WorldWideScience

Sample records for security information management

  1. Information security cost management

    CERN Document Server

    Bazavan, Ioana V

    2006-01-01

    While information security is an ever-present challenge for all types of organizations today, most focus on providing security without addressing the necessities of staff, time, or budget in a practical manner.Information Security Cost Management offers a pragmatic approach to implementing information security, taking budgetary and real-world constraints into consideration. By providing frameworks, step-by-step processes, and project management breakdowns, this book demonstrates how to design the best security strategy with the resources you have available. Organized into five sections, the book-Focuses on setting the right road map so that you can be most effective in your information security implementationsDiscusses cost-effective staffing, the single biggest expense to the security organizationPresents practical ways to build and manage the documentation that details strategy, provides resources for operating annual audits, and illustrates how to advertise accomplishments to senior management effectivelyI...

  2. Information security management handbook

    CERN Document Server

    2002-01-01

    The Information Security Management Handbook continues its tradition of consistently communicating the fundamental concepts of security needed to be a true CISSP. In response to new developments, Volume 4 supplements the previous volumes with new information covering topics such as wireless, HIPAA, the latest hacker attacks and defenses, intrusion detection, and provides expanded coverage on security management issues and applications security. Even those that don't plan on sitting for the CISSP exam will find that this handbook is a great information security reference.The changes in the tech

  3. Information security management handbook

    CERN Document Server

    Tipton, Harold F

    2003-01-01

    Since 1993, the Information Security Management Handbook has served not only as an everyday reference for information security practitioners but also as an important document for conducting the intense review necessary to prepare for the Certified Information System Security Professional (CISSP) examination. Now completely revised and updated and in its fifth edition, the handbook maps the ten domains of the Information Security Common Body of Knowledge and provides a complete understanding of all the items in it. This is a ...must have... book, both for preparing for the CISSP exam and as a c

  4. Information security management handbook

    CERN Document Server

    Tipton, Harold F

    2006-01-01

    Access Control Systems and Methodology. Telecommunications and Network Security. Security Management Practices. Application Program Security. Cryptography. Computer, System, and Security Architecture. Operations Security. Business Continuity Planning and Disaster Recovery Planning. Law, Investigation and Ethics. Physical Security.

  5. Information security management principles

    CERN Document Server

    Taylor, Andy; Finch, Amanda; Sutton, David; Taylor, Andy

    2013-01-01

    In today's technology-driven environment, there is an ever-increasing demand for information delivery. A compromise has to be struck between security and availability. This book is a pragmatic guide to information assurance for both business professionals and technical experts. This second edition includes the security of cloud-based resources.

  6. Information Security Management System toolkit

    OpenAIRE

    Καραμανλής, Μάνος; Karamanlis, Manos

    2016-01-01

    Secure management of information is becoming critical for any organization because information is one of the most valuable assets in organization’s business operations. An Information security management system (ISMS) consists of the policies, procedures, guidelines, and associated resources and activities, collectively managed by an organization, in the pursuit of protecting its information assets. An ISMS is a systematic approach for establishing, implementing, operating, mon...

  7. Managing information technology security risk

    Science.gov (United States)

    Gilliam, David

    2003-01-01

    Information Technology (IT) Security Risk Management is a critical task for the organization to protect against the loss of confidentiality, integrity and availability of IT resources. As systems bgecome more complex and diverse and and attacks from intrusions and malicious content increase, it is becoming increasingly difficult to manage IT security risk. This paper describes a two-pronged approach in addressing IT security risk and risk management in the organization: 1) an institutional enterprise appraoch, and 2) a project life cycle approach.

  8. Improving Information Security Risk Management

    Science.gov (United States)

    Singh, Anand

    2009-01-01

    manaOptimizing risk to information to protect the enterprise as well as to satisfy government and industry mandates is a core function of most information security departments. Risk management is the discipline that is focused on assessing, mitigating, monitoring and optimizing risks to information. Risk assessments and analyses are critical…

  9. Information security management with ITIL V3

    CERN Document Server

    Cazemier, Jacques A; Peters, Louk

    2010-01-01

    This groundbreaking new title looks at Information Security from defining what security measures positively support the business, to implementation to maintaining the required level and anticipating required changes. It covers:Fundamentals of information security ? providing readers insight and give background about what is going to be managed. Topics covered include: types of security controls, business benefits and the perspectives of business, customers, partners, service providers, and auditors.Fundamentals of management of information security - explains what information security manageme

  10. INFORMATION SECURITY MANAGEMENT IN ORGANIZATIONS

    OpenAIRE

    Ndungu , Maryanne; Kandel, Sushila

    2015-01-01

    In today's globally interconnected economy, information security has become one of the most complex issues of concern at the world's leading organizations. The capital value of information is significantly increasing and forming a large part of the shareholder value due to increased dependence on information. Organizations that want to achieve competitive advantage amongst other goals have information security at the centre of their concerns. It is now evident that information is a busin...

  11. Information technology - Security techniques - Information security management systems - Requirements

    CERN Document Server

    International Organization for Standardization. Geneva

    2005-01-01

    ISO/IEC 27001:2005 covers all types of organizations (e.g. commercial enterprises, government agencies, not-for profit organizations). ISO/IEC 27001:2005 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization's overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof. ISO/IEC 27001:2005 is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties. ISO/IEC 27001:2005 is intended to be suitable for several different types of use, including the following: use within organizations to formulate security requirements and objectives; use within organizations as a way to ensure that security risks are cost effectively managed; use within organizations to ensure comp...

  12. Incentive Issues in Information Security Management

    Science.gov (United States)

    Lee, Chul Ho

    2012-01-01

    This dissertation studies three incentive issues in information security management. The first essay studies contract issues between a firm that outsources security functions and a managed security service provider (MSSP) that provides security functions to the firm. Since MSSP and firms cannot observe each other's actions, both can suffer…

  13. Information Security Management in Context of Globalization

    OpenAIRE

    Wawak, Slawomir

    2012-01-01

    Modern information technologies are the engine of globalization. At the same time, the global market influences the way of looking at information security. Information security thus becomes an increasingly important field. The article discuses the results of research on information security management systems in public administration in Poland.

  14. Information security management handbook, v.7

    CERN Document Server

    O'Hanley, Richard

    2013-01-01

    Updated annually, the Information Security Management Handbook, Sixth Edition, Volume 7 is the most comprehensive and up-to-date reference available on information security and assurance. Bringing together the knowledge, skills, techniques, and tools required of IT security professionals, it facilitates the up-to-date understanding required to stay one step ahead of evolving threats, standards, and regulations. Reporting on the latest developments in information security and recent changes to the (ISC)2(R) CISSP Common Body of Knowledge (CBK(R)), this volume features 27 new chapters on topics

  15. Management of Information Security in Financial Accounting

    OpenAIRE

    Aurel Serb; Constantin Baron; Nicoleta Magdalena Iacob; Costinela-Luminita Defta

    2014-01-01

    Security issues in financial accounting are complex, and the risks are often difficult to stipulate, even for experts. The issues presented in this article try to be formed in a contribution to the consolidation of problems in the field of risk, and former vulnerabilities in cyber security in financial accounting. The use of an information security management system became a requirement for organizations because on the states began adopting mandatory data protection legislation and informatio...

  16. A Security Audit Framework to Manage Information System Security

    Science.gov (United States)

    Pereira, Teresa; Santos, Henrique

    The widespread adoption of information and communication technology have promoted an increase dependency of organizations in the performance of their Information Systems. As a result, adequate security procedures to properly manage information security must be established by the organizations, in order to protect their valued or critical resources from accidental or intentional attacks, and ensure their normal activity. A conceptual security framework to manage and audit Information System Security is proposed and discussed. The proposed framework intends to assist organizations firstly to understand what they precisely need to protect assets and what are their weaknesses (vulnerabilities), enabling to perform an adequate security management. Secondly, enabling a security audit framework to support the organization to assess the efficiency of the controls and policy adopted to prevent or mitigate attacks, threats and vulnerabilities, promoted by the advances of new technologies and new Internet-enabled services, that the organizations are subject of. The presented framework is based on a conceptual model approach, which contains the semantic description of the concepts defined in information security domain, based on the ISO/IEC_JCT1 standards.

  17. Information Security Management - Part Of The Integrated Management System

    Science.gov (United States)

    Manea, Constantin Adrian

    2015-07-01

    The international management standards allow their integrated approach, thereby combining aspects of particular importance to the activity of any organization, from the quality management systems or the environmental management of the information security systems or the business continuity management systems. Although there is no national or international regulation, nor a defined standard for the Integrated Management System, the need to implement an integrated system occurs within the organization, which feels the opportunity to integrate the management components into a cohesive system, in agreement with the purpose and mission publicly stated. The issues relating to information security in the organization, from the perspective of the management system, raise serious questions to any organization in the current context of electronic information, reason for which we consider not only appropriate but necessary to promote and implement an Integrated Management System Quality - Environment - Health and Operational Security - Information Security

  18. A process framework for information security management

    Directory of Open Access Journals (Sweden)

    Knut Haufe

    2016-01-01

    Full Text Available Securing sensitive organizational data has become increasingly vital to organizations. An Information Security Management System (ISMS is a systematic approach for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an organization's information security. Key elements of the operation of an ISMS are ISMS processes. However, and in spite of its importance, an ISMS process framework with a description of ISMS processes and their interaction as well as the interaction with other management processes is not available in the literature. Cost benefit analysis of information security investments regarding single measures protecting information and ISMS processes are not in the focus of current research, mostly focused on economics. This article aims to fill this research gap by proposing such an ISMS process framework as the main contribution. Based on a set of agreed upon ISMS processes in existing standards like ISO 27000 series, COBIT and ITIL. Within the framework, identified processes are described and their interaction and interfaces are specified. This framework helps to focus on the operation of the ISMS, instead of focusing on measures and controls. By this, as a main finding, the systemic character of the ISMS consisting of processes and the perception of relevant roles of the ISMS is strengthened.

  19. Information Security Management: The Study of Lithuanian State Institutions

    OpenAIRE

    Jastiuginas, Saulius

    2012-01-01

    Growing information security cases and scope illustrate that the relevance of information security issues becomes critical and present information security means are not sufficient enough to manage information security. Narrow comprehension of information security merely as technological problem is broadened by the research results of economic, managerial, psychological, legal and other related aspects’ influence to information security. Information is named as the object of information s...

  20. Novel approach to information security management of confidential ...

    African Journals Online (AJOL)

    Novel approach to information security management of confidential and propriety information ... Journal of Fundamental and Applied Sciences ... valuable information by using steganography it can have a major impact security management.

  1. Practical Methods for Information Security Risk Management

    Directory of Open Access Journals (Sweden)

    Cristian AMANCEI

    2011-01-01

    Full Text Available The purpose of this paper is to present some directions to perform the risk man-agement for information security. The article follows to practical methods through question-naire that asses the internal control, and through evaluation based on existing controls as part of vulnerability assessment. The methods presented contains all the key elements that concurs in risk management, through the elements proposed for evaluation questionnaire, list of threats, resource classification and evaluation, correlation between risks and controls and residual risk computation.

  2. Information Security Assessment of SMEs as Coursework -- Learning Information Security Management by Doing

    Science.gov (United States)

    Ilvonen, Ilona

    2013-01-01

    Information security management is an area with a lot of theoretical models. The models are designed to guide practitioners in prioritizing management resources in companies. Information security management education should address the gap between the academic ideals and practice. This paper introduces a teaching method that has been in use as…

  3. Database and applications security integrating information security and data management

    CERN Document Server

    Thuraisingham, Bhavani

    2005-01-01

    This is the first book to provide an in-depth coverage of all the developments, issues and challenges in secure databases and applications. It provides directions for data and application security, including securing emerging applications such as bioinformatics, stream information processing and peer-to-peer computing. Divided into eight sections, each of which focuses on a key concept of secure databases and applications, this book deals with all aspects of technology, including secure relational databases, inference problems, secure object databases, secure distributed databases and emerging

  4. RISK MANAGEMENT FROM THE INFORMATION SECURITY PERSPECTIVE

    Directory of Open Access Journals (Sweden)

    Riza Ionuț

    2017-11-01

    Full Text Available Risk management has emerged ever since the appearance of human communities and it has developed at a slow rate. Over time, a significant improvement was made, from accepting hazards to the identification, evaluation and control of unwanted events, threat prevention and exploitation of opportunities through scientific risk management actions. The fundamental role of research in cyber security is to concentrate the efforts on those contexts and conditions which determine the way in which key players reach a common understanding of the way to conceive and eventually answer to certain challenges in cyber security. In order to build a clear perception of these effects, this work presents the main elements which define cyber space, to come to the aid of turning the management process into an efficient one, especially when talking about cyber space as a space for conflicts, both economic and political.

  5. Labelling : Security in Information Management and Sharing

    NARCIS (Netherlands)

    Schotanus, H.A.; Hartog, T.; Hut, D.H.; Boonstra, D.

    2011-01-01

    Military communication infrastructures are often deployed as stand-alone information systems operating at the System High mode. Network-Enabled Capabilities (NEC) and combined military operations lead to new requirements for information management and sharing which current communication

  6. Secure information management using linguistic threshold approach

    CERN Document Server

    Ogiela, Marek R

    2013-01-01

    This book details linguistic threshold schemes for information sharing. It examines the opportunities of using these techniques to create new models of managing strategic information shared within a commercial organisation or a state institution.

  7. Strategic information security

    CERN Document Server

    Wylder, John

    2003-01-01

    Introduction to Strategic Information SecurityWhat Does It Mean to Be Strategic? Information Security Defined The Security Professional's View of Information Security The Business View of Information SecurityChanges Affecting Business and Risk Management Strategic Security Strategic Security or Security Strategy?Monitoring and MeasurementMoving Forward ORGANIZATIONAL ISSUESThe Life Cycles of Security ManagersIntroductionThe Information Security Manager's Responsibilities The Evolution of Data Security to Information SecurityThe Repository Concept Changing Job Requirements Business Life Cycles

  8. Report: Fiscal Year 2010 Federal Information Security Management Act Report

    Science.gov (United States)

    Report #11-P-0017, November 16, 2010. Attached is the Office of Inspector General’s (OIG’s) Fiscal Year 2010 Federal Information Security Management Act (FISMA) Reporting Template, as prescribed by the Office of Management and Budget (OMB).

  9. Information security management system planning for CBRN facilities

    International Nuclear Information System (INIS)

    Lenaeu, Joseph D.; O'Neil, Lori Ross; Leitch, Rosalyn M.; Glantz, Clifford S.; Landine, Guy P.; Bryant, Janet L.; Lewis, John; Mathers, Gemma; Rodger, Robert; Johnson, Christopher

    2015-01-01

    The focus of this document is to provide guidance for the development of information security management system planning documents at chemical, biological, radiological, or nuclear (CBRN) facilities. It describes a risk-based approach for planning information security programs based on the sensitivity of the data developed, processed, communicated, and stored on facility information systems.

  10. Information security management system planning for CBRN facilities

    Energy Technology Data Exchange (ETDEWEB)

    Lenaeu, Joseph D. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); O' Neil, Lori Ross [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Leitch, Rosalyn M. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Glantz, Clifford S. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Landine, Guy P. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Bryant, Janet L. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Lewis, John [National Nuclear Lab., Workington (United Kingdom); Mathers, Gemma [National Nuclear Lab., Workington (United Kingdom); Rodger, Robert [National Nuclear Lab., Workington (United Kingdom); Johnson, Christopher [National Nuclear Lab., Workington (United Kingdom)

    2015-12-01

    The focus of this document is to provide guidance for the development of information security management system planning documents at chemical, biological, radiological, or nuclear (CBRN) facilities. It describes a risk-based approach for planning information security programs based on the sensitivity of the data developed, processed, communicated, and stored on facility information systems.

  11. An Agile Enterprise Regulation Architecture for Health Information Security Management

    Science.gov (United States)

    Chen, Ying-Pei; Hsieh, Sung-Huai; Chien, Tsan-Nan; Chen, Heng-Shuen; Luh, Jer-Junn; Lai, Jin-Shin; Lai, Feipei; Chen, Sao-Jie

    2010-01-01

    Abstract Information security management for healthcare enterprises is complex as well as mission critical. Information technology requests from clinical users are of such urgency that the information office should do its best to achieve as many user requests as possible at a high service level using swift security policies. This research proposes the Agile Enterprise Regulation Architecture (AERA) of information security management for healthcare enterprises to implement as part of the electronic health record process. Survey outcomes and evidential experiences from a sample of medical center users proved that AERA encourages the information officials and enterprise administrators to overcome the challenges faced within an electronically equipped hospital. PMID:20815748

  12. An agile enterprise regulation architecture for health information security management.

    Science.gov (United States)

    Chen, Ying-Pei; Hsieh, Sung-Huai; Cheng, Po-Hsun; Chien, Tsan-Nan; Chen, Heng-Shuen; Luh, Jer-Junn; Lai, Jin-Shin; Lai, Feipei; Chen, Sao-Jie

    2010-09-01

    Information security management for healthcare enterprises is complex as well as mission critical. Information technology requests from clinical users are of such urgency that the information office should do its best to achieve as many user requests as possible at a high service level using swift security policies. This research proposes the Agile Enterprise Regulation Architecture (AERA) of information security management for healthcare enterprises to implement as part of the electronic health record process. Survey outcomes and evidential experiences from a sample of medical center users proved that AERA encourages the information officials and enterprise administrators to overcome the challenges faced within an electronically equipped hospital.

  13. Security information and event management systems: benefits and inefficiencies

    OpenAIRE

    Κάτσαρης, Δημήτριος Σ.

    2014-01-01

    In this Master’s thesis, the new trend in computer and information security industry called Security Information and Event Management systems will be covered. The evolution, advantages and weaknesses of these systems will be described, as well as a home-based implementation with open source tools will be proposed and implemented.

  14. An Overview of Economic Approaches to Information Security Management

    NARCIS (Netherlands)

    Su, X.

    The increasing concerns of clients, particularly in online commerce, plus the impact of legislations on information security have compelled companies to put more resources in information security. As a result, senior managers in many organizations are now expressing a much greater interest in

  15. Information Technology Management: Social Security Administration Practices Can Be Improved

    National Research Council Canada - National Science Library

    Shaw, Clay

    2001-01-01

    To improve SSAs IT management practices, we recommend that the Acting Commissioner of Social Security direct the Chief Information Officer and the Deputy Commissioner for Systems to complete the following actions...

  16. Information Security Intelligence as a Basis for Modern Information Security Management

    Directory of Open Access Journals (Sweden)

    Natalia Georgievna Miloslavskaya

    2013-12-01

    Full Text Available There is a transfer from the simple Log Management Systems and SIEM systems to those supporting Information Security Intelligence (ISI. ISIe as Business Intelligence enables companies to make more informed business decisions through more effective processing of great volumes of available information concerning their IT infrastructure. The relevance of such a transition is defined. The main goal and advantage of ISI are highlighted. The basic functionality of computer-based systems for ISI are determined.

  17. Information Security Intelligence as a Basis for Modern Information Security Management

    OpenAIRE

    Natalia Georgievna Miloslavskaya; Aleksandr Ivanovich Tolstoy

    2013-01-01

    There is a transfer from the simple Log Management Systems and SIEM systems to those supporting Information Security Intelligence (ISI). ISIe as Business Intelligence enables companies to make more informed business decisions through more effective processing of great volumes of available information concerning their IT infrastructure. The relevance of such a transition is defined. The main goal and advantage of ISI are highlighted. The basic functionality of computer-based systems for ISI ar...

  18. EFFICIENCY INDICATORS INFORMATION MANAGEMENT IN INTEGRATED SECURITY SYSTEMS

    Directory of Open Access Journals (Sweden)

    N. S. Rodionova

    2014-01-01

    Full Text Available Summary. Introduction of information technology to improve the efficiency of security activity leads to the need to consider a number of negative factors associated with in consequence of the use of these technologies as a key element of modern security systems. One of the most notable factor is the exposure to information processes in protection systems security threats. This largely relates to integrated security systems (ISS is the system of protection with the highest level of informatization security functions. Significant damage to protected objects that they could potentially incur as a result of abnormal operation ISS, puts a very actual problem of assessing factors that reduce the efficiency of the ISS to justify the ways and methods to improve it. Because of the nature of threats and blocking distortion of information in the ISS of interest are: the volume undistorted ISF working environment, as a characteristic of data integrity; time access to information as a feature of its availability. This in turn leads to the need to use these parameters as the performance characteristics of information processes in the ISS - the completeness and timeliness of information processing. The article proposes performance indicators of information processes in integrated security systems in terms of optimal control procedures to protect information from unauthorized access. Set the considered parameters allows to conduct comprehensive security analysis of integrated security systems, and to provide recommendations to improve the management of information security procedures in them.

  19. Three Essays on Information Technology Security Management in Organizations

    Science.gov (United States)

    Gupta, Manish

    2011-01-01

    Increasing complexity and sophistication of ever evolving information technologies has spurred unique and unprecedented challenges for organizations to protect their information assets. Companies suffer significant financial and reputational damage due to ineffective information technology security management, which has extensively been shown to…

  20. Information Security Management Practices of K-12 School Districts

    Science.gov (United States)

    Nyachwaya, Samson

    2013-01-01

    The research problem addressed in this quantitative correlational study was the inadequacy of sound information security management (ISM) practices in K-12 school districts, despite their increasing ownership of information assets. Researchers have linked organizational and sociotechnical factors to the implementation of information security…

  1. Information security in the context of philosophy of management

    Directory of Open Access Journals (Sweden)

    Irina Yurievna Alekseeva

    2017-04-01

    Full Text Available Building a culture of information security involves consideration of problems of management in society. Ideas and approaches developed in philosophy of management are relevant to studies in problems of information security in broader methodological and social context. The article focuses on problems of information and psychological security in social systems. The author considers disorienting signs and signals as information threat to security of persons and societies. The author argues that management ideology of pseudo-economical reductionism makes distortion at the level of values and priorities of the system. This ideology exalts competitiveness to the detriment of the systems’ viability. Philosophy of complexity (better known as “philosophy of complex systems” embraces new visions for methodology of management in XXI century. “Observer of complexity” and “complexity of observer of complexity” phenomena are central in this context. The problem of appropriate language for system self-description is of critical importance. This language is necessary for substantive production of intellectual tools for problems solving and decision making; refusal to produce such tools is fraught with decrease of information security level.

  2. Examining the Impact of Non-Technical Security Management Factors on Information Security Management in Health Informatics

    Science.gov (United States)

    Imam, Abbas H.

    2013-01-01

    Complexity of information security has become a major issue for organizations due to incessant threats to information assets. Healthcare organizations are particularly concerned with security owing to the inherent vulnerability of sensitive information assets in health informatics. While the non-technical security management elements have been at…

  3. Trust Account Fraud And Effective Information Security Management

    Directory of Open Access Journals (Sweden)

    Sameera Mubarak

    2010-09-01

    Full Text Available The integrity of lawyers trust accounts has come under scrutiny in the last few years. There are strong possibilities of information technology security breaches happening within the firms, either accidental or deliberate. The damage caused by these security breaches could be extreme. For example, a trust account fund in an Australian law firm was misused in a security breach in which Telstra charged. A$50,000 for phone usage, mainly for ISD calls to Hong Kong.Our study involved interviewing principles of ten law companies to find out solicitors attitudes to computer security and the possibility of breaches of their trust accounts. We simultaneously carried out a survey to see if the trends identified in our case-studies could be backed up with broader quantitative data. We have also conducted in-depth interviews of 5 trust account regulators from the Law society of South Australia to know their view points on security threats on trust accounts. An overall finding highlights that law firms were not current with technology to combat computer crime, and inadequate access control was a major concern in safeguarding account data. Our conclusions revealed the urgent need for law firms to adopt security controls, implement information security policies and procedures and obtain cooperation from management to communicate these policies to staff.

  4. Information Systems Security Audit

    OpenAIRE

    Gheorghe Popescu; Veronica Adriana Popescu; Cristina Raluca Popescu

    2007-01-01

    The article covers:Defining an information system; benefits obtained by introducing new information technologies; IT management;Defining prerequisites, analysis, design, implementation of IS; Information security management system; aspects regarding IS security policy; Conceptual model of a security system; Auditing information security systems and network infrastructure security.

  5. A Methodology to Implement an Information Security Management System

    Directory of Open Access Journals (Sweden)

    Alaíde Barbosa Martins

    2005-08-01

    Full Text Available Information security has actually been a major challenge to most organizations. Indeed, information security is an ongoing risk management process that covers all of the information that needs to be protected. ISO 17799 offers what companies need in order to better manage information security. The best way to implement this standard is to ease the security management process using a methodology that will define will define guidelines, procedures and tools that will be needed along the way. Hence, this paper proposes a methodology to assist companies in assessing their compliance with BS 7799/ ISO 17799 as well as planning and implementing the actions necessary to become compliant or certified to the standard. The concepts and ideas presented here had been applied in a case study involving the Cetrel S/A - Company of Environmental Protection. For this company, responsible for treatment of industrial residues generated by the Camaçari Petrochemical Complex and adjacent areas, to assure confidentiality and integrity of customers' data is a basic requirement.

  6. Information Security: Comments on the Proposed Federal Information Security Management Act of 2002

    National Research Council Canada - National Science Library

    Dacey, Robert

    2002-01-01

    ... 2001.1 Concerned with reports that continuing, pervasive information security weaknesses place federal operations at significant risk of disruption, tampering, fraud, and inappropriate disclosures...

  7. The information systems security officer's guide establishing and managing an information protection program

    CERN Document Server

    Kovacich, Gerald L

    2003-01-01

    Information systems security continues to grow and change based on new technology and Internet usage trends. In order to protect your organization's confidential information, you need information on the latest trends and practical advice from an authority you can trust. The new ISSO Guide is just what you need. Information Systems Security Officer's Guide, Second Edition, from Gerald Kovacich has been updated with the latest information and guidance for information security officers. It includes more information on global changes and threats, managing an international information secur

  8. TECHNIQUE OF OPTIMAL AUDIT PLANNING FOR INFORMATION SECURITY MANAGEMENT SYSTEM

    Directory of Open Access Journals (Sweden)

    F. N. Shago

    2014-03-01

    Full Text Available Complication of information security management systems leads to the necessity of improving the scientific and methodological apparatus for these systems auditing. Planning is an important and determining part of information security management systems auditing. Efficiency of audit will be defined by the relation of the reached quality indicators to the spent resources. Thus, there is an important and urgent task of developing methods and techniques for optimization of the audit planning, making it possible to increase its effectiveness. The proposed technique gives the possibility to implement optimal distribution for planning time and material resources on audit stages on the basis of dynamics model for the ISMS quality. Special feature of the proposed approach is the usage of a priori data as well as a posteriori data for the initial audit planning, and also the plan adjustment after each audit event. This gives the possibility to optimize the usage of audit resources in accordance with the selected criteria. Application examples of the technique are given while planning audit information security management system of the organization. The result of computational experiment based on the proposed technique showed that the time (cost audit costs can be reduced by 10-15% and, consequently, quality assessments obtained through audit resources allocation can be improved with respect to well-known methods of audit planning.

  9. Problems and solutions of information security management in Latvia

    Directory of Open Access Journals (Sweden)

    Deruma S.

    2014-01-01

    Security cannot exist as a standalone function, it should be integrated in the associated processes continuously supervising and improving the security management programme based on predefined criteria. Adopting a holistic approach with regard to security has proven to be a critical contributing factor to effective security in organizations.

  10. Executive Guide: Information Security Management. Learning From Leading Organizations

    National Research Council Canada - National Science Library

    1998-01-01

    ... on. Deficiencies in federal information security are a growing concern. In a February 1997 series of reports to the Congress, GAO designated information security as a governmentwide high-risk area...

  11. Information Security for Business: the Necessity of Reputational Risk Management

    Directory of Open Access Journals (Sweden)

    Vitaly Eduardovich Dorokhov

    2015-06-01

    Full Text Available The article presents the analysis of actual information security problems in commercial segment. The main directions in regulations of the Russian Federation connected with information security assurance are defined. The results indicate the insufficiency of legal regulation in prevention of reputational losses due to information security incidents

  12. Information security risk management for computerized health information systems in hospitals: a case study of Iran.

    Science.gov (United States)

    Zarei, Javad; Sadoughi, Farahnaz

    2016-01-01

    In recent years, hospitals in Iran - similar to those in other countries - have experienced growing use of computerized health information systems (CHISs), which play a significant role in the operations of hospitals. But, the major challenge of CHIS use is information security. This study attempts to evaluate CHIS information security risk management at hospitals of Iran. This applied study is a descriptive and cross-sectional research that has been conducted in 2015. The data were collected from 551 hospitals of Iran. Based on literature review, experts' opinion, and observations at five hospitals, our intensive questionnaire was designed to assess security risk management for CHISs at the concerned hospitals, which was then sent to all hospitals in Iran by the Ministry of Health. Sixty-nine percent of the studied hospitals pursue information security policies and procedures in conformity with Iran Hospitals Accreditation Standards. At some hospitals, risk identification, risk evaluation, and risk estimation, as well as risk treatment, are unstructured without any specified approach or methodology. There is no significant structured approach to risk management at the studied hospitals. Information security risk management is not followed by Iran's hospitals and their information security policies. This problem can cause a large number of challenges for their CHIS security in future. Therefore, Iran's Ministry of Health should develop practical policies to improve information security risk management in the hospitals of Iran.

  13. Information security risk management for computerized health information systems in hospitals: a case study of Iran

    Science.gov (United States)

    Zarei, Javad; Sadoughi, Farahnaz

    2016-01-01

    Background In recent years, hospitals in Iran – similar to those in other countries – have experienced growing use of computerized health information systems (CHISs), which play a significant role in the operations of hospitals. But, the major challenge of CHIS use is information security. This study attempts to evaluate CHIS information security risk management at hospitals of Iran. Materials and methods This applied study is a descriptive and cross-sectional research that has been conducted in 2015. The data were collected from 551 hospitals of Iran. Based on literature review, experts’ opinion, and observations at five hospitals, our intensive questionnaire was designed to assess security risk management for CHISs at the concerned hospitals, which was then sent to all hospitals in Iran by the Ministry of Health. Results Sixty-nine percent of the studied hospitals pursue information security policies and procedures in conformity with Iran Hospitals Accreditation Standards. At some hospitals, risk identification, risk evaluation, and risk estimation, as well as risk treatment, are unstructured without any specified approach or methodology. There is no significant structured approach to risk management at the studied hospitals. Conclusion Information security risk management is not followed by Iran’s hospitals and their information security policies. This problem can cause a large number of challenges for their CHIS security in future. Therefore, Iran’s Ministry of Health should develop practical policies to improve information security risk management in the hospitals of Iran. PMID:27313481

  14. Information security risk management and incompatible parts of organization

    Directory of Open Access Journals (Sweden)

    Elham Talabeigi

    2016-11-01

    Full Text Available Purpose: we prepared a questionnaire to evaluate Incompatible parts and also risk management in University of Science and Technology E-Learning Center and studying the Incompatible parts impacts on utility of organization. Design/methodology/approach: By using coalitional game theory we present a new model to recognize the degrees of incompatibility among independent divisions of an organization with dependent security assets. Based on positive and negative interdependencies in the parts, the model provides how the organization can decrease the security risks through non-cooperation rather than cooperation. we implement the proposed model of this paper by analyzing the data which have been provided by questionnaires from different three managers' ideas of Iran University of Science and Technology E-Learning Center located in Iran University of Science and Technology, Tehran, Iran. Findings: In general, by collecting data and analyzing them, the survey showed that Incompatible parts of organizations have negative impacts on utility of organization risk management process. Furthermore, it adds values to other organizations and provides the best practices in planning, developing, implementing and monitoring risk management in organizations. Research limitations/implications: Since Information security and also Risk Management are still areas which need to improve in some Iranian universities, we couldn’t consider them in our analysis. On the other hand, due to questionnaire limitation, the study’s sample size is 1. This size may be considered large for our statistical analysis. Originality/value:  The main contribution of this paper is to propose a model for non-cooperation among a number of divisions in a organization and using risk management factors.

  15. Information security risk management and incompatible parts of organization

    Energy Technology Data Exchange (ETDEWEB)

    Talabeigi, E.; Naeeini, S.G.J.

    2016-07-01

    Purpose: we prepared a questionnaire to evaluate Incompatible parts and also risk management in University of Science and Technology E-Learning Center and studying the Incompatible parts impacts on utility of organization. Design/methodology/approach: By using coalitional game theory we present a new model to recognize the degrees of incompatibility among independent divisions of an organization with dependent security assets. Based on positive and negative interdependencies in the parts, the model provides how the organization can decrease the security risks through non-cooperation rather than cooperation. we implement the proposed model of this paper by analyzing the data which have been provided by questionnaires from different three managers' ideas of Iran University of Science and Technology E-Learning Center located in Iran University of Science and Technology, Tehran, Iran. Findings: In general, by collecting data and analyzing them, the survey showed that Incompatible parts of organizations have negative impacts on utility of organization risk management process. Furthermore, it adds values to other organizations and provides the best practices in planning, developing, implementing and monitoring risk management in organizations. Research limitations/implications: Since Information security and also Risk Management are still areas which need to improve in some Iranian universities, we couldn’t consider them in our analysis. On the other hand, due to questionnaire limitation, the study’s sample size is 1. This size may be considered large for our statistical analysis. Originality/value: The main contribution of this paper is to propose a model for non-cooperation among a number of divisions in a organization and using risk management factors.

  16. Information security risk management and incompatible parts of organization

    International Nuclear Information System (INIS)

    Talabeigi, E.; Naeeini, S.G.J.

    2016-01-01

    Purpose: we prepared a questionnaire to evaluate Incompatible parts and also risk management in University of Science and Technology E-Learning Center and studying the Incompatible parts impacts on utility of organization. Design/methodology/approach: By using coalitional game theory we present a new model to recognize the degrees of incompatibility among independent divisions of an organization with dependent security assets. Based on positive and negative interdependencies in the parts, the model provides how the organization can decrease the security risks through non-cooperation rather than cooperation. we implement the proposed model of this paper by analyzing the data which have been provided by questionnaires from different three managers' ideas of Iran University of Science and Technology E-Learning Center located in Iran University of Science and Technology, Tehran, Iran. Findings: In general, by collecting data and analyzing them, the survey showed that Incompatible parts of organizations have negative impacts on utility of organization risk management process. Furthermore, it adds values to other organizations and provides the best practices in planning, developing, implementing and monitoring risk management in organizations. Research limitations/implications: Since Information security and also Risk Management are still areas which need to improve in some Iranian universities, we couldn’t consider them in our analysis. On the other hand, due to questionnaire limitation, the study’s sample size is 1. This size may be considered large for our statistical analysis. Originality/value: The main contribution of this paper is to propose a model for non-cooperation among a number of divisions in a organization and using risk management factors.

  17. Laboratory Information Management System Chain of Custody: Reliability and Security

    Science.gov (United States)

    Tomlinson, J. J.; Elliott-Smith, W.; Radosta, T.

    2006-01-01

    A chain of custody (COC) is required in many laboratories that handle forensics, drugs of abuse, environmental, clinical, and DNA testing, as well as other laboratories that want to assure reliability of reported results. Maintaining a dependable COC can be laborious, but with the recent establishment of the criteria for electronic records and signatures by US regulatory agencies, laboratory information management systems (LIMSs) are now being developed to fully automate COCs. The extent of automation and of data reliability can vary, and FDA- and EPA-compliant electronic signatures and system security are rare. PMID:17671623

  18. The Shaping of Managers' Security Objectives through Information Security Awareness Training

    Science.gov (United States)

    Harris, Mark A.

    2010-01-01

    Information security research states that corporate security policy and information security training should be socio-technical in nature and that corporations should consider training as a primary method of protecting their information systems. However, information security policies and training are predominately technical in nature. In addition,…

  19. Information security management: a proposal to improve the effectiveness of information security in the scientific research environment

    International Nuclear Information System (INIS)

    Alexandria, Joao Carlos Soares de

    2009-01-01

    The increase of the connectivity in the business environment, combined with the growing dependency of information systems, has become the information security management an important governance tool. Information security has as main goal to protect the business transactions in order to work normally. In this way, It will be safeguarding the business continuity. The threats of information come from hackers' attacks, electronic frauds and spying, as well as fire, electrical energy interruption and humans fault. Information security is made by implementation of a set of controls, including of the others politics, processes, procedures, organizational structures, software and hardware, which require a continuous management and a well established structure to be able to face such challenges. This work tried to search the reasons why the organizations have difficulties to make a practice of information security management. Many of them just limit to adopt points measures, sometimes they are not consistent with their realities. The market counts on enough quantity of standards and regulations related to information security issues, for example, ISO/IEC 27002, American Sarbanes-Oxley act, Basel capital accord, regulations from regulatory agency (such as the Brazilians ones ANATEL, ANVISA and CVM). The market researches have showed that the information security implementation is concentrated on a well-defined group of organization mainly formed by large companies and from specifics sectors of economy, for example, financial and telecommunication. However, information security must be done by all organizations that use information systems to carry out their activities, independently of its size or economic area that it belongs. The situation of information security in the governmental sector of Brazil, and inside its research institutions, is considered worrying by the Brazilian Court of Accounts (TCU). This research work presents an assessment and diagnostic proposal of

  20. Factors Influencing the Adoption of Biometric Security Technologies by Decision Making Information Technology and Security Managers

    OpenAIRE

    Lease, David R.

    2005-01-01

    The research conducted under this study offers an understanding of the reasons why information technology (IT) and/or information assurance (IA) managers choose to recommend or not to recommend particular technologies, specifically biometric security, to their organizations. A review of the relevant literature provided the foundation to develop a set of research questions and factors for this research effort. The research questions became the basis of the study’s stated hypotheses for examini...

  1. Analysis of Information Security Management Systems at 5 Domestic Hospitals with More than 500 Beds

    OpenAIRE

    Park, Woo-Sung; Seo, Sun-Won; Son, Seung-Sik; Lee, Mee-Jeong; Kim, Shin-Hyo; Choi, Eun-Mi; Bang, Ji-Eon; Kim, Yea-Eun; Kim, Ok-Nam

    2010-01-01

    Objectives The information security management systems (ISMS) of 5 hospitals with more than 500 beds were evaluated with regards to the level of information security, management, and physical and technical aspects so that we might make recommendations on information security and security countermeasures which meet both international standards and the needs of individual hospitals. Methods The ISMS check-list derived from international/domestic standards was distributed to each hospital to com...

  2. Information governance and security protecting and managing your company's proprietary information

    CERN Document Server

    Iannarelli, John G

    2014-01-01

    Information Governance and Security shows managers in any size organization how to create and implement the policies, procedures and training necessary to keep their organization's most important asset-its proprietary information-safe from cyber and physical compromise. Many intrusions can be prevented if appropriate precautions are taken, and this book establishes the enterprise-level systems and disciplines necessary for managing all the information generated by an organization. In addition, the book encompasses the human element by considering proprietary information lost, damaged, or destroyed through negligence. By implementing the policies and procedures outlined in Information Governance and Security, organizations can proactively protect their reputation against the threats that most managers have never even thought of. Provides a step-by-step outline for developing an information governance policy that is appropriate for your organization Includes real-world examples and cases to help illustrate key ...

  3. Report: Fiscal Year 2011 Federal Information Security Management Act Report Status of EPA’s Computer Security Program

    Science.gov (United States)

    Report #12-P-0062, November 9, 2011. Attached is the Office of Inspector General’s (OIG’s) Fiscal Year 2011 Federal Information Security Management Act (FISMA) Reporting Template, as prescribed by the Office of Management and Budget (OMB).

  4. Electronic healthcare information security

    CERN Document Server

    Dube, Kudakwashe; Shoniregun, Charles A

    2010-01-01

    The ever-increasing healthcare expenditure and pressing demand for improved quality and efficiency of patient care services are driving innovation in healthcare information management. The domain of healthcare has become a challenging testing ground for information security due to the complex nature of healthcare information and individual privacy. ""Electronic Healthcare Information Security"" explores the challenges of e-healthcare information and security policy technologies. It evaluates the effectiveness of security and privacy implementation systems for anonymization methods and techniqu

  5. The Effect of Information Security Management on Organizational Processes Integration in Supply Chain

    OpenAIRE

    Mohsen Shafiei Nikabadi; Ahmad Jafarian; Azam Jalili Bolhasani

    2012-01-01

    : The major purpose of this article was that how information security management has effect on supply chain integration and the effect of implementing "information security management system" on enhancing supplies chain integration. In this respect, current research was seeking a combination overview to these tow approaches (Information Security Management and Organizational Processes Integration by Enterprise Resources Planning System) and after that determined factors of these two import...

  6. Information security risk management for ISO27001/ISO27002

    CERN Document Server

    Calder, A; Watkins, S

    2010-01-01

    Drawing on international best practice, including ISO/IEC 27005, NIST SP800-30 and BS7799-3, the book explains in practical detail how to carry out an information security risk assessment. It covers key topics, such as risk scales, threats and vulnerabilities, selection of controls, and roles and responsibilities, and includes advice on choosing risk assessment software.

  7. ITIL® and information security

    International Nuclear Information System (INIS)

    Jašek, Roman; Králík, Lukáš; Popelka, Miroslav

    2015-01-01

    This paper discusses the context of ITIL framework and management of information security. It is therefore a summary study, where the first part is focused on the safety objectives in connection with the ITIL framework. First of all, there is a focus on ITIL process ISM (Information Security Management), its principle and system management. The conclusion is about link between standards, which are related to security, and ITIL framework

  8. Information security risk management and incompatible parts of organization

    OpenAIRE

    Talabeigi, Elham; Naeeini, Seyyed Gholamreza Jalali

    2016-01-01

    Purpose: we prepared a questionnaire to evaluate Incompatible parts and also risk management in University of Science and Technology E-Learning Center and studying the Incompatible parts impacts on utility of organization. Design/methodology/approach: By using coalitional game theory we present a new model to recognize the degrees of incompatibility among independent divisions of an organization with dependent security assets. Based on positive and negative interdependencies in...

  9. The Importance of Information Security Management in Crisis Prevention in the Company

    OpenAIRE

    Wawak, Slawomir

    2010-01-01

    Management information system can be compared to the nervous system of a company. Its malfunction may cause adverse effects in many different areas of the company. Information Security Management is understood as tool of the information confidentiality, availability and integrity assurance. An effective information security management system reduces the risk of crisis in the company. It also allows to reduce the effects of the crisis occurring outside the company.

  10. Information Security

    NARCIS (Netherlands)

    Hartel, Pieter H.; Suryana Herman, Nanna; Leukfeldt, E.R.; Stol, W.Ph.

    2012-01-01

    Information security is all about the protection of digital assets, such as digital content, personal health records, state secrets etc. These assets can be handled by a party who is authorised to access and control the asset or a party who is not authorised to do so. Authorisation determines who is

  11. Management of information security risks in a federal public institution: a case study

    Directory of Open Access Journals (Sweden)

    Jackson Gomes Soares Souza

    2016-11-01

    Full Text Available Public institutions bound to the Brazilian federal public sector must apply security measures, policies, procedures and guidelines as information assets protection measures. This case study sought to determine whether the management of information security risks is applied in a federal public institution according to Information Technology (I.T. managers perceptions and the results expose the importance of the roles played by people, responsibilities, policies, standards, procedures and their implementation aiming greater control of information security risks and opportunities related to information technology security.

  12. The Effect of Information Security Management on Organizational Processes Integration in Supply Chain

    Directory of Open Access Journals (Sweden)

    Mohsen Shafiei Nikabadi

    2012-03-01

    Full Text Available : The major purpose of this article was that how information security management has effect on supply chain integration and the effect of implementing "information security management system" on enhancing supplies chain integration. In this respect, current research was seeking a combination overview to these tow approaches (Information Security Management and Organizational Processes Integration by Enterprise Resources Planning System and after that determined factors of these two important issue by factor analysis. Researchers using a series of comments in the automotive experts (production planning and management and supply chain experts and caregivers car makers and suppliers in the first level and second level supply chain industry. In this way, it has been done that impact on how information security management processes enterprise supply chain integration with the help of statistical correlation analysis. The results of this investigation indicated effect of "information security management system" various dimensions that were coordination of information, prevent human errors and hardware, the accuracy of information and education for users on two dimensions of internal and external integration of business processes, supply chain and finally, it can increased integration of business processes in supply chain. At the end owing to quite these results, deployment of "information security management system" increased the integration of organizational processes in supply chain. It could be demonstrate with the consideration of relation of organizational integration processes whit the level of coordination of information, prevent errors and accuracy of information throughout the supply chain.

  13. Analysis of information security management systems at 5 domestic hospitals with more than 500 beds.

    Science.gov (United States)

    Park, Woo-Sung; Seo, Sun-Won; Son, Seung-Sik; Lee, Mee-Jeong; Kim, Shin-Hyo; Choi, Eun-Mi; Bang, Ji-Eon; Kim, Yea-Eun; Kim, Ok-Nam

    2010-06-01

    The information security management systems (ISMS) of 5 hospitals with more than 500 beds were evaluated with regards to the level of information security, management, and physical and technical aspects so that we might make recommendations on information security and security countermeasures which meet both international standards and the needs of individual hospitals. The ISMS check-list derived from international/domestic standards was distributed to each hospital to complete and the staff of each hospital was interviewed. Information Security Indicator and Information Security Values were used to estimate the present security levels and evaluate the application of each hospital's current system. With regard to the moderate clause of the ISMS, the hospitals were determined to be in compliance. The most vulnerable clause was asset management, in particular, information asset classification guidelines. The clauses of information security incident management and business continuity management were deemed necessary for the establishment of successful ISMS. The level of current ISMS in the hospitals evaluated was determined to be insufficient. Establishment of adequate ISMS is necessary to ensure patient privacy and the safe use of medical records for various purposes. Implementation of ISMS which meet international standards with a long-term and comprehensive perspective is of prime importance. To reflect the requirements of the varied interests of medical staff, consumers, and institutions, the establishment of political support is essential to create suitable hospital ISMS.

  14. Information Security Management of Web Portals Based on Joomla CMS

    OpenAIRE

    Lemes, Samir

    2014-01-01

    Information is the key asset of all organizations and can exist in many forms. It can be printed or written on paper, stored electronically, transmitted by mail or by electronic means, shown in films, or spoken in conversation. In today's competitive business environment, such information is constantly under threat from many sources, which can be internal, external, accidental, or malicious. Joomla is a very popular Content Management System (CMS) used for web page maintenance. This highly ve...

  15. Information Security

    OpenAIRE

    2005-01-01

    Information security is all about the protection of digital assets, such as digital content, personal health records, state secrets etc. These assets can be handled by a party who is authorised to access and control the asset or a party who is not authorised to do so. Authorisation determines who is trusted to actually handle an asset. Two concepts complement authorisation. Authentication deter-mines who makes a request to handle an asset. To decide who is authorised, a system needs to au-the...

  16. Cyber indicators of compromise: a domain ontology for security information and event management

    Science.gov (United States)

    2017-03-01

    heuristics, mapping, and detection. CybOX is aimed at supporting a broad range of important cyber security domains to include [31]: • Digital...REPORT TYPE AND DATES COVERED Master’s thesis 4. TITLE AND SUBTITLE CYBER INDICATORS OF COMPROMISE: A DOMAIN ONTOLOGY FOR SECURITY INFORMATION AND...Distribution is unlimited. CYBER INDICATORS OF COMPROMISE: A DOMAIN ONTOLOGY FOR SECURITY INFORMATION AND EVENT MANAGEMENT Marsha D. Rowell

  17. INFORMATION SECURITY MANAGEMENT: FACTORS THAT INFLUENCE ITS ADOPTION IN SMALL AND MID-SIZED BUSINESSES

    Directory of Open Access Journals (Sweden)

    Abner da Silva Netto

    2008-02-01

    Full Text Available The objectives of this study were verify in what measure the small and medium companies accomplish the management security information and identify which factors influence the small and medium companies to adopt measures of management security information. The source research was exploratory-descriptive and the design used was the survey. The sample was compound of 43 metal production industries located in ABC region. According to management information security literature and Brazilian norm of information security were identified the tools or techniques of management security information and classified it into three layers: physic, logic and human. The study identified that the human layer is the one that presents the major shortage of cares in the companies followed by the logical one. The companies get used to have the antivirus as the main security tool/technique according to the researched companies to guarantee the safety of information. Besides that, the research showed that 59% of the companies have a safety satisfactory level and the main motivator factor to adopt the management security information is "to avoid possible financial loss”. On the other hand, all the inhibitors factors showed important to the researched companies like: lack of knowledge, investments value, organization culture and difficulty to measure cost/benefit.

  18. Laboratory Information Management System Chain of Custody: Reliability and Security

    OpenAIRE

    Tomlinson, J. J.; Elliott-Smith, W.; Radosta, T.

    2006-01-01

    A chain of custody (COC) is required in many laboratories that handle forensics, drugs of abuse, environmental, clinical, and DNA testing, as well as other laboratories that want to assure reliability of reported results. Maintaining a dependable COC can be laborious, but with the recent establishment of the criteria for electronic records and signatures by US regulatory agencies, laboratory information management systems (LIMSs) are now being developed to fully automate COCs. The extent of a...

  19. Once more unto the breach managing information security in an uncertain world

    CERN Document Server

    Simmons, Andrea C

    2012-01-01

    In Once more unto the Breach, Andrea C Simmons speaks directly to information security managers and provides an insider's view of the role, offering priceless gems from her extensive experience and knowledge. Based on a typical year in the life of an information security manager, the book examines how the general principles can be applied to all situations and discusses the lessons learnt from a real project.

  20. Secure Transportation Management

    International Nuclear Information System (INIS)

    Gibbs, P. W.

    2014-01-01

    Secure Transport Management Course (STMC) course provides managers with information related to procedures and equipment used to successfully transport special nuclear material. This workshop outlines these procedures and reinforces the information presented with the aid of numerous practical examples. The course focuses on understanding the regulatory framework for secure transportation of special nuclear materials, identifying the insider and outsider threat(s) to secure transportation, organization of a secure transportation unit, management and supervision of secure transportation units, equipment and facilities required, training and qualification needed.

  1. Management of organizations in Serbia from the aspect of the maturity analysis of information security

    Directory of Open Access Journals (Sweden)

    Trivan Dragan

    2016-01-01

    Full Text Available The aim of this work is focused on research of information security in organizations, with a focus on cybersecurity. In accordance with the theoretical analysis, the subject of the empirical part of the work is the analysis of information security in Serbia, in order to better understand the information security programs and management structures in organizations in Serbia. The survey covers a variety of industries and discusses how organizations assess, develop, create and support their programs to ensure information security. The survey included 53 companies. The results that were obtained enabled us to select five core elements of the program on the state of information security and cybersecurity in Serbian companies: most companies had not been exposed to cybersecurity incidents; in most companies policy, procedures and spheres of responsibility for information security exist, there are not enough controls to ensure compliance with relevant safety standards by third parties, top management and end-users are insufficiently familiar with cybersecurity risks, although they apply basic measures of protection, safety protection systems are very rare. The scientific goal of this work is to, on the basis of the results obtained, make conclusions that can contribute to the study of corporate information security with special emphasis on cybersecurity. The practical aim of the research is the application of the results for more efficient implementation process of security against cyber attacks in the Serbian organizations.

  2. MAVEN Information Security Governance, Risk Management, and Compliance (GRC): Lessons Learned

    Science.gov (United States)

    Takamura, Eduardo; Gomez-Rosa, Carlos A.; Mangum, Kevin; Wasiak, Fran

    2014-01-01

    As the first interplanetary mission managed by the NASA Goddard Space Flight Center, the Mars Atmosphere and Volatile EvolutioN (MAVEN) had three IT security goals for its ground system: COMPLIANCE, (IT) RISK REDUCTION, and COST REDUCTION. In a multiorganizational environment in which government, industry and academia work together in support of the ground system and mission operations, information security governance, risk management, and compliance (GRC) becomes a challenge as each component of the ground system has and follows its own set of IT security requirements. These requirements are not necessarily the same or even similar to each other's, making the auditing of the ground system security a challenging feat. A combination of standards-based information security management based on the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF), due diligence by the Mission's leadership, and effective collaboration among all elements of the ground system enabled MAVEN to successfully meet NASA's requirements for IT security, and therefore meet Federal Information Security Management Act (FISMA) mandate on the Agency. Throughout the implementation of GRC on MAVEN during the early stages of the mission development, the Project faced many challenges some of which have been identified in this paper. The purpose of this paper is to document these challenges, and provide a brief analysis of the lessons MAVEN learned. The historical information documented herein, derived from an internal pre-launch lessons learned analysis, can be used by current and future missions and organizations implementing and auditing GRC.

  3. Information Systems Security Management: A Review and a Classification of the ISO Standards

    Science.gov (United States)

    Tsohou, Aggeliki; Kokolakis, Spyros; Lambrinoudakis, Costas; Gritzalis, Stefanos

    The need for common understanding and agreement of functional and non-functional requirements is well known and understood by information system designers. This is necessary for both: designing the "correct" system and achieving interoperability with other systems. Security is maybe the best example of this need. If the understanding of the security requirements is not the same for all involved parties and the security mechanisms that will be implemented do not comply with some globally accepted rules and practices, then the system that will be designed will not necessarily achieve the desired security level and it will be very difficult to securely interoperate with other systems. It is therefore clear that the role and contribution of international standards to the design and implementation of security mechanisms is dominant. In this paper we provide a state of the art review on information security management standards published by the International Organization for Standardization and the International Electrotechnical Commission. Such an analysis is meaningful to security practitioners for an efficient management of information security. Moreover, the classification of the standards in the clauses of ISO/IEC 27001:2005 that results from our analysis is expected to provide assistance in dealing with the plethora of security standards.

  4. Advanced Approach to Information Security Management System Model for Industrial Control System

    Science.gov (United States)

    2014-01-01

    Organizations make use of important information in day-to-day business. Protecting sensitive information is imperative and must be managed. Companies in many parts of the world protect sensitive information using the international standard known as the information security management system (ISMS). ISO 27000 series is the international standard ISMS used to protect confidentiality, integrity, and availability of sensitive information. While an ISMS based on ISO 27000 series has no particular flaws for general information systems, it is unfit to manage sensitive information for industrial control systems (ICSs) because the first priority of industrial control is safety of the system. Therefore, a new information security management system based on confidentiality, integrity, and availability as well as safety is required for ICSs. This new ISMS must be mutually exclusive of an ICS. This paper provides a new paradigm of ISMS for ICSs, which will be shown to be more suitable than the existing ISMS. PMID:25136659

  5. Advanced Approach to Information Security Management System Model for Industrial Control System

    Directory of Open Access Journals (Sweden)

    Sanghyun Park

    2014-01-01

    Full Text Available Organizations make use of important information in day-to-day business. Protecting sensitive information is imperative and must be managed. Companies in many parts of the world protect sensitive information using the international standard known as the information security management system (ISMS. ISO 27000 series is the international standard ISMS used to protect confidentiality, integrity, and availability of sensitive information. While an ISMS based on ISO 27000 series has no particular flaws for general information systems, it is unfit to manage sensitive information for industrial control systems (ICSs because the first priority of industrial control is safety of the system. Therefore, a new information security management system based on confidentiality, integrity, and availability as well as safety is required for ICSs. This new ISMS must be mutually exclusive of an ICS. This paper provides a new paradigm of ISMS for ICSs, which will be shown to be more suitable than the existing ISMS.

  6. Advanced approach to information security management system model for industrial control system.

    Science.gov (United States)

    Park, Sanghyun; Lee, Kyungho

    2014-01-01

    Organizations make use of important information in day-to-day business. Protecting sensitive information is imperative and must be managed. Companies in many parts of the world protect sensitive information using the international standard known as the information security management system (ISMS). ISO 27000 series is the international standard ISMS used to protect confidentiality, integrity, and availability of sensitive information. While an ISMS based on ISO 27000 series has no particular flaws for general information systems, it is unfit to manage sensitive information for industrial control systems (ICSs) because the first priority of industrial control is safety of the system. Therefore, a new information security management system based on confidentiality, integrity, and availability as well as safety is required for ICSs. This new ISMS must be mutually exclusive of an ICS. This paper provides a new paradigm of ISMS for ICSs, which will be shown to be more suitable than the existing ISMS.

  7. Implementing Information Security and Its Technology: A LineManagement Perspective

    Energy Technology Data Exchange (ETDEWEB)

    Barletta, William A.

    2005-08-22

    Assuring the security and privacy of institutionalinformation assets is a complex task for the line manager responsible forinternational and multi-national transactions. In the face of an unsureand often conflicting international legal framework, the line managermust employ all available tools in an Integrated Security and PrivacyManagement framework that ranges from legal obligations, to policy, toprocedure, to cutting edge technology to counter the rapidly evolvingcyber threat to information assets and the physical systems thatinformation systems control.

  8. Managing Cisco network security

    CERN Document Server

    Knipp, Eric

    2002-01-01

    An in-depth knowledge of how to configure Cisco IP network security is a MUST for anyone working in today''s internetworked world"There''s no question that attacks on enterprise networks are increasing in frequency and sophistication..."-Mike Fuhrman, Cisco Systems Manager, Security ConsultingManaging Cisco Network Security, Second Edition offers updated and revised information covering many of Cisco''s security products that provide protection from threats, detection of network security incidents, measurement of vulnerability and policy compliance and management of security policy across an extended organization. These are the tools that network administrators have to mount defenses against threats. Chapters also cover the improved functionality and ease of the Cisco Secure Policy Manger software used by thousands of small-to-midsized businesses and a special section on the Cisco Aironet Wireless Security Solutions.Security from a real-world perspectiveKey coverage of the new technologies offered by the Cisc...

  9. Managing climatic risks for enhanced food security: Key information capabilities

    NARCIS (Netherlands)

    Balaghi, R.; Badjeck, M.C.; Bakari, D.; Pauw, de E.D.; Wit, de A.J.W.; Defourny, P.; Donato, S.; Gommes, R.; Jlibene, M.; Ravelo, A.C.; Sivakumar, M.V.K.; Telahigue, N.; Tychon, B.

    2010-01-01

    Food security is expected to face increasing challenges from climatic risks that are more and more exacerbated by climate change, especially in the developing world. This document lists some of the main capabilities that have been recently developed, especially in the area of operational

  10. Information Technology Management: Social Security Administration Practices Can Be Improved

    National Research Council Canada - National Science Library

    Shaw, Clay

    2001-01-01

    ...: In the investment management area, (1) develop and implement a process guide that establishes the policies, procedures, and key criteria for conducting the IT investment management process and guiding executive staff operations; (2...

  11. Managing the human factor in information security how to win over staff and influence business managers

    CERN Document Server

    Lacey, David

    2009-01-01

    With the growth in social networking and the potential for larger and larger breaches of sensitive data,it is vital for all enterprises to ensure that computer users adhere to corporate policy and project staff design secure systems. Written by a security expert with more than 25 years'' experience, this book examines how fundamental staff awareness is to establishing security and addresses such challenges as containing threats, managing politics, developing programs, and getting a business to buy into a security plan. Illustrated with real-world examples throughout, this is a must-have guide for security and IT professionals.

  12. A Model for an Information Security Risk Management (ISRM) Framework for Saudi Arabian Organisations

    Science.gov (United States)

    Alshareef, Naser

    2016-01-01

    Countries in the Gulf represent thriving, globally important commercial centres. They have embraced technology and modern management methods, often originating in the western countries. In adapting to quite different cultures these do not always operate as successfully. The adoption and practices of the Information Security Risk Management (ISRM)…

  13. Does the PCEHR mean a new paradigm for information security? Implications for health information management.

    Science.gov (United States)

    Williams, Patricia A H

    Australia is stepping up to the new e-health environment. With this comes new legislation and new demands on information security. The expanded functionality of e-health and the increased legislative requirements, coupled with new uses of technology, means that enhancement of existing security practice will be necessary. This paperanalyses the new operating environment for Australian healthcare and the legislation governing it, and highlights the changes that are required to meet this new context. Individuals are now more responsible for security and organisations should be prompted to review their security measures in light of the new demands of legislative compliance.

  14. Management of Control System Information SecurityI: Control System Patch Management

    Energy Technology Data Exchange (ETDEWEB)

    Quanyan Zhu; Miles McQueen; Craig Rieger; Tamer Basar

    2011-09-01

    The use of information technologies in control systems poses additional potential threats due to the frequent disclosure of software vulnerabilities. The management of information security involves a series of policy-making on the vulnerability discovery, disclosure, patch development and patching. In this paper, we use a system approach to devise a model to understand the interdependencies of these decision processes. In more details, we establish a theoretical framework for making patching decision for control systems, taking into account the requirement of functionability of control systems. We illustrate our results with numerical simulations and show that the optimal operation period of control systems given the currently estimated attack rate is roughly around a half a month.

  15. Information security risk management for computerized health information systems in hospitals: a case study of Iran

    OpenAIRE

    Zarei, Javad; Sadoughi, Farahnaz

    2016-01-01

    Javad Zarei,1 Farahnaz Sadoughi2 1Health Information Management, Health Management and Economics Research Center, School of Health Management and Information Science, Iran University of Medical Sciences, Tehran, Islamic Republic of Iran, 2Health Information Management Department, School of Health Management and Information Science, Iran University of Medical Sciences, Tehran, Islamic Republic of Iran Background: In recent years, hospitals in Iran – similar to those in other...

  16. Information Security Management as a Bridge in Cloud Systems from Private to Public Organizations

    Directory of Open Access Journals (Sweden)

    Myeonggil Choi

    2015-08-01

    Full Text Available Cloud computing has made it possible for private companies to make rapid changes in their computing environments. However, in the public sector, security issues hinder institutions from adopting cloud computing. To solve these security challenges, in this paper, we propose a methodology for information security management, which quantitatively classifies the importance of information in cloud systems in the public sector. In this study, we adopt a Delphi approach to establish the classification criteria of the proposed methodology in an objective and systematic manner. Further, through a case study of a public corporation, we try to validate the usefulness of the proposed methodology. The results of this study will help public institutions to consider introducing cloud computing and to manage cloud systems effectively and securely.

  17. Information and Knowledge Management in the Scope of the Information Security practices: the human factor within Organizations

    Directory of Open Access Journals (Sweden)

    Luciana Emirena Santos Carneiro

    2013-08-01

    Full Text Available The security of informational assets has always been a corporate requirement. These assets can be scaled in three main spheres, namely, people, organizational processes and technologies. The internet, the web, the broadcast of networks, and the growing presence of technology both in people's lives and in organizational contexts have caused profound transformations in the intrinsic processes that constitute personal and organizational routines. On the one hand, these changes provided by the technological progress have fostered competitiveness and decentralization; on the other hand, they require better management, control, security and protection for information and knowledge. This article presents the results of an investigation within information security realm, focusing on the human aspects of knowledge and information management related to security practices. Using a quality-quantitative approach, we identify behavioral actions and profiles of employees of a company in the field of healthcare, which reveal some connections with information security failures. We conclude that the human element is a relevant variable, even a critical one, for the management of information security in organizations.

  18. Information Assurance Security in the Information Environment

    CERN Document Server

    Blyth, Andrew

    2006-01-01

    Intended for IT managers and assets protection professionals, this work aims to bridge the gap between information security, information systems security and information warfare. It covers topics such as the role of the corporate security officer; Corporate cybercrime; Electronic commerce and the global marketplace; Cryptography; and, more.

  19. SIS Security White Paper: Managing privacy and security for the Service Information System

    OpenAIRE

    Kerr, Gillian; Johnson, Alberta; Gaudon, Sara

    2018-01-01

    The Service Information System (SIS) is a monitoring and evaluation platform built on open source software and donated Microsoft services that is offered on a subscription basis to nonprofits providing any kind of service. It is developed and managed by LogicalOutcomes, a Canadian nonprofit, and launched in March 2018. The first implementation was created in partnership with the Ontario Coalition of Agencies Serving Immigrants, funded by the Ontario Ministry of Citizenship and Immigration. ...

  20. Gender Differences in the Field of Information Security Technology Management: A Qualitative, Phenomenological Study

    Science.gov (United States)

    Johnson, Marcia L.

    2013-01-01

    This qualitative study explored why there are so few senior women in the information security technology management field and whether gender played a part in the achievement of women in the field. Extensive interviews were performed to capture the lived experiences of successful women in the field regarding the obstacles and common denominators of…

  1. A Risk Management Process for Consumers: The Next Step in Information Security

    NARCIS (Netherlands)

    van Cleeff, A.

    2010-01-01

    Simply by using information technology, consumers expose themselves to considerable security risks. Because no technical or legal solutions are readily available, and awareness programs have limited impact, the only remedy is to develop a risk management process for consumers. Consumers need to

  2. Information Security Maturity as an Integral Part of ISMS based Risk Management Tools

    NARCIS (Netherlands)

    Fetler, Ben; Harpes, Carlo

    2016-01-01

    Measuring the continuous improvement of Information Security Management Systems (ISMS) is often neglected as most organizations do not know how to extract key-indicators that could be used for this purpose. The underlying work presents a six-level maturity model which can be fully integrated in a

  3. Managing information security in a process industrial environment; Gestao de seguranca da informacao em processos industriais

    Energy Technology Data Exchange (ETDEWEB)

    Pereira, Raphael Gomes; Aguiar, Leandro Pfleger de [Siemens Company (Brazil)

    2008-07-01

    With the recently globalization expansion (growth), the exploration of energetic resources is crossing over countries boundaries, resulting in worldwide companies exploring Oil and Gas fields available in any place of the world. To the government's bodies, this information about those fields should be treated as a national security interest subject by bringing an adequate management and protection to all the important and critical information and assets, and making possible, at the same time, the freedom and transparency in concurrence processes. This create a complex security context to be managed, where information disruption might, for instance, imply in broke of integrity in public auctions processes as a result of privileged information usage. Furthermore, with the terrorism problem, the process itself becomes an attractive target for different kinds of attacks, motivated by the opportunism to explore the known incapacity of the big industries in well manage their large and complex environments. With all transformations that are happening in productive processes, as the growing TCP/IP protocol usage, the Windows operating systems adoption in SCADA systems and the integration of industrial with business network, are factors that contribute to an eminent landscape of problems. This landscape demonstrates the need from the organizations and countries that are operating in energetic resources exploration, for renew their risk management areas, establishing a unique and integrated process to protect information security infrastructure. This work presents a study of the challenges to be faced by the organizations while rebuilding their internal processes to integrate the risk management and information security areas, as long as a set of essential steps to establish an affective corporative governance of risk management and compliance aspects. Moreover, the work presents the necessary points of the government involvement to improve all the regulatory aspects

  4. Implementing an Information Security Program

    Energy Technology Data Exchange (ETDEWEB)

    Glantz, Clifford S.; Lenaeus, Joseph D.; Landine, Guy P.; O' Neil, Lori Ross; Leitch, Rosalyn; Johnson, Christopher; Lewis, John G.; Rodger, Robert M.

    2017-11-01

    The threats to information security have dramatically increased with the proliferation of information systems and the internet. Chemical, biological, radiological, nuclear, and explosives (CBRNe) facilities need to address these threats in order to protect themselves from the loss of intellectual property, theft of valuable or hazardous materials, and sabotage. Project 19 of the European Union CBRN Risk Mitigation Centres of Excellence Initiative is designed to help CBRN security managers, information technology/cybersecurity managers, and other decision-makers deal with these threats through the application of cost-effective information security programs. Project 19 has developed three guidance documents that are publically available to cover information security best practices, planning for an information security management system, and implementing security controls for information security.

  5. Information security fundamentals

    CERN Document Server

    Peltier, Thomas R

    2013-01-01

    Developing an information security program that adheres to the principle of security as a business enabler must be the first step in an enterprise's effort to build an effective security program. Following in the footsteps of its bestselling predecessor, Information Security Fundamentals, Second Edition provides information security professionals with a clear understanding of the fundamentals of security required to address the range of issues they will experience in the field.The book examines the elements of computer security, employee roles and r

  6. VIRTUAL COGNITIVE CENTERS AS INTELLIGENT SYSTEMS FOR MANAGEMENT INFORMATION SUPPORT OF REGIONAL SECURITY

    Directory of Open Access Journals (Sweden)

    A. V. Masloboev

    2014-03-01

    Full Text Available The paper deals with engineering problems and application perspectives of virtual cognitive centers as intelligent systems for information support of interagency activities in the field of complex security management of regional development. A research prototype of virtual cognitive center for regional security management in crisis situations, implemented as hybrid cloud service based on IaaS architectural framework with the usage of multi-agent and web-service technologies has been developed. Virtual cognitive center is a training simulator software system and is intended for solving on the basis of distributed simulation such problems as: strategic planning and forecasting of risk-sustainable development of regional socioeconomic systems, agents of management interaction specification synthesis for regional components security in different crisis situations within the planning stage of joint anti-crisis actions.

  7. Obtaining Knowledge for Innovation: Benefits and Harms of Procedures for Managing Information Security

    Directory of Open Access Journals (Sweden)

    José Geraldo Pereira Barbosa

    2012-06-01

    Full Text Available The research reported in this article aims to describe how the processes of information security used in a manufacturing and packaging paper company influenced the attainment of knowledge on two innovations. The study was conducted through field research, using interviews, narratives, direct observation and thematic analysis for data collection and data processing. The research started from the assumption that even considering the importance of managing information security and its benefits to an organization, the processes of logical security, and physical access controls, would undermine the process of obtaining and transference of knowledge required by innovations. It was observed the presence of five instruments of physical and logical security: "confidentiality", "general control of protection", "antivirus", "backups" and "facility security procedures" which did not interfere negatively in obtaining knowledge. The single barrier identified for the transfer of knowledge was the lack of absorptive capacity of knowledge workers. Therefore, the case describes a situation where a clearly and consistent information security policy allowed the obtaining and transferring of knowledge necessary for innovation. In other words, the assumption of the research was rejected by the findings.

  8. Development of information security and vulnerability risk management system for J-PARC

    International Nuclear Information System (INIS)

    Ishikawa, Hiroyuki; Tate, Akihiro; Murakami, Tadashi

    2012-02-01

    In J-PARC (Japan Proton Accelerator Research Complex) we have set up intra-network (internal network, we will abbreviate it as JLAN, below) to support research activity and communication among users. In JLAN, we set up various kinds of security devices to keep JLAN secure. However, the servers which provide information or service to public are still in danger of being accessed illegally. If there is an illegal access, that may cause defacement of data or information leak. Furthermore, the victim servers are manipulated by the malicious attackers, and they themselves attack the external information equipments. Vulnerability of servers enables unauthorized access. So, vulnerability test with use of a vulnerability tool is one of the most effective ways to take measures for vulnerability of the equipments. However, it is not enough to just conduct a vulnerability test. It is also essential for information security to take measures to cover constantly for the vulnerability of servers. We focused on the points above, and developed the vulnerability testing system for security. It is not only a testing tool for the vulnerability of servers, but also management system which enables the server administrators in charge of taking measures for vulnerabilities to manage risks and handles PDCA (Plan-Do-Check-Action) cycles as countermeasure for vulnerability. In this paper, we report the technologies and ingenuities for the development of the above system. (author)

  9. Security management

    International Nuclear Information System (INIS)

    Adams, H.W.

    1990-01-01

    Technical progress is moving more and more quickly and the systems thus produced are so complex and have become so unclear to the individual that he can no longer estimate the consequences: Faith in progress has given way to deep mistrust. Companies have adjusted to this change in consciousness. An interesting tendency can be identified: technical security is already available - now the organization of security has become an important objective for companies. The key message of the book is: If outworn technical systems are no longer adequate, the organization must be thoroughly overhauled. Five chapters deal with the following themes: organization as an aspect of society; risk control; aspects of security; is there security in ADP; the broader concept of security. (orig./HP) [de

  10. INFORMATION SYSTEM SECURITY (CYBER SECURITY

    Directory of Open Access Journals (Sweden)

    Muhammad Siddique Ansari

    2016-03-01

    Full Text Available Abstract - Business Organizations and Government unequivocally relies on upon data to deal with their business operations. The most unfavorable impact on association is disappointment of friendship, goodness, trustworthiness, legitimacy and probability of data and administrations. There is an approach to ensure data and to deal with the IT framework's Security inside association. Each time the new innovation is made, it presents some new difficulties for the insurance of information and data. To secure the information and data in association is imperative on the grounds that association nowadays inside and remotely joined with systems of IT frameworks. IT structures are inclined to dissatisfaction and security infringement because of slips and vulnerabilities. These slips and vulnerabilities can be brought on by different variables, for example, quickly creating headway, human slip, poor key particulars, poor movement schedules or censuring the threat. Likewise, framework changes, new deserts and new strikes are a huge piece of the time displayed, which helpers augmented vulnerabilities, disappointments and security infringement all through the IT structure life cycle. The business went to the confirmation that it is essentially difficult to ensure a slip free, risk free and secure IT structure in perspective of the disfigurement of the disavowing security parts, human pass or oversight, and part or supplies frustration. Totally secure IT frameworks don't exist; just those in which the holders may have changing degrees of certainty that security needs of a framework are fulfilled do. The key viewpoints identified with security of data outlining are examined in this paper. From the start, the paper recommends pertinent legitimate structure and their duties including open association obligation, and afterward it returns to present and future time, system limits, structure security in business division. At long last, two key inadequacy markers

  11. A Student Information Management System Based on Fingerprint Identification and Data Security Transmission

    Directory of Open Access Journals (Sweden)

    Pengtao Yang

    2017-01-01

    Full Text Available A new type of student information management system is designed to implement student information identification and management based on fingerprint identification. In order to ensure the security of data transmission, this paper proposes a data encryption method based on an improved AES algorithm. A new S-box is cleverly designed, which can significantly reduce the encryption time by improving ByteSub, ShiftRow, and MixColumn in the round transformation of the traditional AES algorithm with the process of look-up table. Experimental results show that the proposed algorithm can significantly improve the encryption time compared with the traditional AES algorithm.

  12. The Role of Information Security Management Systems in Supply Chain Performance Improvement

    Directory of Open Access Journals (Sweden)

    Mohammad Reza Taghva

    2012-02-01

    Full Text Available In recent years, the researchers have emphasized on positive effect of information system on supply chain performance such as organizational processes integration, information sharing, information technology, etc. In other hand, information security management system is one of the subjects that researches considered its effects on increase accuracy and effective information exchange, access to accurate and timely information and reduce errors of information system. Since, any research has not been done on this ground (the importance of ISMS on supply chain performance. Therefore, it was felt that a research should have done on these approaches on supply chain. In this respect, current research was seeking that how ISMS had impact on supply chain performance in automotive industry and this was the innovative aspect of this paper. So first of all, after the review of the information security management system literature, supply chain performance was considered by the balanced scorecard approach then the most important factors of these two subjects was extracted by correlation analysis. In this way, it was considered that how ISMS had impact on supply chain performance by correlation analysis. The results showed that different dimensions of ISMS (information uniformity, prevent the human and machine mistake, information be accuracy, and rectitude and instruction for users had impact on four dimensions of supply chain performance (customers, financial, internal processes and learning and growth in three levels (strategic, technical, and operational in supply chain. At the end, it was showed that ISMS lays the ground for increase supply chain performance.

  13. Information Technology Convergence, Secure and Trust Computing, and Data Management ITCS 2012 & STA 2012

    CERN Document Server

    Kim, Jongsung; Zou, Deqing; Lee, Yang

    2012-01-01

    ITCS 2012 and STA 2012 address the various theories and practical applications of information technology convergence, secure and trust computing, and data management in future environments. It will present important results of significant value to solve the application services and various problems within the scope of ITCS 2012 & STA 2012. In addition, we expect it will trigger further related research and technology developments which will improve our lives in the future.

  14. System Security Management in SNMP

    OpenAIRE

    P. Deivendran; Dr. R. Dhanapal Ph.D

    2010-01-01

    We present a framework for managing system security, based on a SNMP Management Information Base (MIB), namely the System Security MIB (SSEC MIB), We have defined managed objects and completed the ASN.1 description of the MIB that embeds them. The related security management functions are mainly focused on monitoring external script execution for system security scanning and access control. The main goal of this work is to introduce the semantics and a standard interface that will allow the r...

  15. Information Security Maturity Model

    OpenAIRE

    Information Security Maturity Model

    2011-01-01

    To ensure security, it is important to build-in security in both the planning and the design phases andadapt a security architecture which makes sure that regular and security related tasks, are deployedcorrectly. Security requirements must be linked to the business goals. We identified four domains thataffect security at an organization namely, organization governance, organizational culture, thearchitecture of the systems, and service management. In order to identify and explore the strengt...

  16. Indirect effect of management support on users' compliance behaviour towards information security policies.

    Science.gov (United States)

    Humaidi, Norshima; Balakrishnan, Vimala

    2018-01-01

    Health information systems are innovative products designed to improve the delivery of effective healthcare, but they are also vulnerable to breaches of information security, including unauthorised access, use, disclosure, disruption, modification or destruction, and duplication of passwords. Greater openness and multi-connectedness between heterogeneous stakeholders within health networks increase the security risk. The focus of this research was on the indirect effects of management support (MS) on user compliance behaviour (UCB) towards information security policies (ISPs) among health professionals in selected Malaysian public hospitals. The aim was to identify significant factors and provide a clearer understanding of the nature of compliance behaviour in the health sector environment. Using a survey design and stratified random sampling method, self-administered questionnaires were distributed to 454 healthcare professionals in three hospitals. Drawing on theories of planned behaviour, perceived behavioural control (self-efficacy (SE) and MS components) and the trust factor, an information system security policies compliance model was developed to test three related constructs (MS, SE and perceived trust (PT)) and their relationship to UCB towards ISPs. Results showed a 52.8% variation in UCB through significant factors. Partial least squares structural equation modelling demonstrated that all factors were significant and that MS had an indirect effect on UCB through both PT and SE among respondents to this study. The research model based on the theory of planned behaviour in combination with other human and organisational factors has made a useful contribution towards explaining compliance behaviour in relation to organisational ISPs, with trust being the most significant factor. In adopting a multidimensional approach to management-user interactions via multidisciplinary concepts and theories to evaluate the association between the integrated management

  17. Federal Government Information Systems Security Management and Governance Are Pacing Factors for Innovation

    Science.gov (United States)

    Edwards, Gregory

    2011-01-01

    Security incidents resulting from human error or subversive actions have caused major financial losses, reduced business productivity or efficiency, and threatened national security. Some research suggests that information system security frameworks lack emphasis on human involvement as a significant cause for security problems in a rapidly…

  18. Defining Information Security.

    Science.gov (United States)

    Lundgren, Björn; Möller, Niklas

    2017-11-15

    This article proposes a new definition of information security, the 'Appropriate Access' definition. Apart from providing the basic criteria for a definition-correct demarcation and meaning concerning the state of security-it also aims at being a definition suitable for any information security perspective. As such, it bridges the conceptual divide between so-called 'soft issues' of information security (those including, e.g., humans, organizations, culture, ethics, policies, and law) and more technical issues. Because of this it is also suitable for various analytical purposes, such as analysing possible security breaches, or for studying conflicting attitudes on security in an organization. The need for a new definition is demonstrated by pointing to a number of problems for the standard definition type of information security-the so-called CIA definition. Besides being too broad as well as too narrow, it cannot properly handle the soft issues of information security, nor recognize the contextual and normative nature of security.

  19. Mathematical model as means of optimization of the automation system of the process of incidents of information security management

    Directory of Open Access Journals (Sweden)

    Yulia G. Krasnozhon

    2018-03-01

    Full Text Available Modern information technologies have an increasing importance for development dynamics and management structure of an enterprise. The management efficiency of implementation of modern information technologies directly related to the quality of information security incident management. However, issues of assessment of the impact of information security incidents management on quality and efficiency of the enterprise management system are not sufficiently highlighted neither in Russian nor in foreign literature. The main direction to approach these problems is the optimization of the process automation system of the information security incident management. Today a special attention is paid to IT-technologies while dealing with information security incidents at mission-critical facilities in Russian Federation such as the Federal Tax Service of Russia (FTS. It is proposed to use the mathematical apparatus of queueing theory in order to build a mathematical model of the system optimization. The developed model allows to estimate quality of the management taking into account the rules and restrictions imposed on the system by the effects of information security incidents. Here an example is given in order to demonstrate the system in work. The obtained statistical data are shown. An implementation of the system discussed here will improve the quality of the Russian FTS services and make responses to information security incidents faster.

  20. Towards Information Security Awareness

    OpenAIRE

    Marius Petrescu; Delia Mioara Popescu; Nicoleta Sirbu

    2010-01-01

    Information security has come to be recognized as increasingly important because global communication and information systems allow a potentially large number of unauthorized users to access and possibly alter information from around the world. As the dependence on information systems grows, so the security of information networks becomes ever more critical to any entity, no matter if it is a company or a public institution. Information security involves both technology and people. Any securi...

  1. Medical Information Security

    OpenAIRE

    William C. Figg, Ph.D.; Hwee Joo Kam, M.S.

    2011-01-01

    Modern medicine is facing a complex environment, not from medical technology but rather government regulations and information vulnerability. HIPPA is the government’s attempt to protect patient’s information yet this only addresses traditional record handling. The main threat is from the evolving security issues. Many medical offices and facilities have multiple areas of information security concerns. Physical security is often weak, office personnel are not always aware of security needs an...

  2. Information technology as a tool for the Italian Institute of Social Security (INPS) in the management of social security and civil disability: Pro and cons.

    Science.gov (United States)

    Sammicheli, Michele; Scaglione, Marcella

    2018-01-01

    We examine, from a medical-legal perspective, the pro and cons of the information technology procedures that the Italian Institute of Social Security (INPS) has implemented to manage the provision of social disability assistance, meaning that separate from the payment of pension contributions, being welfare, anchored to an administrative requirement by way of the compulsory payment of a minimum social security contribution.

  3. Notification: Audit of the U.S. EPA's Compliance with the Federal Information Security Management Act (FISMA)

    Science.gov (United States)

    Project #OA-FY13-0280, May 9, 2013. The Office of Inspector General plans to begin fieldwork for an audit of the U.S. Environmental Protection Agency’s compliance with the Federal Information Security Management Act.

  4. Notification: Audit of the U.S. Environmental Protection Agency’s Compliance with the Federal Information Security Management Act

    Science.gov (United States)

    Project #OA-FY14-0135, February 10, 2014. The Office of Inspector General plans to begin fieldwork for an audit of the U.S. Environmental Protection Agency's compliance with the Federal Information Security Management Act (FISMA).

  5. INFORMATION SECURITY: Strengthened Management Needed to Protect Critical Federal Operations and Assets

    National Research Council Canada - National Science Library

    Dodaro, Gene

    1998-01-01

    .... Our most recent report, done at the request of this Committee, delineates the serious information security weaknesses placing critical operations and assets at risk and outlines actions needed...

  6. Implementing Information Security Management System as a part of business processes : Where to gain competitive advantage for ISMS?

    OpenAIRE

    Flyktman, Jari

    2016-01-01

    The Idea and background to the study subject lies in the interest in security, leadership and organizational development. The research question was how to provide best practices to fit these all together in harmony. The objective was to help small and medium sized organizations to understand the multifaceted nature of cybersecurity and requirements for successful implementation of information security management system (ISMS). ISMS help companies to form the needed security structures in pra...

  7. Concepts for a standard based cross-organisational information security management system in the context of a nationwide EHR.

    Science.gov (United States)

    Mense, Alexander; Hoheiser-Pförtner, Franz; Schmid, Martin; Wahl, Harald

    2013-01-01

    Working with health related data necessitates appropriate levels of security and privacy. Information security, meaning ensuring confidentiality, integrity, and availability, is more organizational, than technical in nature. It includes many organizational and management measures, is based on well-defined security roles, processes, and documents, and needs permanent adaption of security policies, continuously monitoring, and measures assessment. This big challenge for any organization leads to implementation of an information security management system (ISMS). In the context of establishing a regional or national electronic health record for integrated care (ICEHR), the situation is worse. Changing the medical information exchange from on-demand peer-to-peer connections to health information networks requires all organizations participating in the EHR system to have consistent security levels and to follow the same security guidelines and rules. Also, the implementation must be monitored and audited, establishing cross-organizational information security management systems (ISMS) based on international standards. This paper evaluates requirements and defines basic concepts for an ISO 27000 series-based cross-organizational ISMS in the healthcare domain and especially for the implementation of the nationwide electronic health record in Austria (ELGA).

  8. Survey of current technologies of security management for distributed information systems; Bunsangata joho system no security iji kanri hoshiki no genjo

    Energy Technology Data Exchange (ETDEWEB)

    Matsui, S [Central Research Institute of Electric Power Industry, Tokyo (Japan)

    1997-05-01

    The latest situation of the security management for a distributed information system was examined and systematically summarized to indicate the management design in future. This paper describes the threat of the distributed information system to security, the risk for confidentiality, integrity, and availability due to the threat, and the measures to be taken. The basic technology of security management is classified into the `user certification to prevent an incorrect access` and the `encipherment to prevent data from being used incorrectly.` The technology for certification has been almost completed. It can be securely done using an expendable password or IC card system. In Internet, multiple enciphering technologies for constructing a virtual private network that can secure the almost the same security as for a private network can be used. In an electronic mail, the enciphering technology can also be used easily. The tool that manages the security of very many servers, clients, and networks is in the initial stage. 16 refs., 1 fig., 5 tabs.

  9. Outsourcing information security

    CERN Document Server

    Axelrod, Warren

    2004-01-01

    This comprehensive and timely resource examines security risks related to IT outsourcing, clearly showing you how to recognize, evaluate, minimize, and manage these risks. Unique in its scope, this single volume offers you complete coverage of the whole range of IT security services and fully treats the IT security concerns of outsourcing. The book helps you deepen your knowledge of the tangible and intangible costs and benefits associated with outsourcing IT and IS functions.

  10. Optimal Aide Security Information Search (OASIS)

    National Research Council Canada - National Science Library

    Kapadia, Chetna

    2005-01-01

    The purpose of the Optimal AIDE Security Information Search (OASIS) effort was to investigate and prototype a tool that can assist the network security analyst in collecting useful information to defend the networks they manage...

  11. Computer security engineering management

    International Nuclear Information System (INIS)

    McDonald, G.W.

    1988-01-01

    For best results, computer security should be engineered into a system during its development rather than being appended later on. This paper addresses the implementation of computer security in eight stages through the life cycle of the system; starting with the definition of security policies and ending with continuing support for the security aspects of the system throughout its operational life cycle. Security policy is addressed relative to successive decomposition of security objectives (through policy, standard, and control stages) into system security requirements. This is followed by a discussion of computer security organization and responsibilities. Next the paper directs itself to analysis and management of security-related risks, followed by discussion of design and development of the system itself. Discussion of security test and evaluation preparations, and approval to operate (certification and accreditation), is followed by discussion of computer security training for users is followed by coverage of life cycle support for the security of the system

  12. Methods of Organizational Information Security

    Science.gov (United States)

    Martins, José; Dos Santos, Henrique

    The principle objective of this article is to present a literature review for the methods used in the security of information at the level of organizations. Some of the principle problems are identified and a first group of relevant dimensions is presented for an efficient management of information security. The study is based on the literature review made, using some of the more relevant certified articles of this theme, in international reports and in the principle norms of management of information security. From the readings that were done, we identified some of the methods oriented for risk management, norms of certification and good practice of security of information. Some of the norms are oriented for the certification of the product or system and others oriented to the processes of the business. There are also studies with the proposal of Frameworks that suggest the integration of different approaches with the foundation of norms focused on technologies, in processes and taking into consideration the organizational and human environment of the organizations. In our perspective, the biggest contribute to the security of information is the development of a method of security of information for an organization in a conflicting environment. This should make available the security of information, against the possible dimensions of attack that the threats could exploit, through the vulnerability of the organizational actives. This method should support the new concepts of "Network centric warfare", "Information superiority" and "Information warfare" especially developed in this last decade, where information is seen simultaneously as a weapon and as a target.

  13. Hacking a Bridge: An Exploratory Study of Compliance-Based Information Security Management in Banking Organization

    Directory of Open Access Journals (Sweden)

    Tesleem Fagade

    2017-10-01

    Full Text Available This work is approached through the lens of compliant security by drawing on the concepts of neutralization theory, a prominent postulation in the criminology domain and the 'big five' personality construct. This research is conducted based on a case study of ISO/IEC27001 Standard certified banks, to empirically evaluate the link between cybersecurity protocols violation and how employees rationalise security behaviour. We propose that compliance-based security has the propensity for a heightened sense of false security and vulnerability perception; by showing that systemic security violation in compliance-based security models can be explained by the level of linkages from the personality construct and the neutralization theory. Building on the survey responses from banking organization employees and the application of partial least square structural equation modelling (PLS-SME analysis to test the hypotheses and validate survey samples, we draw a strong inference to support the importance of individual security scenario effect as a vital complementary element of compliance-based security. Based on our initial findings, conceptual principles and practical guidelines for reducing insider threats and improving employees' compliance is presented. We then suggest how information security protocol violations can be addressed in that context.

  14. A socio-organizational approach to information systems security management in the context of internet banking

    OpenAIRE

    Koskosas, loannis Vasileios

    2004-01-01

    This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University. This thesis takes a social and organizational point of view for studying information systems security in the context of internet banking. While the internet provides opportunities for businesses to extend their public network infrastructure, reduce transaction costs, and sell a wide range of products and services worldwide, security threats impede the business. Although, a number ...

  15. Conducting an information security audit

    Directory of Open Access Journals (Sweden)

    Prof. Ph.D . Gheorghe Popescu

    2008-05-01

    Full Text Available The rapid and dramatic advances in information technology (IT in recent years have withoutquestion generated tremendous benefits. At the same time, information technology has created significant,nunprecedented risks to government and to entities operations. So, computer security has become muchmore important as all levels of government and entities utilize information systems security measures toavoid data tampering, fraud, disruptions in critical operations, and inappropriate disclosure of sensitiveinformation. Obviously, uses of computer security become essential in minimizing the risk of malicious attacksfrom individuals and groups, considering that there are many current computer systems with onlylimited security precautions in place.As we already know financial audits are the most common examinations that a business manager en-counters.This is a familiar area for most executives: they know that financial auditors are going to examine the financial records and how those records are used. They may even be familiar with physical securityaudits. However, they are unlikely to be acquainted with information security audits; that is an audit ofhow the confidentiality, availability and integrity of an organization’s information are assured. Any way,if not, they should be, especially that an information security audit is one of the best ways to determine thesecurity of an organization’s information without incurring the cost and other associated damages of a securityincident.

  16. Convergence of Corporate and Information Security

    OpenAIRE

    Syed; Rahman, M.; Donahue, Shannon E.

    2010-01-01

    As physical and information security boundaries have become increasingly blurry many organizations are experiencing challenges with how to effectively and efficiently manage security within the corporate. There is no current standard or best practice offered by the security community regarding convergence; however many organizations such as the Alliance for Enterprise Security Risk Management (AESRM) offer some excellent suggestions for integrating a converged security program. This paper rep...

  17. ICT security management

    OpenAIRE

    SCHREURS, Jeanne; MOREAU, Rachel

    2007-01-01

    Security becomes more and more important and companies are aware that it has become a management problem. It’s critical to know what are the critical resources and processes of the company and their weaknesses. A security audit can be a handy solution. We have developed BEVA, a method to critically analyse the company and to uncover the weak spots in the security system. BEVA results also in a general security score and security scores for each security factor. These will be used in the risk ...

  18. Contemporary security management

    CERN Document Server

    Fay, John

    2010-01-01

    Contemporary Security Management, 3rd Edition teaches security professionals how to operate an efficient security department and how to integrate smoothly with other groups inside and outside their own organizations. Fay demonstrates the specifics of security management: * how to organize, plan, develop and manage a security operation. * how to identify vulnerabilities. * how to determine the protective resources required to offset threats. * how to implement all necessary physical and IT security measures. Security professionals share the responsibility for mitigating damage, serving as a resource to an Emergency Tactical Center, assisting the return of business continuity, and liaising with local response agencies such as police and fire departments, emergency medical responders, and emergency warning centers. At the organizational level, the book addresses budgeting, employee performance, counseling, hiring and termination, employee theft and other misconduct, and offers sound advice on building constructi...

  19. When Information Improves Information Security

    Science.gov (United States)

    Grossklags, Jens; Johnson, Benjamin; Christin, Nicolas

    This paper presents a formal, quantitative evaluation of the impact of bounded-rational security decision-making subject to limited information and externalities. We investigate a mixed economy of an individual rational expert and several naïve near-sighted agents. We further model three canonical types of negative externalities (weakest-link, best shot and total effort), and study the impact of two information regimes on the threat level agents are facing.

  20. Information Security - Data Loss Prevention Procedure

    Science.gov (United States)

    The purpose of this procedure is to extend and provide specificity to the Environmental Protection Agency (EPA) Information Security Policy regarding data loss prevention and digital rights management.

  1. Information Security and Integrity Systems

    Science.gov (United States)

    1990-01-01

    Viewgraphs from the Information Security and Integrity Systems seminar held at the University of Houston-Clear Lake on May 15-16, 1990 are presented. A tutorial on computer security is presented. The goals of this tutorial are the following: to review security requirements imposed by government and by common sense; to examine risk analysis methods to help keep sight of forest while in trees; to discuss the current hot topic of viruses (which will stay hot); to examine network security, now and in the next year to 30 years; to give a brief overview of encryption; to review protection methods in operating systems; to review database security problems; to review the Trusted Computer System Evaluation Criteria (Orange Book); to comment on formal verification methods; to consider new approaches (like intrusion detection and biometrics); to review the old, low tech, and still good solutions; and to give pointers to the literature and to where to get help. Other topics covered include security in software applications and development; risk management; trust: formal methods and associated techniques; secure distributed operating system and verification; trusted Ada; a conceptual model for supporting a B3+ dynamic multilevel security and integrity in the Ada runtime environment; and information intelligence sciences.

  2. Perencanaan dan Implementasi Information Security Management System Menggunakan Framework ISO/IEC 20071

    Directory of Open Access Journals (Sweden)

    Anggi Anugraha Putra

    2016-01-01

    Full Text Available Penerapan tata kelola Teknologi Informasi saat ini sudah menjadi kebutuhan dan tuntutan di setiap instansi penyelenggara pelayanan publik mengingat peran TI yang semakin penting bagi upaya peningkatan kualitas layanan sebagai salah satu realisasi dari tata kelola pemerintahan yang baik (Good Corporate Governance. Dalam penyelenggaraan tata kelola TI, faktor keamanan informasi merupakan aspek yang sangat penting diperhatikan mengingat kinerja tata kelola TI akan terganggu jika informasi sebagai salah satu objek utama tata kelola TI mengalami masalah keamanan informasi yang menyangkut kerahasiaan (confidentiality, keutuhan (integrity dan ketersediaan (availability. Information Security Management System (ISMS adalah seperangkat kebijakan berkaitan dengan manajemen keamanan informasi atau terkait dengan risiko TI. Prinsip yang mengatur di balik ISMS adalah bahwa organisasi harus merancang, menerapkan dan memelihara seperangkat kebijakan, proses dan sistem untuk mengelola risiko aset informasi mereka, sehingga memastikan tingkat risiko keamanan informasi yang dapat diterima. Dari perencanaan dan implementasi sistem manajemen keamanan informasi ini, dihasilkan daftar nilai risiko akhir aset- aset kritikal dan dokumen-dokumen tata kelola penunjang ISMS. Metode penelitian yang digunakan adalah studi kasus yang didalam hal ini, merupakan penelitian kualitatif. Adapun proses yang digunakan untuk mengukur tingkat kematangan dari tata kelola keamanan sistem informasi ini berdasarkan kerangka kerja ISO/IEC 27001. Dari kerangka tersebut kemudian dilakukan evaluasi terhadap objek kontrol yang dimiliki ISO/IEC 27001. Hasil yang didapat adalah peningkatan terhadap tata kelola keamanan sistem informasi. Kesimpulan dari penelitian ini adalah dibutuhkannya tata kelola keamanan sistem informasi agar IT dapat diandalkan untuk mencapai tujuan bisnis.

  3. Information security and business continuity in Tecnatom

    International Nuclear Information System (INIS)

    Fernandez de Miguel, C.

    2013-01-01

    Information security is a key issue for companies that manage and process nuclear business related data. Availability of information systems as well as new data exchange facilities through simple and broad communication networks are the pillars of cooperation between different organizations, generating significant savings in costs and expanding the capacity to minimeze them. In this regard, information security is one of the major challenges for IT departments. This articles presents Tecnatoms experience in the Information Security Management Implementation project. Over several years, since 2004, the information security management has been developed and consolidated as an ongoing and horizontal process. (Author)

  4. 21st Century Security Manager

    OpenAIRE

    Stelian ARION

    2010-01-01

    We live in world of uncertainty that generates major paradigms changing that affect security risk management. Modern organization’s security risks management can’t be done without a profound knowlegde and daily practice for security governance, security risk management and resilience. 21st Century security manager need to deal with several areas of konwledge in order to succesfully manage security risks. The document presents the advantages, disadvantages and challenges for security managers ...

  5. Notification: FY2017 Audit of the CSB's compliance with the Federal Information Security Management Act (FISMA)

    Science.gov (United States)

    Project #, May 23, 2017. The EPA OIG plans to begin fieldwork for an audit of the U.S. Chemical Safety and Hazard Investigation Board’s (CSB’s) compliance with the Federal Information Security Modernization Act of 2014 (FISMA).

  6. Correlation between Employee Participation and Organizational Information Security Management in Community College Districts

    Science.gov (United States)

    Powell, Roger

    2013-01-01

    The dominant view of the relationship between employees and information security (InfoSec) is that employees are the weakest link. This research investigates the relationship between employees and InfoSec from a positive perspective. User buy-in is the theoretical framework of this study and Western U.S. Community Colleges (WUCCs) are the setting.…

  7. Methodology for Management of Information Security in Industrial Control Systems: A Proof of Concept aligned with Enterprise Objectives.

    Directory of Open Access Journals (Sweden)

    Fabian Bustamante

    2017-04-01

    Full Text Available This article is an extended version of the study presented at the IEEE Ecuador Technical Chapters Meeting (ETCM-2016. At that time, a methodological proposal was designed, implemented, and applied in a group of industrial plants for the management of the information security of the Industrial control systems (ICS. The present study displays an adaptation and improvement of such methodology with the purpose of aligning the proposal for the effective management of information security with the strategic objectives. The development of this study has been divided into three distinctive phases. Firstly, we induced the articulation of PMI-PMBOK v5 and ITIL v3 both for the management of the project and for the verification of risks in the IT services. Second, we applied a set of risk mitigation strategies based on international standards as NIST 800-82 and 800-30. Thirdly, we assembled the two mentioned phases in a Guide for standards-based instructions and security policies, which previously have been encouraged on NIST 800-82, 800-53 and 800-12. Hereby, we observed the reduction of incidents of information security, the correct delimitation of the functions of the direct responsible of the ICS and the improvement of the communication between the operative and technical areas of the involved companies. The results demonstrate the functionality of these improvements, especially in the context of the availability and integrity of information, which generates an added value to the enterprise.

  8. reputation Risks through Information Security Incidents

    Directory of Open Access Journals (Sweden)

    Vitaly Eduardovich Dorokhov

    2014-05-01

    Full Text Available The article deals with accounting reputational risks arising through information security breaches in the management of a business entity. Security breach incidents which results to the loss of reputation are identified. Based on this analysis the definition of reputational risk in information security is given.

  9. Information management

    Science.gov (United States)

    Ricks, Wendell; Corker, Kevin

    1990-01-01

    Primary Flight Display (PFD) information management and cockpit display of information management research is presented in viewgraph form. The information management problem in the cockpit, information management burdens, the key characteristics of an information manager, the interface management system handling the flow of information and the dialogs between the system and the pilot, and overall system architecture are covered.

  10. TRUST MODEL FOR INFORMATION SECURITY OF MULTI-AGENT ROBOTIC SYSTEMS WITH A DECENTRALIZED MANAGEMENT

    Directory of Open Access Journals (Sweden)

    I. A. Zikratov

    2014-03-01

    Full Text Available The paper deals with the issues on protection of multi-agent robotic systems against attacks by robots-saboteurs. The operation analysis of such systems with decentralized control is carried out. Concept of harmful information impact (attack from a robot-saboteur to the multi-agent robotic system is given. The class of attacks is considered using interception of messages, formation and transfer of misinformation to group of robots, and also carrying out other actions with vulnerabilities of multiagent algorithms without obviously identified signs of invasion of robots-saboteurs. The model of information security is developed, in which robots-agents work out trust levels to each other analyzing the events occurring in the system. The idea of trust model consists in the analysis of transferred information by each robot and the executed actions of other members in a group, comparison of chosen decision on iteration step k with objective function of the group. Distinctive feature of the trust model in comparison with the closest analogue - Buddy Security Model in which the exchange between the agents security tokens is done — is involvement of the time factor during which agents have to "prove" by their actions the usefulness in achievement of a common goal to members of the group. Variants of this model realization and ways of an assessment of trust levels for agents in view of the security policy accepted in the group are proposed.

  11. Security classification of information

    Energy Technology Data Exchange (ETDEWEB)

    Quist, A.S.

    1993-04-01

    This document is the second of a planned four-volume work that comprehensively discusses the security classification of information. The main focus of Volume 2 is on the principles for classification of information. Included herein are descriptions of the two major types of information that governments classify for national security reasons (subjective and objective information), guidance to use when determining whether information under consideration for classification is controlled by the government (a necessary requirement for classification to be effective), information disclosure risks and benefits (the benefits and costs of classification), standards to use when balancing information disclosure risks and benefits, guidance for assigning classification levels (Top Secret, Secret, or Confidential) to classified information, guidance for determining how long information should be classified (classification duration), classification of associations of information, classification of compilations of information, and principles for declassifying and downgrading information. Rules or principles of certain areas of our legal system (e.g., trade secret law) are sometimes mentioned to .provide added support to some of those classification principles.

  12. ITIL{sup ®} and information security

    Energy Technology Data Exchange (ETDEWEB)

    Jašek, Roman; Králík, Lukáš; Popelka, Miroslav [Tomas Bata University in Zlin, Faculty of Applied Informatics NadStranemi 4511, 760 05 Zlin (Czech Republic)

    2015-03-10

    This paper discusses the context of ITIL framework and management of information security. It is therefore a summary study, where the first part is focused on the safety objectives in connection with the ITIL framework. First of all, there is a focus on ITIL process ISM (Information Security Management), its principle and system management. The conclusion is about link between standards, which are related to security, and ITIL framework.

  13. DNS security management

    CERN Document Server

    Dooley, Michael

    2017-01-01

    An advanced Domain Name System (DNS) security resource that explores the operation of DNS, its vulnerabilities, basic security approaches, and mitigation strategies DNS Security Management offers an overall role-based security approach and discusses the various threats to the Domain Name Systems (DNS). This vital resource is filled with proven strategies for detecting and mitigating these all too frequent threats. The authors—noted experts on the topic—offer an introduction to the role of DNS and explore the operation of DNS. They cover a myriad of DNS vulnerabilities and include preventative strategies that can be implemented. Comprehensive in scope, the text shows how to secure DNS resolution with the Domain Name System Security Extensions (DNSSEC), DNS firewall, server controls, and much more. In addition, the text includes discussions on security applications facilitated by DNS, such as anti-spam, SFP, and DANE.

  14. Automated security management

    CERN Document Server

    Al-Shaer, Ehab; Xie, Geoffrey

    2013-01-01

    In this contributed volume, leading international researchers explore configuration modeling and checking, vulnerability and risk assessment, configuration analysis, and diagnostics and discovery. The authors equip readers to understand automated security management systems and techniques that increase overall network assurability and usability. These constantly changing networks defend against cyber attacks by integrating hundreds of security devices such as firewalls, IPSec gateways, IDS/IPS, authentication servers, authorization/RBAC servers, and crypto systems. Automated Security Managemen

  15. Cyber crisis management: a decision-support framework for disclosing security incident information

    OpenAIRE

    Kulikova, Olga; Heil, Ronald; van den Berg, Jan; Pieters, Wolter

    2012-01-01

    The growing sophistication and frequency of cyber attacks force modern companies to be prepared beforehand for potential cyber security incidents and data leaks. A proper incident disclosure strategy can significantly improve timeliness and effectiveness of incident response activities, reduce legal fines, and restore confidence and trust of a company's key stakeholders. In this paper, four factors that shape organizational preferences regarding incident information disclosure are introduced....

  16. Information security risk assessment, aggregation, and mitigation

    NARCIS (Netherlands)

    Lenstra, A.K.; Voss, T.; Wang, H.; Pieprzyk, J.; Varadharajan, V.

    2004-01-01

    As part of their compliance process with the Basel 2 operational risk management requirements, banks must define how they deal with information security risk management. In this paper we describe work in progress on a new quantitative model to assess and aggregate information security risks that is

  17. Key management schemes using routing information frames in secure wireless sensor networks

    Science.gov (United States)

    Kamaev, V. A.; Finogeev, A. G.; Finogeev, A. A.; Parygin, D. S.

    2017-01-01

    The article considers the problems and objectives of key management for data encryption in wireless sensor networks (WSN) of SCADA systems. The structure of the key information in the ZigBee network and methods of keys obtaining are discussed. The use of a hybrid key management schemes is most suitable for WSN. The session symmetric key is used to encrypt the sensor data, asymmetric keys are used to encrypt the session key transmitted from the routing information. Three algorithms of hybrid key management using routing information frames determined by routing methods and the WSN topology are presented.

  18. Information security management: a proposal to improve the effectiveness of information security in the scientific research environment; Gestao da seguranca da informacao: uma proposta para potencializar a efetividade da seguranca da informacao em ambiente de pesquisa cientifica

    Energy Technology Data Exchange (ETDEWEB)

    Alexandria, Joao Carlos Soares de

    2009-07-01

    The increase of the connectivity in the business environment, combined with the growing dependency of information systems, has become the information security management an important governance tool. Information security has as main goal to protect the business transactions in order to work normally. In this way, It will be safeguarding the business continuity. The threats of information come from hackers' attacks, electronic frauds and spying, as well as fire, electrical energy interruption and humans fault. Information security is made by implementation of a set of controls, including of the others politics, processes, procedures, organizational structures, software and hardware, which require a continuous management and a well established structure to be able to face such challenges. This work tried to search the reasons why the organizations have difficulties to make a practice of information security management. Many of them just limit to adopt points measures, sometimes they are not consistent with their realities. The market counts on enough quantity of standards and regulations related to information security issues, for example, ISO/IEC 27002, American Sarbanes-Oxley act, Basel capital accord, regulations from regulatory agency (such as the Brazilians ones ANATEL, ANVISA and CVM). The market researches have showed that the information security implementation is concentrated on a well-defined group of organization mainly formed by large companies and from specifics sectors of economy, for example, financial and telecommunication. However, information security must be done by all organizations that use information systems to carry out their activities, independently of its size or economic area that it belongs. The situation of information security in the governmental sector of Brazil, and inside its research institutions, is considered worrying by the Brazilian Court of Accounts (TCU). This research work presents an assessment and diagnostic proposal

  19. Information technology security system engineering methodology

    Science.gov (United States)

    Childs, D.

    2003-01-01

    A methodology is described for system engineering security into large information technology systems under development. The methodology is an integration of a risk management process and a generic system development life cycle process. The methodology is to be used by Security System Engineers to effectively engineer and integrate information technology security into a target system as it progresses through the development life cycle. The methodology can also be used to re-engineer security into a legacy system.

  20. Information security becoming a priority for utilities

    Energy Technology Data Exchange (ETDEWEB)

    Nicolaides, S. [Numerex, Atlanta, GA (United States)

    2009-10-15

    As part of North America's national critical infrastructure, utilities are finding themselves at the forefront of a security issue. In October 2007, a leading security service provider reported a 90 per cent increase in the number of hackers attempting to attack its utility clients in just one year. Utilities are vulnerable to cyber attacks that could disrupt power production and the transmission system. This article discussed the need for intelligent technologies in securely enabling resource management and operational efficiency of the utilities market. It discussed the unique security challenges that utilities face at a time of greater regulatory activity, heightened environmental concerns, tighter data security requirements and an increasing need for remote monitoring and control. A new tool has emerged for cyber security in the form of an international standard that may offer a strong guideline to work toward 11 security domains. These include security policy; organization of information security; asset management; human resources security; physical and environmental security; communications and operations management; access control; information systems acquisition; development and maintenance; information security incident management; business continuity management; and compliance. 2 figs.

  1. Information Systems Security: Whose Responsibility? | Senzige ...

    African Journals Online (AJOL)

    ... compounded by the increasingly international nature of information systems, this responsibility still rests with managers only. This paper looks at security concerns related to information systems, identifies the threats and suggests how the security of information systems should be handled. African Journal of Finance and ...

  2. The Personal Information Security Assistant

    NARCIS (Netherlands)

    Kegel, Roeland Hendrik,Pieter

    The human element is often found to be the weakest link in the information security chain. The Personal Information Security Assistant project aims to address this by improving the privacy and security awareness of end-users and by aligning the user's personal IT environment to the user's security

  3. Dynamic Group Management Scheme for Sustainable and Secure Information Sensing in IoT

    Directory of Open Access Journals (Sweden)

    Hyungjoo Kim

    2016-10-01

    Full Text Available The services provided to users in the environment associated with the Internet of Things (hereinafter referred to as IoT begin with the information collected from sensors. It is imperative to transmit high-quality sensor data for providing better services. It is also required to collect data only from those authenticated sensors. Moreover, it is imperative to collect high-quality data on a sustainable and continuous basis in order to provide services anytime and anywhere in the IoT environment. Therefore, high-quality, authenticated sensor networks should be constructed. The most prominent routing protocol to enhance the energy consumption efficiency for the sustainable data collection in a sensor network is the LEACH routing protocol. The LEACH routing protocol transmits sensor data by measuring the energy of sensors and allocating sensor groups dynamically. However, these sensor networks have vulnerabilities such as key leakage, eavesdropping, replay attack and relay attack, given the nature of wireless network communication. A large number of security techniques have been studied in order to solve these vulnerabilities. Nonetheless, these studies still cannot support the dynamic sensor group allocation of the LEACH routing protocol. Furthermore, they are not suitable for the sensor nodes whose hardware computing ability and energy resources are limited. Therefore, this paper proposed a group sensor communication protocol that utilizes only the four fundamental arithmetic operations and logical operation for the sensor node authentication and secure data transmission. Through the security analysis, this paper verified that the proposed scheme was secure to the vulnerabilities resulting from the nature of wireless network communication. Moreover, this paper verified through the performance analysis that the proposed scheme could be utilized efficiently.

  4. Report: Fiscal Year 2006 Federal Information Security Management Act Report Status of EPA’s Computer Security Program

    Science.gov (United States)

    Report #2006-S-00008, September 25, 2006. Although the Agency has made substantial progress to improve its security program, the OIG identified weaknesses in the Agency’s incident reporting practices.

  5. Security Information System Digital Simulation

    OpenAIRE

    Tao Kuang; Shanhong Zhu

    2015-01-01

    The study built a simulation model for the study of food security information system relay protection. MATLAB-based simulation technology can support the analysis and design of food security information systems. As an example, the food security information system fault simulation, zero-sequence current protection simulation and transformer differential protection simulation are presented in this study. The case studies show that the simulation of food security information system relay protect...

  6. Information security principles and practice

    CERN Document Server

    Stamp, Mark

    2011-01-01

    Now updated-your expert guide to twenty-first century information security Information security is a rapidly evolving field. As businesses and consumers become increasingly dependent on complex multinational information systems, it is more imperative than ever to protect the confidentiality and integrity of data. Featuring a wide array of new information on the most current security issues, this fully updated and revised edition of Information Security: Principles and Practice provides the skills and knowledge readers need to tackle any information security challenge. Taking a pract

  7. Tailoring ISO/IEC 27001 for SMEs: A Guide to Implement an Information Security Management System in Small Settings

    Science.gov (United States)

    Valdevit, Thierry; Mayer, Nicolas; Barafort, Béatrix

    While Information Security Management Systems (ISMS) are being adopted by the biggest IT companies, it remains quite difficult for smaller entities to implement and maintain all the requirements of ISO/IEC 27001. In order to increase information security in Luxembourg, the Public Research Centre Henri Tudor has been charged by the Luxembourg Ministry of Economy and Foreign Trade to find solutions to facilitate ISMS deployment for SMEs. After an initial experiment aiming at assisting a SME in getting the first national ISO/IEC 27001 certification for a private company, an implementation guide for deploying an ISMS, validated by local experts and experimented in SMEs, has been released and is presented in this paper.

  8. [Information security in health care].

    Science.gov (United States)

    Ködmön, József; Csajbók, Zoltán Ernő

    2015-07-05

    Doctors, nurses and other medical professionals are spending more and more time in front of the computer, using applications developed for general practitioners, specialized care, or perhaps an integrated hospital system. The data they handle during healing and patient care are mostly sensitive data and, therefore, their management is strictly regulated. Finding our way in the jungle of laws, regulations and policies is not simple. Notwithstanding, our lack of information does not waive our responsibility. This study summarizes the most important points of international recommendations, standards and legal regulations of the field, as well as giving practical advices for managing medical and patient data securely and in compliance with the current legal regulations.

  9. A Layered Trust Information Security Architecture

    Science.gov (United States)

    de Oliveira Albuquerque, Robson; García Villalba, Luis Javier; Sandoval Orozco, Ana Lucila; Buiati, Fábio; Kim, Tai-Hoon

    2014-01-01

    Information can be considered the most important asset of any modern organization. Securing this information involves preserving confidentially, integrity and availability, the well-known CIA triad. In addition, information security is a risk management job; the task is to manage the inherent risks of information disclosure. Current information security platforms do not deal with the different facets of information technology. This paper presents a layered trust information security architecture (TISA) and its creation was motivated by the need to consider information and security from different points of view in order to protect it. This paper also extends and discusses security information extensions as a way of helping the CIA triad. Furthermore, this paper suggests information representation and treatment elements, operations and support components that can be integrated to show the various risk sources when dealing with both information and security. An overview of how information is represented and treated nowadays in the technological environment is shown, and the reason why it is so difficult to guarantee security in all aspects of the information pathway is discussed. PMID:25470490

  10. A layered trust information security architecture.

    Science.gov (United States)

    de Oliveira Albuquerque, Robson; Villalba, Luis Javier García; Orozco, Ana Lucila Sandoval; Buiati, Fábio; Kim, Tai-Hoon

    2014-12-01

    Information can be considered the most important asset of any modern organization. Securing this information involves preserving confidentially, integrity and availability, the well-known CIA triad. In addition, information security is a risk management job; the task is to manage the inherent risks of information disclosure. Current information security platforms do not deal with the different facets of information technology. This paper presents a layered trust information security architecture (TISA) and its creation was motivated by the need to consider information and security from different points of view in order to protect it. This paper also extends and discusses security information extensions as a way of helping the CIA triad. Furthermore, this paper suggests information representation and treatment elements, operations and support components that can be integrated to show the various risk sources when dealing with both information and security. An overview of how information is represented and treated nowadays in the technological environment is shown, and the reason why it is so difficult to guarantee security in all aspects of the information pathway is discussed.

  11. A Layered Trust Information Security Architecture

    Directory of Open Access Journals (Sweden)

    Robson de Oliveira Albuquerque

    2014-12-01

    Full Text Available Information can be considered the most important asset of any modern organization. Securing this information involves preserving confidentially, integrity and availability, the well-known CIA triad. In addition, information security is a risk management job; the task is to manage the inherent risks of information disclosure. Current information security platforms do not deal with the different facets of information technology. This paper presents a layered trust information security architecture (TISA and its creation was motivated by the need to consider information and security from different points of view in order to protect it. This paper also extends and discusses security information extensions as a way of helping the CIA triad. Furthermore, this paper suggests information representation and treatment elements, operations and support components that can be integrated to show the various risk sources when dealing with both information and security. An overview of how information is represented and treated nowadays in the technological environment is shown, and the reason why it is so difficult to guarantee security in all aspects of the information pathway is discussed.

  12. Social Networks and Corporate Information Security

    Directory of Open Access Journals (Sweden)

    Ekaterina Gennadievna Kondratova

    2013-06-01

    Full Text Available It is defined in the article social networks as a tool in the hands of cyber-criminals to compromise the organization’s data. The author focuses on a list of threats to information security caused by social networks usage, which should be considered in the set up of information security management system of the company.

  13. Security and Emergency Management Division

    Data.gov (United States)

    Federal Laboratory Consortium — Volpe's Security and Emergency Management Division identifies vulnerabilities, risks, and opportunities to improve the security of transportation systems, critical...

  14. 21st Century Security Manager

    Directory of Open Access Journals (Sweden)

    Stelian ARION

    2010-11-01

    Full Text Available We live in world of uncertainty that generates major paradigms changing that affect security risk management. Modern organization’s security risks management can’t be done without a profound knowlegde and daily practice for security governance, security risk management and resilience. 21st Century security manager need to deal with several areas of konwledge in order to succesfully manage security risks. The document presents the advantages, disadvantages and challenges for security managers thah have government backgroud, or IT security backgroud, or are promoted from organization’s inside leaders. There are six different areas of knowledge that successful security programs of the future must incorporate, either in the knowledge base of their leaders or in the collective knowledge of the leading staff. They are government elements, security organization, emerging issue awareness, IT security, business elements and executive leadership.

  15. Information security practices emerging threats and perspectives

    CERN Document Server

    Awad, Ahmed; Woungang, Isaac

    2017-01-01

    This book introduces novel research targeting technical aspects of protecting information security and establishing trust in the digital space. New paradigms, and emerging threats and solutions are presented in topics such as application security and threat management; modern authentication paradigms; digital fraud detection; social engineering and insider threats; cyber threat intelligence; intrusion detection; behavioral biometrics recognition; hardware security analysis. The book presents both the important core and the specialized issues in the areas of protection, assurance, and trust in information security practice. It is intended to be a valuable resource and reference for researchers, instructors, students, scientists, engineers, managers, and industry practitioners. .

  16. Information security protecting the global enterprise

    CERN Document Server

    Pipkin, Donald L

    2000-01-01

    In this book, IT security expert Donald Pipkin addresses every aspect of information security: the business issues, the technical process issues, and the legal issues. Pipkin starts by reviewing the key business issues: estimating the value of information assets, evaluating the cost to the organization if they are lost or disclosed, and determining the appropriate levels of protection and response to security incidents. Next, he walks through the technical processes required to build a consistent, reasonable information security system, with appropriate intrusion detection and reporting features. Finally, Pipkin reviews the legal issues associated with information security, including corporate officers' personal liability for taking care that information is protected. The book's coverage is applicable to businesses of any size, from 50 employees to 50,000 or more, and ideal for everyone who needs at least a basic understanding of information security: network/system administrators, managers, planners, archite...

  17. Audit for Information Systems Security

    Directory of Open Access Journals (Sweden)

    Ana-Maria SUDUC

    2010-01-01

    Full Text Available The information and communication technologies advances made available enormous and vast amounts of information. This availability generates also significant risks to computer systems, information and to the critical operations and infrastructures they support. In spite of significant advances in the information security area many information systems are still vulnerable to inside or outside attacks. The existence of an internal audit for information system security increases the probability of adopting adequate security measures and preventing these attacks or lowering the negative consequences. The paper presents an exploratory study on informatics audit for information systems security.

  18. Network Paradigm of Information Security

    Directory of Open Access Journals (Sweden)

    Alexandr Diomidovich Afanasyev

    2016-03-01

    Full Text Available An issue of topological analysis has been claimed as a key one while creating robust and secure network systems. Some examples of complex network applications in information security domain have been cited.

  19. Information Security Service Branding – beyond information security awareness

    Directory of Open Access Journals (Sweden)

    Rahul Rastogi

    2012-12-01

    Full Text Available End-users play a critical role in the effective implementation and running of an information security program in any organization. The success of such a program depends primarily on the effective implementation and execution of associated information security policies and controls and the resultant behavior and actions of end-users. However, end-users often have negative perception of information security in the organization and exhibit non-compliance. In order to improve compliance levels, it is vital to improve the image of information security in the minds of end-users. This paper borrows the concepts of brands and branding from the domain of marketing to achieve this objective and applies these concepts to information security. The paper also describes a process for creating the information security service brand in the organization.

  20. Assessment of Information Security Management System based on ISO/IEC 27001:2013 On Subdirectorate of Data Center and Data Recovery Center in Ministry of Internal Affairs

    Directory of Open Access Journals (Sweden)

    Kurnianto Ari

    2018-01-01

    Full Text Available Information security is a problem effected business process of an organization, so it needs special concern. Information security assessment which is good and has international standard is done using Information Security Management System (ISMS ISO/IEC 27001:2013. In this research, the high level assessment has been done using ISO/IEC 27001:2013 to observe the strength of information secuity in Ministry of Internal Affairs. The research explains about the assessment of information security management which is built using PHP. The input data use primary and secondary data which passed observation. The process gets maturity using the assessment of ISO/IEC 27001:2013. GAP Analysis observes the condition now a days and then to get recommendation and road map. The result of this research gets all of the information security process which has not been already good enough in Ministry of Internal Affairs, gives recommendation and road map to improve part of all information system being running. It indicates that ISO/IEC 27001:2013 is good used to rate maturity of information security management. As the next analyzation, this research use Clause and Annex in ISO/IEC 27001:2013 which is suitable with condition of Data Center and Data Recovery Center, so it gets optimum result and solving problem of the weakness information security.

  1. Assessment of Information Security Management System based on ISO/IEC 27001:2013 On Subdirectorate of Data Center and Data Recovery Center in Ministry of Internal Affairs

    Science.gov (United States)

    Kurnianto, Ari; Isnanto, Rizal; Widodo, Aris Puji

    2018-02-01

    Information security is a problem effected business process of an organization, so it needs special concern. Information security assessment which is good and has international standard is done using Information Security Management System (ISMS) ISO/IEC 27001:2013. In this research, the high level assessment has been done using ISO/IEC 27001:2013 to observe the strength of information secuity in Ministry of Internal Affairs. The research explains about the assessment of information security management which is built using PHP. The input data use primary and secondary data which passed observation. The process gets maturity using the assessment of ISO/IEC 27001:2013. GAP Analysis observes the condition now a days and then to get recommendation and road map. The result of this research gets all of the information security process which has not been already good enough in Ministry of Internal Affairs, gives recommendation and road map to improve part of all information system being running. It indicates that ISO/IEC 27001:2013 is good used to rate maturity of information security management. As the next analyzation, this research use Clause and Annex in ISO/IEC 27001:2013 which is suitable with condition of Data Center and Data Recovery Center, so it gets optimum result and solving problem of the weakness information security.

  2. Security Clearances and the Protection of National Security Information: Law and Procedures

    National Research Council Canada - National Science Library

    Cohen, Sheldon

    2000-01-01

    ... designed to protect National Security information. The report provides an authoritative compendium for lawyers, security officers and for managers of corporations who must deal with the legal and procedural aspects of security clearances...

  3. Global Security Program Management Plan

    Energy Technology Data Exchange (ETDEWEB)

    Bretzke, John C. [Los Alamos National Lab. (LANL), Los Alamos, NM (United States)

    2014-03-25

    The Global Security Directorate mission is to protect against proliferant and unconventional nuclear threats –regardless of origin - and emerging new threats. This mission is accomplished as the Los Alamos National Laboratory staff completes projects for our numerous sponsors. The purpose of this Program Management Plan is to establish and clearly describe the GS program management requirements including instructions that are essential for the successful management of projects in accordance with our sponsor requirements. The detailed information provided in this document applies to all LANL staff and their subcontractors that are performing GS portfolio work. GS management is committed to a culture that ensures effective planning, execution, and achievement of measurable results in accordance with the GS mission. Outcomes of such a culture result in better communication, delegated authority, accountability, and increased emphasis on safely and securely achieving GS objectives.

  4. Teaching RFID Information Systems Security

    Science.gov (United States)

    Thompson, Dale R.; Di, Jia; Daugherty, Michael K.

    2014-01-01

    The future cyber security workforce needs radio frequency identification (RFID) information systems security (INFOSEC) and threat modeling educational materials. A complete RFID security course with new learning materials and teaching strategies is presented here. A new RFID Reference Model is used in the course to organize discussion of RFID,…

  5. Communications and information infrastructure security

    CERN Document Server

    Voeller, John G

    2014-01-01

    Communication and Information Systems Security features articles from the Wiley Handbook of Science and Technology for Homeland Security covering strategies for protecting the telecommunications sector, wireless security, advanced web based technology for emergency situations. Science and technology for critical infrastructure consequence mitigation are also discussed.

  6. The executive MBA in information security

    CERN Document Server

    Trinckes, John J

    2009-01-01

    Supplying a complete overview of the concepts executives need to know, this book provides the tools needed to ensure your organization has an effective information security management program in place. It also includes a ready-to use security framework for developing workable programs and supplies proven tips for avoiding common pitfalls.

  7. Cyber crisis management: a decision-support framework for disclosing security incident information

    NARCIS (Netherlands)

    Kulikova, Olga; Heil, Ronald; van den Berg, Jan; Pieters, Wolter

    2012-01-01

    The growing sophistication and frequency of cyber attacks force modern companies to be prepared beforehand for potential cyber security incidents and data leaks. A proper incident disclosure strategy can significantly improve timeliness and effectiveness of incident response activities, reduce legal

  8. To The Question Of The Concepts "National Security", "Information Security", "National Information Security" Meanings

    OpenAIRE

    Alexander A. Galushkin

    2015-01-01

    In the present article author analyzes value of the concepts "national security", "information security", "national information security". Author gives opinions of scientists-jurists, definitions given by legislators and normotvorets in various regulations.

  9. Cloud management and security

    CERN Document Server

    Abbadi, Imad M

    2014-01-01

    Written by an expert with over 15 years' experience in the field, this book establishes the foundations of Cloud computing, building an in-depth and diverse understanding of the technologies behind Cloud computing. In this book, the author begins with an introduction to Cloud computing, presenting fundamental concepts such as analyzing Cloud definitions, Cloud evolution, Cloud services, Cloud deployment types and highlighting the main challenges. Following on from the introduction, the book is divided into three parts: Cloud management, Cloud security, and practical examples. Part one presents the main components constituting the Cloud and federated Cloud infrastructure(e.g., interactions and deployment), discusses management platforms (resources and services), identifies and analyzes the main properties of the Cloud infrastructure, and presents Cloud automated management services: virtual and application resource management services. Part two analyzes the problem of establishing trustworthy Cloud, discuss...

  10. 32 CFR 2400.45 - Information Security Program Review.

    Science.gov (United States)

    2010-07-01

    ... 32 National Defense 6 2010-07-01 2010-07-01 false Information Security Program Review. 2400.45... SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.45 Information Security Program Review. (a) The Director, OSTP, shall require an annual formal review of the OSTP...

  11. Information Security Role Model for Staff of Banking Structures

    Directory of Open Access Journals (Sweden)

    A. O. Vybornov

    2012-12-01

    Full Text Available Categories roles of information security employees of the banking organization are defined. Functional roles are described. The relationship between functional roles, employees, functions and authority are defined. The role of information security employees of the banking organization for information security system and information security management system are described. Recommendations for the implementation phases of the selection and appointment of the functional roles and to control the selection and role assignment information security employees of the banking organization are stated.

  12. Functional Security Model: Managers Engineers Working Together

    Science.gov (United States)

    Guillen, Edward Paul; Quintero, Rulfo

    2008-05-01

    Information security has a wide variety of solutions including security policies, network architectures and technological applications, they are usually designed and implemented by security architects, but in its own complexity this solutions are difficult to understand by company managers and they are who finally fund the security project. The main goal of the functional security model is to achieve a solid security platform reliable and understandable in the whole company without leaving of side the rigor of the recommendations and the laws compliance in a single frame. This paper shows a general scheme of the model with the use of important standards and tries to give an integrated solution.

  13. Information risk and security modeling

    Science.gov (United States)

    Zivic, Predrag

    2005-03-01

    This research paper presentation will feature current frameworks to addressing risk and security modeling and metrics. The paper will analyze technical level risk and security metrics of Common Criteria/ISO15408, Centre for Internet Security guidelines, NSA configuration guidelines and metrics used at this level. Information IT operational standards view on security metrics such as GMITS/ISO13335, ITIL/ITMS and architectural guidelines such as ISO7498-2 will be explained. Business process level standards such as ISO17799, COSO and CobiT will be presented with their control approach to security metrics. Top level, the maturity standards such as SSE-CMM/ISO21827, NSA Infosec Assessment and CobiT will be explored and reviewed. For each defined level of security metrics the research presentation will explore the appropriate usage of these standards. The paper will discuss standards approaches to conducting the risk and security metrics. The research findings will demonstrate the need for common baseline for both risk and security metrics. This paper will show the relation between the attribute based common baseline and corporate assets and controls for risk and security metrics. IT will be shown that such approach spans over all mentioned standards. The proposed approach 3D visual presentation and development of the Information Security Model will be analyzed and postulated. Presentation will clearly demonstrate the benefits of proposed attributes based approach and defined risk and security space for modeling and measuring.

  14. Evaluation of the central libraries information security management at governmental universities located in Tehran, according to the international standard ISO/IEC 27002

    Directory of Open Access Journals (Sweden)

    Milad Malekolkalami

    2014-02-01

    Full Text Available This study assessed the evaluation of information security management status in central Libraries of governmental universities located in Tehran, according to ISO / I.E.C. 27002. Research method applied for the study is descriptive Survey and a questionnaire was used for collecting information. The questionnaire was distributed between the 74 central library managers of governmental universities in Tehran according to the recent list on the website of Ministry of Science, Research and Technology, that includes 39 components based on 11 indicators of the standard ISO/ I.E.C. 27002. Analysis of data has been done by using both descriptive and inferential statistics by Microsoft Excel 2007and SPSS statistical softwares. The results of research showed that the mean for libraries in 11 indexes are as follows: The mean for the first index, Security policy, is 3.91 , in the second index, organization of information security, is 4.23, in the third index, asset security management, is 4.38, in the fourth index, Human Resources Security management, is 4, in the fifth index, physical and environment Security management, is 4.07, in the sixth index, operations management and communications, is 4.15, in the Seventh index, access controls management, is 4.38, in the eighth index, information system acquisition, development and maintenance, is 3.92, in the ninth index, information security incident management, is 3.84, in the tenth index, business continuity management, is 3.46, in the eleventh index, compliance, is 3.69 that match with the standard ISO / IEC. 27002. The results of Research shown that totally mean for standard ISO/I.E.C. 27002 in the field of information security management in the central libraries, is 4 being in a good condition and there is no significant differences between the performance of the Central libraries of the governmental Universities in Tehran, since It is not observed significant difference between them in the field of

  15. Information fusion for cyber-security analytics

    CERN Document Server

    Karabatis, George; Aleroud, Ahmed

    2017-01-01

    This book highlights several gaps that have not been addressed in existing cyber security research. It first discusses the recent attack prediction techniques that utilize one or more aspects of information to create attack prediction models. The second part is dedicated to new trends on information fusion and their applicability to cyber security; in particular, graph data analytics for cyber security, unwanted traffic detection and control based on trust management software defined networks, security in wireless sensor networks & their applications, and emerging trends in security system design using the concept of social behavioral biometric. The book guides the design of new commercialized tools that can be introduced to improve the accuracy of existing attack prediction models. Furthermore, the book advances the use of Knowledge-based Intrusion Detection Systems (IDS) to complement existing IDS technologies. It is aimed towards cyber security researchers. .

  16. Governance and Risk Management of Network and Information Security: The Role of Public Private Partnerships in Managing the Existing and Emerging Risks

    Science.gov (United States)

    Navare, Jyoti; Gemikonakli, Orhan

    Globalisation and new technology has opened the gates to more security risks. As the strategic importance of communication networks and information increased, threats to the security and safety of communication infrastructures, as well as information stored in and/or transmitted increased significantly. The development of the self replicating programmes has become a nightmare for Internet users. Leading companies, strategic organisations were not immune to attacks; they were also "hacked" and overtaken by intruders. Incidents of recent years have also shown that national/regional crisis may also trigger cyber attacks at large scale. Experts forecast that cyber wars are likely to take the stage as tension mounts between developed societies. New risks such as cyber-attacks, network terrorism and disintegration of traditional infrastructures has somewhat blurred the boundaries of operation and control. This paper seeks to consider the risk management and governance and looking more specifically at implications for emerging economies.

  17. Information security foundations, technologies and applications

    CERN Document Server

    Awad, Ali Ismail; Fairhurst, Michael

    2018-01-01

    This book outlines key emerging trends in information security from the foundations and technologies in biometrics, cybersecurity, and big data security to applications in hardware and embedded systems security, computer forensics, the Internet of Things security, and network security.

  18. An Analysis of Information Technology Managers' and Executives' Security Concerns on Willingness to Adopt Cloud Computing Solutions

    Science.gov (United States)

    Tanque, Marcus M.

    2012-01-01

    The research conducted in this study inquires about Information Technology (IT) managers' and executives' attitudes, beliefs, and knowledge on Cloud Computing (CC) security. The study evaluated how these factors affect IT managers' and executives' willingness to adopt CC solutions in their organizations. Confidentiality,…

  19. INFORMATION SECURITY IN LOGISTICS COOPERATION

    Directory of Open Access Journals (Sweden)

    Tomasz Małkus

    2015-03-01

    Full Text Available Cooperation of suppliers of raw materials, semi-finished products, finished products, wholesalers, retailers in the form of the supply chain, as well as outsourcing of specialized logistics service require ensuring adequate support of information. It concerns the use of appropriate computer tools. The security of information in such conditions of collaboration becomes the important problem for parties of contract. The objective of the paper is to characterize main issues relating to security of information in logistics cooperation.

  20. DOT Cyber Security Assessment Management -

    Data.gov (United States)

    Department of Transportation — This data set contains information about the security and compliance status of FISMA systems within the Department. The information contains detailed descriptions of...

  1. Information Security and the Internet.

    Science.gov (United States)

    Doddrell, Gregory R.

    1996-01-01

    As business relies less on "fortress" style central computers and more on distributed systems, the risk of disruption increases because of inadequate physical security, support services, and site monitoring. This article discusses information security and why protection is required on the Internet, presents a best practice firewall, and…

  2. Computer and information security handbook

    CERN Document Server

    Vacca, John R

    2012-01-01

    The second edition of this comprehensive handbook of computer and information security provides the most complete view of computer security and privacy available. It offers in-depth coverage of security theory, technology, and practice as they relate to established technologies as well as recent advances. It explores practical solutions to many security issues. Individual chapters are authored by leading experts in the field and address the immediate and long-term challenges in the authors' respective areas of expertise. The book is organized into 10 parts comprised of 70 contributed

  3. 76 FR 34761 - Classified National Security Information

    Science.gov (United States)

    2011-06-14

    ... MARINE MAMMAL COMMISSION Classified National Security Information [Directive 11-01] AGENCY: Marine... Commission's (MMC) policy on classified information, as directed by Information Security Oversight Office... of Executive Order 13526, ``Classified National Security Information,'' and 32 CFR part 2001...

  4. Implementing healthcare information security: standards can help.

    Science.gov (United States)

    Orel, Andrej; Bernik, Igor

    2013-01-01

    Using widely spread common approaches to systems security in health dedicated controlled environments, a level of awareness, confidence and acceptance of relevant standardisation is evaluated. Patients' information is sensitive, so putting appropriate organisational techniques as well as modern technology in place to secure health information is of paramount importance. Mobile devices are becoming the top priorities in advanced information security planning with healthcare environments being no exception. There are less and less application areas in healthcare without having a need for a mobile functionality which represents an even greater information security challenge. This is also true in emergency treatments, rehabilitation and homecare just to mention a few areas outside hospital controlled environments. Unfortunately quite often traditional unsecured communications principles are still in routine use for communicating sensitive health related information. The security awareness level with users, patients and care professionals is not high enough so potential threats and risks may not be addressed and the respective information security management is therefore weak. Standards like ISO/IEC 27000 ISMS family, the ISO/IEC 27799 information security guidelines in health are often not well known, but together with legislation principles such as HIPAA, they can help.

  5. A Model of Managerial Effectiveness in Information Security: From Grounded Theory to Empirical Test

    National Research Council Canada - National Science Library

    Knapp, Kenneth J

    2005-01-01

    Information security is a critical issue facing organizations worldwide. in order to mitigate risk and protect valuable information, organizations need to operate and manage effective information security programs...

  6. Research on network information security model and system construction

    OpenAIRE

    Wang Haijun

    2016-01-01

    It briefly describes the impact of large data era on China’s network policy, but also brings more opportunities and challenges to the network information security. This paper reviews for the internationally accepted basic model and characteristics of network information security, and analyses the characteristics of network information security and their relationship. On the basis of the NIST security model, this paper describes three security control schemes in safety management model and the...

  7. Secure and QoS-Managed Information Exchange Between Enterprise and Constrained Environments

    Science.gov (United States)

    2014-01-01

    reporting burden for the collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching...existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information. Send comments regarding this...August 2008, RFC 5246, http://tools.ietf.org/html/rfc5246. [6] Fossi, M., Egan, G., Haley, K., Johnson, E., Mack, T., Adams, T., Blackbird , J., Low, M.K

  8. Measuring Information Security: Guidelines to Build Metrics

    Science.gov (United States)

    von Faber, Eberhard

    Measuring information security is a genuine interest of security managers. With metrics they can develop their security organization's visibility and standing within the enterprise or public authority as a whole. Organizations using information technology need to use security metrics. Despite the clear demands and advantages, security metrics are often poorly developed or ineffective parameters are collected and analysed. This paper describes best practices for the development of security metrics. First attention is drawn to motivation showing both requirements and benefits. The main body of this paper lists things which need to be observed (characteristic of metrics), things which can be measured (how measurements can be conducted) and steps for the development and implementation of metrics (procedures and planning). Analysis and communication is also key when using security metrics. Examples are also given in order to develop a better understanding. The author wants to resume, continue and develop the discussion about a topic which is or increasingly will be a critical factor of success for any security managers in larger organizations.

  9. Health Information Security in Hospitals: the Application of Security Safeguards.

    Science.gov (United States)

    Mehraeen, Esmaeil; Ayatollahi, Haleh; Ahmadi, Maryam

    2016-02-01

    A hospital information system has potentials to improve the accessibility of clinical information and the quality of health care. However, the use of this system has resulted in new challenges, such as concerns over health information security. This paper aims to assess the status of information security in terms of administrative, technical and physical safeguards in the university hospitals. This was a survey study in which the participants were information technology (IT) managers (n=36) who worked in the hospitals affiliated to the top ranked medical universities (university A and university B). Data were collected using a questionnaire. The content validity of the questionnaire was examined by the experts and the reliability of the questionnaire was determined using Cronbach's coefficient alpha (α=0.75). The results showed that the administrative safeguards were arranged at a medium level. In terms of the technical safeguards and the physical safeguards, the IT managers rated them at a strong level. According to the results, among three types of security safeguards, the administrative safeguards were assessed at the medium level. To improve it, developing security policies, implementing access control models and training users are recommended.

  10. 75 FR 28777 - Information Collection; Financial Information Security Request Form

    Science.gov (United States)

    2010-05-24

    ... Collection; Financial Information Security Request Form AGENCY: Forest Service, USDA. ACTION: Notice; Request... currently approved information collection; Financial Information Security Request Form. DATES: Comments must... Standard Time, Monday through Friday. SUPPLEMENTARY INFORMATION: Title: Financial Information Security...

  11. Security Engine Management of Router based on Security Policy

    OpenAIRE

    Su Hyung Jo; Ki Young Kim; Sang Ho Lee

    2007-01-01

    Security management has changed from the management of security equipments and useful interface to manager. It analyzes the whole security conditions of network and preserves the network services from attacks. Secure router technology has security functions, such as intrusion detection, IPsec(IP Security) and access control, are applied to legacy router for secure networking. It controls an unauthorized router access and detects an illegal network intrusion. This paper re...

  12. Assessing and managing security risk in IT systems a structured methodology

    CERN Document Server

    McCumber, John

    2004-01-01

    SECURITY CONCEPTSUsing ModelsIntroduction: Understanding, Selecting, and Applying Models Understanding AssetsLayered Security Using Models in Security Security Models for Information Systems Shortcomings of Models in SecuritySecurity in Context Reference Defining Information SecurityConfidentiality, Integrity, and Availability Information AttributesIntrinsic versus Imputed Value Information as an Asset The Elements of Security Security Is Security Only in Context Information as an Asset Introduction Determining Value Managing Information Resources ReferencesUnderstanding Threat and Its Relatio

  13. 41 CFR 105-53.133 - Information Security Oversight Office.

    Science.gov (United States)

    2010-07-01

    ... 41 Public Contracts and Property Management 3 2010-07-01 2010-07-01 false Information Security... FUNCTIONS Central Offices § 105-53.133 Information Security Oversight Office. (a) Creation and authority. The Information Security Oversight Office (ISOO), headed by the Director of ISOO, who is appointed by...

  14. Assessing Information Security Strategies, Tactics, Logic and Framework

    CERN Document Server

    Vladimirov, Andrew; Michajlowski, Andriej

    2010-01-01

    This book deals with the philosophy, strategy and tactics of soliciting, managing and conducting information security audits of all flavours. It will give readers the founding principles around information security assessments and why they are important, whilst providing a fluid framework for developing an astute 'information security mind' capable of rapid adaptation to evolving technologies, markets, regulations, and laws.

  15. Analysis of factors that inhibiting implementation of Information Security Management System (ISMS) based on ISO 27001

    Science.gov (United States)

    Tatiara, R.; Fajar, A. N.; Siregar, B.; Gunawan, W.

    2018-03-01

    The purpose of this research is to determine multi factors that inhibiting the implementation of the ISMS based on ISO 2700. It is also to propose a follow-up recommendation on the factors that inhibit the implementation of the ISMS. Data collection is derived from questionnaires to 182 respondents from users in data center operation (DCO) at bca, Indonesian telecommunication international (telin), and data centre division at Indonesian Ministry of Health. We analysing data collection with multiple linear regression analysis and paired t-test. The results are multiple factors which inhibiting the implementation of the ISMS from the three organizations which has implement and operate the ISMS, ISMS documentation management, and continual improvement. From this research, we concluded that the processes of implementation in ISMS is the necessity of the role of all parties in succeeding the implementation of the ISMS continuously.

  16. Developing Scalable Information Security Systems

    Directory of Open Access Journals (Sweden)

    Valery Konstantinovich Ablekov

    2013-06-01

    Full Text Available Existing physical security systems has wide range of lacks, including: high cost, a large number of vulnerabilities, problems of modification and support system. This paper covers an actual problem of developing systems without this list of drawbacks. The paper presents the architecture of the information security system, which operates through the network protocol TCP/IP, including the ability to connect different types of devices and integration with existing security systems. The main advantage is a significant increase in system reliability, scalability, both vertically and horizontally, with minimal cost of both financial and time resources.

  17. Validity of information security policy models

    Directory of Open Access Journals (Sweden)

    Joshua Onome Imoniana

    Full Text Available Validity is concerned with establishing evidence for the use of a method to be used with a particular set of population. Thus, when we address the issue of application of security policy models, we are concerned with the implementation of a certain policy, taking into consideration the standards required, through attribution of scores to every item in the research instrument. En today's globalized economic scenarios, the implementation of information security policy, in an information technology environment, is a condition sine qua non for the strategic management process of any organization. Regarding this topic, various studies present evidences that, the responsibility for maintaining a policy rests primarily with the Chief Security Officer. The Chief Security Officer, in doing so, strives to enhance the updating of technologies, in order to meet all-inclusive business continuity planning policies. Therefore, for such policy to be effective, it has to be entirely embraced by the Chief Executive Officer. This study was developed with the purpose of validating specific theoretical models, whose designs were based on literature review, by sampling 10 of the Automobile Industries located in the ABC region of Metropolitan São Paulo City. This sampling was based on the representativeness of such industries, particularly with regards to each one's implementation of information technology in the region. The current study concludes, presenting evidence of the discriminating validity of four key dimensions of the security policy, being such: the Physical Security, the Logical Access Security, the Administrative Security, and the Legal & Environmental Security. On analyzing the Alpha of Crombach structure of these security items, results not only attest that the capacity of those industries to implement security policies is indisputable, but also, the items involved, homogeneously correlate to each other.

  18. Information Communication and Technology for Water Resource Management and Food Security in Kenya: A Case Study of Kericho and Uasin Gishu Districts

    Science.gov (United States)

    Omboto, P. I.; Macharia, J.; Mbagaya, Grace; Standa, F. N.

    2011-01-01

    Recent reports on Kenya have indicated food insecurity and destruction of water catchments as serious problems facing the country. Despite the tremendous strides in Information and Communication Technology (ICT), the country has not taken advantage of the technology to improve food security by effectively managing her water resources. A survey on…

  19. Applying the Action-Research Method to Develop a Methodology to Reduce the Installation and Maintenance Times of Information Security Management Systems

    Directory of Open Access Journals (Sweden)

    Antonio Santos-Olmo

    2016-07-01

    Full Text Available Society is increasingly dependent on Information Security Management Systems (ISMS, and having these kind of systems has become vital for the development of Small and Medium-Sized Enterprises (SMEs. However, these companies require ISMS that have been adapted to their special features and have been optimized as regards the resources needed to deploy and maintain them, with very low costs and short implementation periods. This paper discusses the different cycles carried out using the ‘Action Research (AR’ method, which have allowed the development of a security management methodology for SMEs that is able to automate processes and reduce the implementation time of the ISMS.

  20. Information Technology: DoD FY 2004 Implementation of the Federal Information Security Management Act for Information Technology Training and Awareness

    National Research Council Canada - National Science Library

    Davis, Sarah; Mitchell, James; Palmer, Kevin A; Riggins, Liyang; Truex, Kathryn; Williams, Zac

    2004-01-01

    ...). Specifically, we evaluated whether all agency employees, including contractors, received IT security training and awareness and whether employees with significant IT security responsibilities...

  1. Information Technology Management: Select Controls for the Information Security of the Ground-Based Midcourse Defense Communications Network

    National Research Council Canada - National Science Library

    Truex, Kathryn M; Lamar, Karen J; Leighton, George A; Woodruff, Courtney E; Brunetti, Tina N; Russell, Dawn M

    2006-01-01

    ... to the Ground-Based Midcourse Defense Communications Network should read this report to reduce the risk of interruption, misuse, modification, and unauthorized access to information in the system...

  2. Network Security Is Manageable

    Science.gov (United States)

    Roberts, Gary

    2006-01-01

    An effective systems librarian must understand security vulnerabilities and be proactive in preventing problems. Specifics of future attacks or security challenges cannot possibly be anticipated, but this paper suggests some simple measures that can be taken to make attacks less likely to occur: program the operating system to get automatic…

  3. THE SECURITY AUDIT WITHIN INFORMATION SYSTEMS

    OpenAIRE

    Dan Constantin TOFAN

    2011-01-01

    The information security audit is definitely a tool for determining, achieving, and maintaining a proper level of security in an organization. This article offers a comprehensive review of the world's most popular standards related to information systems security audit.

  4. Information security architecture an integrated approach to security in the organization

    CERN Document Server

    Killmeyer, Jan

    2006-01-01

    Information Security Architecture, Second Edition incorporates the knowledge developed during the past decade that has pushed the information security life cycle from infancy to a more mature, understandable, and manageable state. It simplifies security by providing clear and organized methods and by guiding you to the most effective resources available.

  5. E-learning stakeholders information security vulnerability model

    OpenAIRE

    Mohd Alwi, Najwa Hayaati

    2012-01-01

    The motivation to conduct this research has come from awareness that the Internet exposes the e-learning environment to information security threats and vulnerabilities. Information security management as practised as a top down approach in many organisations tend to detach of people’s responsibility in ensuring the security of e-learning. Literature has pointed out that people’s behaviour required to be addressed to control the information security threats. This research proposes an ISM huma...

  6. Large-Scale Survey Findings Inform Patients’ Experiences in Using Secure Messaging to Engage in Patient-Provider Communication and Self-Care Management: A Quantitative Assessment

    Science.gov (United States)

    Patel, Nitin R; Lind, Jason D; Antinori, Nicole

    2015-01-01

    Background Secure email messaging is part of a national transformation initiative in the United States to promote new models of care that support enhanced patient-provider communication. To date, only a limited number of large-scale studies have evaluated users’ experiences in using secure email messaging. Objective To quantitatively assess veteran patients’ experiences in using secure email messaging in a large patient sample. Methods A cross-sectional mail-delivered paper-and-pencil survey study was conducted with a sample of respondents identified as registered for the Veteran Health Administrations’ Web-based patient portal (My HealtheVet) and opted to use secure messaging. The survey collected demographic data, assessed computer and health literacy, and secure messaging use. Analyses conducted on survey data include frequencies and proportions, chi-square tests, and one-way analysis of variance. Results The majority of respondents (N=819) reported using secure messaging 6 months or longer (n=499, 60.9%). They reported secure messaging to be helpful for completing medication refills (n=546, 66.7%), managing appointments (n=343, 41.9%), looking up test results (n=350, 42.7%), and asking health-related questions (n=340, 41.5%). Notably, some respondents reported using secure messaging to address sensitive health topics (n=67, 8.2%). Survey responses indicated that younger age (P=.039) and higher levels of education (P=.025) and income (P=.003) were associated with more frequent use of secure messaging. Females were more likely to report using secure messaging more often, compared with their male counterparts (P=.098). Minorities were more likely to report using secure messaging more often, at least once a month, compared with nonminorities (P=.086). Individuals with higher levels of health literacy reported more frequent use of secure messaging (P=.007), greater satisfaction (P=.002), and indicated that secure messaging is a useful (P=.002) and easy

  7. Large-Scale Survey Findings Inform Patients' Experiences in Using Secure Messaging to Engage in Patient-Provider Communication and Self-Care Management: A Quantitative Assessment.

    Science.gov (United States)

    Haun, Jolie N; Patel, Nitin R; Lind, Jason D; Antinori, Nicole

    2015-12-21

    Secure email messaging is part of a national transformation initiative in the United States to promote new models of care that support enhanced patient-provider communication. To date, only a limited number of large-scale studies have evaluated users' experiences in using secure email messaging. To quantitatively assess veteran patients' experiences in using secure email messaging in a large patient sample. A cross-sectional mail-delivered paper-and-pencil survey study was conducted with a sample of respondents identified as registered for the Veteran Health Administrations' Web-based patient portal (My HealtheVet) and opted to use secure messaging. The survey collected demographic data, assessed computer and health literacy, and secure messaging use. Analyses conducted on survey data include frequencies and proportions, chi-square tests, and one-way analysis of variance. The majority of respondents (N=819) reported using secure messaging 6 months or longer (n=499, 60.9%). They reported secure messaging to be helpful for completing medication refills (n=546, 66.7%), managing appointments (n=343, 41.9%), looking up test results (n=350, 42.7%), and asking health-related questions (n=340, 41.5%). Notably, some respondents reported using secure messaging to address sensitive health topics (n=67, 8.2%). Survey responses indicated that younger age (P=.039) and higher levels of education (P=.025) and income (P=.003) were associated with more frequent use of secure messaging. Females were more likely to report using secure messaging more often, compared with their male counterparts (P=.098). Minorities were more likely to report using secure messaging more often, at least once a month, compared with nonminorities (P=.086). Individuals with higher levels of health literacy reported more frequent use of secure messaging (P=.007), greater satisfaction (P=.002), and indicated that secure messaging is a useful (P=.002) and easy-to-use (P≤.001) communication tool, compared

  8. Managing for Enterprise Security

    National Research Council Canada - National Science Library

    Caralli, Richard A; Allen, Julia H; Stevens, James F; Willke, Bradford J; Wilson, William R

    2004-01-01

    Security has become one of the most urgent issues for many organizations. It is an essential requirement for doing business in a globally networked economy and for achieving organizational goals and mission...

  9. Information Warfare, Threats and Information Security

    Directory of Open Access Journals (Sweden)

    Dmitriy Nikolaevich Bespalov

    2014-01-01

    Full Text Available The article presents the opposite, but dependent on each other's reality - Revolutionary War information,information security goals and objectives of their study within the scheme "challenge-response", methodological and analytical support, the role of elites and the information society in promoting information security. One of the features of contemporaneityis the global spread of ICT, combined with poor governance and other difficulties in the construction of innovation infrastructures that are based on them in some countries. This leads to the reproduction of threats, primarily related to the ability to use ICT for purposes that are inconsistent with the objectives of maintaining international peace and security, compliance with the principles of non-use of force, non-interference in the internal affairs of states, etc. In this regard, include such terms as "a threat of information warfare", "information terrorism" and so forth. Information warfare, which stay in the policy declared the struggle for existence, and relationships are defined in terms of "friend-enemy", "ours-foreign". Superiority over the opponent or "capture of its territory" is the aim of political activity. And information security, serving activities similar process of political control, including a set of components, is a technology until their humanitarian. From the context and the decision itself is the ratio of the achieved results of information and political influence to the target - a positive image of Russia. Bringing its policy in line with the demands of a healthy public opinion provides conductivity of theauthorities initiatives in the country and increases the legitimacy of the Russian Federation actions in the world.

  10. 32 CFR 2001.50 - Telecommunications automated information systems and network security.

    Science.gov (United States)

    2010-07-01

    ... NATIONAL SECURITY INFORMATION Safeguarding § 2001.50 Telecommunications automated information systems and... identified in the Committee on National Security Systems (CNSS) issuances and the Intelligence Community Directive (ICD) 503, Intelligence Community Information Technology Systems Security Risk Management...

  11. Information security : the moving target

    CSIR Research Space (South Africa)

    Dlamini, MT

    2009-01-01

    Full Text Available -product to an integral part of business operations (Conner and Coviello, 2004). This paper gives an overview of the following: � Where did information security come from? (the past) � How did it get to where it is today? (the present) � In what direction... operators were permitted to use these computers. Other users would submit their jobs to the operator through protected slots (batch processing). The key security issue during this era was ensuring that only the privileged computer operator (one user one...

  12. Pragmatic security metrics applying metametrics to information security

    CERN Document Server

    Brotby, W Krag

    2013-01-01

    Other books on information security metrics discuss number theory and statistics in academic terms. Light on mathematics and heavy on utility, PRAGMATIC Security Metrics: Applying Metametrics to Information Security breaks the mold. This is the ultimate how-to-do-it guide for security metrics.Packed with time-saving tips, the book offers easy-to-follow guidance for those struggling with security metrics. Step by step, it clearly explains how to specify, develop, use, and maintain an information security measurement system (a comprehensive suite of metrics) to

  13. Theoretical foundations of information security investment security companies

    Directory of Open Access Journals (Sweden)

    G.V. Berlyak

    2015-03-01

    Full Text Available Methodological problems related to the lack of guidance in the provisions (standards of accounting on the reflection in the accounting and financial reporting of the research object. In this connection, it is proposed to amend the provisions (standards of accounting. This will allow to come to the consistency of accounting methods of operations with elements of investment activity. Based on analysis of the information needs of users suggested indicators identikativnye blocks (block corporate finance unit assess the relationship with financial institutions, block the fulfillment of obligations according to the calculations, the investment unit, a science and innovation, investment security and developed forms of internal accounting controls and improvements to existing forms financial statements for the investment activities of the enterprise. Using enterprise data reporting forms provide timely and reliable information on the identity and structure of investment security and enable the company to effectively plan and develop personnel policies for enterprise management.

  14. Audit Characteristics for Information System Security

    OpenAIRE

    Marius POPA; Mihai DOINEA

    2007-01-01

    The paper presents the main aspects regarding the development of the information security and assurance of their security. The information systems, standards and audit processes definitions are offered. There are presented the most important security standards used in information system security assessment

  15. Securing the energy industry : perspectives in security risk management

    Energy Technology Data Exchange (ETDEWEB)

    Hurd, G.L. [Anadarko Canada Corp., Calgary, AB (Canada)

    2003-07-01

    This presentation offered some perspectives in security risk management as it relates to the energy sector. Since the events of September 11, 2001 much attention has been given to terrorism and the business is reviewing protection strategies. The paper made reference to each of the following vulnerabilities in the energy sector: information technology, globalization, business restructuring, interdependencies, political/regulatory change, and physical/human factors. The vulnerability of information technology is that it can be subject to cyber and virus attacks. Dangers of globalization lie in privacy and information security, forced nationalization, organized crime, and anti-globalization efforts. It was noted that the Y2K phenomenon provided valuable lessons regarding interdependencies and the effects of power outages, water availability, transportation disruption, common utility corridor accidents, and compounding incidents. The paper also noted the conflict between the government's desire to have a resilient infrastructure that can withstand and recover from attacks versus a company's ability to afford this capability. The physical/human factors that need to be considered in risk management include crime, domestic terrorism, and disasters such as natural disasters, industrial disasters and crisis. The energy industry has geographically dispersed vulnerable systems. It has done a fair job of physical security and has good emergency management practices, but it was noted that the industry cannot protect against all threats. A strategy of vigilance and awareness is needed to deal with threats. Other strategies include contingency planning, physical security, employee communication, and emergency response plans. tabs., figs.

  16. Information security of Smart Factories

    Science.gov (United States)

    Iureva, R. A.; Andreev, Y. S.; Iuvshin, A. M.; Timko, A. S.

    2018-05-01

    In several years, technologies and systems based on the Internet of things (IoT) will be widely used in all smart factories. When processing a huge array of unstructured data, their filtration and adequate interpretation are a priority for enterprises. In this context, the correct representation of information in a user-friendly form acquires special importance, for which the market today presents advanced analytical platforms designed to collect, store and analyze data on technological processes and events in real time. The main idea of the paper is the statement of the information security problem in IoT and integrity of processed information.

  17. Detailed Information Security in Cloud Computing

    OpenAIRE

    Pavel Valerievich Ivonin

    2013-01-01

    The object of research in this article is technology of public clouds, structure and security system of clouds. Problems of information security in clouds are considered, elements of security system in public clouds are described.

  18. Information Security Risk Assessment in Hospitals.

    Science.gov (United States)

    Ayatollahi, Haleh; Shagerdi, Ghazal

    2017-01-01

    To date, many efforts have been made to classify information security threats, especially in the healthcare area. However, there are still many unknown risks which may threat the security of health information and their resources especially in the hospitals. The aim of this study was to assess the risks threatening information security in the hospitals located in one of the northwest cities of Iran. This study was completed in 2014. The participants were information technology managers who worked in the hospitals (n=27). The research instrument was a questionnaire composed of a number of open and closed questions. The content validity of the questionnaire was confirmed, and the reliability of the closed questions was measured by using the test-retest method (r =0.78). The results showed that among the information security risks, fire found to be a high probability/high impact risk factor. Human and physical/environmental threats were among the low probability risk factors. Regarding the information security safeguards used in the hospitals, the results showed that the use of the technical safeguards was the most frequent one (n =22, 91.7%) compared to the administrative (n =21, 87.5%) and the physical safeguards (n =16, 66.7%). The high probability risk factors require quick corrective actions to be taken. Therefore, the underlying causes of such threats should be identified and controlled before experiencing adverse effects. It is also important to note that information security in health care systems needs to be considered at a macro level with respect to the national interests and policies.

  19. Security management of next generation telecommunications networks and services

    CERN Document Server

    Jacobs, Stuart

    2014-01-01

    This book will cover network management security issues and currently available security mechanisms by discussing how network architectures have evolved into the contemporary NGNs which support converged services (voice, video, TV, interactive information exchange, and classic data communications). It will also analyze existing security standards and their applicability to securing network management. This book will review 21st century security concepts of authentication, authorization, confidentiality, integrity, nonrepudiation, vulnerabilities, threats, risks, and effective approaches to enc

  20. The Management and Security Expert (MASE)

    Science.gov (United States)

    Miller, Mark D.; Barr, Stanley J.; Gryphon, Coranth D.; Keegan, Jeff; Kniker, Catherine A.; Krolak, Patrick D.

    1991-01-01

    The Management and Security Expert (MASE) is a distributed expert system that monitors the operating systems and applications of a network. It is capable of gleaning the information provided by the different operating systems in order to optimize hardware and software performance; recognize potential hardware and/or software failure, and either repair the problem before it becomes an emergency, or notify the systems manager of the problem; and monitor applications and known security holes for indications of an intruder or virus. MASE can eradicate much of the guess work of system management.

  1. Security for decentralized health information systems.

    Science.gov (United States)

    Bleumer, G

    1994-02-01

    Health care information systems must reflect at least two basic characteristics of the health care community: the increasing mobility of patients and the personal liability of everyone giving medical treatment. Open distributed information systems bear the potential to reflect these requirements. But the market for open information systems and operating systems hardly provides secure products today. This 'missing link' is approached by the prototype SECURE Talk that provides secure transmission and archiving of files on top of an existing operating system. Its services may be utilized by existing medical applications. SECURE Talk demonstrates secure communication utilizing only standard hardware. Its message is that cryptography (and in particular asymmetric cryptography) is practical for many medical applications even if implemented in software. All mechanisms are software implemented in order to be executable on standard-hardware. One can investigate more or less decentralized forms of public key management and the performance of many different cryptographic mechanisms. That of, e.g. hybrid encryption and decryption (RSA+DES-PCBC) is about 300 kbit/s. That of signing and verifying is approximately the same using RSA with a DES hash function. The internal speed, without disk accesses etc., is about 1.1 Mbit/s. (Apple Quadra 950 (MC 68040, 33 MHz, RAM: 20 MB, 80 ns. Length of RSA modulus is 512 bit).

  2. Business Information Exchange System with Security, Privacy, and Anonymity

    Directory of Open Access Journals (Sweden)

    Sead Muftic

    2016-01-01

    Full Text Available Business Information Exchange is an Internet Secure Portal for secure management, distribution, sharing, and use of business e-mails, documents, and messages. It has three applications supporting three major types of information exchange systems: secure e-mail, secure instant messaging, and secure sharing of business documents. In addition to standard security services for e-mail letters, which are also applied to instant messages and documents, the system provides innovative features of privacy and full anonymity of users and their locations, actions, transactions, and exchanged resources. In this paper we describe design, implementation, and use of the system.

  3. Security for Key Management Interfaces

    OpenAIRE

    Kremer , Steve; Steel , Graham; Warinschi , Bogdan

    2011-01-01

    International audience; We propose a much-needed formal definition of security for cryptographic key management APIs. The advantages of our definition are that it is general, intuitive, and applicable to security proofs in both symbolic and computational models of cryptography. Our definition relies on an idealized API which allows only the most essential functions for generating, exporting and importing keys, and takes into account dynamic corruption of keys. Based on this we can define the ...

  4. Security and management

    International Nuclear Information System (INIS)

    Moreau, A.

    1992-01-01

    All the studies performed about accident causes have emphasized the influence of Human Factors in the field of Safety and Radiological Protection. Human actions cannot be understood but also improved without exploring the enormous field of mental representations and emotions, therefore, all the sources of comportments. Among a working group, safety can be the field of all the comportments relative to this group: relationship with work and between persons. This leads to management questions. There is no specific management for the safety. It must be included in the general management policy. Pedagogy must consider this fact for the training of workers. (author)

  5. Security leader insights for information protection lessons and strategies from leading security professionals

    CERN Document Server

    Fahy, Bob

    2014-01-01

    How do you, as a busy security executive or manager, stay current with evolving issues, familiarize yourself with the successful practices of your peers, and transfer this information to build a knowledgeable, skilled workforce the times now demand? With Security Leader Insights for Information Protection, a collection of timeless leadership best practices featuring insights from some of the nation's most successful security practitioners, you can. This book can be used as a quick and effective resource to bring your security staff up to speed on security's role in information protection. I

  6. Information Security Governance: When Compliance Becomes More Important than Security

    OpenAIRE

    Tan , Terence C. C.; Ruighaver , Anthonie B.; Ahmad , Atif

    2010-01-01

    International audience; Current security governance is often based on a centralized decision making model and still uses an ineffective 20th century risk management approach to security. This approach is relatively simple to manage since it needs almost no security governance below the top enterprise level where most decisions are made. However, while there is a role for more corporate governance, new regulations, and improved codes of best practice to address current weak organizational secu...

  7. Universal Payload Information Management

    Science.gov (United States)

    Elmore, Ralph B.

    2003-01-01

    As the overall manager and integrator of International Space Station (ISS) science payloads, the Payload Operations Integration Center (POIC) at Marshall Space Flight Center has a critical need to provide an information management system for exchange and control of ISS payload files as well as to coordinate ISS payload related operational changes. The POIC's information management system has a fundamental requirement to provide secure operational access not only to users physically located at the POIC, but also to remote experimenters and International Partners physically located in different parts of the world. The Payload Information Management System (PIMS) is a ground-based electronic document configuration management and collaborative workflow system that was built to service the POIC's information management needs. This paper discusses the application components that comprise the PIMS system, the challenges that influenced its design and architecture, and the selected technologies it employs. This paper will also touch on the advantages of the architecture, details of the user interface, and lessons learned along the way to a successful deployment. With PIMS, a sophisticated software solution has been built that is not only universally accessible for POIC customer s information management needs, but also universally adaptable in implementation and application as a generalized information management system.

  8. Internet security information system implement method

    International Nuclear Information System (INIS)

    Liu Baoxu; Mei Jie; Xu Rongsheng; An Dehai; Yu Mingjian; Chen Xiangyang; Zheng Peng

    1999-01-01

    On the basis of analysis of the key elements that will affect the Internet Security Information System, the author takes UNIX Operating System as an example, and provides the important stages that must be considered when implementing the Internet Security Information System. An implemental model of the Internet Security Information System is given

  9. 76 FR 10262 - Information Security Program

    Science.gov (United States)

    2011-02-24

    ... FEDERAL MARITIME COMMISSION 46 CFR Part 503 [Docket No. 11-01] RIN 3072-AC40 Information Security... (FMC or Commission) amends its regulations relating to its Information Security Program to reflect the changes implemented by Executive Order 13526--Classified National Security Information--that took effect...

  10. 76 FR 62630 - Information Security Regulations

    Science.gov (United States)

    2011-10-11

    ... CENTRAL INTELLIGENCE AGENCY 32 CFR Part 1902 Information Security Regulations AGENCY: Central... information security regulations which have become outdated. The Executive Order upon which the regulations... CFR Part 1902 Information security regulations. PART 1902 [REMOVED AND RESERVED] Sec. 1902.13 [Removed...

  11. Embedding security messages in existing processes: a pragmatic and effective approach to information security culture change

    CERN Document Server

    Lopienski, Sebastian

    Companies and organizations world-wide depend more and more on IT infrastructure and operations. Computer systems store vital information and sensitive data; computing services are essential for main business processes. This high dependency comes with a number of security risks, which have to be managed correctly on technological, organizational and human levels. Addressing the human aspects of information security often boils down just to procedures, training and awareness raising. On the other hand, employees and collaborators do not adopt security attitude and habits simply when told to do so – a real change in behaviour requires an established security culture. But how to introduce a security culture? This thesis outlines the need of developing or improving security culture, and discusses how this can be done. The proposed approach is to gradually build security knowledge and awareness, and influence behaviours. The way to achieve this is to make security communication pervasive by embedding security me...

  12. Ethical Hacking in Information Security Curricula

    Science.gov (United States)

    Trabelsi, Zouheir; McCoey, Margaret

    2016-01-01

    Teaching offensive security (ethical hacking) is becoming a necessary component of information security curricula with a goal of developing better security professionals. The offensive security components extend curricula beyond system defense strategies. This paper identifies and discusses the learning outcomes achieved as a result of hands-on…

  13. Information Security System and Development of a Modern Organization

    OpenAIRE

    Wawak, Slawomir

    2009-01-01

    Information security management systems are increasingly applied in a number of sectors of the new, global, interconnected economy. They are used by production and service companies, businesses that provide information technology and telecom services, state administration authorities and local governments. Specifically, they are used in case of crime groups or as a means of securing illegal transactions.

  14. Potential influence of Web 2.0 usage and security practices of online users on information management

    Directory of Open Access Journals (Sweden)

    R.J. Rudman

    2009-02-01

    Full Text Available The proliferation of Web 2.0 applications was the impetus for this survey-based research into practices that online users currently employ when using Web 2.0 sites. As part of the study, the popularity of Web 2.0 technologies and sites among online users at a university was investigated to determine the extent of the potential threat to corporate security, arising from Web 2.0 use and access. The results of this study indicate that the use of Web 2.0 sites is very popular among students, as a proxy for the potential future business users, and that users are not necessarily aware of the risks associated with these sites. The respondents indicated that they regularly visit Web 2.0 sites, and that they post personal information on these sites. This is of concern in protecting arguably the most valuable asset of a business.

  15. Encyclopedia of Information Ethics and Security

    Directory of Open Access Journals (Sweden)

    Reviewed by Yavuz AKBULUT

    2008-01-01

    andcommunication technologies provided in the source can help educationaladministrators and policy-makers. Table of contents along with the names ofcontributors are provided below: 3D Avatars and Collaborative Virtual Environments/Koon-Ying Raymond Li,James Sofra, and Mark Power Access Control for Healthcare/Yifeng Shen Advertising in the Networked Environment/Savvas Papagiannidis and MichaelBourlakis Anonymous Peer-to-Peer Systems/Wenbing Zhao Argumentation and Computing/Ephraim Nissan Argumentation with Wigmore Charts and Computing/Ephraim Nissan Artificial Intelligence Tools for Handling Legal Evidence/Ephraim Nissan Barriers Facing African American Women in Technology/Jianxia Du, George H.Pate, Deneen Sherrod, and Wei-Chieh Yu B-POS Secure Mobile Payment System/Antonio Grillo, Alessandro Lentini, andGianluigi Me Building Secure and Dependable Information Systems/Wenbing Zhao Classifying Articles in Information Ethics and Security/Zack Jourdan, R. KellyRainer Jr., and Thomas E. Marshall Computational Ethics/Alicia I. Ruvinsky Computer Ethics and Intelligent Technologies/Yefim Kats Computer Worms, Detection, and Defense/Robert J. Cole and Chao-Hsien Chu Conflicting Value of Digital Music Piracy/Matthew Butler Content Filtering Methods for Internet Pornography/Jengchung V. Chen andShaoYu F. Huang Cyber-Terrorism in Australia/Christopher Beggs Data Security and Chase/Zbigniew W. Ras and Seunghyun Im Defending against Distributed Denial of Service/Yang Xiang and Wanlei Zhou Digital Divide Implications and Trends/Irene Chen and Terry T. Kidd Digital Rights Management Metadata and Standards/Jo Anne Cote and Eun G.Park235 Dilemmas of Online Identity Theft/Omer Mahmood Document Security in the Ancient World/Christopher H. Walker DRM Practices in the E-Publication Industry/Bong Wee Kiau and NorshuhadaShiratuddin Educational Technology Practitioner-Research Ethics/Kathleen Gray E-Health and Ensuring Quality

  16. Department of Energy security program needs effective information systems

    International Nuclear Information System (INIS)

    1991-10-01

    Although security is an important, nearly billion-dollar-a-year function in the Department of Energy (DOE), key information systems that hold important data about security weaknesses and incidents have limited analytical capabilities and contain unreliable information. The resultant difficulty in identifying patterns and trends reduces managers' ability to ensure the effectiveness of the security program. Resources are also wasted because DOE has deployed incompatible systems that are unable to electronically share or transfer data, often forcing employees to manually re-enter data that are already stored in computers elsewhere. Finally, continuing data problems with other important security information systems, such as those used to track security clearances and classified documents, indicate that information system deficiencies are extensive. A major reason for these problems is that DOE has not done a comprehensive, strategic assessment of its information and information technology needs of the security program. DOE's efforts are fragmented because it has not assigned to any organization the leadership responsibility to determine security information needs and to plan and manage security information resources Department-wide. This paper reports that a number of changes are needed to correct these problems and take advantage of information technology to help strengthen the security program

  17. Security Price Informativeness with Delegated Traders

    OpenAIRE

    Gary Gorton; Ping He; Lixin Huang

    2010-01-01

    Trade in securities markets is conducted by agents acting for principals, using "mark-to-market" contracts whereby performance is assessed using security market prices. We endogenize contract choices, information production, informed trading, and security price informativeness. But there is a contract externality. Prices are informative only because other principals induce their agents to trade based on privately produced information. The agent-traders then have an incentive to coordinate and...

  18. Information Security in Small and Medium-Sized Companies

    OpenAIRE

    David Kral

    2011-01-01

    Information security doesn’t involve only large organizations. Small and medium-sized companies must closely examine this issue too, because they are increasingly threatened by cyber attacks. Many of them mistakenly believe, that security of their valuable data is sufficient, or that the attackers are not interested in them. Existing standards and methodologies for implementation and management of information security are often hard to transfer to the environment of small and medium-sized bus...

  19. Ethical aspects of information security and privacy

    NARCIS (Netherlands)

    Brey, Philip A.E.; Petkovic, Milan; Jonker, Willem

    2007-01-01

    This chapter reviews ethical aspects of computer and information security and privacy. After an introduction to ethical approaches to information technology, the focus is first on ethical aspects of computer security. These include the moral importance of computer security, the relation between

  20. Developing an Undergraduate Information Systems Security Track

    Science.gov (United States)

    Sharma, Aditya; Murphy, Marianne C.; Rosso, Mark A.; Grant, Donna

    2013-01-01

    Information Systems Security as a specialized area of study has mostly been taught at the graduate level. This paper highlights the efforts of establishing an Information Systems (IS) Security track at the undergraduate level. As there were many unanswered questions and concerns regarding the Security curriculum, focus areas, the benefit of…

  1. 78 FR 5116 - NASA Information Security Protection

    Science.gov (United States)

    2013-01-24

    ... 2700-AD61 NASA Information Security Protection AGENCY: National Aeronautics and Space Administration..., projects, plans, or protection services relating to the national security; or (h) The development... implement the provisions of Executive Order (E.O.) 13526, Classified National Security Information, and...

  2. 76 FR 4079 - Information Technology (IT) Security

    Science.gov (United States)

    2011-01-24

    ... Security, consistent with Federal policies for the security of unclassified information and information... Certification Program, and provide a Web site link within a contract clause to a library where contractors can... Security should be addressed through government-wide policies, standards, and requirements. NASA response...

  3. 78 FR 73819 - Information Collection; Financial Information Security Request Form

    Science.gov (United States)

    2013-12-09

    ... DEPARTMENT OF AGRICULTURE Forest Service Information Collection; Financial Information Security..., Financial Information Security Request Form. DATES: Comments must be received in writing on or before... Information Security Request Form. OMB Number: 0596-0204. Expiration Date of Approval: 02/28/2014. Type of...

  4. Security engineering: systems engineering of security through the adaptation and application of risk management

    Science.gov (United States)

    Gilliam, David P.; Feather, Martin S.

    2004-01-01

    Information Technology (IT) Security Risk Management is a critical task in the organization, which must protect its resources and data against the loss of confidentiality, integrity, and availability. As systems become more complex and diverse, and more vulnerabilities are discovered while attacks from intrusions and malicious content increase, it is becoming increasingly difficult to manage IT security. This paper describes an approach to address IT security risk through risk management and mitigation in both the institution and in the project life cycle.

  5. Managing Materials and Wastes for Homeland Security Incidents

    Science.gov (United States)

    To provide information on waste management planning and preparedness before a homeland security incident, including preparing for the large amounts of waste that would need to be managed when an incident occurs, such as a large-scale natural disaster.

  6. Army Secure Operating System: Information Security for Real Time Systems

    National Research Council Canada - National Science Library

    Anderson, Eric

    1984-01-01

    The Army Secure Operating System (ASOS) project, under the management of the U.S. Army CECOM organization, will provide real time systems software necessary for fielding modern Battlefield Automation Systems...

  7. The Firewall and Security of Information Systems

    OpenAIRE

    Radut Carmen; Albici Mihaela; Tenovici Cristina Otilia

    2010-01-01

    Information security is a broader concept which refers to ensuring the integrity, confidentiality and availability of information. The dynamics of information technology to induce new risks to which organizations must implement new measures of control. Technological development has been accompanied by security solutions, equipment manufacturers and applications including technical methods of protection performance. However, while in information technology change is exponential, the human comp...

  8. Security of Nuclear Information. Implementing Guide

    International Nuclear Information System (INIS)

    2015-01-01

    This publication provides guidance on implementing the principle of confidentiality and on the broader aspects of information security (i.e. integrity and availability). It assists States in bridging the gap between existing government and industry standards on information security, the particular concepts and considerations that apply to nuclear security and the special provisions and conditions that exist when dealing with nuclear material and other radioactive material. Specifically it seeks to assist states in the identification, classification, and assignment of appropriate security controls to information that could adversely impact nuclear security if compromised

  9. Security Management and Safeguards Office

    Science.gov (United States)

    Bewley, Nathaniel M.

    2004-01-01

    The Security Management and Safeguards Office at NASA is here to keep the people working in a safe environment. They also are here to protect the buildings and documents from sabotage, espionage, and theft. During the summer of 2004, I worked with Richard Soppet in Physical Security. While I was working here I helped out with updating the map that we currently use at NASA Glenn Research Center, attended meetings for homeland security, worked with the security guards and the locksmith. The meetings that I attended for homeland security talked about how to protect ourselves before something happened, they told us to always be on the guard and look for anything suspicious, and the different ways that terrorist groups operate. When I was with the security guards I was taught how to check someone into the base, showed how to use a radar gun, observed a security guard make a traffic stop for training and was with them while they patrolled NASA Glenn Research Center to make sure things were running smooth and no one was in danger. When I was with the lock smith I was taught how to make keys and locks for the employees here at NASA. The lock smith also showed me that he had inventory cabinets of files that show how many keys were out to people and who currently has access to the rooms that they keys were made for. I also helped out the open house at NASA Glenn Research Center. I helped out by showing the Army Reserves, and Brook Park's SWAT team where all the main events were going to take place a week before the open house was going to begin. Then during the open house I helped out by making sure people had there IDS, checked through there bags, and handed out a map to them that showed where the different activities were going to take place. So the main job here at NASA Glenn Research Center for the Security Management and Safeguards Office is to make sure that nothing is stolen, sabotaged, and espionaged. Also most importantly make sure all the employees here at NASA are

  10. Information Security Policy Modeling for Network Security Systems

    Directory of Open Access Journals (Sweden)

    Dmitry Sergeevich Chernyavskiy

    2014-12-01

    Full Text Available Policy management for network security systems (NSSs is one of the most topical issues of network security management. Incorrect configurations of NSSs lead to system outages and appearance of vulnerabilities. Moreover, policy management process is a time-consuming task, which includes significant amount of manual work. These factors reduce efficiency of NSSs’ utilization. The paper discusses peculiarities of policy management process and existing approaches to policy modeling, presents a model aimed to formalize policies for NSSs independently on NSSs’ platforms and select the most effective NSSs for implementation of the policies.

  11. Cloud Computing Application of Personal Information's Security in Network Sales-channels

    OpenAIRE

    Sun Qiong; Min Liu; Shiming Pang

    2013-01-01

    With the promotion of Internet sales, the security of personal information to network users have become increasingly demanding. The existing network of sales channels has personal information security risks, vulnerable to hacker attacking. Taking full advantage of cloud security management strategy, cloud computing security management model is introduced to the network sale of personal information security applications, which is to solve the problem of information leakage. Then we proposed me...

  12. Security management of water supply

    Directory of Open Access Journals (Sweden)

    Tchórzewska-Cieślak Barbara

    2017-03-01

    Full Text Available The main aim of this work is to present operational problems concerning the safety of the water supply and the procedures for risk management systems functioning public water supply (CWSS and including methods of hazard identification and risk assessment. Developed a problem analysis and risk assessment, including procedures called. WSP, which is recommended by the World Health Organization (WHO as a tool for comprehensive security management of water supply from source to consumer. Water safety plan is a key element of the strategy for prevention of adverse events in CWSS.

  13. Effectiveness of Using a Change Management Approach to Convey the Benefits of an Information Security Implementation to Technology Users

    Science.gov (United States)

    Bennett, Jeannine B.

    2012-01-01

    This study addressed the problems associated with users' understanding, accepting, and complying with requirements of security-oriented solutions. The goal of the research was not to dispute existing theory on IT project implementations, but rather to further the knowledge on the topic of technology user acceptance of security-oriented IT…

  14. Data Exchange Management Information System (DEMIS)

    Data.gov (United States)

    Social Security Administration — DEMIS combines a database (Operational Data Store - ODS) of data exchange-related Management Information (MI) with the agency's querying and reporting utility, the...

  15. Optical and digital techniques for information security

    CERN Document Server

    2005-01-01

    Optical and Digital Techniques for Information Security is the first book in a series focusing on Advanced Sciences and Technologies for Security Applications. This book encompases the results of research investigation and technologies used to secure, verify, recognize, track, and authenticate objects and information from theft, counterfeiting, and manipulation by unauthorized persons and agencies. This Information Security book will draw on the diverse expertise in optical sciences and engineering, digital image processing, imaging systems, information processing, computer based information systems, sensors, detectors, and biometrics to report innovative technologies that can be applied to information security issues. The Advanced Sciences and Technologies for Security Applications series focuses on research monographs in the areas of: -Recognition and identification (including optical imaging, biometrics, authentication, verification, and smart surveillance systems) -Biological and chemical threat detection...

  16. CRISP. Information Security Models and Their Economics

    International Nuclear Information System (INIS)

    Gustavsson, R.; Mellstrand, P.; Tornqvist, B.

    2005-03-01

    The deliverable D1.6 includes background material and specifications of a CRISP Framework on protection of information assets related to power net management and management of business operations related to energy services. During the project it was discovered by the CRISP consortium that the original description of WP 1.6 was not adequate for the project as such. The main insight was that the original emphasis on cost-benefit analysis of security protection measures was to early to address in the project. This issue is of course crucial in itself but requires new models of consequence analysis that still remains to be developed, especially for the new business models we are investigated in the CRISP project. The updated and approved version of the WP1.6 description, together with the also updated WP2.4 focus on Dependable ICT support of Power Grid Operations constitutes an integrated approach towards dependable and secure future utilities and their business processes. This document (D1.6) is a background to deliverable D2.4. Together they provide a dependability and security framework to the three CRISP experiments in WP3

  17. Unification of Information Security Policies for Network Security Solutions

    Directory of Open Access Journals (Sweden)

    D.S. Chernyavskiy

    2012-03-01

    Full Text Available Diversity of command languages on network security solutions’ (NSS interfaces causes problems in a process of information security policy (ISP deployment. Unified model for security policy representation and implementation in NSS could aid to avoid such problems and consequently enhance efficiency of the process. The proposed solution is Unified language for network security policy (ULNSP. The language is based on formal languages theory, and being coupled with its translator, ULNSP makes it possible to formalize and implement ISP independently of particular NSS.

  18. Survey of network and information security technology

    International Nuclear Information System (INIS)

    Liu Baoxu; Wang Xiaozhen

    2007-01-01

    With the rapidly development of the computer network technology and informationize working of our Country, Network and Information Security issues becomes the focal point problem that people shows solicitude for. On the basis analysing security threat and challenge of network information and their developing trend. This paper briefly analyses and discusses the main relatively study direction and content about the theory, technology and practice of Network and Information Security. (authors)

  19. Three Essays on Information Security Policies

    Science.gov (United States)

    Yang, Yubao

    2011-01-01

    Information security breaches pose a significant and increasing threat to national security and economic well-being. In the Symantec Internet Security Threat Report (2003), companies surveyed experienced an average of about 30 attacks per week. Anecdotal evidence suggests that losses from cyber-attacks can run into millions of dollars. The CSI-FBI…

  20. Research on information security system of waste terminal disposal process

    Science.gov (United States)

    Zhou, Chao; Wang, Ziying; Guo, Jing; Guo, Yajuan; Huang, Wei

    2017-05-01

    Informatization has penetrated the whole process of production and operation of electric power enterprises. It not only improves the level of lean management and quality service, but also faces severe security risks. The internal network terminal is the outermost layer and the most vulnerable node of the inner network boundary. It has the characteristics of wide distribution, long depth and large quantity. The user and operation and maintenance personnel technical level and security awareness is uneven, which led to the internal network terminal is the weakest link in information security. Through the implementation of security of management, technology and physics, we should establish an internal network terminal security protection system, so as to fully protect the internal network terminal information security.

  1. Hash functions and information theoretic security

    DEFF Research Database (Denmark)

    Bagheri, Nasoor; Knudsen, Lars Ramkilde; Naderi, Majid

    2009-01-01

    Information theoretic security is an important security notion in cryptography as it provides a true lower bound for attack complexities. However, in practice attacks often have a higher cost than the information theoretic bound. In this paper we study the relationship between information theoretic...

  2. Information security employee handbook: November 2010

    OpenAIRE

    2013-01-01

    This handbook is a quick reference guide to some of the most important points of the London 2012 information security policy. This information security handbook outlines the policies that all staff, secondees, volunteers and certain third parties who process LOCOG information must comply with.

  3. Security Management in a Multimedia System

    Science.gov (United States)

    Rednic, Emanuil; Toma, Andrei

    2009-01-01

    In database security, the issue of providing a level of security for multimedia information is getting more and more known. For the moment the security of multimedia information is done through the security of the database itself, in the same way, for all classic and multimedia records. So what is the reason for the creation of a security…

  4. Zen and the art of information security

    CERN Document Server

    Winkler, Ira

    2007-01-01

    While security is generally perceived to be a complicated and expensive process, Zen and the Art of Information Security makes security understandable to the average person in a completely non-technical, concise, and entertaining format. Through the use of analogies and just plain common sense, readers see through the hype and become comfortable taking very simple actions to secure themselves. Even highly technical people have misperceptions about security concerns and will also benefit from Ira Winkler's experiences making security understandable to the business world. Mr. Winkler is one of the most popular and highly rated speakers in the field of security, and lectures to tens of thousands of people a year. Zen and the Art of Information Security is based on one of his most well received international presentations.

  5. Using Financial Instruments to Transfer the Information Security Risks

    Directory of Open Access Journals (Sweden)

    Pankaj Pandey

    2016-05-01

    Full Text Available For many individuals and organizations, cyber-insurance is the most practical and only way of handling a major financial impact of an information security event. However, the cyber-insurance market suffers from the problem of information asymmetry, lack of product diversity, illiquidity, high transaction cost, and so on. On the other hand, in theory, capital market-based financial instruments can provide a risk transfer mechanism with the ability to absorb the adverse impact of an information security event. Thus, this article addresses the limitations in the cyber-(reinsurance markets with a set of capital market-based financial instruments. This article presents a set of information security derivatives, namely options, vanilla options, swap, and futures that can be traded at an information security prediction market. Furthermore, this article demonstrates the usefulness of information security derivatives in a given scenario and presents an evaluation of the same in comparison with cyber-insurance. In our analysis, we found that the information security derivatives can at least be a partial solution to the problems in the cyber-insurance markets. The information security derivatives can be used as an effective tool for information elicitation and aggregation, cyber risk pricing, risk hedging, and strategic decision making for information security risk management.

  6. The threat nets approach to information system security risk analysis

    NARCIS (Netherlands)

    Mirembe, Drake

    2015-01-01

    The growing demand for healthcare services is motivating hospitals to strengthen outpatient case management using information systems in order to serve more patients using the available resources. Though the use of information systems in outpatient case management raises patient data security

  7. Project Management with IT Security Focus

    OpenAIRE

    Felician Alecu; Paul Pocatilu; Sergiu Capisizu

    2011-01-01

    The paper focus on the main key points related to the IT security project management. The most important lifecycle stages are identified: IT security project proposal definition, project organization, project planning, quality planning, project team organization, IT security project activities management and project closing. The most important success factors for IT security projects are the support of top-management, customer satisfaction, prevention over remediation and continuous progress....

  8. Information Security for Compliance with Select Agent Regulations

    Science.gov (United States)

    Lewis, Nick; Campbell, Mark J.

    2015-01-01

    The past decade has seen a significant rise in research on high-consequence human and animal pathogens, many now known as “select agents.” While physical security around these agents is tightly regulated, information security standards are still lagging. The understanding of the threats unique to the academic and research environment is still evolving, in part due to poor communication between the various stakeholders. Perhaps as a result, information security guidelines published by select agent regulators lack the critical details and directives needed to achieve even the lowest security level of the Federal Information Security Management Act (FISMA). While only government agencies are currently required to abide by the provisions of FISMA (unless specified as preconditions for obtaining government grants or contracts—still a relatively rare or narrowly scoped occurrence), the same strategies were recently recommended by executive order for others. We propose that information security guidelines for select agent research be updated to promulgate and detail FISMA standards and processes and that the latter be ultimately incorporated into select agent regulations. We also suggest that information security in academic and research institutions would greatly benefit from active efforts to improve communication among the biosecurity, security, and information technology communities, and from a secure venue for exchange of timely information on emerging threats and solutions in the research environment. PMID:26042864

  9. Information security for compliance with select agent regulations.

    Science.gov (United States)

    Lewis, Nick; Campbell, Mark J; Baskin, Carole R

    2015-01-01

    The past decade has seen a significant rise in research on high-consequence human and animal pathogens, many now known as "select agents." While physical security around these agents is tightly regulated, information security standards are still lagging. The understanding of the threats unique to the academic and research environment is still evolving, in part due to poor communication between the various stakeholders. Perhaps as a result, information security guidelines published by select agent regulators lack the critical details and directives needed to achieve even the lowest security level of the Federal Information Security Management Act (FISMA). While only government agencies are currently required to abide by the provisions of FISMA (unless specified as preconditions for obtaining government grants or contracts--still a relatively rare or narrowly scoped occurrence), the same strategies were recently recommended by executive order for others. We propose that information security guidelines for select agent research be updated to promulgate and detail FISMA standards and processes and that the latter be ultimately incorporated into select agent regulations. We also suggest that information security in academic and research institutions would greatly benefit from active efforts to improve communication among the biosecurity, security, and information technology communities, and from a secure venue for exchange of timely information on emerging threats and solutions in the research environment.

  10. Materials for the information security education

    International Nuclear Information System (INIS)

    Yashiro, Shigeo; Aoki, Kazuhisa; Sato, Tomohiko; Tanji, Kazuhiro

    2014-01-01

    With the rapid progress of the utilization of Information Technology (IT), IT infrastructure (network environment and information system) became crucial as a lifeline for promoting business. At the same time, changes in the circumstances surrounding the IT infrastructure globalize the threat of cyber attacks and increase the risk of the information security such as unlawful access to an information system, viral infection, an alteration of a website, disclosure of subtlety information, destruction of an information system and so on. Information security measure is an important issue in Japan Atomic Energy Agency (JAEA). In order to protect the information property of JAEA from the threat, Center for Computational Science and e-Systems (CCSE) has been taking triadic measures for information security: (1) to lay down a set of information security rules, (2) to introduce security equipments to backbone network and (3) to provide information security education. This report is a summary of the contents of the information security education by e-learning. (author)

  11. Communications and Information: Emission Security

    National Research Council Canada - National Science Library

    1998-01-01

    The Air Force EMSEC process has experienced many changes. Although these changes were attempts to meet the variances of a dynamic world, they require security protection measures far beyond the needs of the average user...

  12. Information Security: USDA Needs to Implement Its Departmentwide Information Security Plan

    National Research Council Canada - National Science Library

    2000-01-01

    USDA has taken positive steps to begin improving its information security by developing its August 1999 Action Plan with recommendations to strengthen department-wide information security and hiring...

  13. EUROATLANTIC SECURITY AND CRISIS MANAGEMENT

    Directory of Open Access Journals (Sweden)

    Constantin MINCU

    2011-06-01

    Full Text Available This article briefly presents the international security environment developments, evaluated in a realistic way in the new ,,Strategic Concept – NATO (Lisbon 2010"; potential threats and hazards, both military and non-military, are present on a global, regional, national scale, determining an adequate NATO and EU reaction, and also from the member states. States and organizations currently pay and will pay special attention to building up and strengthening viable and effective systems of ”Emergency Situations (Crisis Management". This is also the case of Romania which has started this complex and expensive process in 2004, with satisfying results until now.

  14. How to implement security controls for an information security program at CBRN facilities

    International Nuclear Information System (INIS)

    Lenaeus, Joseph D.; O'Neil, Lori Ross; Leitch, Rosalyn M.; Glantz, Clifford S.; Landine, Guy P.; Bryant, Janet L.; Lewis, John; Mathers, Gemma; Rodger, Robert; Johnson, Christopher

    2015-01-01

    This document was prepared by PNNL within the framework of Project 19 of the European Union Chemical Biological Radiological and Nuclear Risk Mitigation Centres of Excellence Initiative entitled, ''Development of procedures and guidelines to create and improve secure information management systems and data exchange mechanisms for CBRN materials under regulatory control.'' It provides management and workers at CBRN facilities, parent organization managers responsible for those facilities, and regulatory agencies (governmental and nongovernmental) with guidance on the best practices for protecting information security. The security mitigation approaches presented in this document were chosen because they present generally accepted guidance in an easy-to-understand manner, making it easier for facility personnel to grasp key concepts and envision how security controls could be implemented by the facility. This guidance is presented from a risk management perspective.

  15. How to implement security controls for an information security program at CBRN facilities

    Energy Technology Data Exchange (ETDEWEB)

    Lenaeus, Joseph D. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); O' Neil, Lori Ross [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Leitch, Rosalyn M. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Glantz, Clifford S. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Landine, Guy P. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Bryant, Janet L. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Lewis, John [National Nuclear Lab., Workington (United Kingdom); Mathers, Gemma [National Nuclear Lab., Workington (United Kingdom); Rodger, Robert [National Nuclear Lab., Workington (United Kingdom); Johnson, Christopher [National Nuclear Lab., Workington (United Kingdom)

    2015-12-01

    This document was prepared by PNNL within the framework of Project 19 of the European Union Chemical Biological Radiological and Nuclear Risk Mitigation Centres of Excellence Initiative entitled, ''Development of procedures and guidelines to create and improve secure information management systems and data exchange mechanisms for CBRN materials under regulatory control.'' It provides management and workers at CBRN facilities, parent organization managers responsible for those facilities, and regulatory agencies (governmental and nongovernmental) with guidance on the best practices for protecting information security. The security mitigation approaches presented in this document were chosen because they present generally accepted guidance in an easy-to-understand manner, making it easier for facility personnel to grasp key concepts and envision how security controls could be implemented by the facility. This guidance is presented from a risk management perspective.

  16. The (social) construction of information security

    NARCIS (Netherlands)

    Pieters, Wolter

    While the philosophical foundations of information security have been unexamined, there is an implicit philosophy of what protection of information is. This philosophy is based on the notion of containment, taken from analogies with things that offer physical security (e.g., buildings, safes,

  17. Problem of Information Security Traffic on Internet

    Directory of Open Access Journals (Sweden)

    Slavko Šarić

    2012-10-01

    Full Text Available Internet information traffic becomes greater and moreimportant. With increasing growth of information importancerequirement for its security becomes indispensable. Theinformation security problem especially affect large and smallcompanies whose prosperity is depending on Internet presence.This affecting the three areas of Internet commerce: credit cardtransactions, virtual private networks and digital certification.To ensure information traffic it is necessary to find a solution,in a proper way, for three major problems: frontier problem,market problem and government problem. While the eventualemergence of security standards for Internet transactions isexpected, it will not automatically result in secure Internettransactions. In future, there is a wealth of security issues thatwill continue to require attention: internal security, continuedhacking, social engineering, malicious code, reliability andperformance, skills shortages and denial of se1vice attacks.

  18. Information Security: Past, Present and Future - Impact of Developments in Information Technology on Security

    NARCIS (Netherlands)

    Overbeek, P.L.

    1991-01-01

    The development of information security is addressed in relation to the development of information technology. The leading question is: how has information security developed itself so far, and how should it progress to address tomorrow's security needs. An overwiew is given of the use of

  19. Security Management Model in Cloud Computing Environment

    OpenAIRE

    Ahmadpanah, Seyed Hossein

    2016-01-01

    In the cloud computing environment, cloud virtual machine (VM) will be more and more the number of virtual machine security and management faced giant Challenge. In order to address security issues cloud computing virtualization environment, this paper presents a virtual machine based on efficient and dynamic deployment VM security management model state migration and scheduling, study of which virtual machine security architecture, based on AHP (Analytic Hierarchy Process) virtual machine de...

  20. SecurityCom: A Multi-Player Game for Researching and Teaching Information Security Teams

    Directory of Open Access Journals (Sweden)

    Douglas P. Twitchell

    2007-12-01

    Full Text Available A major portion of government and business organizations’ attempts to counteract information security threats is teams of security personnel.  These teams often consist of personnel of diverse backgrounds in specific specialties such as network administration, application development, and business administration, resulting in possible conflicts between security, functionality, and availability.  This paper discusses the use of games to teach and research information security teams and outlines research to design and build a simple, team-oriented, configurable, information security game. It will be used to study how information security teams work together to defend against attacks using a multi-player game, and to study the use of games in training security teams.  Studying how information security teams work, especially considering the topic of shared-situational awareness, could lead to better ways of forming, managing, and training teams.  Studying the effectiveness of the game as a training tool could lead to better training for security teams. 

  1. 14 CFR 11.35 - Does FAA include sensitive security information and proprietary information in the Federal Docket...

    Science.gov (United States)

    2010-01-01

    ... RULEMAKING PROCEDURES Rulemaking Procedures General § 11.35 Does FAA include sensitive security information and proprietary information in the Federal Docket Management System (FDMS)? (a) Sensitive security information. You should not submit sensitive security information to the rulemaking docket, unless you are...

  2. Secure information release in timed automata

    DEFF Research Database (Denmark)

    Vasilikos, Panagiotis; Nielson, Flemming; Nielson, Hanne Riis

    2018-01-01

    . In this paper, we develop a formal approach of information flow for timed automata that allows intentional information leaks. The security of a timed automaton is then defined using a bisimulation relation that takes account of the non-determinism and the clocks of timed automata. Finally, we define...... of security goals for confidentiality and integrity. Notions of security based on Information flow control, such as non-interference, provide strong guarantees that no information is leaked; however, many cyberphysical systems leak intentionally some information in order to achieve their purposes...... an algorithm that traverses a timed automaton and imposes information flow constraints on it and we prove that our algorithm is sound with respect to our security notion....

  3. Managing business compliance using model-driven security management

    Science.gov (United States)

    Lang, Ulrich; Schreiner, Rudolf

    Compliance with regulatory and governance standards is rapidly becoming one of the hot topics of information security today. This is because, especially with regulatory compliance, both business and government have to expect large financial and reputational losses if compliance cannot be ensured and demonstrated. One major difficulty of implementing such regulations is caused the fact that they are captured at a high level of abstraction that is business-centric and not IT centric. This means that the abstract intent needs to be translated in a trustworthy, traceable way into compliance and security policies that the IT security infrastructure can enforce. Carrying out this mapping process manually is time consuming, maintenance-intensive, costly, and error-prone. Compliance monitoring is also critical in order to be able to demonstrate compliance at any given point in time. The problem is further complicated because of the need for business-driven IT agility, where IT policies and enforcement can change frequently, e.g. Business Process Modelling (BPM) driven Service Oriented Architecture (SOA). Model Driven Security (MDS) is an innovative technology approach that can solve these problems as an extension of identity and access management (IAM) and authorization management (also called entitlement management). In this paper we will illustrate the theory behind Model Driven Security for compliance, provide an improved and extended architecture, as well as a case study in the healthcare industry using our OpenPMF 2.0 technology.

  4. 17 CFR 229.403 - (Item 403) Security ownership of certain beneficial owners and management.

    Science.gov (United States)

    2010-04-01

    ... of certain beneficial owners and management. 229.403 Section 229.403 Commodity and Securities... Management and Certain Security Holders § 229.403 (Item 403) Security ownership of certain beneficial owners and management. (a) Security ownership of certain beneficial owners. Furnish the following information...

  5. Information security policies and procedures a practitioner's reference

    CERN Document Server

    Peltier, Thomas R

    2004-01-01

    INFORMATION SECURITY POLICIES AND PROCEDURES Introduction Corporate Policies Organizationwide (Tier 1) Policies Organizationwide Policy Document Legal Requirements Duty of Loyalty Duty of Care Other Laws and Regulations Business Requirements Where to Begin? Summary Why Manage This Process as a Project? Introduction First Things First: Identify the Sponsor Defining the Scope of Work Time Management Cost Management Planning for Quality Managing Human Resources Creating a Communications Plan Summary Planning and Preparation Introduction Objectives of Policies, Stand

  6. Security Notice To Federal, State and Local Officials Receiving Access to the Risk Management Program’s Off-site Consequence Analysis Information

    Science.gov (United States)

    Based on the Chemical Safety Information, Site Security and Fuels Regulatory Relief Act (CSISSFRRA), this notice states that while you may share with the public data from OCA sections, it is illegal to disclose/distribute the sections themselves.

  7. Best practices show the way to information security maturity

    CSIR Research Space (South Africa)

    Lessing, MM

    2008-09-01

    Full Text Available A Security Maturity Model (SMM) provides an organisation with a distinct Information Security framework. Organisations that conform to these models are likely to pursue satisfactory Information Security. Additionally, the use of Security Maturity...

  8. Teaching Information Security Students to "Think thief"

    NARCIS (Netherlands)

    Hartel, Pieter H.; Junger, Marianne

    2012-01-01

    We report on an educational experiment where information security master students were encouraged to think out of the box. Instead of taking the usual point of view of the security engineer we challenged the students to take the point of view of the motivated offender. We report on the exciting

  9. 5 CFR 930.301 - Information systems security awareness training program.

    Science.gov (United States)

    2010-01-01

    ... 5 Administrative Personnel 2 2010-01-01 2010-01-01 false Information systems security awareness... (MISCELLANEOUS) Information Security Responsibilities for Employees who Manage or Use Federal Information Systems § 930.301 Information systems security awareness training program. Each Executive Agency must develop a...

  10. Enabling Dynamic Security Management of Networked Systems via Device-Embedded Security (Self-Securing Devices)

    National Research Council Canada - National Science Library

    Ganger, Gregory R

    2007-01-01

    This report summarizes the results of the work on the AFOSR's Critical Infrastructure Protection Program project, entitled Enabling Dynamic Security Management of Networked Systems via Device-Embedded Security...

  11. Information Security of Apple Pay

    OpenAIRE

    Chen, Xinru

    2016-01-01

    In the era of high-tech, the mode of payment is no longer just use cash or credit card. There are various payments come to our daily life. Online payment and other kinds of electronic payments are wildly in use by people. Apple Pay is a tool that provides easier and safer payment service for consumer. The main objective of this thesis is to understand deeply and analyze how easy and convenient Apple Pay is to use and why it is known as most secure form of payment. Besides that, there is a ...

  12. Securing military information systems on public infrastructure

    CSIR Research Space (South Africa)

    Botha, P

    2015-03-01

    Full Text Available to set up in time for scenarios which require real time information. This may force communications to utilise public infrastructure. Securing communications for military mobile and Web based systems over public networks poses a greater challenge compared...

  13. Biometric Feature Script for Information Security

    Directory of Open Access Journals (Sweden)

    N. E. Gunko

    2010-03-01

    Full Text Available Special studies related to the development of rules for making decisions on the psychological characteristics of the offender in his manuscript handwriting with the goal of ensuring information security.

  14. Information and technology: Improving food security in Uganda ...

    International Development Research Centre (IDRC) Digital Library (Canada)

    2014-06-23

    Jun 23, 2014 ... Information and technology: Improving food security in Uganda ... knowledge to make decisions about planting, harvesting, and managing livestock, but ... to be effective for minimizing risks and increasing agricultural productivity. ... In time, this network of information – made possible by digital technology ...

  15. Algorithms, architectures and information systems security

    CERN Document Server

    Sur-Kolay, Susmita; Nandy, Subhas C; Bagchi, Aditya

    2008-01-01

    This volume contains articles written by leading researchers in the fields of algorithms, architectures, and information systems security. The first five chapters address several challenging geometric problems and related algorithms. These topics have major applications in pattern recognition, image analysis, digital geometry, surface reconstruction, computer vision and in robotics. The next five chapters focus on various optimization issues in VLSI design and test architectures, and in wireless networks. The last six chapters comprise scholarly articles on information systems security coverin

  16. INFORMATION SECURITY IN MOBILE MODULAR MEASURING SYSTEMS

    Directory of Open Access Journals (Sweden)

    A. N. Tkhishev

    2017-01-01

    Full Text Available A special aspect of aircraft test is carrying out both flight evaluation and ground operation evaluation in a structure of flying aids and special tools equipment. The specific of flight and sea tests involve metering in offshore zone, which excludes the possibility of fixed geodetically related measuring tools. In this regard, the specific role is acquired by shipbased measurement systems, in particular the mobile modular measuring systems. Information processed in the mobile modular measurement systems is a critical resource having a high level of confidentiality. When carrying out their functions, it should be implemented a proper information control of the mobile modular measurement systems to ensure their protection from the risk of data leakage, modification or loss, i.e. to ensure a certain level of information security. Due to the specific of their application it is difficult to solve the problems of information security in such complexes. The intruder model, the threat model, the security requirements generated for fixed informatization objects are not applicable to mobile systems. It was concluded that the advanced mobile modular measuring systems designed for flight experiments monitoring and control should be created due to necessary information protection measures and means. The article contains a diagram of security requirements formation, starting with the data envelopment analysis and ending with the practical implementation. The information security probabilistic model applied to mobile modular measurement systems is developed. The list of current security threats based on the environment and specific of the mobile measurement system functioning is examined. The probabilistic model of the information security evaluation is given. The problems of vulnerabilities transformation of designed information system into the security targets with the subsequent formation of the functional and trust requirements list are examined.

  17. Information security value in e-entrepreneurship

    OpenAIRE

    Nunes, Sérgio

    2012-01-01

    This paper researches the information security value in e-entrepreneurship by revising the literature that establishes the entrepreneurial domain and by relating it with the development of technological resources that create value for the customer in an online business. It details multiple paradigms regarding consumer’s values of information security, while relating them with common practices and previous researches in technological entrepreneurship. This research presents and discusses the b...

  18. Encyclopedia of Information Ethics and Security

    OpenAIRE

    Reviewed by Yavuz AKBULUT

    2008-01-01

    233Rapid developments in information andcommunication technologies have created newsecurity threats along with ethical dilemmas. Thesedevelopments have been so fast that appropriatesecurity precautions and ethical codes fail to keeppace with the technological developments. In thisrespect, education of both professionals andordinary citizens regarding information technologyethics carries utmost importance. Encyclopedia ofInformation Ethics and Security serves as anauthentic and comprehensive r...

  19. A Comparative Analysis of University Information Systems within the Scope of the Information Security Risks

    Directory of Open Access Journals (Sweden)

    Rustu Yilmaz

    2016-05-01

    Full Text Available Universities are the leading institutions that are the sources of educated human population who both produce information and ensure to develop new products and new services by using information effectively, and who are needed in every area. Therefore, universities are expected to be institutions where information and information management are used efficiently. In the present study, the topics such as infrastructure, operation, application, information, policy and human-based information security at universities were examined within the scope of the information security standards which are highly required and intended to be available at each university today, and then a comparative analysis was conducted specific to Turkey. Within the present study, the Microsoft Security Assessment Tool developed by Microsoft was used as the risk analysis tool. The analyses aim to enable the universities to compare their information systems with the information systems of other universities within the scope of the information security awareness, and to make suggestions in this regard.

  20. MOBILE DEVICES AND EFFECTIVE INFORMATION SECURITY

    Directory of Open Access Journals (Sweden)

    Igor Bernik

    2013-05-01

    Full Text Available Rapidly increasing numbers of sophisticated mobile devices (smart phones, tab computers, etc. all over the world mean that ensuring information security will only become a more pronounced problem for individuals and organizations. It’s important to effectively protect data stored on or accessed by mobile devices, and also during transmission of data between devices and between device and information system. Technological and other trends show, that the cyber threats are also rapidly developing and spreading. It's crucial to educate users about safe usage and to increase their awareness of security issues. Ideally, users should keep-up with technological trends and be well equipped with knowledge otherwise mobile technology will significantly increase security risks. Most important is that we start educating youth so that our next generations of employees will be part of a culture of data and information security awareness.

  1. Homeland Security. Management Challenges Facing Federal Leadership

    Science.gov (United States)

    2002-12-01

    Security Management Challenges Facing Federal Leadership 5a. CONTRACT NUMBER 5b. GRANT NUMBER 5c. PROGRAM ELEMENT NUMBER 6. AUTHOR(S) 5d. PROJECT...including attention to management practices and key success factors. HOMELAND SECURITY Management Challenges Facing Federal Leadership www.gao.gov/cgi...significant management and coordination challenges if it is to provide this leadership and be successful in preventing and responding to any future

  2. Special Reports; Homeland Security and Information Management; The Development of Electronic Government in the United States: The Federal Policy Experience; Digital Rights Management: Why Libraries Should Be Major Players; The Current State and Future Promise of Portal Applications; Recruitment and Retention: A Professional Concern.

    Science.gov (United States)

    Relyea, Harold C.; Halchin, L. Elaine; Hogue, Henry B.; Agnew, Grace; Martin, Mairead; Schottlaender, Brian E. C.; Jackson, Mary E.

    2003-01-01

    Theses five reports address five special issues: the effects of the September 11 attacks on information management, including homeland security, Web site information removal, scientific and technical information, and privacy concerns; federal policy for electronic government information; digital rights management and libraries; library Web portal…

  3. Protection of National Security Information

    National Research Council Canada - National Science Library

    Elsea, Jennifer K

    2006-01-01

    Recent cases involving alleged disclosures of classified information to the news media or others who are not entitled to receive it have renewed Congress s interest with regard to the possible need...

  4. 78 FR 48037 - Facility Security Clearance and Safeguarding of National Security Information and Restricted Data

    Science.gov (United States)

    2013-08-07

    ... Clearance and Safeguarding of National Security Information and Restricted Data AGENCY: Nuclear Regulatory... the objectives of Executive Order 13526, Classified National Security Information. The rule allows... signed Executive Order 13526, Classified National Security Information, which was published in the...

  5. 76 FR 40296 - Declassification of National Security Information

    Science.gov (United States)

    2011-07-08

    ... Declassification of National Security Information AGENCY: National Archives and Records Administration. ACTION... classified national security information in records transferred to NARA's legal custody. The rule incorporates changes resulting from issuance of Executive Order 13526, Classified National Security Information...

  6. Information Systems Security Job Advertisement Analysis: Skills Review and Implications for Information Systems Curriculum

    Science.gov (United States)

    Brooks, Nita G.; Greer, Timothy H.; Morris, Steven A.

    2018-01-01

    The authors' focus was the assessment of skill requirements for information systems security positions to understand expectations for security jobs and to highlight issues relevant to curriculum management. The analysis of 798 job advertisements involved the exploration of domain-related and soft skills as well as degree and certification…

  7. [Application of classified protection of information security in the information system of air pollution and health impact monitoring].

    Science.gov (United States)

    Hao, Shuxin; Lü, Yiran; Liu, Jie; Liu, Yue; Xu, Dongqun

    2018-01-01

    To study the application of classified protection of information security in the information system of air pollution and health impact monitoring, so as to solve the possible safety risk of the information system. According to the relevant national standards and requirements for the information system security classified protection, and the professional characteristics of the information system, to design and implement the security architecture of information system, also to determine the protection level of information system. Basic security measures for the information system were developed in the technical safety and management safety aspects according to the protection levels, which effectively prevented the security risk of the information system. The information system established relatively complete information security protection measures, to enhanced the security of professional information and system service, and to ensure the safety of air pollution and health impact monitoring project carried out smoothly.

  8. The economics of information security and privacy

    CERN Document Server

    Böhme, Rainer

    2013-01-01

    In the late 1990s, researchers began to grasp that the roots of many information security failures can be better explained with the language of economics than by pointing to instances of technical flaws. This led to a thriving new interdisciplinary research field combining economic and engineering insights, measurement approaches and methodologies to ask fundamental questions concerning the viability of a free and open information society. While economics and information security comprise the nucleus of an academic movement that quickly drew the attention of thinktanks, industry, and governmen

  9. INFORMATION SECURITY RISK ASSESSMENT USING EXISTING LEGAL AND METHODOLOGICAL BASE

    Directory of Open Access Journals (Sweden)

    A. I. Trubei

    2015-01-01

    Full Text Available The article provides a survey of the existing regulatory framework for information security riskmanagement. Practical methods for information security risk and vulnerability assessment are proposed.

  10. Information security improving blocklist driven firewall implementation

    OpenAIRE

    Kylmänen, J. (Juha)

    2013-01-01

    Abstract The Internet has become a commodity and with it information security and privacy issues have appeared. Common threats against the end users include malware and phishing. Phishing is a social engineering technique used to mimic legit banking or social networking websites in an attempt to gain sensitive information from the user and malware is software with malicious intent. ...

  11. Speeding decisions. Social security's information exchange program.

    Science.gov (United States)

    Winter, Kitt; Hastings, Bob

    2011-05-01

    The Social Security Administration has plenty of reasons to streamline its records request process-more than 15 million reasons each year, in fact. That's why it has been pioneering information exchange projects with the private sector, including use of the Nationwide Health Information Network.

  12. A Stochastic Model for Improving Information Security in Supply Chain Systems

    OpenAIRE

    Ibrahim Al Kattan; Ahmed Al Nunu; Kassem Saleh

    2009-01-01

    This article presents a probabilistic security model for supply chain management systems (SCM) in which the basic goals of security (including confidentiality, integrity, availability and accountability, CIAA) are modeled and analyzed. Consequently, the weak points in system security are identified. A stochastic model using measurable values to describe the information system security of a SCM is introduced. Information security is a crucial and integral part of the network of supply chains. ...

  13. THE INFORMATION CONFIDENTIALITY AND CYBER SECURITY IN MEDICAL INSTITUTIONS

    Directory of Open Access Journals (Sweden)

    SABAU-POPA CLAUDIA DIANA

    2015-07-01

    Full Text Available The information confidentiality and cyber security risk affects the right to confidentiality and privacy of the patient, as regulated in Romania by the Law 46/2002. The manifestation of the cyber security risk event affects the reputation of the healthcare institution and is becoming more and more complex and often due to the: development of network technology, the medical equipment connected to wifi and the electronic databases. The databases containing medical records were implemented due to automation. Thus, transforming data into medical knowledge contribute to a better understanding of the disease. Due to these factors, the measures taken by the hospital management for this type of risk are adapted to the cyber changes. The hospital objectives aim: the implementation of a robust information system, the early threats identifications and the incident reporting. Neglecting this type of risk can generate financial loss, inability to continue providing health care services for a certain period of time, providing an erroneous diagnosis, medical equipment errors etc. Thus, in a digital age the appropriate risk management for the information security and cyber risk represent a necessity. The main concern of hospitals worldwide is to align with international requirements and obtain credentials in terms of data security from the International Organisation for Standardization, which regulates the management of this type of risk. Romania is at the beginning in terms of concerns regarding the management, avoidance and mitigation of information security, the health system being most highly exposed to its manifestation. The present paper examines the concerns of the health system to the confidentiality of information and cyber security risk and its management arrangements. Thus, a set of key risk indicators is implemented and monitored for 2011-2013, using a user interface, a Dashboard, which acts as an early warning system of the manifestation of the

  14. Academic Training Lecture Regular Programme: Computer Security - Introduction to information and computer security (1/4)

    CERN Multimedia

    2012-01-01

    Computer Security: Introduction to information and computer security (1/4), by Sebastian Lopienski (CERN).   Monday, 21 May, 2012 from 11:00 to 12:00 (Europe/Zurich) at CERN ( 31-3-004 - IT Auditorium ) Sebastian Lopienski is CERN's Deputy Computer Security Officer. He works on security strategy and policies; offers internal consultancy and audit services; develops and maintains security tools for vulnerability assessment and intrusion detection; provides training and awareness raising; and does incident investigation and response. During his work at CERN since 2001, Sebastian has had various assignments, including designing and developing software to manage and support services hosted in the CERN Computer Centre; providing Central CVS Service for software projects at CERN; and development of applications for accelerator controls in Java. He graduated from the University of Warsaw (MSc in Computer Science) in 2002, and earned an MBA degree at the Enterprise Administration Institute in Ai...

  15. 78 FR 35295 - Agency Information Collection Activities: Department of Homeland Security (DHS) Cybersecurity...

    Science.gov (United States)

    2013-06-12

    ... cybersecurity awareness, education, talent management, and professional development and training. NICCS Portal... Education Office, will submit the following Information Collection Request (ICR) to the Office of Management... contemplated: Federal Information Security Management Act of 2002 (FISMA), 44 U.S.C. 3546; Homeland Security...

  16. Management of information organizations

    CERN Document Server

    Afzal, Waseem

    2012-01-01

    This book is a significant step towards developing a body of management knowledge pertinent to the context of Library Information Science (LIS) and provides a succinct but deep account of management and information organizations. Management of Information Organizations presents a broad view of the information organizations and the nature of management in these organizations, and how information professionals are affected by such management systems. The book equips the reader with the knowledge that will enable them to develop a strong intellectual foundation relating to management and its mani

  17. Secure IP mobility management for VANET

    CERN Document Server

    Taha, Sanaa

    2013-01-01

    This brief presents the challenges and solutions for VANETs' security and privacy problems occurring in mobility management protocols including Mobile IPv6 (MIPv6), Proxy MIPv6 (PMIPv6), and Network Mobility (NEMO). The authors give an overview of the concept of the vehicular IP-address configurations as the prerequisite step to achieve mobility management for VANETs, and review the current security and privacy schemes applied in the three mobility management protocols. Throughout the brief, the authors propose new schemes and protocols to increase the security of IP addresses within VANETs in

  18. Information Technology Management

    OpenAIRE

    Patru Catalin; Petrache Alina

    2011-01-01

    Most of the Information technology management programs are designed to educate and develop managers who can effectively manage the planning, design, selection, implementation, use, and administration of emerging and converging information and communications technologies. The IT Manager and the Project Manager are not at odds. The Project Manager’s ability to focus knowledge, skills, tools and techniques on the temporary endeavor frees the IT Manager to focus on keeping the wheels of commerce ...

  19. Information security in SCADA systems in nuclear power plants

    International Nuclear Information System (INIS)

    Satyamurty, S.A.V.

    2013-01-01

    Few decades back most of the I and C systems are Hardwired based. With the developments in digital electronics, micro processors and micro controllers, the I and C systems are becoming more and more Computer based. Though it brought convenience to the designer, comfort to the operator in the form of better GUI, it also brought many challenges in the form of information security. The talk covers the typical I and C design using SCADA systems, the challenges, typical problems faced and the need for information security. The talk illustrates various security measures to be implemented in the design, development and testing stages. These security measures have to be taken both in the development environment and deployment environment. Verification and validation of computer based system is very important. Configuration change management is very essential for smooth running of the plant. The talk illustrates the various measures need to be taken. (author)

  20. 78 FR 37244 - Submission for Review: We Need Important Information About Your Eligibility for Social Security...

    Science.gov (United States)

    2013-06-20

    ... Important Information About Your Eligibility for Social Security Disability Benefits, RI 98-7. As required... Personnel Management. Title: We Need Important Information About Your Eligibility for Social Security... OFFICE OF PERSONNEL MANAGEMENT Submission for Review: We Need Important Information About Your...

  1. 12 CFR Appendix B to Part 364 - Interagency Guidelines Establishing Information Security Standards

    Science.gov (United States)

    2010-01-01

    ... Relationships Risk Management Principles,” Nov. 1, 2001; FDIC FIL 68-99, Risk Assessment Tools and Practices for... Customer Information A. Information Security Program B. Objectives III. Development and Implementation of Customer Information Security Program A. Involve the Board of Directors B. Assess Risk C. Manage and...

  2. 12 CFR Appendix B to Part 570 - Interagency Guidelines Establishing Information Security Standards

    Science.gov (United States)

    2010-01-01

    ... Relationships Risk Management Principles,” Nov. 1, 2001; FDIC FIL 68-99, Risk Assessment Tools and Practices for... Customer Information A. Information Security Program B. Objectives III. Development and Implementation of Customer Information Security Program A. Involve the Board of Directors B. Assess Risk C. Manage and...

  3. Information Security in the Age of Cloud Computing

    Science.gov (United States)

    Sims, J. Eric

    2012-01-01

    Information security has been a particularly hot topic since the enhanced internal control requirements of Sarbanes-Oxley (SOX) were introduced in 2002. At about this same time, cloud computing started its explosive growth. Outsourcing of mission-critical functions has always been a gamble for managers, but the advantages of cloud computing are…

  4. An Introduction to Information Security and ISO 27001

    CERN Document Server

    Watkins, Steve G

    2008-01-01

    This new pocket guide will suit both individuals who need an introduction to a topic that they know little about, and also organizations implementing, or considering implementing, some sort of information security management regime, particularly if using ISO/IEC 27001:2005

  5. Information risk management a practitioner's guide

    CERN Document Server

    Sutton, David

    2014-01-01

    Information risk management (IRM) is about identifying, assessing and prioritising risks to keep information secure and available. This accessible book provides practical guidance to the principles and development of a strategic approach to an IRM programme. The only textbook for the BCS Practitioner Certificate in Information Risk Management.

  6. 75 FR 10507 - Information Security Oversight Office; National Industrial Security Program Policy Advisory...

    Science.gov (United States)

    2010-03-08

    ... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office; National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: National Archives and Records... individuals planning to attend must be submitted to the Information Security Oversight Office (ISOO) no later...

  7. 75 FR 45154 - National Security Division; Agency Information Collection Activities:

    Science.gov (United States)

    2010-08-02

    ... DEPARTMENT OF JUSTICE [OMB Number 1124-0003] National Security Division; Agency Information...), National Security Division (NSD), will be submitting the following information collection request to the..., 10th & Constitution Avenue, NW., National Security Division, Counterespionage Section/Registration Unit...

  8. Explore Awareness of Information Security: Insights from Cognitive Neuromechanism.

    Science.gov (United States)

    Han, Dongmei; Dai, Yonghui; Han, Tianlin; Dai, Xingyun

    2015-01-01

    With the rapid development of the internet and information technology, the increasingly diversified portable mobile terminals, online shopping, and social media have facilitated information exchange, social communication, and financial payment for people more and more than ever before. In the meantime, information security and privacy protection have been meeting with new severe challenges. Although we have taken a variety of information security measures in both management and technology, the actual effectiveness depends firstly on people's awareness of information security and the cognition of potential risks. In order to explore the new technology for the objective assessment of people's awareness and cognition on information security, this paper takes the online financial payment as example and conducts an experimental study based on the analysis of electrophysiological signals. Results indicate that left hemisphere and beta rhythms of electroencephalogram (EEG) signal are sensitive to the cognitive degree of risks in the awareness of information security, which may be probably considered as the sign to assess people's cognition of potential risks in online financial payment.

  9. Explore Awareness of Information Security: Insights from Cognitive Neuromechanism

    Directory of Open Access Journals (Sweden)

    Dongmei Han

    2015-01-01

    Full Text Available With the rapid development of the internet and information technology, the increasingly diversified portable mobile terminals, online shopping, and social media have facilitated information exchange, social communication, and financial payment for people more and more than ever before. In the meantime, information security and privacy protection have been meeting with new severe challenges. Although we have taken a variety of information security measures in both management and technology, the actual effectiveness depends firstly on people’s awareness of information security and the cognition of potential risks. In order to explore the new technology for the objective assessment of people’s awareness and cognition on information security, this paper takes the online financial payment as example and conducts an experimental study based on the analysis of electrophysiological signals. Results indicate that left hemisphere and beta rhythms of electroencephalogram (EEG signal are sensitive to the cognitive degree of risks in the awareness of information security, which may be probably considered as the sign to assess people’s cognition of potential risks in online financial payment.

  10. Organizational information assets classification model and security architecture methodology

    Directory of Open Access Journals (Sweden)

    Mostafa Tamtaji

    2015-12-01

    Full Text Available Today's, Organizations are exposed with huge and diversity of information and information assets that are produced in different systems shuch as KMS, financial and accounting systems, official and industrial automation sysytems and so on and protection of these information is necessary. Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released.several benefits of this model cuses that organization has a great trend to implementing Cloud computing. Maintaining and management of information security is the main challenges in developing and accepting of this model. In this paper, at first, according to "design science research methodology" and compatible with "design process at information systems research", a complete categorization of organizational assets, including 355 different types of information assets in 7 groups and 3 level, is presented to managers be able to plan corresponding security controls according to importance of each groups. Then, for directing of organization to architect it’s information security in cloud computing environment, appropriate methodology is presented. Presented cloud computing security architecture , resulted proposed methodology, and presented classification model according to Delphi method and expers comments discussed and verified.

  11. Information security architecture an integrated approach to security in the organization

    CERN Document Server

    Killmeyer, Jan

    2000-01-01

    An information security architecture is made up of several components. Each component in the architecture focuses on establishing acceptable levels of control. These controls are then applied to the operating environment of an organization. Functionally, information security architecture combines technical, practical, and cost-effective solutions to provide an adequate and appropriate level of security.Information Security Architecture: An Integrated Approach to Security in the Organization details the five key components of an information security architecture. It provides C-level executives

  12. A mapping of information security in health Information Systems in Latin America and Brazil.

    Science.gov (United States)

    Pereira, Samáris Ramiro; Fernandes, João Carlos Lopes; Labrada, Luis; Bandiera-Paiva, Paulo

    2013-01-01

    In health, Information Systems are patient records, hospital administration or other, have advantages such as cost, availability and integration. However, for these benefits to be fully met, it is necessary to guarantee the security of information maintained and provided by the systems. The lack of security can lead to serious consequences such as lawsuits and induction to medical errors. The management of information security is complex and is used in various fields of knowledge. Often, it is left in the background for not being the ultimate goal of a computer system, causing huge financial losses to corporations. This paper by systematic review methodologies, presented a mapping in the literature, in order to identify the most relevant aspects that are addressed by security researchers of health information, as to the development of computerized systems. They conclude through the results, some important aspects, for which the managers of computerized health systems should remain alert.

  13. 78 FR 89 - Announcing an Open Meeting of the Information Security and Privacy Advisory Board

    Science.gov (United States)

    2013-01-02

    ... Management and Budget, and the Director of NIST on security and privacy issues pertaining to federal computer... of the Information Security and Privacy Advisory Board AGENCY: National Institute of Standards and Technology, Commerce. ACTION: Notice. SUMMARY: The Information Security and Privacy Advisory Board (ISPAB...

  14. 77 FR 25686 - Announcing an Open Meeting of the Information Security and Privacy Advisory Board

    Science.gov (United States)

    2012-05-01

    ... Director of the Office of Management and Budget, and the Director of NIST on security and privacy issues... of the Information Security and Privacy Advisory Board AGENCY: National Institute of Standards and Technology, Commerce. ACTION: Notice. SUMMARY: The Information Security and Privacy Advisory Board (ISPAB...

  15. 44 CFR 8.3 - Senior FEMA official responsible for the information security program.

    Science.gov (United States)

    2010-10-01

    ... 44 Emergency Management and Assistance 1 2010-10-01 2010-10-01 false Senior FEMA official... Senior FEMA official responsible for the information security program. The Director of the Security Division, has been designated as the senior official to direct and administer the FEMA information security...

  16. Managing domino effect-related security of industrial areas

    NARCIS (Netherlands)

    Reniers, Genserik L L; Dullaert, W.; Audenaert, Amaryllis; Ale, B. J.M.; Soudan, K.

    In chemical enterprises, security managers are interested in easy-to-handle and user-friendly decision-support tools, providing them with straightforward information ready for implementation. Therefore, a theoretical conceptualization on how to manage-in a relatively simple way-the prevention and

  17. Homeland Security. Management Challenges Facing Federal Leadership

    National Research Council Canada - National Science Library

    2002-01-01

    ...) and the Office of Personnel Management (OPM). Additionally, due to the dynamic and evolving nature of the government's homeland security activities, some of our work described in this report has already appeared in congressional testimony...

  18. A Multilevel Secure Workflow Management System

    National Research Council Canada - National Science Library

    Kang, Myong H; Froscher, Judith N; Sheth, Amit P; Kochut, Krys J; Miller, John A

    1999-01-01

    The Department of Defense (DoD) needs multilevel secure (MLS) workflow management systems to enable globally distributed users and applications to cooperate across classification levels to achieve mission critical goals...

  19. 76 FR 78009 - Information Collection; Implementation of Information Technology Security Provision

    Science.gov (United States)

    2011-12-15

    ...] Information Collection; Implementation of Information Technology Security Provision AGENCY: General Services... collection requirement regarding Implementation of Information Technology Security Provision. Public comments... Information Collection 3090- 0294, Implementation of Information Technology Security Provision, by any of the...

  20. Director, Information Management and Technology Division (IMTD ...

    International Development Research Centre (IDRC) Digital Library (Canada)

    ... business platform for achieving the Centre's strategic and operational goals, ... Security and Records, of Information Management and Application Solutions, ... Sees that IDRC policies, especially with respect to procurement, are followed in ...

  1. 12 CFR 605.501 - Information Security Officer.

    Science.gov (United States)

    2010-01-01

    ... 12 Banks and Banking 6 2010-01-01 2010-01-01 false Information Security Officer. 605.501 Section... Information Security Officer. (a) The Information Security Officer of the Farm Credit Administration shall be responsible for implementation and oversight of the information security program and procedures adopted by the...

  2. 32 CFR 2700.51 - Information Security Oversight Committee.

    Science.gov (United States)

    2010-07-01

    ... 32 National Defense 6 2010-07-01 2010-07-01 false Information Security Oversight Committee. 2700... MICRONESIAN STATUS NEGOTIATIONS SECURITY INFORMATION REGULATIONS Implementation and Review § 2700.51 Information Security Oversight Committee. The OMSN Information Security Oversight Committee shall be chaired...

  3. 14 CFR 1203.201 - Information security objectives.

    Science.gov (United States)

    2010-01-01

    ... 14 Aeronautics and Space 5 2010-01-01 2010-01-01 false Information security objectives. 1203.201 Section 1203.201 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION INFORMATION SECURITY PROGRAM NASA Information Security Program § 1203.201 Information security objectives. The objectives of...

  4. The Johnson Space Center Management Information Systems (JSCMIS). 1: Requirements Definition and Design Specifications for Versions 2.1 and 2.1.1. 2: Documented Test Scenario Environments. 3: Security Design and Specifications

    Science.gov (United States)

    1986-01-01

    The Johnson Space Center Management Information System (JSCMIS) is an interface to computer data bases at NASA Johnson which allows an authorized user to browse and retrieve information from a variety of sources with minimum effort. This issue gives requirements definition and design specifications for versions 2.1 and 2.1.1, along with documented test scenario environments, and security object design and specifications.

  5. 49 CFR 1548.19 - Security Directives and Information Circulars.

    Science.gov (United States)

    2010-10-01

    ... CARRIER SECURITY § 1548.19 Security Directives and Information Circulars. (a) TSA may issue an Information... aviation, TSA issues a Security Directive setting forth mandatory measures. (1) Each indirect air carrier... Security Directive that TSA issues to it, within the time prescribed in the Security Directive for...

  6. Secure Refactoring with Java Information Flow

    DEFF Research Database (Denmark)

    Helke, Steffen; Kammüunietd kller, Florian; Probst, Christian W.

    2016-01-01

    Refactoring means that a program is changed without changing its behaviour from an observer's point of view. Does the change of behaviour also imply that the security of the program is not affected by the changes? Using Myers and Liskov's distributed information flow control model DLM and its Java...

  7. Staffing Policy for Solving the Information Security

    Directory of Open Access Journals (Sweden)

    A. I. Tolstoy

    2012-06-01

    Full Text Available Determining staffing policy implementation of information security tasks is given. The basic requirements that must be taken into account when developing policies are defined. The policy framework is determined and recommendations for the design of such policies are formulated. Requirements for the implementation of the policy are defined.

  8. Data Security Using Cryptographic Approach | Okoro | Information ...

    African Journals Online (AJOL)

    The need for data security in Information and Communications Technology (ICT) can not be overemphasized. In this paper, the use of symmetric and asymmetric key cryptographies to clearly achieve the required protection by means of prime number system and modular multiplicative inverse has been highlighted and ...

  9. Mobile Customer Relationship Management and Mobile Security

    Science.gov (United States)

    Sanayei, Ali; Mirzaei, Abas

    The purpose of this study is twofold. First, in order to guarantee a coherent discussion about mobile customer relationship management (mCRM), this paper presents a conceptualization of mCRM delineating its unique characteristics because of Among the variety of mobile services, considerable attention has been devoted to mobile marketing and in particular to mobile customer relationship management services. Second, the authors discusses the security risks in mobile computing in different level(user, mobile device, wireless network,...) and finally we focus on enterprise mobile security and it's subgroups with a series of suggestion and solution for improve mobile computing security.

  10. Securing the smart grid information exchange

    Energy Technology Data Exchange (ETDEWEB)

    Fries, Steffen; Falk, Rainer [Siemens AG, Corporate Technology, Muenchen (Germany)

    2012-07-01

    The smart grid is based on information exchange between various stakeholders using open communication technologies, to control the physical electric grid through the information grid. Protection against cyber attacks is essential to ensure a reliable operation of the smart grid. This challenge is addressed by various regulatory, standardization, and research activities. After giving an overview of the security demand of a smart grid, existing and appearing standardization activities are described. (orig.)

  11. Secure information transfer based on computing reservoir

    Energy Technology Data Exchange (ETDEWEB)

    Szmoski, R.M.; Ferrari, F.A.S. [Department of Physics, Universidade Estadual de Ponta Grossa, 84030-900, Ponta Grossa (Brazil); Pinto, S.E. de S, E-mail: desouzapinto@pq.cnpq.br [Department of Physics, Universidade Estadual de Ponta Grossa, 84030-900, Ponta Grossa (Brazil); Baptista, M.S. [Institute for Complex Systems and Mathematical Biology, SUPA, University of Aberdeen, Aberdeen (United Kingdom); Viana, R.L. [Department of Physics, Universidade Federal do Parana, 81531-990, Curitiba, Parana (Brazil)

    2013-04-01

    There is a broad area of research to ensure that information is transmitted securely. Within this scope, chaos-based cryptography takes a prominent role due to its nonlinear properties. Using these properties, we propose a secure mechanism for transmitting data that relies on chaotic networks. We use a nonlinear on–off device to cipher the message, and the transfer entropy to retrieve it. We analyze the system capability for sending messages, and we obtain expressions for the operating time. We demonstrate the system efficiency for a wide range of parameters. We find similarities between our method and the reservoir computing.

  12. Information security policy development for compliance

    CERN Document Server

    Williams, Barry L

    2013-01-01

    Although compliance standards can be helpful guides to writing comprehensive security policies, many of the standards state the same requirements in slightly different ways. Information Security Policy Development for Compliance: ISO/IEC 27001, NIST SP 800-53, HIPAA Standard, PCI DSS V2.0, and AUP V5.0 provides a simplified way to write policies that meet the major regulatory requirements, without having to manually look up each and every control. Explaining how to write policy statements that address multiple compliance standards and regulatory requirements, the book will he

  13. Relationship between stakeholders' information value perception and information security behaviour

    Science.gov (United States)

    Tajuddin, Sharul; Olphert, Wendy; Doherty, Neil

    2015-02-01

    The study, reported in this paper, aims to explore the relationship between the stakeholders' perceptions about the value of information and their resultant information security behaviours. Moreover, this study seeks to explore the role of national and organisational culture in facilitating information value assignment. Information Security is a concept that formed from the recognition that information is valuable and that there is a need to protect it. The ISO 27002 defines information as an asset, which, like other important business assets, is essential to an organisation's business and consequently needs to be appropriately protected. By definition, an asset has a value to the organisation hence it requires protection. Information protection is typically accomplished through the implementation of countermeasures against the threats and vulnerabilities of information security, for example, implementation of technological processes and mechanisms such as firewall and authorization and authentication systems, set-up of deterrence procedures such as password control and enforcement of organisational policy on information handling procedures. However, evidence routinely shows that despite such measures, information security breaches and incidents are on the rise. These breaches lead to loss of information, personal records, or other data, with consequent implications for the value of the information asset. A number of studies have suggested that such problems are not related primarily to technology problems or procedural deficiencies, but rather to stakeholders' poor compliance with the security measures that are in place. Research indicates that compliance behaviour is affected by many variables including perceived costs and benefits, national and organisational culture and norms. However, there has been little research to understand the concept of information value from the perspective of those who interact with the data, and the consequences for information

  14. Additional Security Considerations for Grid Management

    Science.gov (United States)

    Eidson, Thomas M.

    2003-01-01

    The use of Grid computing environments is growing in popularity. A Grid computing environment is primarily a wide area network that encompasses multiple local area networks, where some of the local area networks are managed by different organizations. A Grid computing environment also includes common interfaces for distributed computing software so that the heterogeneous set of machines that make up the Grid can be used more easily. The other key feature of a Grid is that the distributed computing software includes appropriate security technology. The focus of most Grid software is on the security involved with application execution, file transfers, and other remote computing procedures. However, there are other important security issues related to the management of a Grid and the users who use that Grid. This note discusses these additional security issues and makes several suggestions as how they can be managed.

  15. Information Management: Business Vulnerabilities

    International Nuclear Information System (INIS)

    Gmach, R.; Stefko, H.

    2015-01-01

    Sophisticated cybercrimes and advanced persistent threats are occurring at an alarming rate. Aided by new attack techniques, increased financial support and the ease of exploiting social connections, attackers are having more success than ever before. Traditional security solutions are no longer sufficient to defend against these escalating threats. IBM® Security QRadar® uses big data capabilities to help keep pace with advanced threats and prevent attacks before they happen. It helps uncover hidden relationships within massive amounts of security data, using proven analytics to reduce billions of security events to a manageable set of prioritized incidents. Forward-leaning organizations are exploring custom analytics that use additional big data technologies on a variety of unstructured data sources including email, social media feeds, business transactions and full network packet payloads. To meet this demand, IBM is integrating industry-leading security intelligence capabilities with the world-class analytics capabilities of IBM InfoSphere® BigInsights TM and related big data software and services. The combination offers a comprehensive solution — a security intelligence platform designed to detect and prioritize threats in real time, together with a mature Hadoop-based solution for custom data mining and analytics. (author)

  16. A Quantitative Study on the Relationship of Information Security Policy Awareness, Enforcement, and Maintenance to Information Security Program Effectiveness

    Science.gov (United States)

    Francois, Michael T.

    2016-01-01

    Today's organizations rely heavily on information technology to conduct their daily activities. Therefore, their information security systems are an area of heightened security concern. As a result, organizations implement information security programs to address and mitigate that concern. However, even with the emphasis on information security,…

  17. Computer Security: Introduction to information and computer security (1/4)

    CERN Multimedia

    CERN. Geneva

    2012-01-01

    Sebastian Lopienski is CERN's Deputy Computer Security Officer. He works on security strategy and policies; offers internal consultancy and audit services; develops and maintains security tools for vulnerability assessment and intrusion detection; provides training and awareness raising; and does incident investigation and response. During his work at CERN since 2001, Sebastian has had various assignments, including designing and developing software to manage and support services hosted in the CERN Computer Centre; providing Central CVS Service for software projects at CERN; and development of applications for accelerator controls in Java. He graduated from the University of Warsaw (MSc in Computer Science) in 2002, and earned an MBA degree at the Enterprise Administration Institute in Aix-en-Provence and Haute Ecole de Gestion in Geneva in 2010. His professional interests include software and network security, distributed systems, and Web and mobile technologies. With the prevalence of modern information te...

  18. Information Manager (The)

    African Journals Online (AJOL)

    The Information Manager is an Interdisciplinary Journal which provides a forum for the ... It serves as a forum for new research in information dissemination and communication processes in general, The basic focus of Information manager are: i. to ... Influence of Mac Arthur Journal Donation Project on Serial Resources of ...

  19. Information Security Risks on a University Campus

    Directory of Open Access Journals (Sweden)

    Amer A. Al-Rawas

    2002-06-01

    Full Text Available This paper is concerned with issues relating to security in the provision of information systems (IS services within a campus environment. It is based on experiences with a specific known environment; namely Sultan Qaboos University. In considering the risks and challenges that face us in the provision of IS services we need to consider a number of interwoven subject areas.  These are: the importance of information to campus communities, the types of information utilised, and the risk factors that relate to the provision of IS services. Based on our discussion of the risk factors identified within this paper, we make a number of recommendations for improving security within any environment that wishes to take the matter seriously. These recommendations are classified into three main groups: general, which are applicable to the entire institution; social, aimed at the work attitudes of staff and students; and technical, addressing the skills and technologies required.

  20. Informational system. Documents management

    Directory of Open Access Journals (Sweden)

    Vladut Iacob

    2009-12-01

    Full Text Available Productivity growing, as well as reducing of operational costs in a company can be achieved by adopting a document management solutions. Such application will allow management and structured and efficient transmission of information within the organization.

  1. Audit Information Management System

    Data.gov (United States)

    US Agency for International Development — USAID/OIG has initiated its new Audit Information Management System (AIMS) to track OIG's audit recommendations and USAID's management decisions. OIG's in-house...

  2. 78 FR 48076 - Facility Security Clearance and Safeguarding of National Security Information and Restricted Data

    Science.gov (United States)

    2013-08-07

    ...-2011-0268] RIN 3150-AJ07 Facility Security Clearance and Safeguarding of National Security Information..., Classified National Security Information. The rule would allow licensees flexibility in determining the means... licensee security education and training programs and enhances the protection of classified information...

  3. 32 CFR 2103.51 - Information Security Oversight Committee.

    Science.gov (United States)

    2010-07-01

    ... 32 National Defense 6 2010-07-01 2010-07-01 false Information Security Oversight Committee. 2103... BE DECLASSIFIED Implementation and Review § 2103.51 Information Security Oversight Committee. The NCS Information Security Oversight Committee shall be chaired by the Staff Counsel of the National Security...

  4. 78 FR 7797 - Homeland Security Information Network Advisory Committee (HSINAC)

    Science.gov (United States)

    2013-02-04

    ... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2013-0005] Homeland Security Information Network... Committee Meeting. SUMMARY: The Homeland Security Information Network Advisory Committee (HSIN AC) will meet... received by the (Homeland Security Information Network Advisory Committee), go to http://www.regulations...

  5. 76 FR 67750 - Homeland Security Information Network Advisory Committee

    Science.gov (United States)

    2011-11-02

    ... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2011-0107] Homeland Security Information Network... Information Network Advisory Committee. SUMMARY: The Secretary of Homeland Security has determined that the renewal of the Homeland Security Information Network Advisory Committee (HSINAC) is necessary and in the...

  6. Management Information Systems Research.

    Science.gov (United States)

    Research on management information systems is illusive in many respects. Part of the basic research problem in MIS stems from the absence of standard...decision making. But the transition from these results to the realization of ’satisfactory’ management information systems remains difficult indeed. The...paper discusses several aspects of research on management information systems and reviews a selection of efforts that appear significant for future progress. (Author)

  7. IT Security Management Implementation Model in Iranian Bank Industry

    Directory of Open Access Journals (Sweden)

    Mona Vanaki

    2017-06-01

    Full Text Available According to the complexity and differences between Iranian banks and other developed countries the appropriate actions to implement effective security management of information technology have not been taken. The aim of this study was to create a powerful model by selecting the appropriate security controls to protect information assets in the bank. In this model, at first the principle set fort in ISO standard 27001, was extracted and then by further studies derived from best practices carried out in the world on the related subject from 2008 to 2016 using a qualitative descriptive method, points comply with information security management in the banking industry were added to it. With the study of Iranian banks in dealing with IT security management system and with help of action research tools, provisions which prevent the actual implementation of this standard was removed and finally a conceptual model with operating instructions and considering all the principles of information security management standard, as well as banking institutions focusing on the characteristics of Iran was proposed.

  8. A cooperative model for IS security risk management in distributed environment.

    Science.gov (United States)

    Feng, Nan; Zheng, Chundong

    2014-01-01

    Given the increasing cooperation between organizations, the flexible exchange of security information across the allied organizations is critical to effectively manage information systems (IS) security in a distributed environment. In this paper, we develop a cooperative model for IS security risk management in a distributed environment. In the proposed model, the exchange of security information among the interconnected IS under distributed environment is supported by Bayesian networks (BNs). In addition, for an organization's IS, a BN is utilized to represent its security environment and dynamically predict its security risk level, by which the security manager can select an optimal action to safeguard the firm's information resources. The actual case studied illustrates the cooperative model presented in this paper and how it can be exploited to manage the distributed IS security risk effectively.

  9. Common Criteria for Information Technology Security Evaluation: Department of Defense Public Key Infrastructure and Key Management Infrastructure Token Protection Profile (Medium Robustness)

    Science.gov (United States)

    2002-03-22

    may be derived from detailed inspection of the IC itself or from illicit appropriation of design information. Counterfeit smart cards can be mass...Infrastructure (PKI) as the Internet to securely and privately exchange data and money through the use of a public and a private cryptographic key pair...interference devices (SQDIS), electrical testing, and electron beam testing. • Other attacks, such as UV or X-rays or high temperatures, could cause erasure

  10. Processing multilevel secure test and evaluation information

    Science.gov (United States)

    Hurlburt, George; Hildreth, Bradley; Acevedo, Teresa

    1994-07-01

    The Test and Evaluation Community Network (TECNET) is building a Multilevel Secure (MLS) system. This system features simultaneous access to classified and unclassified information and easy access through widely available communications channels. It provides the necessary separation of classification levels, assured through the use of trusted system design techniques, security assessments and evaluations. This system enables cleared T&E users to view and manipulate classified and unclassified information resources either using a single terminal interface or multiple windows in a graphical user interface. TECNET is in direct partnership with the National Security Agency (NSA) to develop and field the MLS TECNET capability in the near term. The centerpiece of this partnership is a state-of-the-art Concurrent Systems Security Engineering (CSSE) process. In developing the MLS TECNET capability, TECNET and NSA are providing members, with various expertise and diverse backgrounds, to participate in the CSSE process. The CSSE process is founded on the concepts of both Systems Engineering and Concurrent Engineering. Systems Engineering is an interdisciplinary approach to evolve and verify an integrated and life cycle balanced set of system product and process solutions that satisfy customer needs (ASD/ENS-MIL STD 499B 1992). Concurrent Engineering is design and development using the simultaneous, applied talents of a diverse group of people with the appropriate skills. Harnessing diverse talents to support CSSE requires active participation by team members in an environment that both respects and encourages diversity.

  11. Integrating Security Risk Management into Business Process Management for the Cloud

    OpenAIRE

    Goettelmann , Elio; Mayer , Nicolas; Godart , Claude

    2014-01-01

    International audience; Security issues are still preventing wider adoption of cloud computing, especially for businesses which are handling sensitive information. Indeed, by outsourcing its information system (IS), a company can lose control over its infrastructure, its software or even its data. Therefore, new methods and tools need to be defined to respond to this challenge. In this paper we propose to integrate Security Risk Management approaches into Business Process Management to effect...

  12. Report: Information Security Series: Security Practices Safe Drinking Water Information System

    Science.gov (United States)

    Report #2006-P-00021, March 30, 2006. We found that the Office of Water (OW) substantially complied with many of the information security controls reviewed and had implemented practices to ensure production servers are monitored.

  13. Information Security – Guidance for Manually Completing the Information Security Awareness Training

    Science.gov (United States)

    The purpose of this guidance is to provide an alternative manual process for disseminating EPA Information Security Awareness Training (ISAT) materials and collecting results from EPA users who elect to complete the ISAT manually.

  14. A secure file manager for UNIX

    Energy Technology Data Exchange (ETDEWEB)

    DeVries, R.G.

    1990-12-31

    The development of a secure file management system for a UNIX-based computer facility with supercomputers and workstations is described. Specifically, UNIX in its usual form does not address: (1) Operation which would satisfy rigorous security requirements. (2) Online space management in an environment where total data demands would be many times the actual online capacity. (3) Making the file management system part of a computer network in which users of any computer in the local network could retrieve data generated on any other computer in the network. The characteristics of UNIX can be exploited to develop a portable, secure file manager which would operate on computer systems ranging from workstations to supercomputers. Implementation considerations making unusual use of UNIX features, rather than requiring extensive internal system changes, are described, and implementation using the Cray Research Inc. UNICOS operating system is outlined.

  15. 39 CFR 267.4 - Information security standards.

    Science.gov (United States)

    2010-07-01

    ... 39 Postal Service 1 2010-07-01 2010-07-01 false Information security standards. 267.4 Section 267... INFORMATION § 267.4 Information security standards. (a) The Postal Service will operate under a uniform set of information security standards which address the following functional aspects of information flow and...

  16. Information security policy: contributions from internal marketing for its effectiveness

    Directory of Open Access Journals (Sweden)

    Cristiane Ellwanger

    2012-06-01

    Full Text Available Protecting sources of information has become a great challenge to the organizations, due to the advance of the information technologies, the integration between them and the constant stream of information that flows through the communication networks. The establishment of an Information Security Policy – PSI may resolve a part of the problems related to security, but it cannot totally solve them, since the human resources present in the internal environment of the organizations may spoil the effectiveness of the PSI. Given the importance of the human aspects in the context of the information security, the present work discusses the use of internal marketing as a management strategy in order to obtain or reestablish the commitment of the users to the principles defined in the PSI, and demonstrates, through an experimental research, the impact of using internal marketing techniques to the effectiveness of that policy. The results of this experiment make quantitatively evident how relevant the use of these techniques may be in order to have the procedures described in the PSI actually carried out by the users, and demonstrates a 402,4% increase in the support to the information security policy, considering the procedures indicated in the PSI that were totally executed.

  17. Contraceptive security, information flow, and local adaptations ...

    African Journals Online (AJOL)

    Methodology : Morocco was selected for the case study. The researchers had ready access to key informants and information about the Logistics Management Information System. Because the study had time and resource constraints, research included desktop reviews and interview, rather than data collection in the field.

  18. 49 CFR 1544.305 - Security Directives and Information Circulars.

    Science.gov (United States)

    2010-10-01

    ... threat assessment or to a specific threat against civil aviation, TSA issues a Security Directive setting... 49 Transportation 9 2010-10-01 2010-10-01 false Security Directives and Information Circulars...) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRCRAFT OPERATOR...

  19. Critical infrastructure cyber-security risk management

    OpenAIRE

    Spyridopoulos, T.; Maraslis, K.; Tryfonas, T.; Oikonomou, G.

    2017-01-01

    Traditional IT cyber-security risk management methods are based on the evaluation of risks calculated as the likelihood of cyber-security incidents occurring. However, these probabilities are usually estimations or guesses based on past experience and incomplete data. Incorrect estimations can lead to errors in the evaluation of risks that can ultimately affect the protection of the system. This issue is also transferred to methods used in Industrial Control Systems (ICSs), as they are mainly...

  20. Modern Quantum Technologies of Information Security

    OpenAIRE

    Korchenko, Oleksandr; Vasiliu, Yevhen; Gnatyuk, Sergiy

    2010-01-01

    In this paper, the systematisation and classification of modern quantum technologies of information security against cyber-terrorist attack are carried out. The characteristic of the basic directions of quantum cryptography from the viewpoint of the quantum technologies used is given. A qualitative analysis of the advantages and disadvantages of concrete quantum protocols is made. The current status of the problem of practical quantum cryptography use in telecommunication networks is consider...

  1. Report: EPA’s Information Security Program Is Established, but Improvements Are Needed to Strengthen Its Processes

    Science.gov (United States)

    Report #18-P-0031, October 30, 2017. Although the EPA has an effective information security program, management emphasis is needed to achieve a higher level of maturity for the agency’s information security program.

  2. A computer science approach to managing security in health care.

    Science.gov (United States)

    Asirelli, P; Braccini, G; Caramella, D; Coco, A; Fabbrini, F

    2002-09-01

    The security of electronic medical information is very important for health care organisations, which have to ensure confidentiality, integrity and availability of the information provided. This paper will briefly outline the legal measures adopted by the European Community, Italy and the United States to regulate the use and disclosure of medical records. It will then go on to highlight how information technology can help to address these issues with special reference to the management of organisation policies. To this end, we will present a modelling example for the security policy of a radiological department.

  3. Archival Information Management System.

    Science.gov (United States)

    1995-02-01

    management system named Archival Information Management System (AIMS), designed to meet the audit trail requirement for studies completed under the...are to be archived to the extent that future reproducibility and interrogation of results will exist. This report presents a prototype information

  4. Lean information management

    NARCIS (Netherlands)

    Hammer, D.K.

    1997-01-01

    The concept of a Lean Enterprise has proven to be extremely valuable for making companies fit for today's competitive business environment. Lean Information Management denotes the type of information management that is appropriate for such all organization. According to the paradigm of a Lean

  5. Medical Information Management System

    Science.gov (United States)

    Alterescu, S.; Hipkins, K. R.; Friedman, C. A.

    1979-01-01

    On-line interactive information processing system easily and rapidly handles all aspects of data management related to patient care. General purpose system is flexible enough to be applied to other data management situations found in areas such as occupational safety data, judicial information, or personnel records.

  6. A Secure Information Framework with APRQ Properties

    Science.gov (United States)

    Rupa, Ch.

    2017-08-01

    Internet of the things is the most trending topics in the digital world. Security issues are rampant. In the corporate or institutional setting, security risks are apparent from the outset. Market leaders are unable to use the cryptographic techniques due to their complexities. Hence many bits of private information, including ID, are readily available for third parties to see and to utilize. There is a need to decrease the complexity and increase the robustness of the cryptographic approaches. In view of this, a new cryptographic technique as good encryption pact with adjacency, random prime number and quantum code properties has been proposed. Here, encryption can be done by using quantum photons with gray code. This approach uses the concepts of physics and mathematics with no external key exchange to improve the security of the data. It also reduces the key attacks by generation of a key at the party side instead of sharing. This method makes the security more robust than with the existing approach. Important properties of gray code and quantum are adjacency property and different photons to a single bit (0 or 1). These can reduce the avalanche effect. Cryptanalysis of the proposed method shows that it is resistant to various attacks and stronger than the existing approaches.

  7. 76 FR 39887 - Extension of Agency Information Collection Activity Under OMB Review: Highway Corporate Security...

    Science.gov (United States)

    2011-07-07

    ... Security Administration (TSA) has forwarded the Information Collection Request (ICR), Office of Management... industry by way of its Highway Corporate Security Review (CSR) Program, which encompasses site visits and... the site visit, TSA personnel complete the CSR form, which asks security-related questions. This...

  8. Analysis of information security reliability: A tutorial

    International Nuclear Information System (INIS)

    Kondakci, Suleyman

    2015-01-01

    This article presents a concise reliability analysis of network security abstracted from stochastic modeling, reliability, and queuing theories. Network security analysis is composed of threats, their impacts, and recovery of the failed systems. A unique framework with a collection of the key reliability models is presented here to guide the determination of the system reliability based on the strength of malicious acts and performance of the recovery processes. A unique model, called Attack-obstacle model, is also proposed here for analyzing systems with immunity growth features. Most computer science curricula do not contain courses in reliability modeling applicable to different areas of computer engineering. Hence, the topic of reliability analysis is often too diffuse to most computer engineers and researchers dealing with network security. This work is thus aimed at shedding some light on this issue, which can be useful in identifying models, their assumptions and practical parameters for estimating the reliability of threatened systems and for assessing the performance of recovery facilities. It can also be useful for the classification of processes and states regarding the reliability of information systems. Systems with stochastic behaviors undergoing queue operations and random state transitions can also benefit from the approaches presented here. - Highlights: • A concise survey and tutorial in model-based reliability analysis applicable to information security. • A framework of key modeling approaches for assessing reliability of networked systems. • The framework facilitates quantitative risk assessment tasks guided by stochastic modeling and queuing theory. • Evaluation of approaches and models for modeling threats, failures, impacts, and recovery analysis of information systems

  9. 12 CFR Appendix F to Part 225 - Interagency Guidelines Establishing Information Security Standards

    Science.gov (United States)

    2010-01-01

    ... Relationships Risk Management Principles,” Nov. 1, 2001; FDIC FIL 68-99, Risk Assessment Tools and Practices for.... Standards for Safeguarding Customer Information A. Information Security Program B. Objectives III. Development and Implementation of Customer Information Security Program A. Involve the Board of Directors B...

  10. 12 CFR Appendix B to Part 30 - Interagency Guidelines Establishing Information Security Standards

    Science.gov (United States)

    2010-01-01

    ... Processing, Feb. 9, 2000; OCC Bulletin 2001-47, “Third-Party Relationships Risk Management Principles,” Nov... Existing Authority C. Definitions II. Standards for Safeguarding Customer Information A. Information Security Program B. Objectives III. Development and Implementation of Customer Information Security Program...

  11. 12 CFR Appendix D-2 to Part 208 - Interagency Guidelines Establishing Information Security Standards

    Science.gov (United States)

    2010-01-01

    ... Relationships Risk Management Principles,” Nov. 1, 2001; FDIC FIL 68-99, Risk Assessment Tools and Practices for.... Definitions II. Standards for Safeguarding Customer Information A. Information Security Program B. Objectives III. Development and Implementation of Customer Information Security Program A. Involve the Board of...

  12. 32 CFR 154.42 - Evaluation of personnel security information.

    Science.gov (United States)

    2010-07-01

    ... 32 National Defense 1 2010-07-01 2010-07-01 false Evaluation of personnel security information... SECURITY DEPARTMENT OF DEFENSE PERSONNEL SECURITY PROGRAM REGULATION Adjudication § 154.42 Evaluation of personnel security information. (a) The criteria and adjudicative policy to be used in applying the...

  13. 48 CFR 1339.107-70 - Information security.

    Science.gov (United States)

    2010-10-01

    ... 48 Federal Acquisition Regulations System 5 2010-10-01 2010-10-01 false Information security. 1339... CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 1339.107-70 Information security. (a... coordinate with the designated Contracting Officer Representative (COR) to complete the Information Security...

  14. 49 CFR 8.9 - Information Security Review Committee.

    Science.gov (United States)

    2010-10-01

    ... 49 Transportation 1 2010-10-01 2010-10-01 false Information Security Review Committee. 8.9 Section.../DECLASSIFICATION/ACCESS Classification/Declassification of Information § 8.9 Information Security Review Committee. (a) There is hereby established a Department of Transportation Information Security Review Committee...

  15. Disaster at a University: A Case Study in Information Security

    Science.gov (United States)

    Ayyagari, Ramakrishna; Tyks, Jonathan

    2012-01-01

    Security and disaster training is identified as a top Information Technology (IT) required skill that needs to be taught in Information Systems (IS) curriculums. Accordingly, information security and privacy have become core concepts in information system education. Providing IT security on a shoestring budget is always difficult and many small…

  16. Secure medical information sharing in cloud computing.

    Science.gov (United States)

    Shao, Zhiyi; Yang, Bo; Zhang, Wenzheng; Zhao, Yi; Wu, Zhenqiang; Miao, Meixia

    2015-01-01

    Medical information sharing is one of the most attractive applications of cloud computing, where searchable encryption is a fascinating solution for securely and conveniently sharing medical data among different medical organizers. However, almost all previous works are designed in symmetric key encryption environment. The only works in public key encryption do not support keyword trapdoor security, have long ciphertext related to the number of receivers, do not support receiver revocation without re-encrypting, and do not preserve the membership of receivers. In this paper, we propose a searchable encryption supporting multiple receivers for medical information sharing based on bilinear maps in public key encryption environment. In the proposed protocol, data owner stores only one copy of his encrypted file and its corresponding encrypted keywords on cloud for multiple designated receivers. The keyword ciphertext is significantly shorter and its length is constant without relation to the number of designated receivers, i.e., for n receivers the ciphertext length is only twice the element length in the group. Only the owner knows that with whom his data is shared, and the access to his data is still under control after having been put on the cloud. We formally prove the security of keyword ciphertext based on the intractability of Bilinear Diffie-Hellman problem and the keyword trapdoor based on Decisional Diffie-Hellman problem.

  17. AUDITING THE SECURITY OF INFORMATION SYSTEMS WITHIN AN ORGANIZATION

    Directory of Open Access Journals (Sweden)

    STEGĂROIU CARINA-ELENA

    2013-02-01

    Full Text Available The safety provided by a well configured firewall is no excuse for neglecting the standard security procedures;setting up and installing a firewall is the first line of defense and not a full proof solution, auditing being only onecomponent of the system, whilst the other is protecting the resources and when we consider auditing as being theprocess of recording certain events that take place on a computer or within a network, we must come to the conclusionthat this is the only technique that allows us to identify the source of a possible issue within the network.Information security is used as a means to protect the intellectual property rights, whilst the main objective insetting up an information security system is to enlist the confidence of prospective business partners. In accordancewith the legal requisites and the principle of maximizing one’s investment, regardless of the many forms it could take,or the means through which it is stored, transmitted or distributed, information must be protected.Information security is not only a technical problem, but mainly a managerial issue, as the security standard,ISO/IEC 17799 meets the needs of any type of organization, be it public or private, through a series of practices relatedto the management of information security.This paper aims to present the process of taking entry data from a plethora of programs and storing it in acentral location. Due to its flexibility, this process can be a useful auditing instrument, as long as we are familiar withthe way it works and how the events are recorded.

  18. Assessing and comparing information security in swiss hospitals.

    Science.gov (United States)

    Landolt, Sarah; Hirschel, Jürg; Schlienger, Thomas; Businger, Walter; Zbinden, Alex M

    2012-11-07

    Availability of information in hospitals is an important prerequisite for good service. Significant resources have been invested to improve the availability of information, but it is also vital that the security of this information can be guaranteed. The goal of this study was to assess information security in hospitals through a questionnaire based on the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) standard ISO/IEC 27002, evaluating Information technology - Security techniques - Code of practice for information-security management, with a special focus on the effect of the hospitals' size and type. The survey, set up as a cross-sectional study, was conducted in January 2011. The chief information officers (CIOs) of 112 hospitals in German-speaking Switzerland were invited to participate. The online questionnaire was designed to be fast and easy to complete to maximize participation. To group the analyzed controls of the ISO/IEC standard 27002 in a meaningful way, a factor analysis was performed. A linear score from 0 (not implemented) to 3 (fully implemented) was introduced. The scores of the hospitals were then analyzed for significant differences in any of the factors with respect to size and type of hospital. The participating hospitals were offered a benchmark report about their status. The 51 participating hospitals had an average score of 51.1% (range 30.6% - 81.9%) out of a possible 100% where all items in the questionnaire were fully implemented. Room for improvement could be identified, especially for the factors covering "process and quality management" (average score 1.3 ± 0.8 out of a maximum of 3) and "organization and risk management" (average score 1.3 ± 0.7 out of a maximum of 3). Private hospitals scored significantly higher than university hospitals in the implementation of "security zones" and "backup" (P = .008). Half (50.00%, 8588/17,177) of all assessed hospital beds

  19. Managing a "N" Securities Portfolio

    Directory of Open Access Journals (Sweden)

    Costică Vlad

    2016-01-01

    For the application that will be described below, namely the management of a portfolio of eightsecurity bonds, a financial analyst should carry more than 10^15 computing operations. Thedemonstration focuses on the analysis of results and on summarizing the concepts used.

  20. Challenge theme 7: Information support for management of border security and environmental protection: Chapter 9 in United States-Mexican Borderlands: Facing tomorrow's challenges through USGS science

    Science.gov (United States)

    Parcher, Jean W.; Page, William R.

    2013-01-01

    Historically, international borders were located far from the major political and economic capitals of their countries and rarely received adequate planning or infrastructure development. Today, as a result of global economics and increased movement of goods between nations, border regions play a much greater role in commerce, tourism, and transportation. For example, Mexico is the second largest destination for United States exports (Woodrow Wilson Center Mexico Institute, 2009). The rapid population and economic growth along the United States–Mexican border, undocumented human border crossings, and the unique natural diversity of resources in the Borderlands present challenges for border security and environmental protection. Assessing risks and implementing sustainable growth policies to protect the environment and quality of life greatly increase in complexity when the issues cross an international border, where social services, environmental regulations, lifestyles, and cultural beliefs are unique for each country. Shared airsheds, water and biological resources, national security issues, and disaster management needs require an integrated binational approach to assess risks and develop binational management strategies.

  1. Reasons in Support of Data Security and Data Security Management as Two Independent Concepts: A New Model

    Science.gov (United States)

    Moghaddasi, Hamid; Kamkarhaghighi, Mehran

    2016-01-01

    Introduction: Any information which is generated and saved needs to be protected against accidental or intentional losses and manipulations if it is to be used by the intended users in due time. As such, information managers have adopted numerous measures to achieve data security within data storage systems, along with the spread of information technology. Background: The “data security models” presented thus far have unanimously highlighted the significance of data security management. For further clarification, the current study first introduces the “needs and improvement” cycle; the study will then present some independent definitions, together with a support umbrella, in an attempt to shed light on the data security management. Findings: Data security focuses on three features or attributes known as integrity, identity of sender(s) and identity of receiver(s). Management in data security follows an endless evolutionary process, to keep up with new developments in information technology and communication. In this process management develops new characteristics with greater capabilities to achieve better data security. The characteristics, continuously increasing in number, with a special focus on control, are as follows: private zone, confidentiality, availability, non-repudiation, possession, accountability, authenticity, authentication and auditability. Conclusion: Data security management steadily progresses, resulting in more sophisticated features. The developments are in line with new developments in information and communication technology and novel advances in intrusion detection systems (IDS). Attention to differences between data security and data security management by international organizations such as the International Standard Organization (ISO), and International Telecommunication Union (ITU) is necessary if information quality is to be enhanced. PMID:27857823

  2. Reasons in Support of Data Security and Data Security Management as Two Independent Concepts: A New Model.

    Science.gov (United States)

    Moghaddasi, Hamid; Sajjadi, Samad; Kamkarhaghighi, Mehran

    2016-01-01

    Any information which is generated and saved needs to be protected against accidental or intentional losses and manipulations if it is to be used by the intended users in due time. As such, information managers have adopted numerous measures to achieve data security within data storage systems, along with the spread of information technology. The "data security models" presented thus far have unanimously highlighted the significance of data security management. For further clarification, the current study first introduces the "needs and improvement" cycle; the study will then present some independent definitions, together with a support umbrella, in an attempt to shed light on the data security management. Data security focuses on three features or attributes known as integrity, identity of sender(s) and identity of receiver(s). Management in data security follows an endless evolutionary process, to keep up with new developments in information technology and communication. In this process management develops new characteristics with greater capabilities to achieve better data security. The characteristics, continuously increasing in number, with a special focus on control, are as follows: private zone, confidentiality, availability, non-repudiation, possession, accountability, authenticity, authentication and auditability. Data security management steadily progresses, resulting in more sophisticated features. The developments are in line with new developments in information and communication technology and novel advances in intrusion detection systems (IDS). Attention to differences between data security and data security management by international organizations such as the International Standard Organization (ISO), and International Telecommunication Union (ITU) is necessary if information quality is to be enhanced.

  3. Discursive field of dissertation research on the state of information security of Ukraine

    OpenAIRE

    O. S. Zozulya

    2016-01-01

    The article analyzed the of dissertations for science «Public Administration» on the problems ensuring information security of Ukraine. According to the data system catalog Vernadsky National Library of Ukraine was found that within the limits of science «Public Administration» problems of ensuring information security were devoted only 4 work. In view of the small number of dissertations, which explored the problems of public-management of ensuring information security Ukraine, we have to ad...

  4. 78 FR 69286 - Facility Security Clearance and Safeguarding of National Security Information and Restricted Data

    Science.gov (United States)

    2013-11-19

    ... Clearance and Safeguarding of National Security Information and Restricted Data AGENCY: Nuclear Regulatory... Executive Order 13526, Classified National Security Information. In addition, this direct final rule allowed... licensees (or their designees) to conduct classified [[Page 69287

  5. Engineering Principles for Information Technology Security (A Baseline for Achieving Security)

    National Research Council Canada - National Science Library

    Stoneburner, Gary

    2001-01-01

    The purpose of the Engineering Principles for Information Technology (IT) Security (HP-ITS) is to present a list of system-level security principles to he considered in the design, development, and operation of an information system...

  6. National Security and the Right to Information in Europe

    DEFF Research Database (Denmark)

    Jacobsen, Amanda Lynn

    2013-01-01

    Full text available at: http://cast.ku.dk/pdf/National_Security_and_the_Right_to_Information.pdf/......Full text available at: http://cast.ku.dk/pdf/National_Security_and_the_Right_to_Information.pdf/...

  7. Protecting the Privacy and Security of Your Health Information

    Science.gov (United States)

    ... can be used and shared with others. The Security Rule sets rules for how your health information must be kept secure with administrative, technical, and physical safeguards. You may have additional protections and health information rights under your State's laws. ...

  8. Sensitive Security Information and Transportation Security: Issues and Congressional Options

    National Research Council Canada - National Science Library

    Sollenberger, Mitchel A

    2004-01-01

    .... TSA's application of the SSI regulations has, however, resulted in some controversies over airport security procedures, employee accountability, passenger screening, and airport secrecy agreements...

  9. Physical protection educational program - information security aspects

    International Nuclear Information System (INIS)

    Tolstoy, A.

    2002-01-01

    Full text: Conceptual approaches for designing an expert training program on object physical protection taking into account information security aspects are examined. A special educational course does not only address the immediate needs for an educational support but also ensures that new professionals include new concepts and knowledge in their practice and encourages current practitioners towards such practice. Features of the modern physical protection systems (PPS) and classification of information circulating at them are pointed out. The requirements to the PPS information protection subsystem are discussed. During the PPS expert training on information security (IS) aspects they should receive certain knowledge, on the basis of which they could competently define and carry out the PPS IS policy for a certain object. Thus, it is important to consider minimally necessary volume of knowledge taught to the PPS experts for independent and competent implementation of the above listed tasks. For the graduate PPS IS expert training it is also necessary to examine the normative and legal acts devoted to IS as a whole and the PPS IS in particular. It is caused by necessity of conformity of methods and information protection tools implemented on a certain object to the federal and departmental IS requirements. The departmental normative IS requirements define an orientation of the PPS expert training. By curriculum development it is necessary to precisely determine for whom the PPS experts are taught. The curriculum should reflect common features of the PPS functioning of the certain object type, i.e. it should be adapted to a certain customer of the experts. The specified features were taken into account by development of an educational course 'Information security of the nuclear facility physical protection systems', taught at the Moscow Engineering Physics Institute (State University) according to the Russian-American educational program 'Master in Physical

  10. Data survivability vs. security in information systems

    International Nuclear Information System (INIS)

    Levitin, Gregory; Hausken, Kjell; Taboada, Heidi A.; Coit, David W.

    2012-01-01

    A multiple objective problem formulation and solution methodology is presented to select optimal information and data storage configurations considering both data survivability and data security, as well as cost. This paper considers a situation where the information is divided into several separately stored blocks in order to mitigate the risk of unauthorized access or theft. The information can be used only if all of the blocks are accessed. To impede the information theft, the defender prefers to maximize the number of blocks. On the other hand the destruction of any block destroys the integrity of information and makes it impossible to use. To impede the information destruction, the defender prefers to maximize the number of parallel (reserve) copies of each block, regardless how many blocks in series there are. Given the set of available information storage resources, the defender must consider a multi-objective optimization problem to determine how many blocks and their copies to create, and how to distribute them among available resources in order to minimize information vulnerability, insecurity, and storage cost. Non-dominated solutions to this problem are determined using a multiple objective genetic algorithm (MOGA). This methodology is demonstrated with two general examples.

  11. Security and management; Securite et management

    Energy Technology Data Exchange (ETDEWEB)

    Moreau, A. [CEA, Direction du Centre d' Etudes de Saclay (France)

    1992-07-01

    All the studies performed about accident causes have emphasized the influence of Human Factors in the field of Safety and Radiological Protection. Human actions cannot be understood but also improved without exploring the enormous field of mental representations and emotions, therefore, all the sources of comportments. Among a working group, safety can be the field of all the comportments relative to this group: relationship with work and between persons. This leads to management questions. There is no specific management for the safety. It must be included in the general management policy. Pedagogy must consider this fact for the training of workers. (author)

  12. The Importance of the Security Culture in SMEs as Regards the Correct Management of the Security of Their Assets

    Directory of Open Access Journals (Sweden)

    Antonio Santos-Olmo

    2016-07-01

    Full Text Available The information society is increasingly more dependent on Information Security Management Systems (ISMSs, and the availability of these kinds of systems is now vital for the development of Small and Medium-Sized Enterprises (SMEs. However, these companies require ISMSs that have been adapted to their special features, and which are optimized as regards the resources needed to deploy and maintain them. This article shows how important the security culture within ISMSs is for SMEs, and how the concept of security culture has been introduced into a security management methodology (MARISMA is a Methodology for “Information Security Management System in SMEs” developed by the Sicaman Nuevas Tecnologías Company, Research Group GSyA and Alarcos of the University of Castilla-La Mancha. for SMEs. This model is currently being directly applied to real cases, thus allowing a steady improvement to be made to its implementation.

  13. A Framework for Adaptive Information Security Systems : A Holistic Investigation

    OpenAIRE

    Mwakalinga, Jeffy

    2011-01-01

    This research proposes a framework for adaptive information security systems that considers both the technical and social aspects of information systems security. Initial development of information systems security focused on computer technology and communication protocols. Researchers and designers did not consider culture, traditions, ethics, and other social issues of the people using the systems when designing and developing information security systems. They also seemed to ignore environ...

  14. IT Security Vulnerability and Incident Response Management

    NARCIS (Netherlands)

    Hafkamp, W.H.M.; Paulus, S.; Pohlman, N.; Reimer, H.

    2006-01-01

    This paper summarises the results of a Dutch PhD research project on IT security vulnerability and incident response management, which is supervised by the University of Twente in the Netherlands and which is currently in its final stage. Vulnerabilities are ‘failures or weaknesses in computer

  15. Security Attributes Based Digital Rights Management

    NARCIS (Netherlands)

    Chong, C.N.; van Buuren, R.; van Buuren, R.F.; Hartel, Pieter H.; Kleinhuis, Geert; Boavida, F.; Monteiro, E.; Orvalho, J.

    2002-01-01

    Most real-life systems delegate responsibilities to different authorities. We apply this model to a digital rights management system, to achieve flexible security. In our model a hierarchy of authorities issues certificates that are linked by cryptographic means. This linkage establishes a chain of

  16. Security Attributes Based Digital Rights Management

    NARCIS (Netherlands)

    Chong, C.N.; van Buuren, R.; Hartel, Pieter H.; Kleinhuis, Geert

    ost real-life systems delegate responsibilities to di�erent authorities. We apply this model to a dig- ital rights management system, to achieve exible security. In our model a hierarchy of authorities issues certi�cates that are linked by cryptographic means. This linkage establishes a chain of

  17. Using a Prediction Model to Manage Cyber Security Threats

    Directory of Open Access Journals (Sweden)

    Venkatesh Jaganathan

    2015-01-01

    Full Text Available Cyber-attacks are an important issue faced by all organizations. Securing information systems is critical. Organizations should be able to understand the ecosystem and predict attacks. Predicting attacks quantitatively should be part of risk management. The cost impact due to worms, viruses, or other malicious software is significant. This paper proposes a mathematical model to predict the impact of an attack based on significant factors that influence cyber security. This model also considers the environmental information required. It is generalized and can be customized to the needs of the individual organization.

  18. Using a Prediction Model to Manage Cyber Security Threats.

    Science.gov (United States)

    Jaganathan, Venkatesh; Cherurveettil, Priyesh; Muthu Sivashanmugam, Premapriya

    2015-01-01

    Cyber-attacks are an important issue faced by all organizations. Securing information systems is critical. Organizations should be able to understand the ecosystem and predict attacks. Predicting attacks quantitatively should be part of risk management. The cost impact due to worms, viruses, or other malicious software is significant. This paper proposes a mathematical model to predict the impact of an attack based on significant factors that influence cyber security. This model also considers the environmental information required. It is generalized and can be customized to the needs of the individual organization.

  19. Using a Prediction Model to Manage Cyber Security Threats

    Science.gov (United States)

    Muthu Sivashanmugam, Premapriya

    2015-01-01

    Cyber-attacks are an important issue faced by all organizations. Securing information systems is critical. Organizations should be able to understand the ecosystem and predict attacks. Predicting attacks quantitatively should be part of risk management. The cost impact due to worms, viruses, or other malicious software is significant. This paper proposes a mathematical model to predict the impact of an attack based on significant factors that influence cyber security. This model also considers the environmental information required. It is generalized and can be customized to the needs of the individual organization. PMID:26065024

  20. Academic Information Security Researchers: Hackers or Specialists?

    Science.gov (United States)

    Dadkhah, Mehdi; Lagzian, Mohammad; Borchardt, Glenn

    2018-04-01

    In this opinion piece, we present a synopsis of our findings from the last 2 years concerning cyber-attacks on web-based academia. We also present some of problems that we have faced and try to resolve any misunderstandings about our work. We are academic information security specialists, not hackers. Finally, we present a brief overview of our methods for detecting cyber fraud in an attempt to present general guidelines for researchers who would like to continue our work. We believe that our work is necessary for protecting the integrity of scholarly publishing against emerging cybercrime.

  1. Examining the Relationship between Organization Systems and Information Security Awareness

    Science.gov (United States)

    Tintamusik, Yanarong

    2010-01-01

    The focus of this dissertation was to examine the crucial relationship between organization systems within the framework of the organizational behavior theory and information security awareness (ISA) of users within the framework of the information security theory. Despite advanced security technologies designed to protect information assets,…

  2. 76 FR 5232 - Small Business Information Security Task Force

    Science.gov (United States)

    2011-01-28

    ... SMALL BUSINESS ADMINISTRATION Small Business Information Security Task Force AGENCY: U.S. Small... publish meeting minutes for the Small Business Information Security Task Force Meeting. DATES: 1 p.m... 2009, SBA submits the meeting minutes for the third meeting of the Small Business Information Security...

  3. 75 FR 77934 - Small Business Information Security Task Force

    Science.gov (United States)

    2010-12-14

    ... SMALL BUSINESS ADMINISTRATION Small Business Information Security Task Force AGENCY: U.S. Small... publish meeting minutes for the Small Business Information Security Task Force Meeting. DATES: 1 p.m... 2009, SBA submits the meeting minutes for the second meeting of the Small Business Information Security...

  4. 75 FR 70764 - Small Business Information Security Task Force

    Science.gov (United States)

    2010-11-18

    ... SMALL BUSINESS ADMINISTRATION Small Business Information Security Task Force AGENCY: U.S. Small... publish meeting minutes for the Small Business Information Security Task Force Meeting. DATES: 1 p.m... 2009, SBA submits the meeting minutes for the first meeting of the Small Business Information Security...

  5. 76 FR 11307 - Small Business Information Security Task Force

    Science.gov (United States)

    2011-03-01

    ... SMALL BUSINESS ADMINISTRATION Small Business Information Security Task Force AGENCY: U.S. Small... publish meeting minutes for the Small Business Information Security Task Force Meeting. DATES: 1 p.m... 2009, SBA submits the meeting minutes for the third meeting of the Small Business Information Security...

  6. 39 CFR 267.5 - National Security Information.

    Science.gov (United States)

    2010-07-01

    ... 39 Postal Service 1 2010-07-01 2010-07-01 false National Security Information. 267.5 Section 267.5... § 267.5 National Security Information. (a) Purpose and scope. The purpose of this section is to provide regulations implementing Executive Order 12356 National Security Information (hereinafter referred to as the...

  7. Exploring Factors that Influence Students' Behaviors in Information Security

    Science.gov (United States)

    Yoon, Cheolho; Hwang, Jae-Won; Kim, Rosemary

    2012-01-01

    Due to the ever-increasing use of the Internet, information security has become a critical issue in society. This is especially the case for young adults who have different attitudes towards information security practices. In this research, we examine factors that motivate college students' information security behaviors. Based on the concept of…

  8. Management Information System

    Science.gov (United States)

    1984-01-01

    New Automated Management Information Center (AMIC) employs innovative microcomputer techniques to create color charts, viewgraphs, or other data displays in a fraction of the time formerly required. Developed under Kennedy Space Center's contract by Boeing Services International Inc., Seattle, WA, AMIC can produce an entirely new informational chart in 30 minutes, or an updated chart in only five minutes. AMIC also has considerable potential as a management system for business firms.

  9. MIMS - MEDICAL INFORMATION MANAGEMENT SYSTEM

    Science.gov (United States)

    Frankowski, J. W.

    1994-01-01

    MIMS, Medical Information Management System is an interactive, general purpose information storage and retrieval system. It was first designed to be used in medical data management, and can be used to handle all aspects of data related to patient care. Other areas of application for MIMS include: managing occupational safety data in the public and private sectors; handling judicial information where speed and accuracy are high priorities; systemizing purchasing and procurement systems; and analyzing organizational cost structures. Because of its free format design, MIMS can offer immediate assistance where manipulation of large data bases is required. File structures, data categories, field lengths and formats, including alphabetic and/or numeric, are all user defined. The user can quickly and efficiently extract, display, and analyze the data. Three means of extracting data are provided: certain short items of information, such as social security numbers, can be used to uniquely identify each record for quick access; records can be selected which match conditions defined by the user; and specific categories of data can be selected. Data may be displayed and analyzed in several ways which include: generating tabular information assembled from comparison of all the records on the system; generating statistical information on numeric data such as means, standard deviations and standard errors; and displaying formatted listings of output data. The MIMS program is written in Microsoft FORTRAN-77. It was designed to operate on IBM Personal Computers and compatibles running under PC or MS DOS 2.00 or higher. MIMS was developed in 1987.

  10. Strategic Management for IT Services on Outsourcing Security Company

    Directory of Open Access Journals (Sweden)

    Lydia Wijaya

    2018-04-01

    Full Text Available Information Technology (IT is used by many organizations to enhance competitive advantage, but many outsource security firms have not used IT in their business processes. In this research, we will design Strategic Management for IT Services for outsourcing security company. We use an outsourcing security company as a case study of IT Strategy Management for IT Services development. The purpose of this study is to create an IT services strategy for security outsourcing companies. The framework used is the ITIL (Information Technology Infrastructure Library framework service strategy in strategy management for IT services process. There are several steps taken in the making of the strategy: (a Strategic assessment stage to analyzed internal and external factors of the company. (b Strategy generation by creating the strategic plan. (c Strategy execution to determine the tactical plan. And (d strategy measurement and evaluation. This study produced the proposed IT service system that suits the needs of the company in the form of strategic, tactical plans and strategy measurement. This result can be used as the foundations of IT service development in outsourcing security company. In the process of this study, we work closely with stakeholders; every work product has been verified and validated by stakeholders.

  11. Management Information & Control for Earnings

    Data.gov (United States)

    Social Security Administration — Provides the ability to track and manage earnings inquiries from the general public by automated selection of cases for quality review. It also provides Management...

  12. SECURITY AWARENESS – MAJOR PIECE IN THE PUZZLE OF INFORMATION SECURITY

    OpenAIRE

    MARIUS PETRESCU; NICOLETA SÎRBU; ANCA-GABRIELA PETRESCU; MIOARA BRABOVEANU

    2011-01-01

    Information security has come to be recognized as increasingly important because global communication and information systems allow a potentially large number of unauthorized users to access and possibly alter information from around the world. As the dependence on information systems grows, so the security of information networks becomes ever more critical to any entity, no matter if it is a company or a public institution. Information security involves both technology and people. Any securi...

  13. Management information systems

    Energy Technology Data Exchange (ETDEWEB)

    Crump, K.

    1978-01-01

    An Australian university architect studying management information systems programs at academic institutions in the United States visited 26 universities and colleges and nine educational and professional associations, including extended visits at the University of Wisconsin and the National Center of Higher Education Management Systems. During these visits, he investigated university and college space utilization programs, gained operational and developmental experience at institutions with education philosophies similar to those in Australia, and examined trends in low cost student housing. This report of his observations focusses on management information systems projects throughout the academic community, resource accountability, energy conservation, facilities planning for the handicapped, student housing, and interdisciplinary approaches to education.

  14. A Study of the Effect of Information Security Policies on Information Security Breaches in Higher Education Institutions

    Science.gov (United States)

    Waddell, Stanie Adolphus

    2013-01-01

    Many articles within the literature point to the information security policy as one of the most important elements of an effective information security program. Even though this belief is continually referred to in many information security scholarly articles, very few research studies have been performed to corroborate this sentiment. Doherty and…

  15. Information systems security policies: a survey in Portuguese public administration

    OpenAIRE

    Lopes, Isabel Maria; Sá-Soares, Filipe de

    2010-01-01

    Information Systems Security is a relevant factor for present organizations. Among the security measures, policies assume a central role in literature. However, there is a reduced number of empirical studies about the adoption of information systems security policies. This paper contributes to mitigate this flaw by presenting the results of a survey in the adoption of Information System Security Policies in Local Public Administration in Portugal. The results are discussed in light of literat...

  16. Structure Of Management Information In SNMP

    Directory of Open Access Journals (Sweden)

    Oancea DANIEL

    2003-12-01

    Full Text Available In this article we present the Structure of Management Information from SNMP, for all three versions of SNMP, as well as the main differences between them. In the first part, two version of SNMP are presented: version 1, version 2; and in the last part the third version, that uses a security model for information protection, is presented.

  17. Can Cyberloafing and Internet Addiction Affect Organizational Information Security?

    Science.gov (United States)

    Hadlington, Lee; Parsons, Kathryn

    2017-09-01

    Researchers have noted potential links between Internet addiction, the use of work computers for nonwork purposes and an increased risk of threat to the organization from breaches in cybersecurity. However, much of this research appears conjectural in nature and lacks clear empirical evidence to support such claims. To fill this knowledge gap, a questionnaire-based study explored the link between cyberloafing, Internet addiction, and information security awareness (ISA). A total of 338 participants completed an online questionnaire, which comprised of the Online Cognition Scale, Cyberloafing Scale, and the Human Aspects of Information Security Questionnaire. Participants who reported higher Internet addiction and cyberloafing tendencies had lower ISA, and Internet addiction and cyberloafing predicted a significant 45 percent of the variance in ISA. Serious cyberloafing, such as the propensity to visit adult websites and online gambling, was shown to be the significant predictor for poorer ISA. Implications for organizations and recommendations to reduce or manage inappropriate Internet use are discussed.

  18. Trust Management and Accountability for Internet Security

    Science.gov (United States)

    Liu, Wayne W.

    2011-01-01

    Adversarial yet interacting interdependent relationships in information sharing and service provisioning have been a pressing issue of the Internet. Such relationships exist among autonomous software agents, in networking system peers, as well as between "service users and providers." Traditional "ad hoc" security approaches effective in…

  19. Network Security: Policies and Guidelines for Effective Network Management

    Directory of Open Access Journals (Sweden)

    Jonathan Gana KOLO

    2008-12-01

    Full Text Available Network security and management in Information and Communication Technology (ICT is the ability to maintain the integrity of a system or network, its data and its immediate environment. The various innovations and uses to which networks are being put are growing by the day and hence are becoming complex and invariably more difficult to manage by the day. Computers are found in every business such as banking, insurance, hospital, education, manufacturing, etc. The widespread use of these systems implies crime and insecurity on a global scale. In addition, the tremendous benefits brought about by Internet have also widened the scope of crime and insecurity at an alarming rate. Also, ICT has fast become a primary differentiator for institution/organization leaders as it offers effective and convenient means of interaction with each other across the globe. This upsurge in the population of organizations depending on ICT for business transaction has brought with it a growing number of security threats and attacks on poorly managed and secured networks primarily to steal personal data, particularly financial information and password.This paper therefore proposes some policies and guidelines that should be followed by network administrators in organizations to help them ensure effective network management and security of ICT facilities and data.

  20. Governance practices and critical success factors suitable for business information security

    OpenAIRE

    Bobbert, Yuri; Mulder, Hans

    2015-01-01

    Abstract: Information Security (IS) is increasingly becoming an integrated business practice instead of just IT. Security breaches are a challenge to organizations. They run the risk of losing revenue, trust and reputation and in extreme cases they might even go under. IS literature emphasizes the necessity to govern Information Security at the level of the Board of Directors (BoD) and to execute (i.e. plan, build, run and monitor) it at management level. This paper describes explorative rese...

  1. Air System Information Management

    Science.gov (United States)

    Filman, Robert E.

    2004-01-01

    I flew to Washington last week, a trip rich in distributed information management. Buying tickets, at the gate, in flight, landing and at the baggage claim, myriad messages about my reservation, the weather, our flight plans, gates, bags and so forth flew among a variety of travel agency, airline and Federal Aviation Administration (FAA) computers and personnel. By and large, each kind of information ran on a particular application, often specialized to own data formats and communications network. I went to Washington to attend an FAA meeting on System-Wide Information Management (SWIM) for the National Airspace System (NAS) (http://www.nasarchitecture.faa.gov/Tutorials/NAS101.cfm). NAS (and its information infrastructure, SWIM) is an attempt to bring greater regularity, efficiency and uniformity to the collection of stovepipe applications now used to manage air traffic. Current systems hold information about flight plans, flight trajectories, weather, air turbulence, current and forecast weather, radar summaries, hazardous condition warnings, airport and airspace capacity constraints, temporary flight restrictions, and so forth. Information moving among these stovepipe systems is usually mediated by people (for example, air traffic controllers) or single-purpose applications. People, whose intelligence is critical for difficult tasks and unusual circumstances, are not as efficient as computers for tasks that can be automated. Better information sharing can lead to higher system capacity, more efficient utilization and safer operations. Better information sharing through greater automation is possible though not necessarily easy.

  2. Integrated Safeguards and Security Management Self-Assessment 2004

    Energy Technology Data Exchange (ETDEWEB)

    Lunford, Dan; Ramsey, Dwayne

    2005-04-01

    In 2002 Ernest Orlando Lawrence Berkeley National Laboratory deployed the first Integrated Safeguards and Security Management (ISSM) Self-Assessment process, designed to measure the effect of the Laboratory's ISSM efforts. This process was recognized by DOE as a best practice and model program for self-assessment and training. In 2004, the second Self-Assessment was launched. The cornerstone of this process was an employee survey that was designed to meet several objectives: (1) Ensure that Laboratory assets are protected. (2) Provide a measurement of the Laboratory's current security status that can be compared against the 2002 Self-Assessment baseline. (3) Educate all Laboratory staff about security responsibilities, tools, and practices. (4) Provide security staff with feedback on the effectiveness of security programs. (5) Provide line management with the information they need to make informed decisions about security. This 2004 Self Assessment process began in July 2004 with every employee receiving an information packet and instructions for completing the ISSM survey. The Laboratory-wide survey contained questions designed to measure awareness and conformance to policy and best practices. The survey response was excellent--90% of Berkeley Lab employees completed the questionnaire. ISSM liaisons from each division followed up on the initial survey results with individual employees to improve awareness and resolve ambiguities uncovered by the questionnaire. As with the 2002 survey, the Self-Assessment produced immediate positive results for the ISSM program and revealed opportunities for longer-term corrective actions. Results of the questionnaire provided information for organizational profiles and an institutional summary. The overall level of security protection and awareness was very high--often above 90%. Post-survey work by the ISSM liaisons and line management consistently led to improved awareness and metrics, as shown by a comparison of

  3. Materials management information systems.

    Science.gov (United States)

    1996-01-01

    The hospital materials management function--ensuring that goods and services get from a source to an end user--encompasses many areas of the hospital and can significantly affect hospital costs. Performing this function in a manner that will keep costs down and ensure adequate cash flow requires effective management of a large amount of information from a variety of sources. To effectively coordinate such information, most hospitals have implemented some form of materials management information system (MMIS). These systems can be used to automate or facilitate functions such as purchasing, accounting, inventory management, and patient supply charges. In this study, we evaluated seven MMISs from seven vendors, focusing on the functional capabilities of each system and the quality of the service and support provided by the vendor. This Evaluation is intended to (1) assist hospitals purchasing an MMIS by educating materials managers about the capabilities, benefits, and limitations of MMISs and (2) educate clinical engineers and information system managers about the scope of materials management within a healthcare facility. Because software products cannot be evaluated in the same manner as most devices typically included in Health Devices Evaluations, our standard Evaluation protocol was not applicable for this technology. Instead, we based our ratings on our observations (e.g., during site visits), interviews we conducted with current users of each system, and information provided by the vendor (e.g., in response to a request for information [RFI]). We divided the Evaluation into the following sections: Section 1. Responsibilities and Information Requirements of Materials Management: Provides an overview of typical materials management functions and describes the capabilities, benefits, and limitations of MMISs. Also includes the supplementary article, "Inventory Cost and Reimbursement Issues" and the glossary, "Materials Management Terminology." Section 2. The

  4. Trends in Research on the Security of Medical Information in Korea: Focused on Information Privacy Security in Hospitals.

    Science.gov (United States)

    Kim, Yong-Woon; Cho, Namin; Jang, Hye-Jung

    2018-01-01

    Information technology involves a risk of privacy violation in providing easy access to confidential information,such as personal information and medical information through the Internet. In this study, we investigated medical information security to gain a better understanding of trends in research related to medical information security. We researched papers published on '의료정보' and 'medical information' in various Korean journals during a 10-year period from 2005 to 2015. We also analyzed these journal papers for each fiscal year; these papers were categorized into the areas of literature research and empirical research, and were further subdivided according to themes and subjects. It was confirmed that 48 papers were submitted to 35 academic journals. There were 33 (68.8%) literature review articles, and analysis of secondary data was not carried out at all. In terms of empirical research, 8 (16.7%) surveys and 7 (14.6%) program developments were studied. As a result of analyzing these papers according to the research theme by research method, 17 (35.4%) papers on laws, systems, and policies were the most numerous. It was found that among the literature research papers on medical personnel were the most common, and among the empirical research papers, research on experts in information protection and medical personnel were the most common. We suggest that further research should be done in terms of social perception, human resource development, and technology development to improve risk management in medical information systems.

  5. Cyber-crime Science = Crime Science + Information Security

    NARCIS (Netherlands)

    Hartel, Pieter H.; Junger, Marianne; Wieringa, Roelf J.

    2010-01-01

    Cyber-crime Science is an emerging area of study aiming to prevent cyber-crime by combining security protection techniques from Information Security with empirical research methods used in Crime Science. Information security research has developed techniques for protecting the confidentiality,

  6. Effect of Organizational Factors on Information Security Implementations

    Science.gov (United States)

    Perez, Rafael G.

    2013-01-01

    The purpose of this quantitative inferential study is to determine the level of correlation between the organizational factors of information security awareness, balanced security processes, and organizational structure with the size of the estimation gap of information security implementations mediated by the end user intentionality. The study…

  7. Institutionalization of Information Security: Case of the Indonesian Banking Sector

    Science.gov (United States)

    Nasution, Muhamad Faisal Fariduddin Attar

    2012-01-01

    This study focuses on the institutionalization of information security in the banking sector. This study is important to pursue since it explicates the internalization of information security governance and practices and how such internalization develops an organizational resistance towards security breach. The study argues that information…

  8. The chief information security officer insights, tools and survival skills

    CERN Document Server

    Kouns, Barry

    2011-01-01

    Chief Information Security Officers are bombarded with huge challenges every day, from recommending security applications to strategic thinking and business innovation. This guide describes the hard and soft skills that a successful CISO requires: not just a good knowledge of information security, but also attributes such as flexibility and communication skills.

  9. Security and confidentiality of health information systems: implications for physicians.

    Science.gov (United States)

    Dorodny, V S

    1998-01-01

    Adopting and developing the new generation of information systems will be essential to remain competitive in a quality conscious health care environment. These systems enable physicians to document patient encounters and aggregate the information from the population they treat, while capturing detailed data on chronic medical conditions, medications, treatment plans, risk factors, severity of conditions, and health care resource utilization and management. Today, the knowledge-based information systems should offer instant, around-the-clock access for the provider, support simple order entry, facilitate data capture and retrieval, and provide eligibility verification, electronic authentication, prescription writing, security, and reporting that benchmarks outcomes management based upon clinical/financial decisions and treatment plans. It is an integral part of any information system to incorporate and integrate transactional (financial/administrative) information, as well as analytical (clinical/medical) data in a user-friendly, readily accessible, and secure form. This article explores the technical, financial, logistical, and behavioral obstacles on the way to the Promised Land.

  10. Information Security Behavioral Model: Towards Employees' Knowledge and Attitude

    OpenAIRE

    Mishra, Saurabh; Snehlata, Snehlata; Srivastava, Anjali

    2014-01-01

    Information Security has become a significant concern for today's organizations. The internal security threats acts as the most curtail type of security threat within an organization. These internal security threats are a result of poor conduct of security behavior by the employees within an organization. If not deal properly, it may hamper the auditing of organization. Auditing plays an important role in the business environment. Before conducting auditing it is essential to examine the beha...

  11. Natural Resources Management for Sustainable Food Security in ...

    International Development Research Centre (IDRC) Digital Library (Canada)

    Natural Resources Management for Sustainable Food Security in the Sahel ... as well as strategies for managing the resource base with a view to improving food security. ... InnoVet-AMR grants to support development of innovative veterinary ...

  12. Information security knowledge sharing in organizations : Investigating the effect of behavioral information security governance and national culture

    OpenAIRE

    Rocha Flores, Waldo; Antonsen, Egil; Ekstedt, Mathias

    2014-01-01

    This paper presents an empirical investigation on what behavioral information security governance factors drives the establishment of information security knowledge sharing in organizations. Data was collected from organizations located in different geographic regions of the world, and the amount of data collected from two countries – namely, USA and Sweden – allowed us to investigate if the effect of behavioral information security governance factors on the establishment of security knowledg...

  13. Software for security event management: Development and utilization

    Directory of Open Access Journals (Sweden)

    Aleksandr V. Kuznetcov

    2017-11-01

    Full Text Available We address the challenge to the information security coming from the lack of algorithmic machinery for managing the security events. We start with a mathematical formulation of the problem for a tabular processor by introducing an appropriate target function. Details of corresponding algorithm can be found by following the provided links. We describe our original software module that implements the algorithm for determining the registered security events. The module is based on the tabular processor certified by the Russian Federal Service for Technical and Export Control. We present a control sample for testing the developed module. The sample has the dimension 30x20 and contains 14 choices for threshold values of security events number. The results of the tests comply with the specified boundary conditions and demonstrate a nonlinear dependence of the objective function on the number of registered security events, as well as a nonlinear dependence of the percentage of the detected security event on the total initial number of security events to be registered at the event source. The performance of the module specifically, the central processing unit usage is found acceptable (not exceeding 33%, which allows one to use the software for typical automated workplaces equipped with appropriate tabular processors. Our approach is universal with respect to the application areas.

  14. Secure Key Management in the Cloud

    DEFF Research Database (Denmark)

    Damgård, Ivan Bjerre; Jakobsen, Thomas Pelle; Nielsen, Jesper Buus

    2013-01-01

    information such as cryptographic keys. Applications like this include many cases where secure multiparty computation is outsourced to the cloud, and in particular a number of online auctions and benchmark computations with confidential inputs. We consider fully autonomous servers that switch between online......We consider applications involving a number of servers in the cloud that go through a sequence of online periods where the servers communicate, separated by offline periods where the servers are idle. During the offline periods, we assume that the servers need to securely store sensitive...... and offline periods without communicating with anyone from outside the cloud, and semi-autonomous servers that need a limited kind of assistance from outside the cloud when doing the transition. We study the levels of security one can – and cannot – obtain in this model, propose light-weight protocols...

  15. Federal Information Security: Actions Needed to Address Widespread Weaknesses

    National Research Council Canada - National Science Library

    Brock, Jack

    2000-01-01

    I am pleased to be here today to discuss federal information security. Our recent audit findings in this area present a disturbing picture of the state of computer security practices at individual agencies...

  16. Management Information Systems

    Directory of Open Access Journals (Sweden)

    Furduescu Bogdan-Alexandru

    2017-12-01

    Full Text Available Technology is the science that studies processes, methods and operations run or applied onto raw materials, matters or data, in order to obtain a certain product. Information is the material signal able to launch a material reaction of a dynamic auto-tuning system for which the system is conditioned and finalized. Information Technology is the technology needed for handling (procuring, processing, storing converting and transmitting information, in particular, with the use of computers [Longley, D. & Shain, M. (1985, p. 164]. The importance of IT in the economic growth and development is widely known, taking into account the impact that technology can have on the success and survival, or the failure of the economic activity of enterprises/organizations, IT offering various management information systems (MIS, executive and feedback segments, which all have important and beneficial implications in management and control.

  17. Enhancing Food Security through Information and Communication ...

    International Development Research Centre (IDRC) Digital Library (Canada)

    ... national food security, and prior approval of the government's National Food Security and Nutrition Policy 2006-2015. In alignment with these governmental commitments, this project will enable researchers to provide policymakers with practical and sustainable solutions that directly respond to national food security goals ...

  18. DISEASE MANAGEMENT INFORMATION SYSTEM

    OpenAIRE

    Bens Pardamean; Anindito; Anjela Djoeang; Nana Tobing

    2013-01-01

    The study designed an information system model for Disease Management (DisMan) that met the specifications and needs of a consumer electronics manufacturer. The diseases monitored by this study were diabetes, hypertension and tuberculosis. Data were collected through interviews with the companyâs human resources department and occupational health provider. As for the model, literature and online research were conducted to collect health standards and information system standards on existing D...

  19. An Information Security Control Assessment Methodology for Organizations

    Science.gov (United States)

    Otero, Angel R.

    2014-01-01

    In an era where use and dependence of information systems is significantly high, the threat of incidents related to information security that could jeopardize the information held by organizations is more and more serious. Alarming facts within the literature point to inadequacies in information security practices, particularly the evaluation of…

  20. Federal Information Security and Data Breach Notification Laws

    Science.gov (United States)

    2009-01-29

    The following report describes information security and data breach notification requirements included in the Privacy Act, the Federal Information...information for unauthorized purposes. Data breach notification laws typically require covered entities to implement a breach notification policy, and...Feinstein), S. 495 (Leahy), and S. 1178 (Inouye)--were reported favorably out of Senate committees. Those bills include information security and data

  1. The application of artificial intelligence within information security.

    OpenAIRE

    2012-01-01

    D.Phil. Computer-based information systems will probably always have to contend with security issues. Much research have already gone into the field of information security. These research results have yielded some very sophisticated and effective security mechanisms and procedures. However, due to the ever increasing sophistication of criminals, combined with the ever changing and evolving information technology environment, some limitations still exist within the field of information sec...

  2. Sustaining Operational Resiliency: A Process Improvement Approach to Security Management

    National Research Council Canada - National Science Library

    Caralli, Richard A

    2006-01-01

    ... potential to significantly disrupt an organization's pursuit of its mission. Security, business continuity, and IT operations management are activities that traditionally support operational risk management...

  3. Incident Information Management Tool

    CERN Document Server

    Pejovic, Vladimir

    2015-01-01

    Flaws of\tcurrent incident information management at CMS and CERN\tare discussed. A new data\tmodel for future incident database is\tproposed and briefly described. Recently developed draft version of GIS-­‐based tool for incident tracking is presented.

  4. Research on a Valuation Standard and the Actual Condition About Security Management in PACS

    International Nuclear Information System (INIS)

    Jeong, Jae Ho; Son, Gi Gyeong; Kang, Hee Doo; Dong, Kyung Rae; Kweon, Dae Cheol; Kim, Hyun Soo

    2008-01-01

    This study is to prepare an evaluation standard about personal information protection and security management of a medical institution and to build up a grade standard of evaluation in PACS environment. We built up evaluation index based on 10 detailed items in four big categories (political security, technical security, data management security and physical security) by referring to ISO17799 (BS 7799), HIPPA (Health Insurance and Portability and Accountability Act of 1996) and domestic medical law. We have investigated at the thirty places where medical facility with the extracted security criteria and security evaluation index. Average score of physical security list, one of the big categories, was 18.5/20 (93%) at all medical institutions. Political security score was 18.5/30 (62%), data management security score was 12/20 (60%) and technical security score was 17.5/30 (58%). Therefore, security evaluation score was average 67 in 30 general hospitals, which was 4th level. The results showed that it is necessary to establish evaluation and management standard about personal information protection and security consciousness which are weak in PACS environment.

  5. Considerations on the selection and prioritization of information security solutions

    Directory of Open Access Journals (Sweden)

    Maria Cristina RĂDULESCU

    2016-05-01

    Full Text Available This paper provides a set of guidelines that can be used for prescribing a methodology or a detailed process for selecting and prioritizing security projects or solutions. It is based on the idea that costs of security solutions should be justified by their contribution to ensuring adequate protection of information resources in the organization which implements them. The article reviews general issues of security risks and costs, arguing the need for explicit consideration of information resources security requirements in order to validate decisions concerning security projects implementation. In such an approach, security requirements of information resources are used as a reference system to quantify the benefits and limitations of security solutions defined as alternative or complementary responses to certain security risks as their implementation faces budget constraints.

  6. Information security governance: a risk assessment approach to health information systems protection.

    Science.gov (United States)

    Williams, Patricia A H

    2013-01-01

    It is no small task to manage the protection of healthcare data and healthcare information systems. In an environment that is demanding adaptation to change for all information collection, storage and retrieval systems, including those for of e-health and information systems, it is imperative that good information security governance is in place. This includes understanding and meeting legislative and regulatory requirements. This chapter provides three models to educate and guide organisations in this complex area, and to simplify the process of information security governance and ensure appropriate and effective measures are put in place. The approach is risk based, adapted and contextualized for healthcare. In addition, specific considerations of the impact of cloud services, secondary use of data, big data and mobile health are discussed.

  7. Information in organisations: directions for information management

    Directory of Open Access Journals (Sweden)

    Joyce Kirk

    1999-01-01

    Full Text Available The work of managers in small and medium-sized enterprises is very information-intensive and the environment in which it is done is very information rich. But are managers able to exploit the wealth of information which surrounds them? And how can information be managed in organisations so that its potential for improving business performance and enhancing the competitiveness of these enterprises can be realised? Answers to these questions lie in clarifying the context of the practice of information management by exploring aspects of organisations and managerial work and in exploring the nature of information at the level of the organisation and the individual manager. From these answers it is possible to suggest some guidelines for managing the integration of business strategy and information, the adoption of a broadly-based definition of information and the development of information capabilities.

  8. Information security of power enterprises of North-Arctic region

    Science.gov (United States)

    Sushko, O. P.

    2018-05-01

    The role of information technologies in providing technological security for energy enterprises is a component of the economic security for the northern Arctic region in general. Applying instruments and methods of information protection modelling of the energy enterprises' business process in the northern Arctic region (such as Arkhenergo and Komienergo), the authors analysed and identified most frequent risks of information security. With the analytic hierarchy process based on weighting factor estimations, information risks of energy enterprises' technological processes were ranked. The economic estimation of the information security within an energy enterprise considers weighting factor-adjusted variables (risks). Investments in information security systems of energy enterprises in the northern Arctic region are related to necessary security elements installation; current operating expenses on business process protection systems become materialized economic damage.

  9. Understanding the security management practices of humanitarian organizations.

    Science.gov (United States)

    Bollettino, Vincenzo

    2008-06-01

    Humanitarian organisations operate in increasingly hostile environments. Although authoritative statistics are scarce, anecdotal evidence suggests that aid workers face life-threatening risks that are exacerbated by the growing number of humanitarian organisations operating in the field, the diversity of their mandates, the lack of common professional security standards, and limited success in inter-agency security coordination. Despite broad acceptance of the need for better security management and coordination, many humanitarian organisations remain ambivalent about devoting increased resources to security management and security coordination. A critical lack of basic empirical knowledge of the field security environment hampers efforts to enhance security management practices. The absence of a systematic means of sharing incident data undermines the capacity of the humanitarian community to address proactively security threats. In discussions about humanitarian staff safety and security, the least common denominator remains cumulative anecdotal evidence provided by the many security personnel working for humanitarian organisations in the feld.

  10. Accident management information needs

    International Nuclear Information System (INIS)

    Hanson, D.J.; Ward, L.W.; Nelson, W.R.; Meyer, O.R.

    1990-04-01

    In support of the US Nuclear Regulatory Commission (NRC) Accident Management Research Program, a methodology has been developed for identifying the plant information needs necessary for personnel involved in the management of an accident to diagnose that an accident is in progress, select and implement strategies to prevent or mitigate the accident, and monitor the effectiveness of these strategies. This report describes the methodology and presents an application of this methodology to a Pressurized Water Reactor (PWR) with a large dry containment. A risk-important severe accident sequence for a PWR is used to examine the capability of the existing measurements to supply the necessary information. The method includes an assessment of the effects of the sequence on the measurement availability including the effects of environmental conditions. The information needs and capabilities identified using this approach are also intended to form the basis for more comprehensive information needs assessment performed during the analyses and development of specific strategies for use in accident management prevention and mitigation. 3 refs., 16 figs., 7 tabs

  11. Accident management information needs

    Energy Technology Data Exchange (ETDEWEB)

    Hanson, D.J.; Ward, L.W.; Nelson, W.R.; Meyer, O.R. (EG and G Idaho, Inc., Idaho Falls, ID (USA))

    1990-04-01

    In support of the US Nuclear Regulatory Commission (NRC) Accident Management Research Program, a methodology has been developed for identifying the plant information needs necessary for personnel involved in the management of an accident to diagnose that an accident is in progress, select and implement strategies to prevent or mitigate the accident, and monitor the effectiveness of these strategies. This report describes the methodology and presents an application of this methodology to a Pressurized Water Reactor (PWR) with a large dry containment. A risk-important severe accident sequence for a PWR is used to examine the capability of the existing measurements to supply the necessary information. The method includes an assessment of the effects of the sequence on the measurement availability including the effects of environmental conditions. The information needs and capabilities identified using this approach are also intended to form the basis for more comprehensive information needs assessment performed during the analyses and development of specific strategies for use in accident management prevention and mitigation. 3 refs., 16 figs., 7 tabs.

  12. Aspects regarding the implementation of information security standards in organizations

    Directory of Open Access Journals (Sweden)

    Mihai Bârsan

    2017-03-01

    Full Text Available Information security is one of the major challenges of the information and knowledge based society. The preoccupation of organizations to ensure the security of information in the digital environment has led to the emergence of specific standards in the field. Thus, ISO 27000 brings together reference standards in the field. Starting from ISO 27001, which summarizes policies and procedures on physical, legal and technological security risks, this paper looks at the steps the organization must undertake to implement the standards.

  13. Understanding and Specifying Information Security Needs to Support the Delivery of High Quality Security Services

    NARCIS (Netherlands)

    Su, X.; Bolzoni, D.; van Eck, Pascal

    2006-01-01

    In this paper we present an approach for specifying and prioritizing information security requirements in organizations. It is important to prioritize security requirements since hundred per cent security is not achievable and the limited resources available should be directed to satisfy the most

  14. Understanding and Specifying Information Security Needs to Support the Delivery of High Quality Security Services

    NARCIS (Netherlands)

    Su, X.; Bolzoni, D.; van Eck, Pascal

    2007-01-01

    In this paper we present an approach for specifying and prioritizing information security requirements in organizations. It is important to prioritize security requirements since hundred per cent security is not achievable and the limited resources available should be directed to satisfy the most

  15. Specifying Information Security Needs for the Delivery of High Quality Security Services

    NARCIS (Netherlands)

    Su, X.; Bolzoni, D.; van Eck, Pascal

    In this paper we present an approach for specifying and prioritizing information security requirements in organizations. We propose to explicitly link security requirements with the organizations' business vision, i.e. to provide business rationale for security requirements. The rationale is then

  16. Evaluating Factors of Security Policy on Information Security Effectiveness in Developing Nations: A Case of Nigeria

    Science.gov (United States)

    Okolo, Nkiru Benjamin

    2016-01-01

    Information systems of today face more potential security infringement than ever before. The regular susceptibility of data to breaches is a function of systems users' disinclination to follow appropriate security measures. A well-secured system maintains integrity, confidentiality, and availability, while providing appropriate and consistent…

  17. 36 CFR 1256.46 - National security-classified information.

    Science.gov (United States)

    2010-07-01

    ... 36 Parks, Forests, and Public Property 3 2010-07-01 2010-07-01 false National security-classified... Restrictions § 1256.46 National security-classified information. In accordance with 5 U.S.C. 552(b)(1), NARA... properly classified under the provisions of the pertinent Executive Order on Classified National Security...

  18. Securing a Home Energy Managing Platform

    DEFF Research Database (Denmark)

    Mikkelsen, Søren Aagaard; Jacobsen, Rune Hylsberg

    2016-01-01

    Energy management in households gets increasingly more attention in the struggle to integrate more sustainable energy sources. Especially in the electrical system, smart grid towards a better utilisation of the energy production and distribution infrastructure. The Home Energy Management System...... (HEMS) is a critical infrastructure component in this endeavour. Its main goal is to enable energy services utilising smart devices in the households based on the interest of the residential consumers and external actors. With the role of being both an essential link in the communication infrastructure...... for balancing the electrical grid and a surveillance unit in private homes, security and privacy become essential to address. In this chapter, we identify and address potential threats Home Energy Management Platform (HEMP) developers should consider in the progress of designing architecture, selecting hardware...

  19. Towards Agile Security Risk Management in RE and Beyond

    NARCIS (Netherlands)

    Nunes Leal Franqueira, V.; Bakalova, Z.; Tun, Thein Tan; Daneva, Maia

    Little attention has been given so far to the process of security risk management at the early stages of system development. Security has been addressed by isolated security assurance practices, some of which consider risks and mitigations but they do not provide an overview of the overall security

  20. 78 FR 71631 - Committee Name: Homeland Security Information Network Advisory Committee (HSINAC)

    Science.gov (United States)

    2013-11-29

    ... DEPARTMENT OF HOMELAND SECURITY [DHS-2013-0037] Committee Name: Homeland Security Information.... SUMMARY: The Homeland Security Information Network Advisory Council (HSINAC) will meet December 17, 2013... , Phone: 202-343-4212. SUPPLEMENTARY INFORMATION: The Homeland Security Information Network Advisory...