISO 7498-2 and Common Criteria. The functionalities are derived from the classes proposed in the Common Criteria document. In the paper we present the process model for each functionality and also we focus on the specific components.

The 'virtual' national securities commission

International Nuclear Information System (INIS)

Campbell, G.A.; Benham, B.J.

1998-01-01

This paper describes the mandate of the Canadian Securities Administrators (CSA), a body established to ensure that Canada has an efficient and effective securities regulatory system to protect investors and a fair and efficient securities market. The CSA was created in 1937 and is comprised of the twelve provincial and territorial securities regulatory authorities. Some of the measures that the CSA has taken to improve regulatory efficiency are discussed. Among the measures highlighted are the creation of a task force on operational efficiencies in the administration of securities regulation, the development of a mutual reliance review system and a system for electronic document analysis and retrieval (SEDAR) to electronically file information to a central computer database. The CSA also adopted a system to expedite the review and receipt of short form prospectuses

How strong is the Social Security safety net? Using the Elder Index to assess gaps in economic security.

Science.gov (United States)

Mutchler, Jan E; Li, Yang; Xu, Ping

2018-04-16

Older Americans rely heavily on Social Security benefits (SSBs) to support independent lifestyles, and many have few or no additional sources of income. We establish the extent to which SSBs adequately support economic security, benchmarked by the Elder Economic Security Standard Index. We document variability across U.S. counties in the adequacy levels of SSBs among older adults. We find that the average SSBs fall short of what is required for economic security in every county in the United States, but the level of shortfall varies considerably by location. Policy implications relating to strengthening Social Security and other forms of retirement income are discussed.

17 CFR 240.15g-2 - Penny stock disclosure document relating to the penny stock market.

Science.gov (United States)

2010-04-01

... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Penny stock disclosure document relating to the penny stock market. 240.15g-2 Section 240.15g-2 Commodity and Securities Exchanges... Section 15(d) of the Act § 240.15g-2 Penny stock disclosure document relating to the penny stock market...

Optical and digital techniques for information security

CERN Document Server

2005-01-01

Optical and Digital Techniques for Information Security is the first book in a series focusing on Advanced Sciences and Technologies for Security Applications. This book encompases the results of research investigation and technologies used to secure, verify, recognize, track, and authenticate objects and information from theft, counterfeiting, and manipulation by unauthorized persons and agencies. This Information Security book will draw on the diverse expertise in optical sciences and engineering, digital image processing, imaging systems, information processing, computer based information systems, sensors, detectors, and biometrics to report innovative technologies that can be applied to information security issues. The Advanced Sciences and Technologies for Security Applications series focuses on research monographs in the areas of: -Recognition and identification (including optical imaging, biometrics, authentication, verification, and smart surveillance systems) -Biological and chemical threat detection...

Page segmentation using script identification vectors: A first look

Energy Technology Data Exchange (ETDEWEB)

Hochberg, J.; Cannon, M.; Kelly, P.; White, J.

1997-07-01

Document images in which different scripts, such as Chinese and Roman, appear on a single page pose a problem for optical character recognition (OCR) systems. This paper explores the use of script identification vectors in the analysis of multilingual document images. A script identification vector is calculated for each connected component in a document. The vector expresses the closest distance between the component and templates developed for each of thirteen scripts, including Arabic, Chinese, Cyrillic, and Roman. The authors calculate the first three principal components within the resulting thirteen-dimensional space for each image. By mapping these components to red, green, and blue, they can visualize the information contained in the script identification vectors. The visualization of several multilingual images suggests that the script identification vectors can be used to segment images into script-specific regions as large as several paragraphs or as small as a few characters. The visualized vectors also reveal distinctions within scripts, such as font in Roman documents, and kanji vs. kana in Japanese. Results are best for documents containing highly dissimilar scripts such as Roman and Japanese. Documents containing similar scripts, such as Roman and Cyrillic will require further investigation.

US statutes for enforcement by security inspectors

Energy Technology Data Exchange (ETDEWEB)

Cadwell, J.J.; Ruger, C.J.

1995-12-01

This document is one of a three volume set. BNL 52201 is titled `Selected Text of Atomic Energy Act Executive Orders and Other Laws of General Interest to Safeguards and Security Executives`, and it contains detailed information for use by executives. BNL 52202 is titled `U.S. Statutes of General Interest to Safeguards and Security Officers`, and contains less detail than BNL 52201. It is intended for use by officers. BNL 52203 is titled `U.S. Statutes for Enforcement by Security Inspectors`, and it contains statutes to be applied by uniformed security inspectors.

Security-by-design handbook.

Energy Technology Data Exchange (ETDEWEB)

Snell, Mark Kamerer; Jaeger, Calvin Dell; Scharmer, Carol; Jordan, Sabina Erteza; Tanuma, Koji [Japan Atomic Energy Agency, Tokai-mura, Ibaraki, Japan; Ochiai, Kazuya [Japan Atomic Energy Agency, Tokai-mura, Ibaraki, Japan; Iida, Toru [Japan Atomic Energy Agency, Tokai-mura, Ibaraki, Japan

2013-01-01

This document is a draft SecuritybyDesign (SeBD) handbook produced to support the Work Plan of the Nuclear Security Summit to share best practices for nuclear security in new facility design. The Work Plan calls on States to %E2%80%9Cencourage nuclear operators and architect/engineering firms to take into account and incorporate, where appropriate, effective measures of physical protection and security culture into the planning, construction, and operation of civilian nuclear facilities and provide technical assistance, upon request, to other States in doing so.%E2%80%9D The materials for this document were generated primarily as part of a bilateral project to produce a SeBD handbook as a collaboration between the Japan Atomic Energy Agency (JAEA) Nuclear Nonproliferation Science and Technology Center and Sandia National Laboratories (SNL), which represented the US Department Energy (DOE) National Nuclear Security Administration (NNSA) under a Project Action Sheet PASPP04. Input was also derived based on tours of the Savannah River Site (SRS) and Japan Nuclear Fuel Limited (JNFL) Rokkasho Mixed Oxide Fuel fabrication facilities and associated project lessonslearned. For the purposes of the handbook, SeBD will be described as the systemlevel incorporation of the physical protection system (PPS) into a new nuclear power plant or nuclear facility resulting in a PPS design that minimizes the risk of malicious acts leading to nuclear material theft; nuclear material sabotage; and facility sabotage as much as possible through features inherent in (or intrinsic to) the design of the facility. A fourelement strategy is presented to achieve a robust, durable, and responsive security system.

Specificity of Correlation Pattern Recognition Methods Application in Security Holograms Identity Control Apparatus

Science.gov (United States)

Zlokazov, E. Yu.; Starikov, R. S.; Odinokov, S. B.; Tsyganov, I. K.; Talalaev, V. E.; Koluchkin, V. V.

Automatic inspection of security hologram (SH) identity is highly demanded issue due high distribution of SH worldwide to protect documents such as passports, driving licenses, banknotes etc. While most of the known approaches use inspection of SH design features none of these approaches inspect the features of its surface relief that is a direct contribution to original master matrix used for these holograms production. In our previous works we represented the device that was developed to provide SH identification by processing of coherent responses of its surface elements. Most of the algorithms used in this device are based on application of correlation pattern recognition methods. The main issue of the present article is a description of these methods application specificities.

On the Horizon: New Advances in Security Technology

Science.gov (United States)

Gamble, Cheryl

2005-01-01

The worlds of security and technology have been on an intersecting course since the first published account of the use of fingerprint identification made news in 1880 (although unpublished reports suggest its use as early as 1858). In the three and one half years since the September 11 attacks, technological advances across the security field have…

Industrial fabrication of an optical security device for document protection using plasmon resonant transmission through a thin corrugated metallic film embedded on a plastic foil

Science.gov (United States)

Sauvage-Vincent, Jean; Jourlin, Yves; Tonchev, Svetlen; Veillas, Colette; Claude, Pedri; Parriaux, Olivier

2012-06-01

Known since a long time in polymer banknotes and presented in the few years in paper banknotes, the principle of windowed documents has been currently extended to ID documents. We present an innovative solution which combines resonant transmission and Zero Order Device technologies and which is dedicated to improve windows in terms of the overt security level. With this R&D program, Hologram Industries targeted to obtain an overt visual security device that should be readily checked in transmission in the same manner as the established paper watermark. The proposed solution is based on the propagation of resonant modes in a thin continuous corrugated metallic layer embedded (encapsulated) between two dielectric layers of near equal refractive index. The mode of most interest is the Long Range Plasmon Mode. The coupling condition to the Long Range Mode is principally related to the corrugation, the metal layer thickness and the index of the two dielectric layers. If the condition of the mode excitation through the grating is fulfilled, a predetermined wavelength will be coupled to the Long Range Plasmon Mode. This mode will propagate at each metal/dielectric interface with a low loss and will concentrate the electric field inside the metal layer. This effect of coupling enables the transmission of a peak at this wavelength through the metallic layer. It defines the so called "extraordinary resonant transmission".

PUREX Deactivation Health and Safety documentation

International Nuclear Information System (INIS)

Dodd, E.N. III.

1995-01-01

The purpose of the PUREX Deactivation Project is to establish a passively safe and environmentally secure configuration of PUREX at the Hanford Site, and to preserve that configuration for a 10-year horizon. The 10-year horizon is used to predict future maintenance requirements and represents they typical time duration expended to define, authorize, and initiate the follow-on Decontamination and Decommissioning (D ampersand D) activities. This document was prepared to increase attention to worker safety issues during the deactivation project and, as such, identifies the documentation and programs associated with PUREX Deactivation Health and Safety

BIOMETRIC SECURITY: ALTERNATIF PENGENDALIAN DALAM SISTEM INFORMASI AKUNTANSI TERKOMPUTERISASI

Directory of Open Access Journals (Sweden)

Josua Tarigan

2004-01-01

Full Text Available As organization search more secure authentication method for user access, biometric security technology is gaining more and more attention. The implementation of biometric security technology in accounting information systems was physical access, virtual access, e-commerce applications and covert suveillance. There are three phase when an organization implementation biometric technology: strategic planning and budgeting, developing a system reliability plan and documentation. The challenges will face when develop biometric technology as control in accounting information system are standardization, hybrid technology uses, life cycle management. Abstract in Bahasa Indonesia : Adanya keinginan setiap organisasi untuk mencari metode pengamanan authentication yang lebih untuk akses user, dijawab dengan adanya teknologi biometric security yang mendapat perhatian yang cukup besar bagi organisasi. Implementasi teknologi biometric security cukup luas dalam sistem informasi akuntansi yaitu sebagai pengendalian pada physical access, virtual access, e-commerce applications dan covert surveillance. Dalam mengimplementasikan teknologi biometric, ada tiga tahapan yang harus dilakukan organisasi, yakni strategic planning and budgeting, developing a system reliability plan dan documentation. Tantangan yang akan dihadapi dalam mengembangkan teknologi biometric sebagai pengendalian dalam sistem informasi akuntansi yakni standarisasi, aplikasi teknologi hybrid dan manajemen siklus hidup pada biometric security. Kata kunci: authentication, akses user dan biometric security.

32 CFR 552.109 - Routine security controls.

Science.gov (United States)

2010-07-01

..., dependent, or DoD civilian identification cards are authorized unimpeded access to Fort Lewis during periods... who desire to visit unit areas, club facilities and other recreational facilities, security personnel...

Maritime supply chain security: navigating through a sea of compliance requirements

CSIR Research Space (South Africa)

Maspero, EL

2008-11-01

Full Text Available MTSA Maritime Transportation Security Act RFID Radio Frequency Identification SAFE Security and Accountability For Every port SOLAS Safety Of Life At Sea SST Smart and Secure Tradelane UNCTAD United Nations Conference on Trade and Development... for increased security within maritime shipping and so the SOLAS (the Safety of Lives at Sea) Convention Chapter 11 was amended to provide for the inclusion of the International Ships and Port Facilities Security Code (ISPS Code), which was internationally...

Online database for documenting clinical pathology resident education.

Science.gov (United States)

Hoofnagle, Andrew N; Chou, David; Astion, Michael L

2007-01-01

Training of clinical pathologists is evolving and must now address the 6 core competencies described by the Accreditation Council for Graduate Medical Education (ACGME), which include patient care. A substantial portion of the patient care performed by the clinical pathology resident takes place while the resident is on call for the laboratory, a practice that provides the resident with clinical experience and assists the laboratory in providing quality service to clinicians in the hospital and surrounding community. Documenting the educational value of these on-call experiences and providing evidence of competence is difficult for residency directors. An online database of these calls, entered by residents and reviewed by faculty, would provide a mechanism for documenting and improving the education of clinical pathology residents. With Microsoft Access we developed an online database that uses active server pages and secure sockets layer encryption to document calls to the clinical pathology resident. Using the data collected, we evaluated the efficacy of 3 interventions aimed at improving resident education. The database facilitated the documentation of more than 4 700 calls in the first 21 months it was online, provided archived resident-generated data to assist in serving clients, and demonstrated that 2 interventions aimed at improving resident education were successful. We have developed a secure online database, accessible from any computer with Internet access, that can be used to easily document clinical pathology resident education and competency.

Exploring a New Security Framework for Remote Patient Monitoring Devices

Directory of Open Access Journals (Sweden)

Brian Ondiege

2017-02-01

Full Text Available Security has been an issue of contention in healthcare. The lack of familiarity and poor implementation of security in healthcare leave the patients’ data vulnerable to attackers. The main issue is assessing how we can provide security in an RPM infrastructure. The findings in literature show there is little empirical evidence on proper implementation of security. Therefore, there is an urgent need in addressing cybersecurity issues in medical devices. Through the review of relevant literature in remote patient monitoring and use of a Microsoft threat modelling tool, we identify and explore current vulnerabilities and threats in IEEE 11073 standard devices to propose a new security framework for remote patient monitoring devices. Additionally, current RPM devices have a limitation on the number of people who can share a single device, therefore, we propose the use of NFC for identification in Remote Patient Monitoring (RPM devices for multi-user environments where we have multiple people sharing a single device to reduce errors associated with incorrect user identification. We finally show how several techniques have been used to build the proposed framework.

Nevada National Security Site Waste Acceptance Criteria

Energy Technology Data Exchange (ETDEWEB)

none,

2013-06-01

This document establishes the U.S. Department of Energy (DOE), National Nuclear Security Administration Nevada Field Office (NNSA/NFO), Nevada National Security Site Waste Acceptance Criteria (NNSSWAC). The NNSSWAC provides the requirements, terms, and conditions under which the Nevada National Security Site (NNSS) will accept the following: • DOE hazardous and non-hazardous non-radioactive classified waste • DOE low-level radioactive waste (LLW) • DOE mixed low-level waste (MLLW) • U.S. Department of Defense (DOD) classified waste The LLW and MLLW listed above may also be classified waste. Classified waste is the only waste accepted for disposal that may be non-radioactive and shall be required to meet the waste acceptance criteria for radioactive waste as specified in this document. Classified waste may be sent to the NNSS as classified matter. Section 3.1.18 provides the requirements that must be met for permanent burial of classified matter. The NNSA/NFO and support contractors are available to assist the generator in understanding or interpreting this document. For assistance, please call the NNSA/NFO Environmental Management Operations (EMO) at (702) 295-7063, and the call will be directed to the appropriate contact.

Nevada National Security Site Waste Acceptance Criteria

International Nuclear Information System (INIS)

2013-01-01

This document establishes the U.S. Department of Energy (DOE), National Nuclear Security Administration Nevada Field Office (NNSA/NFO), Nevada National Security Site Waste Acceptance Criteria (NNSSWAC). The NNSSWAC provides the requirements, terms, and conditions under which the Nevada National Security Site (NNSS) will accept the following: DOE hazardous and non-hazardous non-radioactive classified waste; DOE low-level radioactive waste (LLW); DOE mixed low-level waste (MLLW); and, U.S. Department of Defense (DOD) classified waste. The LLW and MLLW listed above may also be classified waste. Classified waste is the only waste accepted for disposal that may be non-radioactive and shall be required to meet the waste acceptance criteria for radioactive waste as specified in this document. Classified waste may be sent to the NNSS as classified matter. Section 3.1.18 provides the requirements that must be met for permanent burial of classified matter. The NNSA/NFO and support contractors are available to assist the generator in understanding or interpreting this document. For assistance, please call the NNSA/NFO Environmental Management Operations (EMO) at (702) 295-7063, and the call will be directed to the appropriate contact.

An Analysis of Open Source Security Software Products Downloads

Science.gov (United States)

Barta, Brian J.

2014-01-01

Despite the continued demand for open source security software, a gap in the identification of success factors related to the success of open source security software persists. There are no studies that accurately assess the extent of this persistent gap, particularly with respect to the strength of the relationships of open source software…

Technology safeguards needed as security rule audits loom.

Science.gov (United States)

Gersh, Deborah; Hoey, Laura G; McCrystal, Timothy M; Tolley, David C

2012-05-01

The Department of Health and Human Services will conduct security rule audits that will involve on-site visits and include: Compliance-focused interviews with key organizational leaders. Scrutiny of physical operations controls, especially regarding storage, maintenance, and use of protected health information. Assessment of organizational policies and procedures to ensure compliance with privacy and security rules. Identification of regulatory compliance areas of concern.

Signature Schemes Secure against Hard-to-Invert Leakage

DEFF Research Database (Denmark)

Faust, Sebastian; Hazay, Carmit; Nielsen, Jesper Buus

2012-01-01

of the secret key. As a second contribution, we construct a signature scheme that achieves security for random messages assuming that the adversary is given a polynomial-time hard to invert function. Here, polynomial-hardness is required even when given the entire public-key – so called weak auxiliary input......-theoretically reveal the entire secret key. In this work, we propose the first constructions of digital signature schemes that are secure in the auxiliary input model. Our main contribution is a digital signature scheme that is secure against chosen message attacks when given an exponentially hard-to-invert function...... security. We show that such signature schemes readily give us auxiliary input secure identification schemes...

Assessing the Effectiveness of Alternative Community-Led Security ...

International Development Research Centre (IDRC) Digital Library (Canada)

While many believe the state has a monopoly on the legitimate use of force, realities on the ground challenge this assertion, particularly in conflict and ... It will document alternative sources of governance, security, and justice that urban communities apply when state security forces are weak, unresponsive, or abusive.

Corrective Action Decision Document/Closure Report for Corrective Action Unit 550: Smoky Contamination Area Nevada National Security Site, Nevada, Revision 0

Energy Technology Data Exchange (ETDEWEB)

Matthews, Patrick K. [Navarro-Intera, LLC (N-I), Las Vegas, NV (United States)

2015-02-01

This Corrective Action Decision Document/Closure Report presents information supporting the closure of Corrective Action Unit (CAU) 550: Smoky Contamination Area, Nevada National Security Site, Nevada. CAU 550 includes 19 corrective action sites (CASs), which consist of one weapons-related atmospheric test (Smoky), three safety experiments (Ceres, Oberon, Titania), and 15 debris sites (Table ES-1). The CASs were sorted into the following study groups based on release potential and technical similarities: • Study Group 1, Atmospheric Test • Study Group 2, Safety Experiments • Study Group 3, Washes • Study Group 4, Debris The purpose of this document is to provide justification and documentation supporting the conclusion that no further corrective action is needed for CAU 550 based on implementation of the corrective actions listed in Table ES-1. Corrective action investigation (CAI) activities were performed between August 2012 and October 2013 as set forth in the Corrective Action Investigation Plan for Corrective Action Unit 550: Smoky Contamination Area; and in accordance with the Soils Activity Quality Assurance Plan. The approach for the CAI was to investigate and make data quality objective (DQO) decisions based on the types of releases present. The purpose of the CAI was to fulfill data needs as defined during the DQO process. The CAU 550 dataset of investigation results was evaluated based on a data quality assessment. This assessment demonstrated the dataset is complete and acceptable for use in fulfilling the DQO data needs.

Multilevel architectures for electronic document retrieval

International Nuclear Information System (INIS)

Rome, J.A.; Tolliver, J.S.

1997-01-01

Traditionally, most classified computer systems run at the highest level of any of the data on the system, and all users must be cleared to this security level. This architecture precludes the use of low-level (pay and clearance) personnel for such tasks as data entry, and makes sharing data with other entities difficult. The government is trying to solve this problem by the introduction of multilevel-secure (MLS) computer systems. In addition, wherever possible, there is pressure to use commercial off-the-shelf software (COTS) to improve reliability, and to reduce purchase and maintenance costs. This paper presents two architectures for an MLS electronic document retrieval system using COTS products. Although the authors believe that the resulting systems represent a real advance in usability, scaleability, and scope, the disconnect between existing security rules and regulations and the rapidly-changing state of technology will make accreditation of such systems a challenge

Digital watermarks in electronic document circulation

Directory of Open Access Journals (Sweden)

Vitaliy Grigorievich Ivanenko

2017-07-01

Full Text Available This paper reviews different protection methods for electronic documents, their good and bad qualities. Common attacks on electronic documents are analyzed. Digital signature and ways of eliminating its flaws are studied. Different digital watermark embedding methods are described, they are divided into 2 types. The solution to protection of electronic documents is based on embedding digital watermarks. Comparative analysis of this methods is given. As a result, the most convenient method is suggested – reversible data hiding. It’s remarked that this technique excels at securing the integrity of the container and its digital watermark. Digital watermark embedding system should prevent illegal access to the digital watermark and its container. Digital watermark requirements for electronic document protection are produced. Legal aspect of copyright protection is reviewed. Advantages of embedding digital watermarks in electronic documents are produced. Modern reversible data hiding techniques are studied. Distinctive features of digital watermark use in Russia are highlighted. Digital watermark serves as an additional layer of defense, that is in most cases unknown to the violator. With an embedded digital watermark, it’s impossible to misappropriate the authorship of the document, even if the intruder signs his name on it. Therefore, digital watermarks can act as an effective additional tool to protect electronic documents.

77 FR 66351 - Establishing the White House Homeland Security Partnership Council

Science.gov (United States)

2012-11-02

... the White House Homeland Security Partnership Council #0; #0; #0; Presidential Documents #0; #0; #0;#0... White House Homeland Security Partnership Council By the authority vested in me as President by the... States. Sec. 2. White House Homeland Security Partnership Council and Steering Committee. (a) White House...

Process Control System Cyber Security Standards - An Overview

Energy Technology Data Exchange (ETDEWEB)

Robert P. Evans; V Stanley Scown; Rolf Carlson; Shabbir Shamsuddin; George Shaw; Jeff Dagle; Paul W Oman; Jeannine Schmidt

2005-10-01

The use of cyber security standards can greatly assist in the protection of critical infrastructure by providing guidelines and requisite imperatives in the implementation of computer-controlled systems. These standards are most effective when the engineers and operators using the standards understand what each of the standards addresses and does not address. This paper provides a review and comparison of ten documents dealing with control system cyber security. It is not meant to be a complete treatment of all applicable standards; rather, this is an exemplary analysis showing the benefits of comparing and contrasting differing documents.

Regulatory Guide on Conducting a Security Vulnerability Assessment

Energy Technology Data Exchange (ETDEWEB)

Ek, David R. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)

2016-01-01

This document will provide guidelines on conducting a security vulnerability assessment at a facility regulated by the Radiation Protection Centre. The guidelines provide a performance approach assess security effectiveness. The guidelines provide guidance for a review following the objectives outlined in IAEA NSS#11 for Category 1, 2, & 3 sources.

The Regulation of the Security of Electronic Information in Lithuania and Russia: the Comparative Aspects

Directory of Open Access Journals (Sweden)

Darius Štitilis

2013-02-01

Full Text Available Cybercrime has become a global phenomenon, which is causing more harm to individual citizens, organizations, society and the state. Most countries in the world compare cybercrime with such offences as terrorism and drug trafficking due to its risks and profitability. Therefore, the legal regulation of cybercrime is one of the most relevant problems in the world, including Lithuania and our neighbouring country, Russia. So far cybercrime analysis in scientific literature has been rather limited. We have not succeeded in finding a comparison between the regulatory practices of cybercrime in the Russian Federation and the Republic of Lithuania in any of the references. The main goal of the thesis paper is to analyse and to compare the electronic information security legal framework of the Russian Federation and the Republic of Lithuania. The article consists of two parts. The first part deals with the comparative aspect of strategic documents—the program governing electronic information protection in Lithuania and the Russian Federation. The second part of the article examines the comparative aspect of electronic information protection legislative, legal framework Republic of Lithuania and the Russian Federation. It was found that at the moment in both countries there is a strategic document which defines the planned state policy in this area, but the lack of a Lithuanian Law which can fully and consistently regulate social relations in relation to electronic information security. Several different approaches have been used in the research. The authors have used a comparative method to investigate the Lithuanian and Russian legal framework for the security of electronic information. Empirical analysis of legal documents was used to determine the legal regulation of the security of electronic information in Lithuania and Russia. Legal acts of the Republic of Lithuania and the Russian Federation have been analysed. Having analysed the official

The Regulation of the Security of Electronic Information in Lithuania and Russia: the Comparative Aspects

Directory of Open Access Journals (Sweden)

Darius Štitilis

2012-12-01

Full Text Available Cybercrime has become a global phenomenon, which is causing more harm to individual citizens, organizations, society and the state. Most countries in the world compare cybercrime with such offences as terrorism and drug trafficking due to its risks and profitability. Therefore, the legal regulation of cybercrime is one of the most relevant problems in the world, including Lithuania and our neighbouring country, Russia. So far cybercrime analysis in scientific literature has been rather limited. We have not succeeded in finding a comparison between the regulatory practices of cybercrime in the Russian Federation and the Republic of Lithuania in any of the references.The main goal of the thesis paper is to analyse and to compare the electronic information security legal framework of the Russian Federation and the Republic of Lithuania.The article consists of two parts. The first part deals with the comparative aspect of strategic documents—the program governing electronic information protection in Lithuania and the Russian Federation.The second part of the article examines the comparative aspect of electronic information protection legislative, legal framework Republic of Lithuania and the Russian Federation. It was found that at the moment in both countries there is a strategic document which defines the planned state policy in this area, but the lack of a Lithuanian Law which can fully and consistently regulate social relations in relation to electronic information security.Several different approaches have been used in the research. The authors have used a comparative method to investigate the Lithuanian and Russian legal framework for the security of electronic information. Empirical analysis of legal documents was used to determine the legal regulation of the security of electronic information in Lithuania and Russia. Legal acts of the Republic of Lithuania and the Russian Federation have been analysed. Having analysed the official

42 CFR 420.304 - Procedures for obtaining access to books, documents, and records.

Science.gov (United States)

2010-10-01

... 42 Public Health 3 2010-10-01 2010-10-01 false Procedures for obtaining access to books, documents... Books, Documents, and Records of Subcontractors § 420.304 Procedures for obtaining access to books... following elements: (1) Reasonable identification of the books, documents, and records to which access is...

A Stitch in Time : Supporting Android Developers in Writing Secure Code

OpenAIRE

Nguyen, Duc Cuong; Wermke, Dominik; Acar, Yasemin; Backes, Michael; Weir, Charles Alexander Forbes; Fahl, Sascha

2017-01-01

Despite security advice in the official documentation and an extensive body of security research about vulnerabilities and exploits, many developers still fail to write secure Android applications. Frequently, Android developers fail to adhere to security best practices, leaving applications vulnerable to a multitude of attacks. We point out the advantage of a low-time-cost tool both to teach better secure coding and to improve app security. Using the FixDroid™ IDE plug-in, we show that profe...

EXAMINATION OF SECURITY EVENTS AS DBEs FOR MGDS IMPORTANT TO SAFETY SSCs

International Nuclear Information System (INIS)

J.M. Hartsell

1998-01-01

A portion of the safeguards and security system for the Mined Geologic Disposal System (MGDS) has been identified as QA-1 based on the classification of structures, systems, and components (SSCs) performed in accordance with QAP-2-3, ''Classification of Permanent Items'' (Reference 5.2). The classification analysis, ''Classification of the Preliminary MGDS Repository Design'' (Reference 5.9), identifies the ''Safeguards Material Control and Accountability'' system as a QA-1 SSC based on the identification of unauthorized intrusion, sabotage, theft, and diversion as potential Design Basis Events (DBEs). The purpose of this analysis is to provide justification to eliminate these events as DBEs for the MGDS based on a review of the Codes of Federal Regulation (CFRs) for geologic repositories (10 CFR 60), commercial reactor facilities (10 CFR 50), independent spent fuel storage installations (ISFSIs) and monitored retrievable storage (MRS) installations (10 CFR 72), and other relevant guidance documents in an effort to clarify that security events should not be considered in the QA design process of important to safety SSCs for the MGDS. The MGDS is a first of a kind geologic repository and no licensing precedent has been established for this type of facility

CH2M Hill Hanford Group, Inc., Standards and Requirements Identification Document (SRID) Requirements Management System and Requirements Specification

International Nuclear Information System (INIS)

JOHNSON, A.L.

2000-01-01

The current Tank Farm Contractor (TFC) for the U. S. Department of Energy, Office of River Protection (ORP), River Protection Project (RPP), CH2M Hill Hanford Group, Inc. (CHG), will use a computer based requirements management system. The system will serve as a tool to assist in identifying, capturing, and maintaining the Standards/Requirements Identification Document (S/RID) requirements and links to implementing procedures and other documents. By managing requirements as one integrated set, CHG will be able to carry out its mission more efficiently and effectively. CHG has chosen the Dynamic Object Oriented Requirements System (DOORS(trademark)) as the preferred computer based requirements management system. Accordingly, the S/RID program will use DOORS(trademark). DOORS(trademark) will replace the Environmental Requirements Management Interface (ERMI) system as the tool for S/RID data management. The DOORS(trademark) S/RID test project currently resides on the DOORSTM test server. The S/RID project will be migrated to the DOORS(trademark) production server. After the migration the S/RID project will be considered a production project and will no longer reside on the test server

Privacy-Enhancing Security Protocol in LTE Initial Attack

Directory of Open Access Journals (Sweden)

Uijin Jang

2014-12-01

Full Text Available Long-Term Evolution (LTE is a fourth-generation mobile communication technology implemented throughout the world. It is the communication means of smartphones that send and receive all of the private date of individuals. M2M, IOT, etc., are the base technologies of mobile communication that will be used in the future cyber world. However, identification parameters, such as International Mobile Subscriber Identity (IMSI, Radio Network Temporary Identities (RNTI, etc., in the initial attach section for accessing the LTE network are presented with the vulnerability of being exposed as clear text. Such vulnerability does not end in a mere identification parameter, but can lead to a secondary attack using the identification parameter, such as replication of the smartphone, illegal use of the mobile communication network, etc. This paper proposes a security protocol to safely transmit identification parameters in different cases of the initial attach. The proposed security protocol solves the exposed vulnerability by encrypting the parameters in transmission. Using an OPNET simulator, it is shown that the average rate of delay and processing ratio are efficient in comparison to the existing process.

Biometric Security: Alternatif Pengendalian Dalam Sistem Informasi Akuntansi Terkomputerisasi

OpenAIRE

Tarigan, Josua

2004-01-01

As organization search more secure authentication method for user access, biometric security technology is gaining more and more attention. The implementation of biometric security technology in accounting information systems was physical access, virtual access, e-commerce applications and covert suveillance. There are three phase when an organization implementation biometric technology: strategic planning and budgeting, developing a system reliability plan and documentation. The challenges w...

BIOMETRIC SECURITY: ALTERNATIF PENGENDALIAN DALAM SISTEM INFORMASI AKUNTANSI TERKOMPUTERISASI

OpenAIRE

Josua Tarigan

2004-01-01

As organization search more secure authentication method for user access, biometric security technology is gaining more and more attention. The implementation of biometric security technology in accounting information systems was physical access, virtual access, e-commerce applications and covert suveillance. There are three phase when an organization implementation biometric technology: strategic planning and budgeting, developing a system reliability plan and documentation. The challenges w...

Identification of Methodology of Indirect Assessment of Economy Shadowing

Directory of Open Access Journals (Sweden)

Avhustyn Ruslan R.

2014-03-01

Full Text Available The article explains the essence of the shadow economy as an objective phenomenon of socio-economic relations and its influence upon national economy security through instruments of pricing, fiscal restrictions, tax control, and banking and insurance regulation. It proves the necessity of use of the indirect method of assessment of the level of economy shadowing along with methods of direct control over the growth of shadowed economic relations, since such an approach would allow rational approach to identification of volumes and level of shadow activity. In the result of the study the article marks out varieties of indirect assessment of economy shadowing (methods of document, accounting and economic analysis, their specific features, advantages and shortcomings and results of practical use. The article reveals approaches and indicators of economic analysis that allow identification of reasons of deviations from the normal economic activity of economic subjects. It provides examples of the indirect method of assessment of the volume of shadowed economy that deal with analysis of demand on money and comparison of rates of the growth of the money supply with the volume of sight drafts with GDP.

Socio-technical security metrics

NARCIS (Netherlands)

Gollmann, D.; Herley, C.; Koenig, V.; Pieters, W.; Sasse, M.A.

2015-01-01

Report from Dagstuhl seminar 14491. This report documents the program and the outcomes of Dagstuhl Seminar 14491 “Socio-Technical Security Metrics”. In the domain of safety, metrics inform many decisions, from the height of new dikes to the design of nuclear plants. We can state, for example, that

Providing strong Security and high privacy in low-cost RFID networks

DEFF Research Database (Denmark)

David, Mathieu; Prasad, Neeli R.

2009-01-01

Since the dissemination of Radio Frequency IDentification (RFID) tags is getting larger and larger, the requirement for strong security and privacy is also increasing. Low-cost and ultra-low-cost tags are being implemented on everyday products, and their limited resources constraints the security...

DEBT SECURITIES, SECURITIES IN THE NEW CODE OF CIVIL LAW – THE NEED OF JUDICIAL DISAMBIGUATION

Directory of Open Access Journals (Sweden)

Eugenia Florescu

2012-11-01

Full Text Available A large part of the wealth is invested in securities, which circulate through documents or specific scriptural records that are located in the memory of the computer. These magnetic or paper-made „supports”, received different names, in law and in doctrine: debt securities, securities, negotiable instruments or commercial securities, equity securities, bearer bonds, financial instruments, transferable securities, stocks, bonds, bill, promissory note, check, et al. These expressions used by the New Code of Civil Law were assumed tale quale from the specialized language of commercial law, without any concern for explaining the foundation and judicial meaning of these legal institutions, and eliminate the ambiguity in this matter. Under such conditions, the analysis is to identify the criteria under which the judicial genre will separate from the judicial species in relation to the law and jurisprudence of the European Union and/or to the regulations specially adopted at national level, over time.

A secure RFID mutual authentication protocol for healthcare environments using elliptic curve cryptography.

Science.gov (United States)

Jin, Chunhua; Xu, Chunxiang; Zhang, Xiaojun; Zhao, Jining

2015-03-01

Radio Frequency Identification(RFID) is an automatic identification technology, which can be widely used in healthcare environments to locate and track staff, equipment and patients. However, potential security and privacy problems in RFID system remain a challenge. In this paper, we design a mutual authentication protocol for RFID based on elliptic curve cryptography(ECC). We use pre-computing method within tag's communication, so that our protocol can get better efficiency. In terms of security, our protocol can achieve confidentiality, unforgeability, mutual authentication, tag's anonymity, availability and forward security. Our protocol also can overcome the weakness in the existing protocols. Therefore, our protocol is suitable for healthcare environments.

Security of Radioactive Waste

International Nuclear Information System (INIS)

Goldammer, W.

2003-01-01

Measures to achieve radioactive waste security are discussed. Categorization of waste in order to implement adequate and consistent security measures based on potential consequences is made. The measures include appropriate treatment/storage/disposal of waste to minimize the potential and consequences of malicious acts; management of waste only within an authorised, regulated, legal framework; management of the security of personnel and information; measures to minimize the acquisition of radioactive waste by those with malicious intent. The specific measures are: deter unauthorized access to the waste; detect any such attempt or any loss or theft of waste; delay unauthorized access; provide timely response to counter any attempt to gain unauthorised access; measures to minimize acts of sabotage; efforts to recover any lost or stolen waste; mitigation and emergency plans in case of release of radioactivity. An approach to develop guidance, starting with the categorisation of sources and identification of dangerous sources, is presented. Dosimetric criteria for internal and external irradiation are set. Different exposure scenarios are considered. Waste categories and security categories based on the IAEA INFCIRC/225/Rev.4 are presented

A hybrid fingerprint identification system for immigration control ...

African Journals Online (AJOL)

A growing security issue today in Nigeria is the increased occurrence of identity fraud. Research tends to show that perpetrators of this act are foreigners who enter the country without any document and are employed as security officers, thereby posing security treats to lives and properties. These foreigners device a means ...

I and C security audit of nuclear facilities: implementation guide - TAFICS/IG/3

International Nuclear Information System (INIS)

2017-05-01

This document provides guidance to I and C Security audit team to prepare, plan, and execute security audit of Instrumentation and Control (I and C) systems at DAE's nuclear facilities, including I and C system development and manufacturing organisations. The audit is expected to check efficacy of I and C security program - plan, policies, procedures and controls - implemented at a nuclear facility to protect I and C systems from potential cyber attacks. The document contains detailed audit procedures, which specify the audit objectives, audit objects and audit methods for each element of I and C security described in implementation guides promulgated by TAFICS to all DAE Units. (author)

11. Argentine Congress of Radiological and Nuclear Security

International Nuclear Information System (INIS)

2017-01-01

The 11. Argentine Congress of Radiological and Nuclear Security was organized by the Radioprotection Argentine Society, in Buenos Aires, between the 5 and 6, October 2017. In this event, were presented documents about any of these topics: security systems, licensing of nuclear power plants, criticality accidents, biological radiation effects, NORM, acute radiation syndrome, etc.

Corrective Action Decision Document/Closure Report for Corrective Action Unit 105: Area 2 Yucca Flat Atmospheric Test Sites, Nevada National Security Site, Nevada, Revision 0

Energy Technology Data Exchange (ETDEWEB)

Matthews, Patrick

2013-09-01

This Corrective Action Decision Document/Closure Report presents information supporting the closure of Corrective Action Unit (CAU) 105: Area 2 Yucca Flat Atmospheric Test Sites, Nevada National Security Site, Nevada. CAU 105 comprises the following five corrective action sites (CASs): -02-23-04 Atmospheric Test Site - Whitney Closure In Place -02-23-05 Atmospheric Test Site T-2A Closure In Place -02-23-06 Atmospheric Test Site T-2B Clean Closure -02-23-08 Atmospheric Test Site T-2 Closure In Place -02-23-09 Atmospheric Test Site - Turk Closure In Place The purpose of this Corrective Action Decision Document/Closure Report is to provide justification and documentation supporting the recommendation that no further corrective action is needed for CAU 105 based on the implementation of the corrective actions. Corrective action investigation (CAI) activities were performed from October 22, 2012, through May 23, 2013, as set forth in the Corrective Action Investigation Plan for Corrective Action Unit 105: Area 2 Yucca Flat Atmospheric Test Sites; and in accordance with the Soils Activity Quality Assurance Plan, which establishes requirements, technical planning, and general quality practices.

Stamp Verification for Automated Document Authentication

DEFF Research Database (Denmark)

Micenková, Barbora; van Beusekom, Joost; Shafait, Faisal

Stamps, along with signatures, can be considered as the most widely used extrinsic security feature in paper documents. In contrast to signatures, however, for stamps little work has been done to automatically verify their authenticity. In this paper, an approach for verification of color stamps ...... and copied stamps. Sensitivity and specificity of up to 95% could be obtained on a data set that is publicly available....

The Extended Concept of Security and the Czech Security Practice

Directory of Open Access Journals (Sweden)

Libor Stejskal

2008-12-01

accompany the drawing up of a new security strategy for the country. A step in the right direction would be if, after public debate, the Government submitted a new version of the country’s security strategy for consideration and approval to the Parliament as the supreme representative body. The new strategy would thus be assigned greater importance than that of 2003 which was adopted only by the Government and, as a result, was often denied the status of a binding document. A broader public debate over the new security strategy would help ensure that the extended concept of security is more fully implemented in practice.

Corrective Action Decision Document/Closure Report for Corrective Action Unit 569: Area 3 Yucca Flat Atmospheric Test Sites Nevada National Security Site, Nevada with ROTC 1, Revision 0

Energy Technology Data Exchange (ETDEWEB)

Sloop, Christy

2013-04-01

This Corrective Action Decision Document/Closure Report presents information supporting the closure of Corrective Action Unit (CAU) 569: Area 3 Yucca Flat Atmospheric Test Sites, Nevada National Security Site, Nevada. CAU 569 comprises the following nine corrective action sites (CASs): • 03-23-09, T-3 Contamination Area • 03-23-10, T-3A Contamination Area • 03-23-11, T-3B Contamination Area • 03-23-12, T-3S Contamination Area • 03-23-13, T-3T Contamination Area • 03-23-14, T-3V Contamination Area • 03-23-15, S-3G Contamination Area • 03-23-16, S-3H Contamination Area • 03-23-21, Pike Contamination Area The purpose of this Corrective Action Decision Document/Closure Report is to provide justification and documentation supporting the recommendation that no further corrective action is needed for CAU 569 based on the implementation of the corrective actions listed in Table ES-2.

MCPS School Safety & Security at a Glance 2013-2014

Science.gov (United States)

Montgomery County Public Schools, 2014

2014-01-01

"MCPS School Safety and Security at a Glance" provides, in a single document, information about the reporting of incidents related to school safety and security, school climate, local school safety program descriptions, and serious incidents. Information is presented for each Montgomery County (Maryland) public school. While much of this…

MCPS School Safety & Security at a Glance 2012-2013

Science.gov (United States)

Montgomery County Public Schools, 2013

2013-01-01

"MCPS School Safety and Security at a Glance" provides, in a single document, information about the reporting of incidents related to school safety and security, school climate, local school safety program descriptions, and serious incidents. Information is presented for each Montgomery County (Maryland) public school. While much of this…

MCPS School Safety & Security at a Glance 2011-2012

Science.gov (United States)

Montgomery County Public Schools, 2012

2012-01-01

"MCPS School Safety and Security at a Glance" provides, in a single document, information about the reporting of incidents related to school safety and security, school climate, local school safety program descriptions, and serious incidents. Information is presented for each Montgomery County (Maryland) public school. While much of this…

SECURITY STRATEGIES OF MEMBER STATES OF THE EUROPEAN UNION FROM THE LISBON TREATY AND THE EUROPEAN SECURITY STRATEGY

Directory of Open Access Journals (Sweden)

PABLO RIVAS PARDO

2017-09-01

in mind, it is possible to study the variability of the Security Strategy in relation to four strategic guidelines: strategic self-perception, the necessity to tune these postulates with the common objectives of the European Union, the statement of threats and finally the actions projected by these strategies to face the changing environment of international security. This variability will seek the fact of the existence or nonexistence of tuning and consistency between the Security Strategies and the community positions in the matter of security and defense. The selected countries are those who have published their documents after the signing of the Treaty of Lisbon and the publication of the European Security Strategy, in other words, after2009: Austria, Bulgaria, Slovenia, Spain, Estonia, Holland, Hungary, Lithuania, UK and the Czech Republic.

Tightly Secure Signatures From Lossy Identification Schemes

OpenAIRE

Abdalla , Michel; Fouque , Pierre-Alain; Lyubashevsky , Vadim; Tibouchi , Mehdi

2015-01-01

International audience; In this paper, we present three digital signature schemes with tight security reductions in the random oracle model. Our first signature scheme is a particularly efficient version of the short exponent discrete log-based scheme of Girault et al. (J Cryptol 19(4):463–487, 2006). Our scheme has a tight reduction to the decisional short discrete logarithm problem, while still maintaining the non-tight reduction to the computational version of the problem upon which the or...

Approaches to assign security levels for radioactive substances and radiation sources

International Nuclear Information System (INIS)

Ivanov, M.V.; Petrovskij, N.P.; Pinchuk, G.N.; Telkov, S.N.; Kuzin, V.V.

2011-01-01

The article contains analyzed provisions on categorization of radioactive substances and radiation sources according to the extent of their potential danger. Above provisions are used in the IAEA documents and in Russian regulatory documents for differentiation of regulatory requirements to physical security. It is demonstrated that with the account of possible threats of violators, rules of physical protection of radiation sources and radioactive substances should be amended as regards the approaches to assign their categories and security levels [ru

Implementation of a Document Management System in an Operating Nuclear Power Plan

International Nuclear Information System (INIS)

Martinez Ladron de Guevara, J.

1996-01-01

The difficulty of implementing a document management system in an operating nuclear power plant basically lies in the high volume of information to be handled, in the different storage devices used and in the complexity of relations existing between the documentation and the physical elements of the facility. The documentation used in a power plant, mainly technical, is often stored on different devices (paper, microfilm, aperture cards, test files, vector files, raster files, etc) and usually features various identification criteria (engineering, manufacturing, plant staff, etc). Consequently, the system must be aimed at the management of multiformatted documentation, providing appropriate means of identification, capture and display for each case. The document management system must satisfy all information needs of each department of the plant, and should be adapted to the work cycles of the plant. Moreover, it should be integrated into other computer application in operation (maintenance, operation, procurement, etc), so that links can be established between the documentation and configuration elements. Although this is a complex procedure in operating power plants, there are integrating tools that facilitate the gradual implementation of this type of system. (Author)

Acceptance criteria for the evaluation of nuclear power reactor security plans

International Nuclear Information System (INIS)

1982-08-01

This guidance document contains acceptance criteria to be used in the NRC license review process. It contains specific criteria for use in evaluating the acceptability of nuclear power reactor security programs as detailed in security plans

Student Experiential Opportunities in National Security Careers

Energy Technology Data Exchange (ETDEWEB)

None, None

2007-12-31

This report documents student experiential opportunities in national security careers as part of the National Security Preparedness Project (NSPP), being performed under a Department of Energy (DOE)/National Nuclear Security Administration (NNSA) grant. This report includes a brief description of how experiential opportunities assist students in the selection of a career and a list of opportunities in the private sector and government. The purpose of the NSPP is to promote national security technologies through business incubation, technology demonstration and validation, and workforce development. Workforce development activities will facilitate the hiring of students to work with professionals in both the private and public sectors, as well as assist in preparing a workforce for careers in national security. The goal of workforce development under the NSPP grant is to assess workforce needs in national security and implement strategies to develop the appropriate workforce.

Software Development Initiatives to Identify and Mitigate Security Threats - Two Systematic Mapping Studies

Directory of Open Access Journals (Sweden)

Paulina Silva

2016-12-01

Full Text Available Software Security and development experts have addressed the problem of building secure software systems. There are several processes and initiatives to achieve secure software systems. However, most of these lack empirical evidence of its application and impact in building secure software systems. Two systematic mapping studies (SM have been conducted to cover the existent initiatives for identification and mitigation of security threats. The SMs created were executed in two steps, first in 2015 July, and complemented through a backward snowballing in 2016 July. Integrated results of these two SM studies show a total of 30 relevant sources were identified; 17 different initiatives covering threats identification and 14 covering the mitigation of threats were found. All the initiatives were associated to at least one activity of the Software Development Lifecycle (SDLC; while 6 showed signs of being applied in industrial settings, only 3 initiatives presented experimental evidence of its results through controlled experiments, some of the other selected studies presented case studies or proposals.

Renewable electricity generation: supporting documentation for the Renewables Advisory Board submission to the 2006 UK energy review

International Nuclear Information System (INIS)

2006-01-01

The Renewables Advisory Board (RAB) is an independent, non-departmental public body, sponsored by the DTI, which brings together representatives of the renewable sector and the unions. Electricity generation from renewable energy sources offers a range of advantages to the UK electricity-generating sector. This document, prepared as supporting documentation for the RAB submission to the 2006 Energy Review, examines the role of renewable energy in improving security of supply, lowering financial risk for energy portfolios, and reducing electricity cost volatility and fuel costs for the UK. Key topics addressed in this report include: resource security; security of supply; price security; and operational security. Also covered are variability patterns, financial costs and benefits of renewable generation. Maintaining the option and flexibility of future renewables development has a real option value, with overseas evidence showing that this can be significant

Social Security and the Evolution of Elderly Poverty

OpenAIRE

Gary V. Engelhardt; Jonathan Gruber

2004-01-01

We use data from the March 1968-2001 Current Population Surveys to document the evolution of elderly poverty over this time period, and to assess the causal role of the Social Security program in reducing poverty rates. We develop an instrumental variable approach that relies on the large increase in benefits for birth cohorts from 1885 through 1916, and the subsequent decline and flattening of real benefits growth due to the Social Securing 'notch', to estimate of Social Security on elderly ...

Securing health sensing using integrated circuit metric.

Science.gov (United States)

Tahir, Ruhma; Tahir, Hasan; McDonald-Maier, Klaus

2015-10-20

Convergence of technologies from several domains of computing and healthcare have aided in the creation of devices that can help health professionals in monitoring their patients remotely. An increase in networked healthcare devices has resulted in incidents related to data theft, medical identity theft and insurance fraud. In this paper, we discuss the design and implementation of a secure lightweight wearable health sensing system. The proposed system is based on an emerging security technology called Integrated Circuit Metric (ICMetric) that extracts the inherent features of a device to generate a unique device identification. In this paper, we provide details of how the physical characteristics of a health sensor can be used for the generation of hardware "fingerprints". The obtained fingerprints are used to deliver security services like authentication, confidentiality, secure admission and symmetric key generation. The generated symmetric key is used to securely communicate the health records and data of the patient. Based on experimental results and the security analysis of the proposed scheme, it is apparent that the proposed system enables high levels of security for health monitoring in resource optimized manner.

Development of a Quantitative Method for Evaluating the Efficacy of Cyber Security Controls in NPPs based on Intrusion Tolerant Concept

International Nuclear Information System (INIS)

Lee, Chanyoung; Seong, Poong Hyun

2017-01-01

Digital I and C systems have been developed and installed in nuclear power plants (NPPs). However, due to installation of digital I and C systems, cyber security concerns are increasing in the nuclear industry. In order to provide useful information about cyber security issues, many regulatory documents, guides and standards were already published in the nuclear industry. The documents include cyber security plans, methods for cyber security assessments and comprehensive set of security controls. In order for useful information about cyber security issues, many regulatory documents, guides and standards have been already published in the nuclear industry. However, there are still difficulties when it comes to deciding which security controls are needed and to defining appropriate security control requirements. It is because practical examples for the application of security controls have not been available to system designers and there is a lack of means for estimating the effectiveness of security controls. In this regard, this paper suggested a framework to quantitatively evaluate how much cyber security is improved when specific cyber security controls are applied in NPPs.

Bechtel Hanford, Inc. Network Security Plan for the Environmental Restoration Contract

International Nuclear Information System (INIS)

Slade, B.E.

2000-01-01

This document was created to address ERC computer security needs that are outlined by DOE Order 1360.2B, Unclassified Computer Security Program. DOE Order 1360.2B has been canceled and replaced with DOE Notice 205.1, Unclassified Cyber Security Program. The ERC response to DOE Notice 205.1 is to generate BHI-01343, Cyber Security Program Plan, which is not available for public access or viewing

Ghana's Integrated Nuclear Security Support Plan

International Nuclear Information System (INIS)

Dahlstrom, Danielle

2013-01-01

recently reviewed to identify additional areas for improvement. Based on IAEA nuclear security guidance, it is designed to identify those actions required to ensure that Ghana's national nuclear security regime is effective and can be implemented over a period of time to ensure sustainability. The main objectives of an INSSP are to identify and consolidate the nuclear security needs of an individual State into an integrated document. But it is more than a document; it is nuclear security in action. Joseph Gdadago, Manager of the National Nuclear Research Institute at the Ghana Atomic Energy Commission (GAEC), explains, ''Nuclear security is very important. This reactor uses highly enriched uranium. We put all necessary security measures in place to protect this and prevent any sabotage or theft of any kind.''

Detection and intelligent systems for homeland security

CERN Document Server

Voeller, John G

2014-01-01

Detection and Intelligent Systems for Homeland Security features articles from the Wiley Handbook of Science and Technology for Homeland Security covering advanced technology for image and video interpretation systems used for surveillance, which help in solving such problems as identifying faces from live streaming or stored videos. Biometrics for human identification, including eye retinas and irises, and facial patterns are also presented. The book then provides information on sensors for detection of explosive and radioactive materials and methods for sensing chemical

A roadmap for security challenges in the Internet of Things

Directory of Open Access Journals (Sweden)

Arbia Riahi Sfar

2018-04-01

Full Text Available Unquestionably, communicating entities (object, or things in the Internet of Things (IoT context are playing an active role in human activities, systems and processes. The high connectivity of intelligent objects and their severe constraints lead to many security challenges, which are not included in the classical formulation of security problems and solutions. The Security Shield for IoT has been identified by DARPA (Defense Advanced Research Projects Agency as one of the four projects with a potential impact broader than the Internet itself. To help interested researchers contribute to this research area, an overview of the IoT security roadmap overview is presented in this paper based on a novel cognitive and systemic approach. The role of each component of the approach is explained, we also study its interactions with the other main components, and their impact on the overall. A case study is presented to highlight the components and interactions of the systemic and cognitive approach. Then, security questions about privacy, trust, identification, and access control are discussed. According to the novel taxonomy of the IoT framework, different research challenges are highlighted, important solutions and research activities are revealed, and interesting research directions are proposed. In addition, current standardization activities are surveyed and discussed to the ensure the security of IoT components and applications. Keywords: Internet of Things, Systemic and cognitive approach, Security, Privacy, Trust, Identification, Access control

Application of the Concept of Intrusion Tolerant System for Evaluating Cyber Security Enhancements

Energy Technology Data Exchange (ETDEWEB)

Lee, Chanyoung; Seong, Poong Hyun [KAIST, Daejeon (Korea, Republic of)

2016-10-15

One of the major problems is that nuclear industry is in very early stage in dealing with cyber security issues. It is because that cyber security has received less attention compared to other safety problems. In addition, late adoption of digital I and C systems has resulted in lower level of cyber security advancements in nuclear industry than ones in other industries. For the cyber security of NPP I and C systems, many regulatory documents, guides and standards were already published. These documents include cyber security plans, methods for cyber security assessments and comprehensive set of security controls. However, methods which can help assess how much security is improved if a specific security control is applied are not included in these documents. Hence, NPP I and C system designers may encounter difficulties when trying to apply security controls with limited structure and cost. In order to provide useful information about cyber security issues including cyber security enhancements, this paper suggests a framework to evaluate how much cyber security is improved when a specific cyber security enhancement is applied in NPPs. In order to provide useful information about cyber security issues including cyber security enhancements, this paper suggests a framework to evaluate how much cyber security is improved when a specific cyber security enhancement is applied in NPPs. The extent of cyber security improvement caused by security enhancement was defined as reduction ratio of the failure probability to secure the system from cyber-attack as Eq.1. The concept of 'intrusion tolerant system' was applied to not only prevent cyber-attacks but also limit the extent of damage in this study. For applying the concept of intrusion tolerant system to NPP, the event tree was constructed with some assumptions. Cyber security improvement caused by cyber security enhancement can be estimated as Eq.3. By comparing current system to the enhanced system, it is

Application of the Concept of Intrusion Tolerant System for Evaluating Cyber Security Enhancements

International Nuclear Information System (INIS)

Lee, Chanyoung; Seong, Poong Hyun

2016-01-01

One of the major problems is that nuclear industry is in very early stage in dealing with cyber security issues. It is because that cyber security has received less attention compared to other safety problems. In addition, late adoption of digital I and C systems has resulted in lower level of cyber security advancements in nuclear industry than ones in other industries. For the cyber security of NPP I and C systems, many regulatory documents, guides and standards were already published. These documents include cyber security plans, methods for cyber security assessments and comprehensive set of security controls. However, methods which can help assess how much security is improved if a specific security control is applied are not included in these documents. Hence, NPP I and C system designers may encounter difficulties when trying to apply security controls with limited structure and cost. In order to provide useful information about cyber security issues including cyber security enhancements, this paper suggests a framework to evaluate how much cyber security is improved when a specific cyber security enhancement is applied in NPPs. In order to provide useful information about cyber security issues including cyber security enhancements, this paper suggests a framework to evaluate how much cyber security is improved when a specific cyber security enhancement is applied in NPPs. The extent of cyber security improvement caused by security enhancement was defined as reduction ratio of the failure probability to secure the system from cyber-attack as Eq.1. The concept of 'intrusion tolerant system' was applied to not only prevent cyber-attacks but also limit the extent of damage in this study. For applying the concept of intrusion tolerant system to NPP, the event tree was constructed with some assumptions. Cyber security improvement caused by cyber security enhancement can be estimated as Eq.3. By comparing current system to the enhanced system, it is possible to

Provable Fair Document Exchange Protocol with Transaction Privacy for E-Commerce

Directory of Open Access Journals (Sweden)

Ren-Junn Hwang

2015-04-01

Full Text Available Transaction privacy has attracted a lot of attention in the e-commerce. This study proposes an efficient and provable fair document exchange protocol with transaction privacy. Using the proposed protocol, any untrusted parties can fairly exchange documents without the assistance of online, trusted third parties. Moreover, a notary only notarizes each document once. The authorized document owner can exchange a notarized document with different parties repeatedly without disclosing the origin of the document or the identities of transaction participants. Security and performance analyses indicate that the proposed protocol not only provides strong fairness, non-repudiation of origin, non-repudiation of receipt, and message confidentiality, but also enhances forward secrecy, transaction privacy, and authorized exchange. The proposed protocol is more efficient than other works.

76 FR 7757 - Hull Identification Numbers for Recreational Vessels

Science.gov (United States)

2011-02-11

... DEPARTMENT OF HOMELAND SECURITY Coast Guard 33 CFR Part 181 [Docket No. USCG-2007-29236] Hull Identification Numbers for Recreational Vessels AGENCY: Coast Guard, DHS. ACTION: Follow-up to request for... expanded hull identification number (HIN). The Coast Guard's decision-making process included consideration...

Research review of nongovernmental organizations' security policies for humanitarian programs in war, conflict, and postconflict environments.

Science.gov (United States)

Rowley, Elizabeth; Burns, Lauren; Burnham, Gilbert

2013-06-01

To identify the most and least commonly cited security management messages that nongovernmental organizations (NGOs) are communicating to their field staff, to determine the types of documentation that NGOs most often use to communicate key security messages, and to distinguish the points of commonality and divergence across organizations in the content of key security messages. The authors undertook a systematic review of available security policies, manuals, and training materials from 20 international humanitarian NGOs using the InterAction Minimum Operating Security Standards as the basis for a review framework. The most commonly cited standards include analytical security issues such as threat and risk assessment processes and guidance on acceptance, protection, and deterrence approaches. Among the least commonly cited standards were considering security threats to national staff during staffing decision processes, incorporating security awareness into job descriptions, and ensuring that national staff security issues are addressed in trainings. NGO staff receive security-related messages through multiple document types, but only 12 of the 20 organizations have a distinct security policy document. Points of convergence across organizations in the content of commonly cited standards were found in many areas, but differences in security risk and threat assessment guidance may undermine communication between aid workers about changes in local security environments. Although the humanitarian community has experienced significant progress in the development of practical staff security guidance during the past 10 years, gaps remain that can hinder efforts to garner needed resources, clarify security responsibilities, and ensure that the distinct needs of national staff are recognized and addressed.

A MEMS-based, wireless, biometric-like security system

Science.gov (United States)

Cross, Joshua D.; Schneiter, John L.; Leiby, Grant A.; McCarter, Steven; Smith, Jeremiah; Budka, Thomas P.

2010-04-01

We present a system for secure identification applications that is based upon biometric-like MEMS chips. The MEMS chips have unique frequency signatures resulting from fabrication process variations. The MEMS chips possess something analogous to a "voiceprint". The chips are vacuum encapsulated, rugged, and suitable for low-cost, highvolume mass production. Furthermore, the fabrication process is fully integrated with standard CMOS fabrication methods. One is able to operate the MEMS-based identification system similarly to a conventional RFID system: the reader (essentially a custom network analyzer) detects the power reflected across a frequency spectrum from a MEMS chip in its vicinity. We demonstrate prototype "tags" - MEMS chips placed on a credit card-like substrate - to show how the system could be used in standard identification or authentication applications. We have integrated power scavenging to provide DC bias for the MEMS chips through the use of a 915 MHz source in the reader and a RF-DC conversion circuit on the tag. The system enables a high level of protection against typical RFID hacking attacks. There is no need for signal encryption, so back-end infrastructure is minimal. We believe this system would make a viable low-cost, high-security system for a variety of identification and authentication applications.

SECURITY IN SUSTAINABLE DEVELOPMENT: COMPARING UNITED NATIONS 2030 AGENDA FOR SUSTAINABLE DEVELOPMENT WITH MILLENNIUM DECLARATION

Directory of Open Access Journals (Sweden)

Ahmet BARBAK

2017-06-01

Full Text Available This study aims to compare United Nations 2030 Agenda for Sustainable Development with Millennium Declaration in terms of their security conceptualizations to explore changes in security thinking and policy components (goals, targets, principles, priorities etc. over time. In doing so, it is envisaged that United Nations’ expectations from member states regarding their national security policies and organizations could be revealed. Security thinking has changed since late 1980’s with the introduction of sustainable development approach by the United Nations. This shift in security thinking encompasses human security and security-development nexus. Holding all member states responsible, Millennium Declaration and 2030 Agenda for Sustainable Development constitute the primary and the most recent outcome documents of United Nations’ sustainable development policy. Both documents have security components. This enables extracting security elements and comparing them with an analytical manner. Consequently, findings are compared and discussed in terms of public policy and organization at national level.

NoSQL: collection document and cloud by using a dynamic web query form

Science.gov (United States)

Abdalla, Hemn B.; Lin, Jinzhao; Li, Guoquan

2015-07-01

Mongo-DB (from "humongous") is an open-source document database and the leading NoSQL database. A NoSQL (Not Only SQL, next generation databases, being non-relational, deal, open-source and horizontally scalable) presenting a mechanism for storage and retrieval of documents. Previously, we stored and retrieved the data using the SQL queries. Here, we use the MonogoDB that means we are not utilizing the MySQL and SQL queries. Directly importing the documents into our Drives, retrieving the documents on that drive by not applying the SQL queries, using the IO BufferReader and Writer, BufferReader for importing our type of document files to my folder (Drive). For retrieving the document files, the usage is BufferWriter from the particular folder (or) Drive. In this sense, providing the security for those storing files for what purpose means if we store the documents in our local folder means all or views that file and modified that file. So preventing that file, we are furnishing the security. The original document files will be changed to another format like in this paper; Binary format is used. Our documents will be converting to the binary format after that direct storing in one of our folder, that time the storage space will provide the private key for accessing that file. Wherever any user tries to discover the Document files means that file data are in the binary format, the document's file owner simply views that original format using that personal key from receive the secret key from the cloud.

Realizing Scientific Methods for Cyber Security

Energy Technology Data Exchange (ETDEWEB)

Carroll, Thomas E.; Manz, David O.; Edgar, Thomas W.; Greitzer, Frank L.

2012-07-18

There is little doubt among cyber security researchers about the lack of scientic rigor that underlies much of the liter-ature. The issues are manifold and are well documented. Further complicating the problem is insufficient scientic methods to address these issues. Cyber security melds man and machine: we inherit the challenges of computer science, sociology, psychology, and many other elds and create new ones where these elds interface. In this paper we detail a partial list of challenges imposed by rigorous science and survey how other sciences have tackled them, in the hope of applying a similar approach to cyber security science. This paper is by no means comprehensive: its purpose is to foster discussion in the community on how we can improve rigor in cyber security science.

The future of infrastructure security :

Energy Technology Data Exchange (ETDEWEB)

Garcia, Pablo; Turnley, Jessica Glicken; Parrott, Lori K.

2013-05-01

Sandia National Laboratories hosted a workshop on the future of infrastructure security on February 27-28, 2013, in Albuquerque, NM. The 17 participants came from backgrounds as diverse as federal policy, the insurance industry, infrastructure management, and technology development. The purpose of the workshop was to surface key issues, identify directions forward, and lay groundwork for cross-sectoral and cross-disciplinary collaborations. The workshop addressed issues such as the problem space (what is included in infrastructure problems?), the general types of threats to infrastructure (such as acute or chronic, system-inherent or exogenously imposed) and definitions of secure and resilient infrastructures. The workshop concluded with a consideration of stakeholders and players in the infrastructure world, and identification of specific activities that could be undertaken by the Department of Homeland Security (DHS) and other players.

The pervasive triad of food security, gender inequity and women's ...

African Journals Online (AJOL)

Objectives: This study was designed to explore the interactions between food securing activities, health and gender equity from the perspective of rural east African women. The specific objectives were to document the critical interaction among these three issues—food security, gender inequity, women's health within the ...

Best Practices for the Security of Radioactive Materials

Energy Technology Data Exchange (ETDEWEB)

Coulter, D.T.; Musolino, S.

2009-05-01

This work is funded under a grant provided by the US Department of Health and Human Services, Centers for Disease Control. The Department of Health and Mental Hygiene (DOHMH) awarded a contract to Brookhaven National Laboratory (BNL) to develop best practices guidance for Office of Radiological Health (ORH) licensees to increase on-site security to deter and prevent theft of radioactive materials (RAM). The purpose of this document is to describe best practices available to manage the security of radioactive materials in medical centers, hospitals, and research facilities. There are thousands of such facilities in the United States, and recent studies suggest that these materials may be vulnerable to theft or sabotage. Their malevolent use in a radiological-dispersion device (RDD), viz., a dirty bomb, can have severe environmental- and economic- impacts, the associated area denial, and potentially large cleanup costs, as well as other effects on the licensees and the public. These issues are important to all Nuclear Regulatory Commission and Agreement State licensees, and to the general public. This document outlines approaches for the licensees possessing these materials to undertake security audits to identify vulnerabilities in how these materials are stored or used, and to describe best practices to upgrade or enhance their security. Best practices can be described as the most efficient (least amount of effort/cost) and effective (best results) way of accomplishing a task and meeting an objective, based on repeatable procedures that have proven themselves over time for many people and circumstances. Best practices within the security industry include information security, personnel security, administrative security, and physical security. Each discipline within the security industry has its own 'best practices' that have evolved over time into common ones. With respect to radiological devices and radioactive-materials security, industry best practices

Best Practices for the Security of Radioactive Materials

International Nuclear Information System (INIS)

Coulter, D.T.; Musolino, S.

2009-01-01

This work is funded under a grant provided by the US Department of Health and Human Services, Centers for Disease Control. The Department of Health and Mental Hygiene (DOHMH) awarded a contract to Brookhaven National Laboratory (BNL) to develop best practices guidance for Office of Radiological Health (ORH) licensees to increase on-site security to deter and prevent theft of radioactive materials (RAM). The purpose of this document is to describe best practices available to manage the security of radioactive materials in medical centers, hospitals, and research facilities. There are thousands of such facilities in the United States, and recent studies suggest that these materials may be vulnerable to theft or sabotage. Their malevolent use in a radiological-dispersion device (RDD), viz., a dirty bomb, can have severe environmental- and economic- impacts, the associated area denial, and potentially large cleanup costs, as well as other effects on the licensees and the public. These issues are important to all Nuclear Regulatory Commission and Agreement State licensees, and to the general public. This document outlines approaches for the licensees possessing these materials to undertake security audits to identify vulnerabilities in how these materials are stored or used, and to describe best practices to upgrade or enhance their security. Best practices can be described as the most efficient (least amount of effort/cost) and effective (best results) way of accomplishing a task and meeting an objective, based on repeatable procedures that have proven themselves over time for many people and circumstances. Best practices within the security industry include information security, personnel security, administrative security, and physical security. Each discipline within the security industry has its own 'best practices' that have evolved over time into common ones. With respect to radiological devices and radioactive-materials security, industry best practices encompass

High reliability - low noise radionuclide signature identification algorithms for border security applications

Science.gov (United States)

Lee, Sangkyu

Illicit trafficking and smuggling of radioactive materials and special nuclear materials (SNM) are considered as one of the most important recent global nuclear threats. Monitoring the transport and safety of radioisotopes and SNM are challenging due to their weak signals and easy shielding. Great efforts worldwide are focused at developing and improving the detection technologies and algorithms, for accurate and reliable detection of radioisotopes of interest in thus better securing the borders against nuclear threats. In general, radiation portal monitors enable detection of gamma and neutron emitting radioisotopes. Passive or active interrogation techniques, present and/or under the development, are all aimed at increasing accuracy, reliability, and in shortening the time of interrogation as well as the cost of the equipment. Equally important efforts are aimed at advancing algorithms to process the imaging data in an efficient manner providing reliable "readings" of the interiors of the examined volumes of various sizes, ranging from cargos to suitcases. The main objective of this thesis is to develop two synergistic algorithms with the goal to provide highly reliable - low noise identification of radioisotope signatures. These algorithms combine analysis of passive radioactive detection technique with active interrogation imaging techniques such as gamma radiography or muon tomography. One algorithm consists of gamma spectroscopy and cosmic muon tomography, and the other algorithm is based on gamma spectroscopy and gamma radiography. The purpose of fusing two detection methodologies per algorithm is to find both heavy-Z radioisotopes and shielding materials, since radionuclides can be identified with gamma spectroscopy, and shielding materials can be detected using muon tomography or gamma radiography. These combined algorithms are created and analyzed based on numerically generated images of various cargo sizes and materials. In summary, the three detection

77 FR 59575 - Hull Identification Numbers for Recreational Vessels

Science.gov (United States)

2012-09-28

... DEPARTMENT OF HOMELAND SECURITY Coast Guard 33 CFR Part 181 [Docket No. USCG-2012-0843] Hull Identification Numbers for Recreational Vessels AGENCY: Coast Guard, DHS. ACTION: Request for public comments... requirement to indicate a boat's model year as part of the 12-character Hull Identification Number (HIN...

LANL Safeguards and Security Assurance Program. Revision 6

International Nuclear Information System (INIS)

1995-01-01

The Safeguards and Security (S and S) Assurance Program provides a continuous quality improvement approach to ensure effective, compliant S and S program implementation throughout the Los Alamos National Laboratory. Any issues identified through the various internal and external assessments are documented, tracked and closed using the Safeguards and Security Issue Management Program. The Laboratory utilizes an integrated S and S systems approach to protect US Department of Energy (DOE) interests from theft or diversion of special nuclear material (SNM), sabotage, espionage, loss or theft of classified/controlled matter or government property, and other hostile acts that may cause unacceptable impacts on national security, health and safety of employees and the public, and the environment. This document explains the basis, scope, and conduct of the S and S process to include: self-assessments, issue management, risk assessment, and root cause analysis. It also provides a discussion of S and S topical areas, roles and responsibilities, process flow charts, minimum requirements, methodology, terms, and forms

Status of Educational Efforts in National Security Workforce

Energy Technology Data Exchange (ETDEWEB)

None

2008-03-31

This report documents the status of educational efforts for the preparation of a national security workforce as part of the National Security Preparedness Project, being performed by the Arrowhead Center of New Mexico State University under a DOE/NNSA grant. The need to adequately train and educate a national security workforce is at a critical juncture. Even though there are an increasing number of college graduates in the appropriate fields, many of these graduates choose to work in the private sector because of more desirable salary and benefit packages. This report includes an assessment of the current educational situation for the national security workforce.

Secure Architectures in the Cloud

NARCIS (Netherlands)

De Capitani di Vimercati, Sabrina; Pieters, Wolter; Probst, Christian W.

2011-01-01

This report documents the outcomes of Dagstuhl Seminar 11492 “Secure Architectures in the Cloud‿. In cloud computing, data storage and processing are offered as services, and data are managed by external providers that reside outside the control of the data owner. The use of such services reduces

The Superpowers: Nuclear Weapons and National Security. National Issues Forums.

Science.gov (United States)

Mitchell, Greg; Melville, Keith

Designed to stimulate thinking about United States-Soviet relationships in terms of nuclear weapons and national security, this document presents ideas and issues that represent differing viewpoints and positions. Chapter 1, "Rethinking the U.S.-Soviet Relationship," considers attempts to achieve true national security, and chapter 2,…

Towards a Modernization Process for Secure Data Warehouses

Science.gov (United States)

Blanco, Carlos; Pérez-Castillo, Ricardo; Hernández, Arnulfo; Fernández-Medina, Eduardo; Trujillo, Juan

Data Warehouses (DW) manage crucial enterprise information used for the decision making process which has to be protected from unauthorized accesses. However, security constraints are not properly integrated in the complete DWs’ development process, being traditionally considered in the last stages. Furthermore, legacy systems need a reverse engineering process in order to accomplish re-documentation for detecting new security requirements as well as system’s design recovery to enable migration and reuse. Thus, we have proposed a model driven architecture (MDA) for secure DWs which takes into account security issues from the early stages of development and provides automatic transformations between models. This paper fulfills this architecture providing an architecture-driven modernization (ADM) process focused on obtaining conceptual security models from legacy OLAP systems.

Information Security and Wireless: Alternate Approaches for Controlling Access to Critical Information

National Research Council Canada - National Science Library

Nandram, Winsome

2004-01-01

.... Typically, network managers implement countermeasures to augment security. The goal of this thesis is to research approaches that compliment existing security measures with fine grain access control measures. The Extensible Markup Language (XML) is adopted to accommodate such granular access control as it provides the mechanisms for scaling security down to the document content level.

Control Systems Cyber Security Standards Support Activities

Energy Technology Data Exchange (ETDEWEB)

Robert Evans

2009-01-01

The Department of Homeland Security’s Control Systems Security Program (CSSP) is working with industry to secure critical infrastructure sectors from cyber intrusions that could compromise control systems. This document describes CSSP’s current activities with industry organizations in developing cyber security standards for control systems. In addition, it summarizes the standards work being conducted by organizations within the sector and provides a brief listing of sector meetings and conferences that might be of interest for each sector. Control systems cyber security standards are part of a rapidly changing environment. The participation of CSSP in the development effort for these standards has provided consistency in the technical content of the standards while ensuring that information developed by CSSP is included.

National Security Technology Incubation Project Continuation Plan

Energy Technology Data Exchange (ETDEWEB)

None

2008-09-30

This document contains a project continuation plan for the National Security Technology Incubator (NSTI). The plan was developed as part of the National Security Preparedness Project (NSPP) funded by a Department of Energy (DOE)/National Nuclear Security Administration (NNSA) grant. This continuation plan describes the current status of NSTI (staffing and clients), long-term goals, strategies, and long-term financial solvency goals.The Arrowhead Center of New Mexico State University (NMSU) is the operator and manager of the NSTI. To realize the NSTI, Arrowhead Center must meet several performance objectives related to planning, development, execution, evaluation, and sustainability. This continuation plan is critical to the success of NSTI in its mission of incubating businesses with security technology products and services.

17 CFR 232.105 - Limitation on use of HTML documents and hypertext links.

Science.gov (United States)

2010-04-01

... 17 Commodity and Securities Exchanges 2 2010-04-01 2010-04-01 false Limitation on use of HTML... Requirements § 232.105 Limitation on use of HTML documents and hypertext links. (a) Electronic filers must... exhibits to Form N-SAR in HTML. (b) Electronic filers may not include in any HTML document hypertext links...

Security for Telecommuting and Broadband Communications: Recommendations of the National Institute of Standards and Technology

Science.gov (United States)

Kuhn, D. R.; Tracy, Miles C.; Frankel, Sheila E.

2002-08-01

This document is intended to assist those responsible - users, system administrators, and management - for telecommuting security, by providing introductory information about broadband communication security and policy, security of home office systems, and considerations for system administrators in the central office. It addresses concepts relating to the selection, deployment, and management of broadband communications for a telecommuting user. This document is not intended to provide a mandatory framework for telecommuting or home office broadband communication environments, but rather to present suggested approaches to the topic.

A document processing pipeline for annotating chemical entities in scientific documents.

Science.gov (United States)

Campos, David; Matos, Sérgio; Oliveira, José L

2015-01-01

The recognition of drugs and chemical entities in text is a very important task within the field of biomedical information extraction, given the rapid growth in the amount of published texts (scientific papers, patents, patient records) and the relevance of these and other related concepts. If done effectively, this could allow exploiting such textual resources to automatically extract or infer relevant information, such as drug profiles, relations and similarities between drugs, or associations between drugs and potential drug targets. The objective of this work was to develop and validate a document processing and information extraction pipeline for the identification of chemical entity mentions in text. We used the BioCreative IV CHEMDNER task data to train and evaluate a machine-learning based entity recognition system. Using a combination of two conditional random field models, a selected set of features, and a post-processing stage, we achieved F-measure results of 87.48% in the chemical entity mention recognition task and 87.75% in the chemical document indexing task. We present a machine learning-based solution for automatic recognition of chemical and drug names in scientific documents. The proposed approach applies a rich feature set, including linguistic, orthographic, morphological, dictionary matching and local context features. Post-processing modules are also integrated, performing parentheses correction, abbreviation resolution and filtering erroneous mentions using an exclusion list derived from the training data. The developed methods were implemented as a document annotation tool and web service, freely available at http://bioinformatics.ua.pt/becas-chemicals/.

MCPS School Safety and Security at a Glance 2009-2010

Science.gov (United States)

Montgomery County Public Schools, 2010

2010-01-01

"MCPS School Safety and Security at a Glance" provides, in a single document, information about the reporting of incidents related to school safety and security, school climate, local school safety program descriptions, and serious incidents in all Montgomery County (Maryland) public schools. The information is presented for each school.…

MCPS School Safety and Security at a Glance 2008-2009

Science.gov (United States)

Montgomery County Public Schools, 2009

2009-01-01

"MCPS School Safety and Security at a Glance" provides, in a single document, information about the reporting of incidents related to school safety and security, school climate, local school safety program descriptions, and serious incidents in all Montgomery County (Maryland) Public Schools. The information is presented for each school.…

MCPS School Safety and Security at a Glance 2010-2011

Science.gov (United States)

Montgomery County Public Schools, 2011

2011-01-01

"MCPS School Safety and Security at a Glance" provides, in a single document, information about the reporting of incidents related to school safety and security, school climate, local school safety program descriptions, and serious incidents in all Montgomery County (Maryland) Public Schools. The information is presented for each school.…

Securing Health Sensing Using Integrated Circuit Metric

Science.gov (United States)

Tahir, Ruhma; Tahir, Hasan; McDonald-Maier, Klaus

2015-01-01

Convergence of technologies from several domains of computing and healthcare have aided in the creation of devices that can help health professionals in monitoring their patients remotely. An increase in networked healthcare devices has resulted in incidents related to data theft, medical identity theft and insurance fraud. In this paper, we discuss the design and implementation of a secure lightweight wearable health sensing system. The proposed system is based on an emerging security technology called Integrated Circuit Metric (ICMetric) that extracts the inherent features of a device to generate a unique device identification. In this paper, we provide details of how the physical characteristics of a health sensor can be used for the generation of hardware “fingerprints”. The obtained fingerprints are used to deliver security services like authentication, confidentiality, secure admission and symmetric key generation. The generated symmetric key is used to securely communicate the health records and data of the patient. Based on experimental results and the security analysis of the proposed scheme, it is apparent that the proposed system enables high levels of security for health monitoring in resource optimized manner. PMID:26492250

Securing Health Sensing Using Integrated Circuit Metric

Directory of Open Access Journals (Sweden)

Ruhma Tahir

2015-10-01

Full Text Available Convergence of technologies from several domains of computing and healthcare have aided in the creation of devices that can help health professionals in monitoring their patients remotely. An increase in networked healthcare devices has resulted in incidents related to data theft, medical identity theft and insurance fraud. In this paper, we discuss the design and implementation of a secure lightweight wearable health sensing system. The proposed system is based on an emerging security technology called Integrated Circuit Metric (ICMetric that extracts the inherent features of a device to generate a unique device identification. In this paper, we provide details of how the physical characteristics of a health sensor can be used for the generation of hardware “fingerprints”. The obtained fingerprints are used to deliver security services like authentication, confidentiality, secure admission and symmetric key generation. The generated symmetric key is used to securely communicate the health records and data of the patient. Based on experimental results and the security analysis of the proposed scheme, it is apparent that the proposed system enables high levels of security for health monitoring in resource optimized manner.

The Remote Security Station (RSS) final report

International Nuclear Information System (INIS)

Pletta, J.B.; Amai, W.A.; Klarer, P.; Frank, D.; Carlson, J.; Byrne, R.

1992-10-01

The Remote Security Station (RSS) was developed by Sandia National Laboratories for the Defense Nuclear Agency to investigate issues pertaining to robotics and sensor fusion in physical security systems. This final report documents the status of the RSS program at its completion in April 1992. The RSS system consists of the Man Portable Security Station (MaPSS) and the Telemanaged Mobile Security Station (TMSS), which are integrated by the Operator's Control Unit (OCU) into a flexible exterior perimeter security system. The RSS system uses optical, infrared, microwave, and acoustic intrusion detection sensors in conjunction with sensor fusion techniques to increase the probability of detection and to decrease the nuisance alarm rate of the system. Major improvements to the system developed during the final year are an autonomous patrol capability, which allows TMSS to execute security patrols with limited operator interaction, and a neural network approach to sensor fusion, which significantly improves the system's ability to filter out nuisance alarms due to adverse weather conditions

Security in the transport of radioactive material - interim guidance for comment

International Nuclear Information System (INIS)

Legoux, P.; Wangler, M.

2004-01-01

While the IAEA has provided specific guidance for physical protection in the transport of nuclear material, its previous publications have only provided some general guidelines for security of non-nuclear radioactive material in transport. Some basic practical advice has been provided in the requirements of the International Basic Safety Standards for Protection against Ionising Radiation and for the Safety of Radiation Sources (BSS) [1]. These guidelines were primarily directed toward such issues as unintentional exposure to radiation, negligence and inadvertent loss. Recently, the IAEA published a document on the security of sources, which included some general guidance on providing security during transport of the sources. However, it is clear that more guidance is needed for security during the transport of radioactive material in addition to those already existing for nuclear material. Member States have requested guidance on the type and nature of security measures that might be put in place for radioactive material in general during its transport and on the methodology to be used in choosing and implementing such measures. The purpose of the TECDOC on Security in the Transport of Radioactive Material being developed by the IAEA is to provide an initial response to that request. This interim guidance is being developed with a view to harmonizing the security guidance - as much as possible - with existing guidance from the IAEA for the transport of radioactive sources and nuclear material. It is also intended to harmonize with model requirements developed in 2002-2003 by the United Nations Economic and Social Council's Committee of Experts on the Transport of Dangerous Goods and on the Globally Harmonised System of Classification and Labelling of Chemicals which was issued as general security guidelines for all dangerous goods, including radioactive material, and that will shortly be implemented as binding regulations by the international modal authorities

Security in the transport of radioactive material - interim guidance for comment

Energy Technology Data Exchange (ETDEWEB)

Legoux, P.; Wangler, M. [International Atomic Energy Agency, Vienna (Austria)

2004-07-01

While the IAEA has provided specific guidance for physical protection in the transport of nuclear material, its previous publications have only provided some general guidelines for security of non-nuclear radioactive material in transport. Some basic practical advice has been provided in the requirements of the International Basic Safety Standards for Protection against Ionising Radiation and for the Safety of Radiation Sources (BSS) [1]. These guidelines were primarily directed toward such issues as unintentional exposure to radiation, negligence and inadvertent loss. Recently, the IAEA published a document on the security of sources, which included some general guidance on providing security during transport of the sources. However, it is clear that more guidance is needed for security during the transport of radioactive material in addition to those already existing for nuclear material. Member States have requested guidance on the type and nature of security measures that might be put in place for radioactive material in general during its transport and on the methodology to be used in choosing and implementing such measures. The purpose of the TECDOC on Security in the Transport of Radioactive Material being developed by the IAEA is to provide an initial response to that request. This interim guidance is being developed with a view to harmonizing the security guidance - as much as possible - with existing guidance from the IAEA for the transport of radioactive sources and nuclear material. It is also intended to harmonize with model requirements developed in 2002-2003 by the United Nations Economic and Social Council's Committee of Experts on the Transport of Dangerous Goods and on the Globally Harmonised System of Classification and Labelling of Chemicals which was issued as general security guidelines for all dangerous goods, including radioactive material, and that will shortly be implemented as binding regulations by the international modal

Profiles of Food Security for US Farmworker Households and Factors Related to Dynamic of Change.

Science.gov (United States)

Ip, Edward H; Saldana, Santiago; Arcury, Thomas A; Grzywacz, Joseph G; Trejo, Grisel; Quandt, Sara A

2015-10-01

We recruited 248 farmworker families with preschool-aged children in North Carolina and examined food security indicators over 24 months to identify food security patterns and examine the dynamic of change over time. Participants in the Niños Sanos study, conducted 2011 to 2014, completed quarterly food security assessments. Based on responses to items in the US Household Food Security Survey Module, we identified different states of food security by using hidden Markov model analysis, and examined factors associated with different states. We delineated factors associated with changes in state by using mixed-effect ordinal logistic regression. About half of the households (51%) consistently stayed in the most food-secure state. The least food-secure state was transient, with only 29% probability of this state for 2 consecutive quarters. Seasonal (vs migrant) work status, having immigration documents (vs not documented), and season predicted higher levels of food security. Heterogeneity in food security among farmworker households calls for tailoring intervention strategies. The transiency and unpredictability of low food security suggest that access to safety-net programs could reduce low food security risk in this population.

Determinants of Household Food Security in Drought Prone Areas of ...

African Journals Online (AJOL)

This paper documents the determinants of household-level food security based on the data collected in 2003 from 954 randomly-selected households in major drought-prone areas of Ethiopia; namely from the West and East Haraghe zones of Oromiya and South Gonder zone of Amhara. The food security is assessed using ...

Exploring attachment to the "homeland" and its association with heritage culture identification.

Directory of Open Access Journals (Sweden)

Nelli Ferenczi

Full Text Available Conceptualisations of attachment to one's nation of origin reflecting a symbolic caregiver can be found cross-culturally in literature, art, and language. Despite its prevalence, the relationship with one's nation has not been investigated empirically in terms of an attachment theory framework. Two studies employed an attachment theory approach to investigate the construct validity of symbolic attachment to one's nation of origin, and its association with acculturation (operationalized as heritage and mainstream culture identification. Results for Study 1 indicated a three-factor structure of nation attachment; the factors were labelled secure-preoccupied, fearful, and dismissive nation attachment. Hierarchical linear modelling was employed to control for differing cultures across participants. Secure-preoccupied nation attachment was a significant predictor of increased heritage culture identification for participants residing in their country of birth, whilst dismissive nation attachment was a significant predictor of decreased heritage culture identification for international migrants. Secure-preoccupied nation attachment was also associated with higher levels of subjective-wellbeing. Study 2 further confirmed the validity of the nation attachment construct through confirmatory factor analysis; the three-factor model adequately fit the data. Similar to the results of Study 1, secure-preoccupied nation attachment was associated with increased levels of heritage culture identification and psychological well-being. Implications of the tripartite model of nation attachment for identity and well-being will be discussed.

Annual training manual for security training: Protective force

Energy Technology Data Exchange (ETDEWEB)

1990-10-01

Westinghouse is committed to high quality training relevant to the need of the Protective Forces at the Waste Isolation Pilot Plant (WIPP). The training programs at WIPP are designed to qualify Security personnel to perform WIPP security missions in a professional and responsible manner. The program consists of basic as well as sustainment training, as further described in this plan. This plan documents the WIPP Security training program for security personnel for calendar year 1990. The programs detailed in this plan are designed to adequately train persons to ensure the uninterrupted continuity of Department of Energy (DOE)/Westinghouse operations. The Security Training Program consists of four basic elements. These elements are (1) basic level training; (2) on-the-job training; (3) refresher training; and (4) in-service training.

Context-sensitive Information security Risk identification and evaluation techniques

NARCIS (Netherlands)

Ionita, Dan

2014-01-01

The objective of my research is to improve and support the process of Information security Risk Assessment by designing a scalable Risk argumentation framework for socio-digital-technical Risk. Due to the various types of IT systems, diversity of architectures and dynamic nature of Risk, there is no

Security of radioactive sources. Interim guidance for comment

International Nuclear Information System (INIS)

2003-06-01

In previous IAEA publications, there have been only rather general security requirements for non-nuclear radioactive material. These requirements were primarily directed to such issues as unintentional exposure to radiation, negligence and inadvertent loss. However, it is clear that more guidance is needed to not only try and prevent further events involving orphan sources, but also to prevent the deliberate attempt to acquire radioactive sources for malevolent purposes. Member States have requested guidance on the type and nature of security measures that might be put in place and on the methodology to be used in choosing such measures. These requests were also endorsed in the findings of the international conference on 'Security of Radioactive Sources' held in March 2003. Practical advice on assessing and implementing security measures complements the general commitments in the proposed Revised Code of Conduct on Safety and Security of radioactive Sources. A Safety Guide entitled 'Safety and Security of Radiation Sources' that, amongst other things, discusses these issues is being drafted. However, it is recognized that guidance material is required before this document will be finalized in order to allow Member States opportunity to put in place appropriate actions and planning to address current issues. Hence the purpose of the current document is to provide advice on security approaches and to allow comment on detailed recommendations for levels of security on radioactive sources that may be incorporated within the Safety Guide. This report is primarily addressed to Regulatory Authorities but it is also intended to provide guidance to manufacturers, suppliers and users of sources. Its objective is to assist Member States in deciding which security measures are needed to ensure consistency with the International Basic Safety Standards and the Revised Code of Conduct for the Safety and Security of Radioactive Sources. It is recognized that there must be a

6 CFR 5.44 - Testimony and production of documents prohibited unless approved by appropriate Department...

Science.gov (United States)

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Testimony and production of documents prohibited... in Litigation § 5.44 Testimony and production of documents prohibited unless approved by appropriate... or request, including in connection with any litigation, provide oral or written testimony by...

77 FR 54646 - Social Security Acquiescence Ruling (AR) 12-1(8); Correction; Petersen v. Astrue, 633 F.3d 633...

Science.gov (United States)

2012-09-05

... II of the Social Security Act AGENCY: Social Security Administration. ACTION: Notice of Social Security Acquiescence Ruling; Correction. SUMMARY: The Social Security Administration published a document... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA-2012-0046] Social Security Acquiescence Ruling (AR...

Generic Adaptively Secure Searchable Phrase Encryption

Directory of Open Access Journals (Sweden)

Kissel Zachary A.

2017-01-01

Full Text Available In recent years searchable symmetric encryption has seen a rapid increase in query expressiveness including keyword, phrase, Boolean, and fuzzy queries. With this expressiveness came increasingly complex constructions. Having these facts in mind, we present an efficient and generic searchable symmetric encryption construction for phrase queries. Our construction is straightforward to implement, and is proven secure under adaptively chosen query attacks (CQA2 in the random oracle model with an honest-but-curious adversary. To our knowledge, this is the first encrypted phrase search system that achieves CQA2 security. Moreover, we demonstrate that our document collection preprocessing algorithm allows us to extend a dynamic SSE construction so that it supports phrase queries. We also provide a compiler theorem which transforms any CQA2-secure SSE construction for keyword queries into a CQA2-secure SSE construction that supports phrase queries.

The City Between Freedom and Security

DEFF Research Database (Denmark)

, participatory democracy, and the freedom of speech and assembly. From the starting point of the disputed redevelopment of the Oslo Government Quarter in the aftermath of attacks in 2011, the book functions as a broader discursive platform mediating a range of opposing actors and positions at the intersection...... of architecture/urbanism and security/democracy. The book interposes theoretical texts, interviews, cross-disciplinary and intercultural dialogs, detailed documentation of international case studies, discursive design proposals, a glossary of terms, and photo essays documenting fieldwork in locations...

The Johnson Space Center Management Information Systems (JSCMIS). 1: Requirements Definition and Design Specifications for Versions 2.1 and 2.1.1. 2: Documented Test Scenario Environments. 3: Security Design and Specifications

Science.gov (United States)

1986-01-01

The Johnson Space Center Management Information System (JSCMIS) is an interface to computer data bases at NASA Johnson which allows an authorized user to browse and retrieve information from a variety of sources with minimum effort. This issue gives requirements definition and design specifications for versions 2.1 and 2.1.1, along with documented test scenario environments, and security object design and specifications.

Bibliography for computer security, integrity, and safety

Science.gov (United States)

Bown, Rodney L.

1991-01-01

A bibliography of computer security, integrity, and safety issues is given. The bibliography is divided into the following sections: recent national publications; books; journal, magazine articles, and miscellaneous reports; conferences, proceedings, and tutorials; and government documents and contractor reports.

Sparse Matrix for ECG Identification with Two-Lead Features

Directory of Open Access Journals (Sweden)

Kuo-Kun Tseng

2015-01-01

Full Text Available Electrocardiograph (ECG human identification has the potential to improve biometric security. However, improvements in ECG identification and feature extraction are required. Previous work has focused on single lead ECG signals. Our work proposes a new algorithm for human identification by mapping two-lead ECG signals onto a two-dimensional matrix then employing a sparse matrix method to process the matrix. And that is the first application of sparse matrix techniques for ECG identification. Moreover, the results of our experiments demonstrate the benefits of our approach over existing methods.

Seamless Management of Paper and Electronic Documents for Task Knowledge Sharing

Science.gov (United States)

Kojima, Hiroyuki; Iwata, Ken

Due to the progress of Internet technology and the increase of distributed information on networks, the present knowledge management has been based more and more on the performance of various experienced users. In addition to the increase of electronic documents, the use of paper documents has not been reduced because of their convenience. This paper describes a method of tracking paper document locations and contents using radio frequency identification (RFID) technology. This research also focuses on the expression of a task process and the seamless structuring of related electronic and paper documents as a result of task knowledge formalization using information organizing. A system is proposed here that implements information organization for both Web documents and paper documents with the task model description and RFID technology. Examples of a prototype system are also presented.

Application of smart cards in physical and information security systems

International Nuclear Information System (INIS)

Dreifus, H.N.

1988-01-01

Smart Cards, integrated circuits embedded into credit cards, have been proposed for many computer and physical security applications. The cards have shown promise in improving both the security and monitoring of systems ranging from computer network identification through physical protection and access control. With the increasing computational power embedded within these cards, advanced encryption techniques such as public key cryptography can now be realized, enabling more sophisticated uses

Blood pressure documentation in the emergency department

Science.gov (United States)

Daniel, Ana Carolina Queiroz Godoy; Machado, Juliana Pereira; Veiga, Eugenia Velludo

2017-01-01

ABSTRACT Objective To analyze the frequency of blood pressure documentation performed by nursing professionals in an emergency department. Methods This is a cross-sectional, observational, descriptive, and analytical study, which included medical records of adult patients admitted to the observation ward of an emergency department, between March and May 2014. Data were obtained through a collection instrument divided into three parts: patient identification, triage data, and blood pressure documentation. For statistical analysis, Pearson’s correlation coefficient was used, with a significance level of α<0.05. Results One hundred fifty-seven records and 430 blood pressure measurements were analyzed with an average of three measurements per patient. Of these measures, 46.5% were abnormal. The mean time from admission to documentation of the first blood pressure measurement was 2.5 minutes, with 42 minutes between subsequent measures. There is no correlation between the systolic blood pressure values and the mean time interval between blood pressure documentations: 0.173 (p=0.031). Conclusion The present study found no correlation between frequency of blood pressure documentation and blood pressure values. The frequency of blood pressure documentation increased according to the severity of the patient and decreased during the length of stay in the emergency department. PMID:28444085

Security systems engineering overview

International Nuclear Information System (INIS)

Steele, B.J.

1996-01-01

Crime prevention is on the minds of most people today. The concern for public safety and the theft of valuable assets are being discussed at all levels of government and throughout the public sector. There is a growing demand for security systems that can adequately safeguard people and valuable assets against the sophistication of those criminals or adversaries who pose a threat. The crime in this country has been estimated at $70 billion in direct costs and up to $300 billion in indirect costs. Health insurance fraud alone is estimated to cost American businesses $100 billion. Theft, warranty fraud, and counterfeiting of computer hardware totaled $3 billion in 1994. A threat analysis is a prerequisite to any security system design to assess the vulnerabilities with respect to the anticipated threat. Having established a comprehensive definition of the threat, crime prevention, detection, and threat assessment technologies can be used to address these criminal activities. This talk will outline the process used to design a security system regardless of the level of security. This methodology has been applied to many applications including: government high security facilities; residential and commercial intrusion detection and assessment; anti-counterfeiting/fraud detection technologies (counterfeit currency, cellular phone billing, credit card fraud, health care fraud, passport, green cards, and questionable documents); industrial espionage detection and prevention (intellectual property, computer chips, etc.); and security barrier technology (creation of delay such as gates, vaults, etc.)

Strategies for Overcoming Key Barriers to Development of a National Security Workforce

Energy Technology Data Exchange (ETDEWEB)

None

2008-06-30

This report documents the strategies for overcoming identified key barriers to development of an adequate national security workforce as part of the National Security Preparedness Project (NSPP) being performed under a Department of Energy (DOE) National Nuclear Security Administration (NNSA) grant. Many barriers currently exist that prevent the development of an adequate number of properly trained national security personnel. The identified strategies to address the barriers will focus on both short-term and long-term efforts, as well as strategies to capture legacy knowledge of retiring national security workforce personnel.

Nevada National Security Site Radiation Protection Program

Energy Technology Data Exchange (ETDEWEB)

Managers' Council, Radiological Control

2018-03-12

This is a shared document required by 10 CFR 835 for all contractors conducting radiological work at the Nevada National Security Site. Please record the Author as "Radiological Control Managers' Council" for consistency with previous RPPs and Rad Con Manuals.

Selected text of Atomic Energy Act, Executive Orders and other laws of general interest to safeguards and security executives

International Nuclear Information System (INIS)

Cadwell, J.J.; Ruger, C.J.

1995-12-01

This document is one of a three report set, BNL 52201 contains detailed information for use by executives. BNL 52202 is titled, U.S. Statutes of General Interest to Safeguards and Security Officers, and contains less detail than BNL 52201. It is intended for use by officers. BNL 52203 is titled, U.S.Statutes for Enforcement by Security Inspectors, and only contains statutes to be applied by uniformed security inspectors. These are a newly updated version of a set of documents of similar titles published in September 1988, which were an updated version of an original set of documents published in November 1983

Final report and documentation for the security enabled programmable switch for protection of distributed internetworked computers LDRD.

Energy Technology Data Exchange (ETDEWEB)

Van Randwyk, Jamie A.; Robertson, Perry J.; Durgin, Nancy Ann; Toole, Timothy J.; Kucera, Brent D.; Campbell, Philip LaRoche; Pierson, Lyndon George

2010-02-01

An increasing number of corporate security policies make it desirable to push security closer to the desktop. It is not practical or feasible to place security and monitoring software on all computing devices (e.g. printers, personal digital assistants, copy machines, legacy hardware). We have begun to prototype a hardware and software architecture that will enforce security policies by pushing security functions closer to the end user, whether in the office or home, without interfering with users' desktop environments. We are developing a specialized programmable Ethernet network switch to achieve this. Embodied in this device is the ability to detect and mitigate network attacks that would otherwise disable or compromise the end user's computing nodes. We call this device a 'Secure Programmable Switch' (SPS). The SPS is designed with the ability to be securely reprogrammed in real time to counter rapidly evolving threats such as fast moving worms, etc. This ability to remotely update the functionality of the SPS protection device is cryptographically protected from subversion. With this concept, the user cannot turn off or fail to update virus scanning and personal firewall filtering in the SPS device as he/she could if implemented on the end host. The SPS concept also provides protection to simple/dumb devices such as printers, scanners, legacy hardware, etc. This report also describes the development of a cryptographically protected processor and its internal architecture in which the SPS device is implemented. This processor executes code correctly even if an adversary holds the processor. The processor guarantees both the integrity and the confidentiality of the code: the adversary cannot determine the sequence of instructions, nor can the adversary change the instruction sequence in a goal-oriented way.

SPCC- Software Elements for Security Partition Communication Controller

Science.gov (United States)

Herpel, H. J.; Willig, G.; Montano, G.; Tverdyshev, S.; Eckstein, K.; Schoen, M.

2016-08-01

Future satellite missions like Earth Observation, Telecommunication or any other kind are likely to be exposed to various threats aiming at exploiting vulnerabilities of the involved systems and communications. Moreover, the growing complexity of systems coupled with more ambitious types of operational scenarios imply increased security vulnerabilities in the future. In the paper we will describe an architecture and software elements to ensure high level of security on-board a spacecraft. First the threats to the Security Partition Communication Controller (SPCC) will be addressed including the identification of specific vulnerabilities to the SPCC. Furthermore, appropriate security objectives and security requirements are identified to be counter the identified threats. The security evaluation of the SPCC will be done in accordance to the Common Criteria (CC). The Software Elements for SPCC has been implemented on flight representative hardware which consists of two major elements: the I/O board and the SPCC board. The SPCC board provides the interfaces with ground while the I/O board interfaces with typical spacecraft equipment busses. Both boards are physically interconnected by a high speed spacewire (SpW) link.

Secure Automated Microgrid Energy System

Science.gov (United States)

2016-12-01

O&M Operations and Maintenance PSO Power System Optimization PV Photovoltaic RAID Redundant Array of Independent Disks RBAC Role...elements of the initial study and operational power system model (feeder size , protective devices, generation sources, controllable loads, transformers...EW-201340) Secure Automated Microgrid Energy System December 2016 This document has been cleared for public release; Distribution Statement A

Security option file - After closure (DOS-AF)

International Nuclear Information System (INIS)

2016-01-01

A first volume presents the context and scope of the Cigeo project, and the scope of this document. It proposes a general presentation of Cigeo, the regulatory framework and standards. It describes the different aspects and components of the security strategy: principles, security functions after closure, objectives of protection, global approach. It proposes a security assessment: objectives, consistency with international practices, assessment steps, scenarios, scenario quantitative assessment. The next part addresses security management. The second volume contains a description of the storage system: site characteristics, types of stored parcels, the future of the installation after its closure. The third volume proposes a security assessment. It addresses the management of risks and uncertainties, describes a scenario of normal evolution and also scenarios of altered evolutions, scenarios of unintentional human intrusion, and what-if type scenarios. The fourth volume reports lessons at the current stage of the project, and gives an overview of important activities from storage design to storage closure

Review your Computer Security Now and Frequently!

CERN Multimedia

IT Department

2009-01-01

The start-up of LHC is foreseen to take place in the autumn and we will be in the public spotlight again. This increases the necessity to be vigilant with respect to computer security and the defacement of an experiment’s Web page in September last year shows that we should be particularly attentive. Attackers are permanently probing CERN and so we must all do the maximum to reduce future risks. Security is a hierarchical responsibility and requires to balance the allocation of resources between making systems work and making them secure. Thus all of us, whether users, developers, system experts, administrators, or managers are responsible for securing our computing assets. These include computers, software applications, documents, accounts and passwords. There is no "silver bullet" for securing systems, which can only be achieved by a painstaking search for all possible vulnerabilities followed by their mitigation. Additional advice on particular topics can be obtained from the relevant I...

Secure method for biometric-based recognition with integrated cryptographic functions.

Science.gov (United States)

Chiou, Shin-Yan

2013-01-01

Biometric systems refer to biometric technologies which can be used to achieve authentication. Unlike cryptography-based technologies, the ratio for certification in biometric systems needs not to achieve 100% accuracy. However, biometric data can only be directly compared through proximal access to the scanning device and cannot be combined with cryptographic techniques. Moreover, repeated use, improper storage, or transmission leaks may compromise security. Prior studies have attempted to combine cryptography and biometrics, but these methods require the synchronization of internal systems and are vulnerable to power analysis attacks, fault-based cryptanalysis, and replay attacks. This paper presents a new secure cryptographic authentication method using biometric features. The proposed system combines the advantages of biometric identification and cryptographic techniques. By adding a subsystem to existing biometric recognition systems, we can simultaneously achieve the security of cryptographic technology and the error tolerance of biometric recognition. This method can be used for biometric data encryption, signatures, and other types of cryptographic computation. The method offers a high degree of security with protection against power analysis attacks, fault-based cryptanalysis, and replay attacks. Moreover, it can be used to improve the confidentiality of biological data storage and biodata identification processes. Remote biometric authentication can also be safely applied.

Secure Method for Biometric-Based Recognition with Integrated Cryptographic Functions

Directory of Open Access Journals (Sweden)

Shin-Yan Chiou

2013-01-01

Full Text Available Biometric systems refer to biometric technologies which can be used to achieve authentication. Unlike cryptography-based technologies, the ratio for certification in biometric systems needs not to achieve 100% accuracy. However, biometric data can only be directly compared through proximal access to the scanning device and cannot be combined with cryptographic techniques. Moreover, repeated use, improper storage, or transmission leaks may compromise security. Prior studies have attempted to combine cryptography and biometrics, but these methods require the synchronization of internal systems and are vulnerable to power analysis attacks, fault-based cryptanalysis, and replay attacks. This paper presents a new secure cryptographic authentication method using biometric features. The proposed system combines the advantages of biometric identification and cryptographic techniques. By adding a subsystem to existing biometric recognition systems, we can simultaneously achieve the security of cryptographic technology and the error tolerance of biometric recognition. This method can be used for biometric data encryption, signatures, and other types of cryptographic computation. The method offers a high degree of security with protection against power analysis attacks, fault-based cryptanalysis, and replay attacks. Moreover, it can be used to improve the confidentiality of biological data storage and biodata identification processes. Remote biometric authentication can also be safely applied.

Cryptographic framework for document-objects resulting from multiparty collaborative transactions.

Science.gov (United States)

Goh, A

2000-01-01

Multiparty transactional frameworks--i.e. Electronic Data Interchange (EDI) or Health Level (HL) 7--often result in composite documents which can be accurately modelled using hyperlinked document-objects. The structural complexity arising from multiauthor involvement and transaction-specific sequencing would be poorly handled by conventional digital signature schemes based on a single evaluation of a one-way hash function and asymmetric cryptography. In this paper we outline the generation of structure-specific authentication hash-trees for the the authentication of transactional document-objects, followed by asymmetric signature generation on the hash-tree value. Server-side multi-client signature verification would probably constitute the single most compute-intensive task, hence the motivation for our usage of the Rabin signature protocol which results in significantly reduced verification workloads compared to the more commonly applied Rivest-Shamir-Adleman (RSA) protocol. Data privacy is handled via symmetric encryption of message traffic using session-specific keys obtained through key-negotiation mechanisms based on discrete-logarithm cryptography. Individual client-to-server channels can be secured using a double key-pair variation of Diffie-Hellman (DH) key negotiation, usage of which also enables bidirectional node authentication. The reciprocal server-to-client multicast channel is secured through Burmester-Desmedt (BD) key-negotiation which enjoys significant advantages over the usual multiparty extensions to the DH protocol. The implementation of hash-tree signatures and bi/multidirectional key negotiation results in a comprehensive cryptographic framework for multiparty document-objects satisfying both authentication and data privacy requirements.

Semantic policy and adversarial modeling for cyber threat identification and avoidance

Science.gov (United States)

DeFrancesco, Anton; McQueary, Bruce

2009-05-01

Today's enterprise networks undergo a relentless barrage of attacks from foreign and domestic adversaries. These attacks may be perpetrated with little to no funding, but may wreck incalculable damage upon the enterprises security, network infrastructure, and services. As more services come online, systems that were once in isolation now provide information that may be combined dynamically with information from other systems to create new meaning on the fly. Security issues are compounded by the potential to aggregate individual pieces of information and infer knowledge at a higher classification than any of its constituent parts. To help alleviate these challenges, in this paper we introduce the notion of semantic policy and discuss how it's use is evolving from a robust approach to access control to preempting and combating attacks in the cyber domain, The introduction of semantic policy and adversarial modeling to network security aims to ask 'where is the network most vulnerable', 'how is the network being attacked', and 'why is the network being attacked'. The first aspect of our approach is integration of semantic policy into enterprise security to augment traditional network security with an overall awareness of policy access and violations. This awareness allows the semantic policy to look at the big picture - analyzing trends and identifying critical relations in system wide data access. The second aspect of our approach is to couple adversarial modeling with semantic policy to move beyond reactive security measures and into a proactive identification of system weaknesses and areas of vulnerability. By utilizing Bayesian-based methodologies, the enterprise wide meaning of data and semantic policy is applied to probability and high-level risk identification. This risk identification will help mitigate potential harm to enterprise networks by enabling resources to proactively isolate, lock-down, and secure systems that are most vulnerable.

40 CFR 16.4 - Times, places, and requirements for identification of individuals making requests.

Science.gov (United States)

2010-07-01

... identification (e.g., driver's license, employee identification card, social security card, or credit card) to... 40 Protection of Environment 1 2010-07-01 2010-07-01 false Times, places, and requirements for identification of individuals making requests. 16.4 Section 16.4 Protection of Environment ENVIRONMENTAL...

Safety and security risk assessments--now demystified!

Science.gov (United States)

White, Donald E

2011-01-01

Safety/security risk assessments no longer need to spook nor baffle healthcare safety/security managers. This grid template provides at-at-glance quick lookup of the possible threats, the affected people and things, a priority ranking of these risks, and a workable solution for each risk. Using the standard document, spreadsheet, or graphics software already available on your computer, you can easily use a scientific method to produce professional looking risk assessments that get quickly understood by both senior managers and first responders alike!

A Reliable Measure of Information Security Awareness and the Identification of Bias in Responses

Directory of Open Access Journals (Sweden)

Agata McCormac

2017-11-01

Full Text Available The Human Aspects of Information Security Questionnaire (HAIS-Q is designed to measure Information Security Awareness. More specifically, the tool measures an individual’s knowledge, attitude, and self-reported behaviour relating to information security in the workplace. This paper reports on the reliability of the HAIS-Q, including test-retest reliability and internal consistency. The paper also assesses the reliability of three preliminary over-claiming items, designed specifically to complement the HAIS-Q, and identify those individuals who provide socially desirable responses. A total of 197 working Australians completed two iterations of the HAIS-Q and the over-claiming items, approximately 4 weeks apart. Results of the analysis showed that the HAIS-Q was externally reliable and internally consistent. Therefore, the HAIS-Q can be used to reliably measure information security awareness. Reliability testing on the preliminary over-claiming items was not as robust and further development is required and recommended. The implications of these findings mean that organisations can confidently use the HAIS-Q to not only measure the current state of employee information security awareness within their organisation, but they can also measure the effectiveness and impacts of training interventions, information security awareness programs and campaigns. The influence of cultural changes and the effect of security incidents can also be assessed.

A security modeling approach for web-service-based business processes

DEFF Research Database (Denmark)

Jensen, Meiko; Feja, Sven

2009-01-01

a transformation that automatically derives WS-SecurityPolicy-conformant security policies from the process model, which in conjunction with the generated WS-BPEL processes and WSDL documents provides the ability to deploy and run the complete security-enhanced process based on Web Service technology.......The rising need for security in SOA applications requires better support for management of non-functional properties in web-based business processes. Here, the model-driven approach may provide valuable benefits in terms of maintainability and deployment. Apart from modeling the pure functionality...... of a process, the consideration of security properties at the level of a process model is a promising approach. In this work-in-progress paper we present an extension to the ARIS SOA Architect that is capable of modeling security requirements as a separate security model view. Further we provide...

L-Band Digital Aeronautical Communications System Engineering - Initial Safety and Security Risk Assessment and Mitigation

Science.gov (United States)

Zelkin, Natalie; Henriksen, Stephen

2011-01-01

This document is being provided as part of ITT's NASA Glenn Research Center Aerospace Communication Systems Technical Support (ACSTS) contract NNC05CA85C, Task 7: "New ATM Requirements--Future Communications, C-Band and L-Band Communications Standard Development." ITT has completed a safety hazard analysis providing a preliminary safety assessment for the proposed L-band (960 to 1164 MHz) terrestrial en route communications system. The assessment was performed following the guidelines outlined in the Federal Aviation Administration Safety Risk Management Guidance for System Acquisitions document. The safety analysis did not identify any hazards with an unacceptable risk, though a number of hazards with a medium risk were documented. This effort represents a preliminary safety hazard analysis and notes the triggers for risk reassessment. A detailed safety hazards analysis is recommended as a follow-on activity to assess particular components of the L-band communication system after the technology is chosen and system rollout timing is determined. The security risk analysis resulted in identifying main security threats to the proposed system as well as noting additional threats recommended for a future security analysis conducted at a later stage in the system development process. The document discusses various security controls, including those suggested in the COCR Version 2.0.

Security Technologies for Open Networking Environments (STONE)

Energy Technology Data Exchange (ETDEWEB)

Muftic, Sead

2005-03-31

group security system has been designed to support four roles: The Security Domain Administrator is responsible for providing security functions defined in the top layer The Server Administrator. The central component of the group security system is the Policy and Group Key Distribution Server The Group Officer (GO) authorizes the creation of groups at a specific Policy and Group Key Distribution Server The Group Member (user) is any entity that participates in group transactions. Secure Group Applications The group security system has been designed to support four secure group applications: A Secure Instant Messaging: with the Secure Instant Messaging application A Secure Whiteboard A Secure Document Sharing A Secure Document Archiving: During the project, the group security system architecture was fully designed and preliminary prototyping was carried out for some of its components.

Control Systems Security Center Comparison Study of Industrial Control System Standards against the Control Systems Protection Framework Cyber-Security Requirements

Energy Technology Data Exchange (ETDEWEB)

Robert P. Evans

2005-09-01

Cyber security standards, guidelines, and best practices for control systems are critical requirements that have been delineated and formally recognized by industry and government entities. Cyber security standards provide a common language within the industrial control system community, both national and international, to facilitate understanding of security awareness issues but, ultimately, they are intended to strengthen cyber security for control systems. This study and the preliminary findings outlined in this report are an initial attempt by the Control Systems Security Center (CSSC) Standard Awareness Team to better understand how existing and emerging industry standards, guidelines, and best practices address cyber security for industrial control systems. The Standard Awareness Team comprised subject matter experts in control systems and cyber security technologies and standards from several Department of Energy (DOE) National Laboratories, including Argonne National Laboratory, Idaho National Laboratory, Pacific Northwest National Laboratory, and Sandia National Laboratories. This study was conducted in two parts: a standard identification effort and a comparison analysis effort. During the standard identification effort, the Standard Awareness Team conducted a comprehensive open-source survey of existing control systems security standards, regulations, and guidelines in several of the critical infrastructure (CI) sectors, including the telecommunication, water, chemical, energy (electric power, petroleum and oil, natural gas), and transportation--rail sectors and sub-sectors. During the comparison analysis effort, the team compared the requirements contained in selected, identified, industry standards with the cyber security requirements in ''Cyber Security Protection Framework'', Version 0.9 (hereafter referred to as the ''Framework''). For each of the seven sector/sub-sectors listed above, one standard was

Interim format and content for a physical security plan for nuclear power plants

International Nuclear Information System (INIS)

1977-02-01

The document serves as interim guidance to assist the licensee or applicant in the preparation of a physical security plan. It is to be used in conjunction with interim acceptance criteria for physical security programs, which will be distributed at a later date

Liquid identification by Hilbert spectroscopy

Energy Technology Data Exchange (ETDEWEB)

Lyatti, M; Divin, Y; Poppe, U; Urban, K, E-mail: M.Lyatti@fz-juelich.d, E-mail: Y.Divin@fz-juelich.d [Forschungszentrum Juelich, 52425 Juelich (Germany)

2009-11-15

Fast and reliable identification of liquids is of great importance in, for example, security, biology and the beverage industry. An unambiguous identification of liquids can be made by electromagnetic measurements of their dielectric functions in the frequency range of their main dispersions, but this frequency range, from a few GHz to a few THz, is not covered by any conventional spectroscopy. We have developed a concept of liquid identification based on our new Hilbert spectroscopy and high- T{sub c} Josephson junctions, which can operate at the intermediate range from microwaves to THz frequencies. A demonstration setup has been developed consisting of a polychromatic radiation source and a compact Hilbert spectrometer integrated in a Stirling cryocooler. Reflection polychromatic spectra of various bottled liquids have been measured at the spectral range of 15-300 GHz with total scanning time down to 0.2 s and identification of liquids has been demonstrated.

Liquid identification by Hilbert spectroscopy

Science.gov (United States)

Lyatti, M.; Divin, Y.; Poppe, U.; Urban, K.

2009-11-01

Fast and reliable identification of liquids is of great importance in, for example, security, biology and the beverage industry. An unambiguous identification of liquids can be made by electromagnetic measurements of their dielectric functions in the frequency range of their main dispersions, but this frequency range, from a few GHz to a few THz, is not covered by any conventional spectroscopy. We have developed a concept of liquid identification based on our new Hilbert spectroscopy and high- Tc Josephson junctions, which can operate at the intermediate range from microwaves to THz frequencies. A demonstration setup has been developed consisting of a polychromatic radiation source and a compact Hilbert spectrometer integrated in a Stirling cryocooler. Reflection polychromatic spectra of various bottled liquids have been measured at the spectral range of 15-300 GHz with total scanning time down to 0.2 s and identification of liquids has been demonstrated.

Liquid identification by Hilbert spectroscopy

International Nuclear Information System (INIS)

Lyatti, M; Divin, Y; Poppe, U; Urban, K

2009-01-01

Fast and reliable identification of liquids is of great importance in, for example, security, biology and the beverage industry. An unambiguous identification of liquids can be made by electromagnetic measurements of their dielectric functions in the frequency range of their main dispersions, but this frequency range, from a few GHz to a few THz, is not covered by any conventional spectroscopy. We have developed a concept of liquid identification based on our new Hilbert spectroscopy and high- T c Josephson junctions, which can operate at the intermediate range from microwaves to THz frequencies. A demonstration setup has been developed consisting of a polychromatic radiation source and a compact Hilbert spectrometer integrated in a Stirling cryocooler. Reflection polychromatic spectra of various bottled liquids have been measured at the spectral range of 15-300 GHz with total scanning time down to 0.2 s and identification of liquids has been demonstrated.

Information Analysis Methodology for Border Security Deployment Prioritization and Post Deployment Evaluation

International Nuclear Information System (INIS)

Booker, Paul M.; Maple, Scott A.

2010-01-01

Due to international commerce, cross-border conflicts, and corruption, a holistic, information driven, approach to border security is required to best understand how resources should be applied to affect sustainable improvements in border security. The ability to transport goods and people by land, sea, and air across international borders with relative ease for legitimate commercial purposes creates a challenging environment to detect illicit smuggling activities that destabilize national level border security. Smuggling activities operated for profit or smuggling operations driven by cross border conflicts where militant or terrorist organizations facilitate the transport of materials and or extremists to advance a cause add complexity to smuggling interdiction efforts. Border security efforts are further hampered when corruption thwarts interdiction efforts or reduces the effectiveness of technology deployed to enhance border security. These issues necessitate the implementation of a holistic approach to border security that leverages all available data. Large amounts of information found in hundreds of thousands of documents can be compiled to assess national or regional borders to identify variables that influence border security. Location data associated with border topics of interest may be extracted and plotted to better characterize the current border security environment for a given country or region. This baseline assessment enables further analysis, but also documents the initial state of border security that can be used to evaluate progress after border security improvements are made. Then, border security threats are prioritized via a systems analysis approach. Mitigation factors to address risks can be developed and evaluated against inhibiting factor such as corruption. This holistic approach to border security helps address the dynamic smuggling interdiction environment where illicit activities divert to a new location that provides less resistance

A Research on Issues Related to RFID Security and Privacy

Science.gov (United States)

Kim, Jongki; Yang, Chao; Jeon, Jinhwan

Radio Frequency Identification (RFID) is a technology for automated identification of objects and people. RFID systems have been gaining more popularity in areas especially in supply chain management and automated identification systems. However, there are many existing and potential problems in the RFID systems which could threat the technology's future. To successfully adopt RFID technology in various applications, we need to develop the solutions to protect the RFID system's data information. This study investigates important issues related to privacy and security of RFID based on the recent literature and suggests solutions to cope with the problem.

17 CFR 240.15c2-7 - Identification of quotations.

Science.gov (United States)

2010-04-01

... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Identification of quotations... quotations. (a) It shall constitute an attempt to induce the purchase or sale of a security by making a “fictitious quotation” within the meaning of section 15(c)(2) of the Act, for any broker or dealer to furnish...

Security Analysis of DTN Architecture and Bundle Protocol Specification for Space-Based Networks

Science.gov (United States)

Ivancic, William D.

2009-01-01

A Delay-Tolerant Network (DTN) Architecture (Request for Comment, RFC-4838) and Bundle Protocol Specification, RFC-5050, have been proposed for space and terrestrial networks. Additional security specifications have been provided via the Bundle Security Specification (currently a work in progress as an Internet Research Task Force internet-draft) and, for link-layer protocols applicable to Space networks, the Licklider Transport Protocol Security Extensions. This document provides a security analysis of the current DTN RFCs and proposed security related internet drafts with a focus on space-based communication networks, which is a rather restricted subset of DTN networks. Note, the original focus and motivation of DTN work was for the Interplanetary Internet . This document does not address general store-and-forward network overlays, just the current work being done by the Internet Research Task Force (IRTF) and the Consultative Committee for Space Data Systems (CCSDS) Space Internetworking Services Area (SIS) - DTN working group under the DTN and Bundle umbrellas. However, much of the analysis is relevant to general store-and-forward overlays.

Training on Transport Security of Nuclear/Radioactive Materials for Key Audiences

Energy Technology Data Exchange (ETDEWEB)

Pope, Ronald; Liu, Yung; Shuler, J.M.

2016-01-01

Beginning in 2013, the U.S. Department of Energy (DOE) Packaging Certification Program (PCP), Office of Packaging and Transportation, Office of Environmental Management has sponsored a series of three training courses on Security of Nuclear and Other Radioactive Materials during Transport. These courses were developed and hosted by Argonne National Laboratory staff with guest lecturers from both the U.S. and international organizations and agencies including the U.S. Nuclear Regulatory Commission (NRC), Federal Bureau of Investigation (FBI), the U.S. Department of Energy (DOE), National Nuclear Security Administration (NNSA), DOE national laboratories, the International Atomic Energy Agency (IAEA), the World Nuclear Transport Institute (WNTI), and the World Institute for Nuclear Security (WINS). Each of the three courses held to date were one-week in length. The courses delved in detail into the regulatory requirements for transport security, focusing on international and U.S.-domestic requirements and guidance documents. Lectures, in-class discussions and small group exercises, including tabletop (TTX) and field exercises were designed to enhance the learning objectives for the participants. For example, the field exercise used the ARG-US radio frequency identification (RFID) remote surveillance system developed by Argonne for DOE/PCP to track and monitor packages in a mock shipment, following in-class exercises of developing a transport security plan (TSP) for the mock shipment, performing a readiness review and identifying needed corrective actions. Participants were able to follow the mock shipment on the webpage in real time in the ARG-US Command Center at Argonne including “staged” incidents that were designed to illustrate the importance of control, command, communication and coordination in ensuring transport security. Great lessons were learned based on feedback from the participant’s course evaluations with the series of the courses. Since the

Identification and communication of uncertainties of phenomenological models in PSA

International Nuclear Information System (INIS)

Pulkkinen, U.; Simola, K.

2001-11-01

This report aims at presenting a view upon uncertainty analysis of phenomenological models with an emphasis on the identification and documentation of various types of uncertainties and assumptions in the modelling of the phenomena. In an uncertainty analysis, it is essential to include and document all unclear issues, in order to obtain a maximal coverage of unresolved issues. This holds independently on their nature or type of the issues. The classification of uncertainties is needed in the decomposition of the problem and it helps in the identification of means for uncertainty reduction. Further, an enhanced documentation serves to evaluate the applicability of the results to various risk-informed applications. (au)

SPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals. Job Profiles

Energy Technology Data Exchange (ETDEWEB)

O' Neil, Lori Ross [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Conway, T. J. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Tobey, D. H. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Greitzer, Frank L. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Dalton, Angela C. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Pusey, Portia K. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States)

2015-03-01

The Secure Power Systems Professional Phase III final report was released last year which an appendix of Job Profiles. This new report is that appendix broken out as a standalone document to assist utilities in recruiting and developing Secure Power Systems Professionals at their site.

National Security Technology Incubator Business Plan

Energy Technology Data Exchange (ETDEWEB)

None, None

2007-12-31

This document contains a business plan for the National Security Technology Incubator (NSTI), developed as part of the National Security Preparedness Project (NSPP) and performed under a Department of Energy (DOE)/National Nuclear Security Administration (NNSA) grant. This business plan describes key features of the NSTI, including the vision and mission, organizational structure and staffing, services, evaluation criteria, marketing strategies, client processes, a budget, incubator evaluation criteria, and a development schedule. The purpose of the NSPP is to promote national security technologies through business incubation, technology demonstration and validation, and workforce development. The NSTI will focus on serving businesses with national security technology applications by nurturing them through critical stages of early development. The vision of the NSTI is to be a successful incubator of technologies and private enterprise that assist the NNSA in meeting new challenges in national safety, security, and protection of the homeland. The NSTI is operated and managed by the Arrowhead Center, responsible for leading the economic development mission of New Mexico State University (NMSU). The Arrowhead Center will recruit business with applications for national security technologies recruited for the NSTI program. The Arrowhead Center and its strategic partners will provide business incubation services, including hands-on mentoring in general business matters, marketing, proposal writing, management, accounting, and finance. Additionally, networking opportunities and technology development assistance will be provided.

Windows Server 2012 vulnerabilities and security

Directory of Open Access Journals (Sweden)

Gabriel R. López

2015-09-01

Full Text Available This investigation analyses the history of the vulnerabilities of the base system Windows Server 2012 highlighting the most critic vulnerabilities given every 4 months since its creation until the current date of the research. It was organized by the type of vulnerabilities based on the classification of the NIST. Next, given the official vulnerabilities of the system, the authors show how a critical vulnerability is treated by Microsoft in order to countermeasure the security flaw. Then, the authors present the recommended security approaches for Windows Server 2012, which focus on the baseline software given by Microsoft, update, patch and change management, hardening practices and the application of Active Directory Rights Management Services (AD RMS. AD RMS is considered as an important feature since it is able to protect the system even though it is compromised using access lists at a document level. Finally, the investigation of the state of the art related to the security of Windows Server 2012 shows an analysis of solutions given by third parties vendors, which offer security products to secure the base system objective of this study. The recommended solution given by the authors present the security vendor Symantec with its successful features and also characteristics that the authors considered that may have to be improved in future versions of the security solution.

Converting hard copy documents for electronic dissemination

Energy Technology Data Exchange (ETDEWEB)

Hoffman, F.

1994-12-31

Since the advent of computer systems, the goal of a paperless office, and even a paperless society, has been pursued. While the normal paper flow in an organization is far from totally automated, particularly for items requiring signatures or authorizations, electronic information dissemination is becoming an almost simple task. The reasons for providing on-line documents are many and include faster and easier access for everyone, elimination of printing costs, reduction of wasted shelf and desk space, and the security of having a centrally-located, always up-to-date document. New computer software even provides the user with the ability to annotate documents and to have bookmarks so that the old scribbled-in and dog-eared manual can be replaced without loosing this `customizability`. Moreover, new hypermedia capabilities mean that documents can be read in a non-linear fashion and can include color figures and photographs, audio, and even animation sequences, capabilities which exceed those of paper. The proliferation of network-based information servers, coupled with the growth of the Internet, has enticed academic, governmental, and even commercial organizations to provide increasing numbers of documents and data bases in electronic form via the network, not just to internal staff, but to the public as well. Much of this information, which includes everything from mundane company procedures to spiffy marketing brochures, was previously published only in hard copy. Converting existing documents to electronic form and producing only electronic versions of new documents poses some interesting challenges to the maintainer or author.

Hybrid architecture for building secure sensor networks

Science.gov (United States)

Owens, Ken R., Jr.; Watkins, Steve E.

2012-04-01

Sensor networks have various communication and security architectural concerns. Three approaches are defined to address these concerns for sensor networks. The first area is the utilization of new computing architectures that leverage embedded virtualization software on the sensor. Deploying a small, embedded virtualization operating system on the sensor nodes that is designed to communicate to low-cost cloud computing infrastructure in the network is the foundation to delivering low-cost, secure sensor networks. The second area focuses on securing the sensor. Sensor security components include developing an identification scheme, and leveraging authentication algorithms and protocols that address security assurance within the physical, communication network, and application layers. This function will primarily be accomplished through encrypting the communication channel and integrating sensor network firewall and intrusion detection/prevention components to the sensor network architecture. Hence, sensor networks will be able to maintain high levels of security. The third area addresses the real-time and high priority nature of the data that sensor networks collect. This function requires that a quality-of-service (QoS) definition and algorithm be developed for delivering the right data at the right time. A hybrid architecture is proposed that combines software and hardware features to handle network traffic with diverse QoS requirements.

Mexican Identification. Project Mexico.

Science.gov (United States)

Castellano, Rita

This document presents an outline and teacher's guide for a community college-level teaching module in Mexican identification, designed for students in introductory courses in the social sciences. Although intended specifically for cultural anthropology, urban anthropology, comparative social organization and sex roles in cross-cultural…

IAEA Nuclear Security Human Resource Development Program

International Nuclear Information System (INIS)

Braunegger-Guelich, A.

2009-01-01

The IAEA is at the forefront of international efforts to strengthen the world's nuclear security framework. The current Nuclear Security Plan for 2006-2009 was approved by the IAEA Board of Governors in September 2005. This Plan has three main points of focus: needs assessment, prevention, detection and response. Its overall objective is to achieve improved worldwide security of nuclear and other radioactive material in use, storage and transport, and of their associated facilities. This will be achieved, in particular, through the provision of guidelines and recommendations, human resource development, nuclear security advisory services and assistance for the implementation of the framework in States, upon request. The presentation provides an overview of the IAEA nuclear security human resource development program that is divided into two parts: training and education. Whereas the training program focuses on filling gaps between the actual performance of personnel working in the area of nuclear security and the required competencies and skills needed to meet the international requirements and recommendations described in UN and IAEA documents relating to nuclear security, the Educational Program in Nuclear Security aims at developing nuclear security experts and specialists, at fostering a nuclear security culture and at establishing in this way sustainable knowledge in this field within a State. The presentation also elaborates on the nuclear security computer based learning component and provides insights into the use of human resource development as a tool in achieving the IAEA's long term goal of improving sustainable nuclear security in States. (author)

Using RFID to Enhance Security in Off-Site Data Storage

Directory of Open Access Journals (Sweden)

Enrique de la Hoz

2010-08-01

Full Text Available Off-site data storage is one of the most widely used strategies in enterprises of all sizes to improve business continuity. In medium-to-large size enterprises, the off-site data storage processes are usually outsourced to specialized providers. However, outsourcing the storage of critical business information assets raises serious security considerations, some of which are usually either disregarded or incorrectly addressed by service providers. This article reviews these security considerations and presents a radio frequency identification (RFID-based, off-site, data storage management system specifically designed to address security issues. The system relies on a set of security mechanisms or controls that are arranged in security layers or tiers to balance security requirements with usability and costs. The system has been successfully implemented, deployed and put into production. In addition, an experimental comparison with classical bar-code-based systems is provided, demonstrating the system’s benefits in terms of efficiency and failure prevention.

Using RFID to Enhance Security in Off-Site Data Storage

Science.gov (United States)

Lopez-Carmona, Miguel A.; Marsa-Maestre, Ivan; de la Hoz, Enrique; Velasco, Juan R.

2010-01-01

Off-site data storage is one of the most widely used strategies in enterprises of all sizes to improve business continuity. In medium-to-large size enterprises, the off-site data storage processes are usually outsourced to specialized providers. However, outsourcing the storage of critical business information assets raises serious security considerations, some of which are usually either disregarded or incorrectly addressed by service providers. This article reviews these security considerations and presents a radio frequency identification (RFID)-based, off-site, data storage management system specifically designed to address security issues. The system relies on a set of security mechanisms or controls that are arranged in security layers or tiers to balance security requirements with usability and costs. The system has been successfully implemented, deployed and put into production. In addition, an experimental comparison with classical bar-code-based systems is provided, demonstrating the system’s benefits in terms of efficiency and failure prevention. PMID:22163638