Advanced Approach to Information Security Management System Model for Industrial Control System

Science.gov (United States)

2014-01-01

Organizations make use of important information in day-to-day business. Protecting sensitive information is imperative and must be managed. Companies in many parts of the world protect sensitive information using the international standard known as the information security management system (ISMS). ISO 27000 series is the international standard ISMS used to protect confidentiality, integrity, and availability of sensitive information. While an ISMS based on ISO 27000 series has no particular flaws for general information systems, it is unfit to manage sensitive information for industrial control systems (ICSs) because the first priority of industrial control is safety of the system. Therefore, a new information security management system based on confidentiality, integrity, and availability as well as safety is required for ICSs. This new ISMS must be mutually exclusive of an ICS. This paper provides a new paradigm of ISMS for ICSs, which will be shown to be more suitable than the existing ISMS. PMID:25136659

Airport Managers' Perspectives on Security and Safety Management Systems in Aviation Operations: A Multiple Case Study

Science.gov (United States)

Brown, Willie L., Jr.

Global terrorism continues to persist despite the great efforts of various countries to protect and safely secure their citizens. As airports form the entry and exit ports of a country, they are one of the most vulnerable locations to terror attacks. Managers of international airports constantly face similar challenges in developing and implementing airport security protocols. Consequently, the technological advances of today have brought both positive and negative impacts on security and terrorism of airports, which are mostly managed by the airport managers. The roles of the managers have greatly increased over the years due to technological advances. The developments in technology have had different roles in security, both in countering terrorism and, at the same time, increasing the communication methods of the terrorists. The purpose of this qualitative multiple case study was to investigate the perspectives of airport managers with regard to societal security and social interactions in the socio-technical systems of the National Terrorism Advisory System (NTAS). Through the data gained regarding managers' perception and experiences, the researcher hoped to enable the development of security measures and policies that are appropriate for airports as socio-technical systems. The researcher conducted interviews with airport managers to gather relevant data to fulfill the rationale of the study. Ten to twelve airport managers based in three commercial aviation airports in Maryland, United States participated in the study. The researcher used a qualitative thematic analysis procedure to analyze the data responses of participants in the interview sessions.

Security credentials management system (SCMS) design and analysis for the connected vehicle system : draft.

Science.gov (United States)

2013-12-27

This report presents an analysis by Booz Allen Hamilton (Booz Allen) of the technical design for the Security Credentials Management System (SCMS) intended to support communications security for the connected vehicle system. The SCMS technical design...

Assessing and managing security risk in IT systems a structured methodology

CERN Document Server

McCumber, John

2004-01-01

SECURITY CONCEPTSUsing ModelsIntroduction: Understanding, Selecting, and Applying Models Understanding AssetsLayered Security Using Models in Security Security Models for Information Systems Shortcomings of Models in SecuritySecurity in Context Reference Defining Information SecurityConfidentiality, Integrity, and Availability Information AttributesIntrinsic versus Imputed Value Information as an Asset The Elements of Security Security Is Security Only in Context Information as an Asset Introduction Determining Value Managing Information Resources ReferencesUnderstanding Threat and Its Relatio

75 FR 8088 - Privacy Act of 1974; Department of Homeland Security/ALL-023 Personnel Security Management System...

Science.gov (United States)

2010-02-23

... risk of harm to economic or property interests, identity theft or fraud, or harm to the security or... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2009-0041] Privacy Act of 1974; Department of Homeland Security/ALL--023 Personnel Security Management System of Records AGENCY...

An energy security management model using quality function deployment and system dynamics

International Nuclear Information System (INIS)

Shin, Juneseuk; Shin, Wan-Seon; Lee, Changyong

2013-01-01

An energy security management model using quality function deployment (QFD) and system dynamics (SD) is suggested for application in public policymaking in developing economies. Through QFD, experts are guided toward identifying key energy security components, including indicators and policies, and in making these components consistent, focused, and customized for a particular country. Using these components as inputs, we construct an intermediate complex system dynamics model with a minimal number of crucial interactions. Key policies are simulated and evaluated in terms of the improvement of key indicators. Even with little data, our approach provides a coherent, useful, and customized energy security management model to help policymakers more effectively manage national energy security. To demonstrate its advantages, the model is applied to the Korean gas sector as an example. - Highlights: ► We suggest an energy security management model for developing economies. ► We identify a consistent set of key components, indicators and policies by using QFD. ► A coherent and practical system dynamics model based on QFD's output is constructed. ► The model is applied to the Korean gas sector as an example

Security and VO management capabilities in a large-scale Grid operating system

OpenAIRE

Aziz, Benjamin; Sporea, Ioana

2014-01-01

This paper presents a number of security and VO management capabilities in a large-scale distributed Grid operating system. The capabilities formed the basis of the design and implementation of a number of security and VO management services in the system. The main aim of the paper is to provide some idea of the various functionality cases that need to be considered when designing similar large-scale systems in the future.

Management of Control System Information SecurityI: Control System Patch Management

Energy Technology Data Exchange (ETDEWEB)

Quanyan Zhu; Miles McQueen; Craig Rieger; Tamer Basar

2011-09-01

The use of information technologies in control systems poses additional potential threats due to the frequent disclosure of software vulnerabilities. The management of information security involves a series of policy-making on the vulnerability discovery, disclosure, patch development and patching. In this paper, we use a system approach to devise a model to understand the interdependencies of these decision processes. In more details, we establish a theoretical framework for making patching decision for control systems, taking into account the requirement of functionability of control systems. We illustrate our results with numerical simulations and show that the optimal operation period of control systems given the currently estimated attack rate is roughly around a half a month.

Load control services in the management of power system security costs

International Nuclear Information System (INIS)

Jayantilal, A.; Strbac, G.

1999-01-01

The new climate of deregulation in the electricity industry is creating a need for a more transparent cost structure and within this framework the cost of system security has been a subject of considerable interest. Traditionally power system security has been supplied by out-of-merit generation, in the short term, and transmission reinforcement, in the long term. This paper presents a method of analysing the role of load-demand in the management of power system security costs by utilising load control services (LCS). It also proposes a competitive market to enable bidding from various participants within the electricity industry to supply system security. (author)

Automated security management

CERN Document Server

Al-Shaer, Ehab; Xie, Geoffrey

2013-01-01

In this contributed volume, leading international researchers explore configuration modeling and checking, vulnerability and risk assessment, configuration analysis, and diagnostics and discovery. The authors equip readers to understand automated security management systems and techniques that increase overall network assurability and usability. These constantly changing networks defend against cyber attacks by integrating hundreds of security devices such as firewalls, IPSec gateways, IDS/IPS, authentication servers, authorization/RBAC servers, and crypto systems. Automated Security Managemen

Computer security engineering management

International Nuclear Information System (INIS)

McDonald, G.W.

1988-01-01

For best results, computer security should be engineered into a system during its development rather than being appended later on. This paper addresses the implementation of computer security in eight stages through the life cycle of the system; starting with the definition of security policies and ending with continuing support for the security aspects of the system throughout its operational life cycle. Security policy is addressed relative to successive decomposition of security objectives (through policy, standard, and control stages) into system security requirements. This is followed by a discussion of computer security organization and responsibilities. Next the paper directs itself to analysis and management of security-related risks, followed by discussion of design and development of the system itself. Discussion of security test and evaluation preparations, and approval to operate (certification and accreditation), is followed by discussion of computer security training for users is followed by coverage of life cycle support for the security of the system

Managing Cisco network security

CERN Document Server

Knipp, Eric

2002-01-01

An in-depth knowledge of how to configure Cisco IP network security is a MUST for anyone working in today''s internetworked world"There''s no question that attacks on enterprise networks are increasing in frequency and sophistication..."-Mike Fuhrman, Cisco Systems Manager, Security ConsultingManaging Cisco Network Security, Second Edition offers updated and revised information covering many of Cisco''s security products that provide protection from threats, detection of network security incidents, measurement of vulnerability and policy compliance and management of security policy across an extended organization. These are the tools that network administrators have to mount defenses against threats. Chapters also cover the improved functionality and ease of the Cisco Secure Policy Manger software used by thousands of small-to-midsized businesses and a special section on the Cisco Aironet Wireless Security Solutions.Security from a real-world perspectiveKey coverage of the new technologies offered by the Cisc...

DNS security management

CERN Document Server

Dooley, Michael

2017-01-01

An advanced Domain Name System (DNS) security resource that explores the operation of DNS, its vulnerabilities, basic security approaches, and mitigation strategies DNS Security Management offers an overall role-based security approach and discusses the various threats to the Domain Name Systems (DNS). This vital resource is filled with proven strategies for detecting and mitigating these all too frequent threats. The authors—noted experts on the topic—offer an introduction to the role of DNS and explore the operation of DNS. They cover a myriad of DNS vulnerabilities and include preventative strategies that can be implemented. Comprehensive in scope, the text shows how to secure DNS resolution with the Domain Name System Security Extensions (DNSSEC), DNS firewall, server controls, and much more. In addition, the text includes discussions on security applications facilitated by DNS, such as anti-spam, SFP, and DANE.

Information Systems Security Management: A Review and a Classification of the ISO Standards

Science.gov (United States)

Tsohou, Aggeliki; Kokolakis, Spyros; Lambrinoudakis, Costas; Gritzalis, Stefanos

The need for common understanding and agreement of functional and non-functional requirements is well known and understood by information system designers. This is necessary for both: designing the "correct" system and achieving interoperability with other systems. Security is maybe the best example of this need. If the understanding of the security requirements is not the same for all involved parties and the security mechanisms that will be implemented do not comply with some globally accepted rules and practices, then the system that will be designed will not necessarily achieve the desired security level and it will be very difficult to securely interoperate with other systems. It is therefore clear that the role and contribution of international standards to the design and implementation of security mechanisms is dominant. In this paper we provide a state of the art review on information security management standards published by the International Organization for Standardization and the International Electrotechnical Commission. Such an analysis is meaningful to security practitioners for an efficient management of information security. Moreover, the classification of the standards in the clauses of ISO/IEC 27001:2005 that results from our analysis is expected to provide assistance in dealing with the plethora of security standards.

ICT security management

OpenAIRE

SCHREURS, Jeanne; MOREAU, Rachel

2007-01-01

Security becomes more and more important and companies are aware that it has become a management problem. It’s critical to know what are the critical resources and processes of the company and their weaknesses. A security audit can be a handy solution. We have developed BEVA, a method to critically analyse the company and to uncover the weak spots in the security system. BEVA results also in a general security score and security scores for each security factor. These will be used in the risk ...

TECHNIQUE OF OPTIMAL AUDIT PLANNING FOR INFORMATION SECURITY MANAGEMENT SYSTEM

Directory of Open Access Journals (Sweden)

F. N. Shago

2014-03-01

Full Text Available Complication of information security management systems leads to the necessity of improving the scientific and methodological apparatus for these systems auditing. Planning is an important and determining part of information security management systems auditing. Efficiency of audit will be defined by the relation of the reached quality indicators to the spent resources. Thus, there is an important and urgent task of developing methods and techniques for optimization of the audit planning, making it possible to increase its effectiveness. The proposed technique gives the possibility to implement optimal distribution for planning time and material resources on audit stages on the basis of dynamics model for the ISMS quality. Special feature of the proposed approach is the usage of a priori data as well as a posteriori data for the initial audit planning, and also the plan adjustment after each audit event. This gives the possibility to optimize the usage of audit resources in accordance with the selected criteria. Application examples of the technique are given while planning audit information security management system of the organization. The result of computational experiment based on the proposed technique showed that the time (cost audit costs can be reduced by 10-15% and, consequently, quality assessments obtained through audit resources allocation can be improved with respect to well-known methods of audit planning.

VIRTUAL COGNITIVE CENTERS AS INTELLIGENT SYSTEMS FOR MANAGEMENT INFORMATION SUPPORT OF REGIONAL SECURITY

Directory of Open Access Journals (Sweden)

A. V. Masloboev

2014-03-01

Full Text Available The paper deals with engineering problems and application perspectives of virtual cognitive centers as intelligent systems for information support of interagency activities in the field of complex security management of regional development. A research prototype of virtual cognitive center for regional security management in crisis situations, implemented as hybrid cloud service based on IaaS architectural framework with the usage of multi-agent and web-service technologies has been developed. Virtual cognitive center is a training simulator software system and is intended for solving on the basis of distributed simulation such problems as: strategic planning and forecasting of risk-sustainable development of regional socioeconomic systems, agents of management interaction specification synthesis for regional components security in different crisis situations within the planning stage of joint anti-crisis actions.

Security and Emergency Management Division

Data.gov (United States)

Federal Laboratory Consortium — Volpe's Security and Emergency Management Division identifies vulnerabilities, risks, and opportunities to improve the security of transportation systems, critical...

Managing information technology security risk

Science.gov (United States)

Gilliam, David

2003-01-01

Information Technology (IT) Security Risk Management is a critical task for the organization to protect against the loss of confidentiality, integrity and availability of IT resources. As systems bgecome more complex and diverse and and attacks from intrusions and malicious content increase, it is becoming increasingly difficult to manage IT security risk. This paper describes a two-pronged approach in addressing IT security risk and risk management in the organization: 1) an institutional enterprise appraoch, and 2) a project life cycle approach.

A secure file manager for UNIX

Energy Technology Data Exchange (ETDEWEB)

DeVries, R.G.

1990-12-31

The development of a secure file management system for a UNIX-based computer facility with supercomputers and workstations is described. Specifically, UNIX in its usual form does not address: (1) Operation which would satisfy rigorous security requirements. (2) Online space management in an environment where total data demands would be many times the actual online capacity. (3) Making the file management system part of a computer network in which users of any computer in the local network could retrieve data generated on any other computer in the network. The characteristics of UNIX can be exploited to develop a portable, secure file manager which would operate on computer systems ranging from workstations to supercomputers. Implementation considerations making unusual use of UNIX features, rather than requiring extensive internal system changes, are described, and implementation using the Cray Research Inc. UNICOS operating system is outlined.

The Management and Security Expert (MASE)

Science.gov (United States)

Miller, Mark D.; Barr, Stanley J.; Gryphon, Coranth D.; Keegan, Jeff; Kniker, Catherine A.; Krolak, Patrick D.

1991-01-01

The Management and Security Expert (MASE) is a distributed expert system that monitors the operating systems and applications of a network. It is capable of gleaning the information provided by the different operating systems in order to optimize hardware and software performance; recognize potential hardware and/or software failure, and either repair the problem before it becomes an emergency, or notify the systems manager of the problem; and monitor applications and known security holes for indications of an intruder or virus. MASE can eradicate much of the guess work of system management.

The information systems security officer's guide establishing and managing an information protection program

CERN Document Server

Kovacich, Gerald L

2003-01-01

Information systems security continues to grow and change based on new technology and Internet usage trends. In order to protect your organization's confidential information, you need information on the latest trends and practical advice from an authority you can trust. The new ISSO Guide is just what you need. Information Systems Security Officer's Guide, Second Edition, from Gerald Kovacich has been updated with the latest information and guidance for information security officers. It includes more information on global changes and threats, managing an international information secur

Security Analysis of the Electronic Management System for a Total Site Utility System

DEFF Research Database (Denmark)

Manso Cortes, Oscar

2016-01-01

This paper presents the Security Analysis of the Electronic Management System (EMS) of a Total Site Utility System as proposed under the scope of the Efenis project. The Efenis project has been funded by the European Commission via the seventh framework programme (EC FP7) with the aim to improve ...

Analysis of Information Security Management Systems at 5 Domestic Hospitals with More than 500 Beds

OpenAIRE

Park, Woo-Sung; Seo, Sun-Won; Son, Seung-Sik; Lee, Mee-Jeong; Kim, Shin-Hyo; Choi, Eun-Mi; Bang, Ji-Eon; Kim, Yea-Eun; Kim, Ok-Nam

2010-01-01

Objectives The information security management systems (ISMS) of 5 hospitals with more than 500 beds were evaluated with regards to the level of information security, management, and physical and technical aspects so that we might make recommendations on information security and security countermeasures which meet both international standards and the needs of individual hospitals. Methods The ISMS check-list derived from international/domestic standards was distributed to each hospital to com...

Analysis of information security management systems at 5 domestic hospitals with more than 500 beds.

Science.gov (United States)

Park, Woo-Sung; Seo, Sun-Won; Son, Seung-Sik; Lee, Mee-Jeong; Kim, Shin-Hyo; Choi, Eun-Mi; Bang, Ji-Eon; Kim, Yea-Eun; Kim, Ok-Nam

2010-06-01

The information security management systems (ISMS) of 5 hospitals with more than 500 beds were evaluated with regards to the level of information security, management, and physical and technical aspects so that we might make recommendations on information security and security countermeasures which meet both international standards and the needs of individual hospitals. The ISMS check-list derived from international/domestic standards was distributed to each hospital to complete and the staff of each hospital was interviewed. Information Security Indicator and Information Security Values were used to estimate the present security levels and evaluate the application of each hospital's current system. With regard to the moderate clause of the ISMS, the hospitals were determined to be in compliance. The most vulnerable clause was asset management, in particular, information asset classification guidelines. The clauses of information security incident management and business continuity management were deemed necessary for the establishment of successful ISMS. The level of current ISMS in the hospitals evaluated was determined to be insufficient. Establishment of adequate ISMS is necessary to ensure patient privacy and the safe use of medical records for various purposes. Implementation of ISMS which meet international standards with a long-term and comprehensive perspective is of prime importance. To reflect the requirements of the varied interests of medical staff, consumers, and institutions, the establishment of political support is essential to create suitable hospital ISMS.

Information Security Policy Modeling for Network Security Systems

Directory of Open Access Journals (Sweden)

Dmitry Sergeevich Chernyavskiy

2014-12-01

Full Text Available Policy management for network security systems (NSSs is one of the most topical issues of network security management. Incorrect configurations of NSSs lead to system outages and appearance of vulnerabilities. Moreover, policy management process is a time-consuming task, which includes significant amount of manual work. These factors reduce efficiency of NSSs’ utilization. The paper discusses peculiarities of policy management process and existing approaches to policy modeling, presents a model aimed to formalize policies for NSSs independently on NSSs’ platforms and select the most effective NSSs for implementation of the policies.

Security System Software

Science.gov (United States)

1993-01-01

C Language Integration Production System (CLIPS), a NASA-developed expert systems program, has enabled a security systems manufacturer to design a new generation of hardware. C.CURESystem 1 Plus, manufactured by Software House, is a software based system that is used with a variety of access control hardware at installations around the world. Users can manage large amounts of information, solve unique security problems and control entry and time scheduling. CLIPS acts as an information management tool when accessed by C.CURESystem 1 Plus. It asks questions about the hardware and when given the answer, recommends possible quick solutions by non-expert persons.

Information Security Management as a Bridge in Cloud Systems from Private to Public Organizations

Directory of Open Access Journals (Sweden)

Myeonggil Choi

2015-08-01

Full Text Available Cloud computing has made it possible for private companies to make rapid changes in their computing environments. However, in the public sector, security issues hinder institutions from adopting cloud computing. To solve these security challenges, in this paper, we propose a methodology for information security management, which quantitatively classifies the importance of information in cloud systems in the public sector. In this study, we adopt a Delphi approach to establish the classification criteria of the proposed methodology in an objective and systematic manner. Further, through a case study of a public corporation, we try to validate the usefulness of the proposed methodology. The results of this study will help public institutions to consider introducing cloud computing and to manage cloud systems effectively and securely.

Security Research on Engineering Database System

Institute of Scientific and Technical Information of China (English)

无

2002-01-01

Engine engineering database system is an oriented C AD applied database management system that has the capability managing distributed data. The paper discusses the security issue of the engine engineering database management system (EDBMS). Through studying and analyzing the database security, to draw a series of securi ty rules, which reach B1, level security standard. Which includes discretionary access control (DAC), mandatory access control (MAC) and audit. The EDBMS implem ents functions of DAC, ...

LESSONS LEARNED FROM CYBER SECURITY ASSESSMENTS OF SCADA AND ENERGY MANAGEMENT SYSTEMS

Energy Technology Data Exchange (ETDEWEB)

Ray Fink

2006-10-01

The results from ten cyber security vulnerability assessments of process control, SCADA and energy management systems, or components of those systems were reviewed to identify common problem areas. The common vulnerabilities ranged from conventional IT security issues to specific weaknesses in control system protocols. In each vulnerability category, relative measures were assigned to the severity of the vulnerability and ease with which an attacker could exploit the vulnerability. Suggested mitigations are identified in each category. Recommended mitigations having the highest impact on reducing vulnerability are listed for asset owners and system vendors.

Army Secure Operating System: Information Security for Real Time Systems

National Research Council Canada - National Science Library

Anderson, Eric

1984-01-01

The Army Secure Operating System (ASOS) project, under the management of the U.S. Army CECOM organization, will provide real time systems software necessary for fielding modern Battlefield Automation Systems...

Energy systems security

CERN Document Server

Voeller, John G

2014-01-01

Energy Systems Security features articles from the Wiley Handbook of Science and Technology for Homeland Security covering topics related to electricity transmission grids and their protection, risk assessment of energy systems, analysis of interdependent energy networks. Methods to manage electricity transmission disturbances so as to avoid blackouts are discussed, and self-healing energy system and a nano-enabled power source are presented.

Secure Transportation Management

International Nuclear Information System (INIS)

Gibbs, P. W.

2014-01-01

Secure Transport Management Course (STMC) course provides managers with information related to procedures and equipment used to successfully transport special nuclear material. This workshop outlines these procedures and reinforces the information presented with the aid of numerous practical examples. The course focuses on understanding the regulatory framework for secure transportation of special nuclear materials, identifying the insider and outsider threat(s) to secure transportation, organization of a secure transportation unit, management and supervision of secure transportation units, equipment and facilities required, training and qualification needed.

Information security management handbook

CERN Document Server

Tipton, Harold F

2003-01-01

Since 1993, the Information Security Management Handbook has served not only as an everyday reference for information security practitioners but also as an important document for conducting the intense review necessary to prepare for the Certified Information System Security Professional (CISSP) examination. Now completely revised and updated and in its fifth edition, the handbook maps the ten domains of the Information Security Common Body of Knowledge and provides a complete understanding of all the items in it. This is a ...must have... book, both for preparing for the CISSP exam and as a c

Prototype system of secure VOD

Science.gov (United States)

Minemura, Harumi; Yamaguchi, Tomohisa

1997-12-01

Secure digital contents delivery systems are to realize copyright protection and charging mechanism, and aim at secure delivery service of digital contents. Encrypted contents delivery and history (log) management are means to accomplish this purpose. Our final target is to realize a video-on-demand (VOD) system that can prevent illegal usage of video data and manage user history data to achieve a secure video delivery system on the Internet or Intranet. By now, mainly targeting client-server systems connected with enterprise LAN, we have implemented and evaluated a prototype system based on the investigation into the delivery method of encrypted video contents.

Cyber Security for the Spaceport Command and Control System: Vulnerability Management and Compliance Analysis

Science.gov (United States)

Gunawan, Ryan A.

2016-01-01

With the rapid development of the Internet, the number of malicious threats to organizations is continually increasing. In June of 2015, the United States Office of Personnel Management (OPM) had a data breach resulting in the compromise of millions of government employee records. The National Aeronautics and Space Administration (NASA) is not exempt from these attacks. Cyber security is becoming a critical facet to the discussion of moving forward with projects. The Spaceport Command and Control System (SCCS) project at the Kennedy Space Center (KSC) aims to develop the launch control system for the next generation launch vehicle in the coming decades. There are many ways to increase the security of the network it uses, from vulnerability management to ensuring operating system images are compliant with securely configured baselines recommended by the United States Government.

Mathematical model as means of optimization of the automation system of the process of incidents of information security management

Directory of Open Access Journals (Sweden)

Yulia G. Krasnozhon

2018-03-01

Full Text Available Modern information technologies have an increasing importance for development dynamics and management structure of an enterprise. The management efficiency of implementation of modern information technologies directly related to the quality of information security incident management. However, issues of assessment of the impact of information security incidents management on quality and efficiency of the enterprise management system are not sufficiently highlighted neither in Russian nor in foreign literature. The main direction to approach these problems is the optimization of the process automation system of the information security incident management. Today a special attention is paid to IT-technologies while dealing with information security incidents at mission-critical facilities in Russian Federation such as the Federal Tax Service of Russia (FTS. It is proposed to use the mathematical apparatus of queueing theory in order to build a mathematical model of the system optimization. The developed model allows to estimate quality of the management taking into account the rules and restrictions imposed on the system by the effects of information security incidents. Here an example is given in order to demonstrate the system in work. The obtained statistical data are shown. An implementation of the system discussed here will improve the quality of the Russian FTS services and make responses to information security incidents faster.

System of economics' security management in economic activity of meat processing enterprises formation

OpenAIRE

Iryna Sosnovska

2015-01-01

This article is devoted to creation of economics' security management system production and economic activity of meat current processing enterprises. The article reflects research results of various scientists scientific works regarding interpretation of economic security system and shows the lack of this concept single interpretation. There are summarized observation of current activities of meat processing plants specifics as a conclusion there are a large number of different programs and c...

21st Century Security Manager

OpenAIRE

Stelian ARION

2010-01-01

We live in world of uncertainty that generates major paradigms changing that affect security risk management. Modern organization’s security risks management can’t be done without a profound knowlegde and daily practice for security governance, security risk management and resilience. 21st Century security manager need to deal with several areas of konwledge in order to succesfully manage security risks. The document presents the advantages, disadvantages and challenges for security managers ...

The Economic Security of the City in the Strategic Management System

Directory of Open Access Journals (Sweden)

Hubarieva Iryna O.

2017-03-01

Full Text Available The article investigates the problem of economic security of the city in the strategic management system. The article describes the process of ensuring the economic security of the city. The organizational approach was approved using the example of Kharkiv city. The list of threats to the economic security of the city and their urgency is justified by combining such methods as expert surveys, SWOT-analysis and the hierarchy analysis method. There proposed a methodical approach to assessing the economic security of the city based on a hierarchically built system of indices (integral, complex and partial, which allowed determining the level of economic security of the city and imbalances in the development of its functional components. It is proposed to work out scenarios for ensuring the economic security of the city by combining the cognitive modeling and the scenario approach, which makes it possible to determine directions of the implementation of the strategy for ensuring the economic security of the city and choose leverages of state regulation. There presented a mechanism for ensuring the economic security of the city, which includes the following elements: an action plan to implement the strategy for ensuring the economic security of the city; institutional and organizational support; programming and project planning; scientific and methodological support; financial support. The obtained results reveal, deepen and establish conceptual foundations for ensuring the economic security of the city.

Contemporary security management

CERN Document Server

Fay, John

2010-01-01

Contemporary Security Management, 3rd Edition teaches security professionals how to operate an efficient security department and how to integrate smoothly with other groups inside and outside their own organizations. Fay demonstrates the specifics of security management: * how to organize, plan, develop and manage a security operation. * how to identify vulnerabilities. * how to determine the protective resources required to offset threats. * how to implement all necessary physical and IT security measures. Security professionals share the responsibility for mitigating damage, serving as a resource to an Emergency Tactical Center, assisting the return of business continuity, and liaising with local response agencies such as police and fire departments, emergency medical responders, and emergency warning centers. At the organizational level, the book addresses budgeting, employee performance, counseling, hiring and termination, employee theft and other misconduct, and offers sound advice on building constructi...

Development of information security and vulnerability risk management system for J-PARC

International Nuclear Information System (INIS)

Ishikawa, Hiroyuki; Tate, Akihiro; Murakami, Tadashi

2012-02-01

In J-PARC (Japan Proton Accelerator Research Complex) we have set up intra-network (internal network, we will abbreviate it as JLAN, below) to support research activity and communication among users. In JLAN, we set up various kinds of security devices to keep JLAN secure. However, the servers which provide information or service to public are still in danger of being accessed illegally. If there is an illegal access, that may cause defacement of data or information leak. Furthermore, the victim servers are manipulated by the malicious attackers, and they themselves attack the external information equipments. Vulnerability of servers enables unauthorized access. So, vulnerability test with use of a vulnerability tool is one of the most effective ways to take measures for vulnerability of the equipments. However, it is not enough to just conduct a vulnerability test. It is also essential for information security to take measures to cover constantly for the vulnerability of servers. We focused on the points above, and developed the vulnerability testing system for security. It is not only a testing tool for the vulnerability of servers, but also management system which enables the server administrators in charge of taking measures for vulnerabilities to manage risks and handles PDCA (Plan-Do-Check-Action) cycles as countermeasure for vulnerability. In this paper, we report the technologies and ingenuities for the development of the above system. (author)

Security Engine Management of Router based on Security Policy

OpenAIRE

Su Hyung Jo; Ki Young Kim; Sang Ho Lee

2007-01-01

Security management has changed from the management of security equipments and useful interface to manager. It analyzes the whole security conditions of network and preserves the network services from attacks. Secure router technology has security functions, such as intrusion detection, IPsec(IP Security) and access control, are applied to legacy router for secure networking. It controls an unauthorized router access and detects an illegal network intrusion. This paper re...

21st Century Security Manager

Directory of Open Access Journals (Sweden)

Stelian ARION

2010-11-01

Full Text Available We live in world of uncertainty that generates major paradigms changing that affect security risk management. Modern organization’s security risks management can’t be done without a profound knowlegde and daily practice for security governance, security risk management and resilience. 21st Century security manager need to deal with several areas of konwledge in order to succesfully manage security risks. The document presents the advantages, disadvantages and challenges for security managers thah have government backgroud, or IT security backgroud, or are promoted from organization’s inside leaders. There are six different areas of knowledge that successful security programs of the future must incorporate, either in the knowledge base of their leaders or in the collective knowledge of the leading staff. They are government elements, security organization, emerging issue awareness, IT security, business elements and executive leadership.

A Methodology to Implement an Information Security Management System

Directory of Open Access Journals (Sweden)

Alaíde Barbosa Martins

2005-08-01

Full Text Available Information security has actually been a major challenge to most organizations. Indeed, information security is an ongoing risk management process that covers all of the information that needs to be protected. ISO 17799 offers what companies need in order to better manage information security. The best way to implement this standard is to ease the security management process using a methodology that will define will define guidelines, procedures and tools that will be needed along the way. Hence, this paper proposes a methodology to assist companies in assessing their compliance with BS 7799/ ISO 17799 as well as planning and implementing the actions necessary to become compliant or certified to the standard. The concepts and ideas presented here had been applied in a case study involving the Cetrel S/A - Company of Environmental Protection. For this company, responsible for treatment of industrial residues generated by the Camaçari Petrochemical Complex and adjacent areas, to assure confidentiality and integrity of customers' data is a basic requirement.

Evaluating the Level of Internal Control System in the Management of Financial Security of Bank

Directory of Open Access Journals (Sweden)

Pidvysotska Lyudmyla J.

2017-06-01

Full Text Available The article is aimed at studying the organization and technology of evaluation process of the internal control system of bank in order to ensure financial security management of its activities. The work of the internal audit service on monitoring and evaluating the performance of the bank’s internal control system was analyzed. It has been found that improving the level of financial security of commercial banks is conditional upon improvements in the quality of audits and the provision of sound and objective conclusions. The interrelation of the tasks of internal audit service and the tasks of bank’s financial security management has been determined. Methodological recommendations on evaluation of the bank’s internal control system on the basis of results of audit have been proposed.

Concepts for a standard based cross-organisational information security management system in the context of a nationwide EHR.

Science.gov (United States)

Mense, Alexander; Hoheiser-Pförtner, Franz; Schmid, Martin; Wahl, Harald

2013-01-01

Working with health related data necessitates appropriate levels of security and privacy. Information security, meaning ensuring confidentiality, integrity, and availability, is more organizational, than technical in nature. It includes many organizational and management measures, is based on well-defined security roles, processes, and documents, and needs permanent adaption of security policies, continuously monitoring, and measures assessment. This big challenge for any organization leads to implementation of an information security management system (ISMS). In the context of establishing a regional or national electronic health record for integrated care (ICEHR), the situation is worse. Changing the medical information exchange from on-demand peer-to-peer connections to health information networks requires all organizations participating in the EHR system to have consistent security levels and to follow the same security guidelines and rules. Also, the implementation must be monitored and audited, establishing cross-organizational information security management systems (ISMS) based on international standards. This paper evaluates requirements and defines basic concepts for an ISO 27000 series-based cross-organizational ISMS in the healthcare domain and especially for the implementation of the nationwide electronic health record in Austria (ELGA).

Information technology security system engineering methodology

Science.gov (United States)

Childs, D.

2003-01-01

A methodology is described for system engineering security into large information technology systems under development. The methodology is an integration of a risk management process and a generic system development life cycle process. The methodology is to be used by Security System Engineers to effectively engineer and integrate information technology security into a target system as it progresses through the development life cycle. The methodology can also be used to re-engineer security into a legacy system.

Using the safety/security interface to the security manager's advantage

International Nuclear Information System (INIS)

Stapleton, B.W.

1993-01-01

Two aspects of the safety/security interface are discussed: (1) the personal safety of nuclear security officers; and (2) how the security manager can effectively deal with the safety/security interface in solving today's requirements yet supporting the overall mission of the facility. The basis of this presentation is the result of interviews, document analyses, and observations. The conclusion is that proper planning and communication between the players involved in the security/safety interface can benefit the two programs and help achieve overall system integration, ultimately contributing to the bottom line. This is especially important in today's cost conscious environment

Information security cost management

CERN Document Server

Bazavan, Ioana V

2006-01-01

While information security is an ever-present challenge for all types of organizations today, most focus on providing security without addressing the necessities of staff, time, or budget in a practical manner.Information Security Cost Management offers a pragmatic approach to implementing information security, taking budgetary and real-world constraints into consideration. By providing frameworks, step-by-step processes, and project management breakdowns, this book demonstrates how to design the best security strategy with the resources you have available. Organized into five sections, the book-Focuses on setting the right road map so that you can be most effective in your information security implementationsDiscusses cost-effective staffing, the single biggest expense to the security organizationPresents practical ways to build and manage the documentation that details strategy, provides resources for operating annual audits, and illustrates how to advertise accomplishments to senior management effectivelyI...

Security Management Strategies for Protecting Your Library's Network.

Science.gov (United States)

Ives, David J.

1996-01-01

Presents security procedures for protecting a library's computer system from potential threats by patrons or personnel, and describes how security can be breached. A sidebar identifies four areas of concern in security management: the hardware, the operating system, the network, and the user interface. A selected bibliography of sources on…

FlySec: a risk-based airport security management system based on security as a service concept

Science.gov (United States)

Kyriazanos, Dimitris M.; Segou, Olga E.; Zalonis, Andreas; Thomopoulos, Stelios C. A.

2016-05-01

Complementing the ACI/IATA efforts, the FLYSEC European H2020 Research and Innovation project (http://www.fly-sec.eu/) aims to develop and demonstrate an innovative, integrated and end-to-end airport security process for passengers, enabling a guided and streamlined procedure from the landside to airside and into the boarding gates, and offering for an operationally validated innovative concept for end-to-end aviation security. FLYSEC ambition turns through a well-structured work plan into: (i) innovative processes facilitating risk-based screening; (ii) deployment and integration of new technologies and repurposing existing solutions towards a risk-based Security paradigm shift; (iii) improvement of passenger facilitation and customer service, bringing security as a real service in the airport of tomorrow;(iv) achievement of measurable throughput improvement and a whole new level of Quality of Service; and (v) validation of the results through advanced "in-vitro" simulation and "in-vivo" pilots. On the technical side, FLYSEC achieves its ambitious goals by integrating new technologies on video surveillance, intelligent remote image processing and biometrics combined with big data analysis, open-source intelligence and crowdsourcing. Repurposing existing technologies is also in the FLYSEC objectives, such as mobile application technologies for improved passenger experience and positive boarding applications (i.e. services to facilitate boarding and landside/airside way finding) as well as RFID for carry-on luggage tracking and quick unattended luggage handling. In this paper, the authors will describe the risk based airport security management system which powers FLYSEC intelligence and serves as the backend on top of which FLYSEC's front end technologies reside for security services management, behaviour and risk analysis.

Information security risk management for computerized health information systems in hospitals: a case study of Iran.

Science.gov (United States)

Zarei, Javad; Sadoughi, Farahnaz

2016-01-01

In recent years, hospitals in Iran - similar to those in other countries - have experienced growing use of computerized health information systems (CHISs), which play a significant role in the operations of hospitals. But, the major challenge of CHIS use is information security. This study attempts to evaluate CHIS information security risk management at hospitals of Iran. This applied study is a descriptive and cross-sectional research that has been conducted in 2015. The data were collected from 551 hospitals of Iran. Based on literature review, experts' opinion, and observations at five hospitals, our intensive questionnaire was designed to assess security risk management for CHISs at the concerned hospitals, which was then sent to all hospitals in Iran by the Ministry of Health. Sixty-nine percent of the studied hospitals pursue information security policies and procedures in conformity with Iran Hospitals Accreditation Standards. At some hospitals, risk identification, risk evaluation, and risk estimation, as well as risk treatment, are unstructured without any specified approach or methodology. There is no significant structured approach to risk management at the studied hospitals. Information security risk management is not followed by Iran's hospitals and their information security policies. This problem can cause a large number of challenges for their CHIS security in future. Therefore, Iran's Ministry of Health should develop practical policies to improve information security risk management in the hospitals of Iran.

Study on Mandatory Access Control in a Secure Database Management System

Institute of Scientific and Technical Information of China (English)

无

2001-01-01

This paper proposes a security policy model for mandatory access control in class B1 database management system whose level of labeling is tuple. The relation-hierarchical data model is extended to multilevel relation-hierarchical data model. Based on the multilevel relation-hierarchical data model, the concept of upper-lower layer relational integrity is presented after we analyze and eliminate the covert channels caused by the database integrity. Two SQL statements are extended to process polyinstantiation in the multilevel secure environment. The system is based on the multilevel relation-hierarchical data model and is capable of integratively storing and manipulating multilevel complicated objects (e. g., multilevel spatial data) and multilevel conventional data ( e. g., integer. real number and character string).

Information Security Management in Context of Globalization

OpenAIRE

Wawak, Slawomir

2012-01-01

Modern information technologies are the engine of globalization. At the same time, the global market influences the way of looking at information security. Information security thus becomes an increasingly important field. The article discuses the results of research on information security management systems in public administration in Poland.

76 FR 81359 - National Security Personnel System

Science.gov (United States)

2011-12-28

... Security Personnel System AGENCY: Department of Defense; Office of Personnel Management. ACTION: Final rule... concerning the National Security Personnel System (NSPS). Section 1113 of the National Defense Authorization... National Security Personnel System (NSPS) in regulations jointly prescribed by DOD and OPM (Office of...

Information security in the context of philosophy of management

Directory of Open Access Journals (Sweden)

Irina Yurievna Alekseeva

2017-04-01

Full Text Available Building a culture of information security involves consideration of problems of management in society. Ideas and approaches developed in philosophy of management are relevant to studies in problems of information security in broader methodological and social context. The article focuses on problems of information and psychological security in social systems. The author considers disorienting signs and signals as information threat to security of persons and societies. The author argues that management ideology of pseudo-economical reductionism makes distortion at the level of values and priorities of the system. This ideology exalts competitiveness to the detriment of the systems’ viability. Philosophy of complexity (better known as “philosophy of complex systems” embraces new visions for methodology of management in XXI century. “Observer of complexity” and “complexity of observer of complexity” phenomena are central in this context. The problem of appropriate language for system self-description is of critical importance. This language is necessary for substantive production of intellectual tools for problems solving and decision making; refusal to produce such tools is fraught with decrease of information security level.

Network systems security analysis

Science.gov (United States)

Yilmaz, Ä.°smail

2015-05-01

Network Systems Security Analysis has utmost importance in today's world. Many companies, like banks which give priority to data management, test their own data security systems with "Penetration Tests" by time to time. In this context, companies must also test their own network/server systems and take precautions, as the data security draws attention. Based on this idea, the study cyber-attacks are researched throughoutly and Penetration Test technics are examined. With these information on, classification is made for the cyber-attacks and later network systems' security is tested systematically. After the testing period, all data is reported and filed for future reference. Consequently, it is found out that human beings are the weakest circle of the chain and simple mistakes may unintentionally cause huge problems. Thus, it is clear that some precautions must be taken to avoid such threats like updating the security software.

Laboratory Information Management System Chain of Custody: Reliability and Security

Science.gov (United States)

Tomlinson, J. J.; Elliott-Smith, W.; Radosta, T.

2006-01-01

A chain of custody (COC) is required in many laboratories that handle forensics, drugs of abuse, environmental, clinical, and DNA testing, as well as other laboratories that want to assure reliability of reported results. Maintaining a dependable COC can be laborious, but with the recent establishment of the criteria for electronic records and signatures by US regulatory agencies, laboratory information management systems (LIMSs) are now being developed to fully automate COCs. The extent of automation and of data reliability can vary, and FDA- and EPA-compliant electronic signatures and system security are rare. PMID:17671623

Information security risk management for computerized health information systems in hospitals: a case study of Iran

Science.gov (United States)

Zarei, Javad; Sadoughi, Farahnaz

2016-01-01

Background In recent years, hospitals in Iran – similar to those in other countries – have experienced growing use of computerized health information systems (CHISs), which play a significant role in the operations of hospitals. But, the major challenge of CHIS use is information security. This study attempts to evaluate CHIS information security risk management at hospitals of Iran. Materials and methods This applied study is a descriptive and cross-sectional research that has been conducted in 2015. The data were collected from 551 hospitals of Iran. Based on literature review, experts’ opinion, and observations at five hospitals, our intensive questionnaire was designed to assess security risk management for CHISs at the concerned hospitals, which was then sent to all hospitals in Iran by the Ministry of Health. Results Sixty-nine percent of the studied hospitals pursue information security policies and procedures in conformity with Iran Hospitals Accreditation Standards. At some hospitals, risk identification, risk evaluation, and risk estimation, as well as risk treatment, are unstructured without any specified approach or methodology. There is no significant structured approach to risk management at the studied hospitals. Conclusion Information security risk management is not followed by Iran’s hospitals and their information security policies. This problem can cause a large number of challenges for their CHIS security in future. Therefore, Iran’s Ministry of Health should develop practical policies to improve information security risk management in the hospitals of Iran. PMID:27313481

Strengthening the Security of ESA Ground Data Systems

Science.gov (United States)

Flentge, Felix; Eggleston, James; Garcia Mateos, Marc

2013-08-01

A common approach to address information security has been implemented in ESA's Mission Operations (MOI) Infrastructure during the last years. This paper reports on the specific challenges to the Data Systems domain within the MOI and how security can be properly managed with an Information Security Management System (ISMS) according to ISO 27001. Results of an initial security risk assessment are reported and the different types of security controls that are being implemented in order to reduce the risks are briefly described.

A Multilayer Secure Biomedical Data Management System for Remotely Managing a Very Large Number of Diverse Personal Healthcare Devices

Directory of Open Access Journals (Sweden)

KeeHyun Park

2015-01-01

Full Text Available In this paper, a multilayer secure biomedical data management system for managing a very large number of diverse personal health devices is proposed. The system has the following characteristics: the system supports international standard communication protocols to achieve interoperability. The system is integrated in the sense that both a PHD communication system and a remote PHD management system work together as a single system. Finally, the system proposed in this paper provides user/message authentication processes to securely transmit biomedical data measured by PHDs based on the concept of a biomedical signature. Some experiments, including the stress test, have been conducted to show that the system proposed/constructed in this study performs very well even when a very large number of PHDs are used. For a stress test, up to 1,200 threads are made to represent the same number of PHD agents. The loss ratio of the ISO/IEEE 11073 messages in the normal system is as high as 14% when 1,200 PHD agents are connected. On the other hand, no message loss occurs in the multilayered system proposed in this study, which demonstrates the superiority of the multilayered system to the normal system with regard to heavy traffic.

Information Systems Security: Whose Responsibility? | Senzige ...

African Journals Online (AJOL)

... compounded by the increasingly international nature of information systems, this responsibility still rests with managers only. This paper looks at security concerns related to information systems, identifies the threats and suggests how the security of information systems should be handled. African Journal of Finance and ...

Reasons in Support of Data Security and Data Security Management as Two Independent Concepts: A New Model

Science.gov (United States)

Moghaddasi, Hamid; Kamkarhaghighi, Mehran

2016-01-01

Introduction: Any information which is generated and saved needs to be protected against accidental or intentional losses and manipulations if it is to be used by the intended users in due time. As such, information managers have adopted numerous measures to achieve data security within data storage systems, along with the spread of information technology. Background: The “data security models” presented thus far have unanimously highlighted the significance of data security management. For further clarification, the current study first introduces the “needs and improvement” cycle; the study will then present some independent definitions, together with a support umbrella, in an attempt to shed light on the data security management. Findings: Data security focuses on three features or attributes known as integrity, identity of sender(s) and identity of receiver(s). Management in data security follows an endless evolutionary process, to keep up with new developments in information technology and communication. In this process management develops new characteristics with greater capabilities to achieve better data security. The characteristics, continuously increasing in number, with a special focus on control, are as follows: private zone, confidentiality, availability, non-repudiation, possession, accountability, authenticity, authentication and auditability. Conclusion: Data security management steadily progresses, resulting in more sophisticated features. The developments are in line with new developments in information and communication technology and novel advances in intrusion detection systems (IDS). Attention to differences between data security and data security management by international organizations such as the International Standard Organization (ISO), and International Telecommunication Union (ITU) is necessary if information quality is to be enhanced. PMID:27857823

Reasons in Support of Data Security and Data Security Management as Two Independent Concepts: A New Model.

Science.gov (United States)

Moghaddasi, Hamid; Sajjadi, Samad; Kamkarhaghighi, Mehran

2016-01-01

Any information which is generated and saved needs to be protected against accidental or intentional losses and manipulations if it is to be used by the intended users in due time. As such, information managers have adopted numerous measures to achieve data security within data storage systems, along with the spread of information technology. The "data security models" presented thus far have unanimously highlighted the significance of data security management. For further clarification, the current study first introduces the "needs and improvement" cycle; the study will then present some independent definitions, together with a support umbrella, in an attempt to shed light on the data security management. Data security focuses on three features or attributes known as integrity, identity of sender(s) and identity of receiver(s). Management in data security follows an endless evolutionary process, to keep up with new developments in information technology and communication. In this process management develops new characteristics with greater capabilities to achieve better data security. The characteristics, continuously increasing in number, with a special focus on control, are as follows: private zone, confidentiality, availability, non-repudiation, possession, accountability, authenticity, authentication and auditability. Data security management steadily progresses, resulting in more sophisticated features. The developments are in line with new developments in information and communication technology and novel advances in intrusion detection systems (IDS). Attention to differences between data security and data security management by international organizations such as the International Standard Organization (ISO), and International Telecommunication Union (ITU) is necessary if information quality is to be enhanced.

Critical infrastructure cyber-security risk management

OpenAIRE

Spyridopoulos, T.; Maraslis, K.; Tryfonas, T.; Oikonomou, G.

2017-01-01

Traditional IT cyber-security risk management methods are based on the evaluation of risks calculated as the likelihood of cyber-security incidents occurring. However, these probabilities are usually estimations or guesses based on past experience and incomplete data. Incorrect estimations can lead to errors in the evaluation of risks that can ultimately affect the protection of the system. This issue is also transferred to methods used in Industrial Control Systems (ICSs), as they are mainly...

Privacy and Security Research Group workshop on network and distributed system security: Proceedings

Energy Technology Data Exchange (ETDEWEB)

1993-05-01

This report contains papers on the following topics: NREN Security Issues: Policies and Technologies; Layer Wars: Protect the Internet with Network Layer Security; Electronic Commission Management; Workflow 2000 - Electronic Document Authorization in Practice; Security Issues of a UNIX PEM Implementation; Implementing Privacy Enhanced Mail on VMS; Distributed Public Key Certificate Management; Protecting the Integrity of Privacy-enhanced Electronic Mail; Practical Authorization in Large Heterogeneous Distributed Systems; Security Issues in the Truffles File System; Issues surrounding the use of Cryptographic Algorithms and Smart Card Applications; Smart Card Augmentation of Kerberos; and An Overview of the Advanced Smart Card Access Control System. Selected papers were processed separately for inclusion in the Energy Science and Technology Database.

Information security management handbook

CERN Document Server

2002-01-01

The Information Security Management Handbook continues its tradition of consistently communicating the fundamental concepts of security needed to be a true CISSP. In response to new developments, Volume 4 supplements the previous volumes with new information covering topics such as wireless, HIPAA, the latest hacker attacks and defenses, intrusion detection, and provides expanded coverage on security management issues and applications security. Even those that don't plan on sitting for the CISSP exam will find that this handbook is a great information security reference.The changes in the tech

Identity and Access Management and Security in Higher Education.

Science.gov (United States)

Bruhn, Mark; Gettes, Michael; West, Ann

2003-01-01

Discusses the drivers for an identity management system (IdM), components of this system, and its role within a school security strategy, focusing on: basic access management; requirements for access management; middleware support for an access management system; IdM implementation considerations (e.g., access eligibilities, authentication…

SECURING DIGITIZED LIBRARY CIRCULATORY SYSTEM

African Journals Online (AJOL)

user

The widespread application of the developed system on smart library circulation .... database management system; [9] through securing .... system running on a Windows 8 Operating system .... mini library for their support, advice and unlimited.

THE ROLE OF THE INNOVATION POTENTIAL IN THE MANAGEMENT SYSTEM OF ECONOMIC SECURITY OF ENTERPRISES

Directory of Open Access Journals (Sweden)

Y. P. Anisimov

2015-01-01

Full Text Available The article explores the theoretical foundations of innovative potential of the enterprise and its role for sustainable development and economic security. The urgency of the problem of sustainable development innovative capacity, low level of theoretical and practical elaboration, poor methodological and conceptual basis for the development of economic security, increasing competitiveness and strengthening market situation of enterprises, determined the choice of the research topic. Scientific awareness of the key problems of the economy determined the significance of the research topic, the relevance of which is determined by the need for new theoretical concepts, methodological developments and practical recommendations on the role of innovation potential in the management system of economic security of enterprises. The system of economic security management is the basis of the successful functioning and development of enterprises. In market conditions, the economic security of organizations is directly outside-the implementation of innovations into the production process, which is an effective means of increasing competitiveness, improving the quality of products. The innovative capacity of enterprises consists of a unique ability to increase such components as material and investment, information, personnel that will help the organization to achieve new strategic goals. It should be noted that not all products are offered by organizations on the existing market, generates potential, but only one that is potentially profitable. That is, the products created on the basis of innovative technologies, from-while a high quality and should demand amongst consumers. Economic security policy is a system of views, different measures, methods of solutions, specific actions in the area of economic security, which determine the conditions for achieving business goals. Thus, the implemented security policy allocates the organization to carry out economic

Integrating Security Risk Management into Business Process Management for the Cloud

OpenAIRE

Goettelmann , Elio; Mayer , Nicolas; Godart , Claude

2014-01-01

International audience; Security issues are still preventing wider adoption of cloud computing, especially for businesses which are handling sensitive information. Indeed, by outsourcing its information system (IS), a company can lose control over its infrastructure, its software or even its data. Therefore, new methods and tools need to be defined to respond to this challenge. In this paper we propose to integrate Security Risk Management approaches into Business Process Management to effect...

Towards Agile Security Risk Management in RE and Beyond

NARCIS (Netherlands)

Nunes Leal Franqueira, V.; Bakalova, Z.; Tun, Thein Tan; Daneva, Maia

Little attention has been given so far to the process of security risk management at the early stages of system development. Security has been addressed by isolated security assurance practices, some of which consider risks and mitigations but they do not provide an overview of the overall security

Report: EPA Should Improve Management Practices and Security Controls for Its Network Directory Service System and Related Servers

Science.gov (United States)

Report #12-P-0836, September 20, 2012. EPA's OEI is not managing key system management documentation, system administration functions, the granting and monitoring of privileged accounts, and the application of security controls associated with its DSS.

Improvement of economic security management system of municipalities with account of transportation system development: methods of assessment

Science.gov (United States)

Khe Sun, Pak; Vorona-Slivinskaya, Lubov; Voskresenskay, Elena

2017-10-01

The article highlights the necessity of a complex approach to assess economic security of municipalities, which would consider municipal management specifics. The approach allows comparing the economic security level of municipalities, but it does not describe parameter differences between compared municipalities. Therefore, there is a second method suggested: parameter rank order method. Applying these methods allowed to figure out the leaders and outsiders of the economic security among municipalities and rank all economic security parameters according to the significance level. Complex assessment of the economic security of municipalities, based on the combination of the two approaches, allowed to assess the security level more accurate. In order to assure economic security and equalize its threshold values, one should pay special attention to transportation system development in municipalities. Strategic aims of projects in the area of transportation infrastructure development in municipalities include the following issues: contribution into creating and elaborating transportation logistics and manufacture transport complexes, development of transportation infrastructure with account of internal and external functions of the region, public transport development, improvement of transport security and reducing its negative influence on the environment.

Security Attributes Based Digital Rights Management

NARCIS (Netherlands)

Chong, C.N.; van Buuren, R.; van Buuren, R.F.; Hartel, Pieter H.; Kleinhuis, Geert; Boavida, F.; Monteiro, E.; Orvalho, J.

2002-01-01

Most real-life systems delegate responsibilities to different authorities. We apply this model to a digital rights management system, to achieve flexible security. In our model a hierarchy of authorities issues certificates that are linked by cryptographic means. This linkage establishes a chain of

MAVEN Information Security Governance, Risk Management, and Compliance (GRC): Lessons Learned

Science.gov (United States)

Takamura, Eduardo; Gomez-Rosa, Carlos A.; Mangum, Kevin; Wasiak, Fran

2014-01-01

As the first interplanetary mission managed by the NASA Goddard Space Flight Center, the Mars Atmosphere and Volatile EvolutioN (MAVEN) had three IT security goals for its ground system: COMPLIANCE, (IT) RISK REDUCTION, and COST REDUCTION. In a multiorganizational environment in which government, industry and academia work together in support of the ground system and mission operations, information security governance, risk management, and compliance (GRC) becomes a challenge as each component of the ground system has and follows its own set of IT security requirements. These requirements are not necessarily the same or even similar to each other's, making the auditing of the ground system security a challenging feat. A combination of standards-based information security management based on the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF), due diligence by the Mission's leadership, and effective collaboration among all elements of the ground system enabled MAVEN to successfully meet NASA's requirements for IT security, and therefore meet Federal Information Security Management Act (FISMA) mandate on the Agency. Throughout the implementation of GRC on MAVEN during the early stages of the mission development, the Project faced many challenges some of which have been identified in this paper. The purpose of this paper is to document these challenges, and provide a brief analysis of the lessons MAVEN learned. The historical information documented herein, derived from an internal pre-launch lessons learned analysis, can be used by current and future missions and organizations implementing and auditing GRC.

A cooperative model for IS security risk management in distributed environment.

Science.gov (United States)

Feng, Nan; Zheng, Chundong

2014-01-01

Given the increasing cooperation between organizations, the flexible exchange of security information across the allied organizations is critical to effectively manage information systems (IS) security in a distributed environment. In this paper, we develop a cooperative model for IS security risk management in a distributed environment. In the proposed model, the exchange of security information among the interconnected IS under distributed environment is supported by Bayesian networks (BNs). In addition, for an organization's IS, a BN is utilized to represent its security environment and dynamically predict its security risk level, by which the security manager can select an optimal action to safeguard the firm's information resources. The actual case studied illustrates the cooperative model presented in this paper and how it can be exploited to manage the distributed IS security risk effectively.

Management of Information Security in Financial Accounting

OpenAIRE

Aurel Serb; Constantin Baron; Nicoleta Magdalena Iacob; Costinela-Luminita Defta

2014-01-01

Security issues in financial accounting are complex, and the risks are often difficult to stipulate, even for experts. The issues presented in this article try to be formed in a contribution to the consolidation of problems in the field of risk, and former vulnerabilities in cyber security in financial accounting. The use of an information security management system became a requirement for organizations because on the states began adopting mandatory data protection legislation and informatio...

Security Attributes Based Digital Rights Management

NARCIS (Netherlands)

Chong, C.N.; van Buuren, R.; Hartel, Pieter H.; Kleinhuis, Geert

ost real-life systems delegate responsibilities to di�erent authorities. We apply this model to a dig- ital rights management system, to achieve exible security. In our model a hierarchy of authorities issues certi�cates that are linked by cryptographic means. This linkage establishes a chain of

BWS Open System Architecture Security Assessment

OpenAIRE

Cristian Ionita

2011-01-01

Business process management systems play a central role in supporting the business operations of medium and large organizations. Because of this the security characteristics of these systems are becoming very important. The present paper describes the BWS architecture used to implement the open process aware information system DocuMentor. Using the proposed platform, the article identifies the security characteristics of such systems, shows the correlation between these characteristics and th...

The Importance of the Security Culture in SMEs as Regards the Correct Management of the Security of Their Assets

Directory of Open Access Journals (Sweden)

Antonio Santos-Olmo

2016-07-01

Full Text Available The information society is increasingly more dependent on Information Security Management Systems (ISMSs, and the availability of these kinds of systems is now vital for the development of Small and Medium-Sized Enterprises (SMEs. However, these companies require ISMSs that have been adapted to their special features, and which are optimized as regards the resources needed to deploy and maintain them. This article shows how important the security culture within ISMSs is for SMEs, and how the concept of security culture has been introduced into a security management methodology (MARISMA is a Methodology for “Information Security Management System in SMEs” developed by the Sicaman Nuevas Tecnologías Company, Research Group GSyA and Alarcos of the University of Castilla-La Mancha. for SMEs. This model is currently being directly applied to real cases, thus allowing a steady improvement to be made to its implementation.

Project Management with IT Security Focus

OpenAIRE

Felician Alecu; Paul Pocatilu; Sergiu Capisizu

2011-01-01

The paper focus on the main key points related to the IT security project management. The most important lifecycle stages are identified: IT security project proposal definition, project organization, project planning, quality planning, project team organization, IT security project activities management and project closing. The most important success factors for IT security projects are the support of top-management, customer satisfaction, prevention over remediation and continuous progress....

The Effect of Information Security Management on Organizational Processes Integration in Supply Chain

OpenAIRE

Mohsen Shafiei Nikabadi; Ahmad Jafarian; Azam Jalili Bolhasani

2012-01-01

: The major purpose of this article was that how information security management has effect on supply chain integration and the effect of implementing "information security management system" on enhancing supplies chain integration. In this respect, current research was seeking a combination overview to these tow approaches (Information Security Management and Organizational Processes Integration by Enterprise Resources Planning System) and after that determined factors of these two import...

Information Security and Integrity Systems

Science.gov (United States)

1990-01-01

Viewgraphs from the Information Security and Integrity Systems seminar held at the University of Houston-Clear Lake on May 15-16, 1990 are presented. A tutorial on computer security is presented. The goals of this tutorial are the following: to review security requirements imposed by government and by common sense; to examine risk analysis methods to help keep sight of forest while in trees; to discuss the current hot topic of viruses (which will stay hot); to examine network security, now and in the next year to 30 years; to give a brief overview of encryption; to review protection methods in operating systems; to review database security problems; to review the Trusted Computer System Evaluation Criteria (Orange Book); to comment on formal verification methods; to consider new approaches (like intrusion detection and biometrics); to review the old, low tech, and still good solutions; and to give pointers to the literature and to where to get help. Other topics covered include security in software applications and development; risk management; trust: formal methods and associated techniques; secure distributed operating system and verification; trusted Ada; a conceptual model for supporting a B3+ dynamic multilevel security and integrity in the Ada runtime environment; and information intelligence sciences.

Securing the energy industry : perspectives in security risk management

Energy Technology Data Exchange (ETDEWEB)

Hurd, G.L. [Anadarko Canada Corp., Calgary, AB (Canada)

2003-07-01

This presentation offered some perspectives in security risk management as it relates to the energy sector. Since the events of September 11, 2001 much attention has been given to terrorism and the business is reviewing protection strategies. The paper made reference to each of the following vulnerabilities in the energy sector: information technology, globalization, business restructuring, interdependencies, political/regulatory change, and physical/human factors. The vulnerability of information technology is that it can be subject to cyber and virus attacks. Dangers of globalization lie in privacy and information security, forced nationalization, organized crime, and anti-globalization efforts. It was noted that the Y2K phenomenon provided valuable lessons regarding interdependencies and the effects of power outages, water availability, transportation disruption, common utility corridor accidents, and compounding incidents. The paper also noted the conflict between the government's desire to have a resilient infrastructure that can withstand and recover from attacks versus a company's ability to afford this capability. The physical/human factors that need to be considered in risk management include crime, domestic terrorism, and disasters such as natural disasters, industrial disasters and crisis. The energy industry has geographically dispersed vulnerable systems. It has done a fair job of physical security and has good emergency management practices, but it was noted that the industry cannot protect against all threats. A strategy of vigilance and awareness is needed to deal with threats. Other strategies include contingency planning, physical security, employee communication, and emergency response plans. tabs., figs.

Selecting RMF Controls for National Security Systems

Energy Technology Data Exchange (ETDEWEB)

Witzke, Edward L. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)

2015-08-01

In 2014, the United States Department of Defense started tra nsitioning the way it performs risk management and accreditation of informatio n systems to a process entitled Risk Management Framework for DoD Information Technology or RMF for DoD IT. There are many more security and privacy contro ls (and control enhancements) from which to select in RMF, than there w ere in the previous Information Assurance process. This report is an attempt t o clarify the way security controls and enhancements are selected. After a brief overview and comparison of RMF for DoD I T with the previously used process, this report looks at the determination of systems as National Security Systems (NSS). Once deemed to be an NSS, this report addr esses the categorization of the information system with respect to impact level s of the various security objectives and the selection of an initial baseline o f controls. Next, the report describes tailoring the controls through the use of overl ays and scoping considerations. Finally, the report discusses organizatio n-defined values for tuning the security controls to the needs of the information system.

Incentive Issues in Information Security Management

Science.gov (United States)

Lee, Chul Ho

2012-01-01

This dissertation studies three incentive issues in information security management. The first essay studies contract issues between a firm that outsources security functions and a managed security service provider (MSSP) that provides security functions to the firm. Since MSSP and firms cannot observe each other's actions, both can suffer…

The Importance of Information Security Management in Crisis Prevention in the Company

OpenAIRE

Wawak, Slawomir

2010-01-01

Management information system can be compared to the nervous system of a company. Its malfunction may cause adverse effects in many different areas of the company. Information Security Management is understood as tool of the information confidentiality, availability and integrity assurance. An effective information security management system reduces the risk of crisis in the company. It also allows to reduce the effects of the crisis occurring outside the company.

Secure electronic commerce communication system based on CA

Science.gov (United States)

Chen, Deyun; Zhang, Junfeng; Pei, Shujun

2001-07-01

In this paper, we introduce the situation of electronic commercial security, then we analyze the working process and security for SSL protocol. At last, we propose a secure electronic commerce communication system based on CA. The system provide secure services such as encryption, integer, peer authentication and non-repudiation for application layer communication software of browser clients' and web server. The system can implement automatic allocation and united management of key through setting up the CA in the network.

Security management

International Nuclear Information System (INIS)

Adams, H.W.

1990-01-01

Technical progress is moving more and more quickly and the systems thus produced are so complex and have become so unclear to the individual that he can no longer estimate the consequences: Faith in progress has given way to deep mistrust. Companies have adjusted to this change in consciousness. An interesting tendency can be identified: technical security is already available - now the organization of security has become an important objective for companies. The key message of the book is: If outworn technical systems are no longer adequate, the organization must be thoroughly overhauled. Five chapters deal with the following themes: organization as an aspect of society; risk control; aspects of security; is there security in ADP; the broader concept of security. (orig./HP) [de

The Effectiveness of an Electronic Security Management System in a Privately Owned Apartment Complex

Science.gov (United States)

Greenberg, David F.; Roush, Jeffrey B.

2009-01-01

Poisson and negative binomial regression methods are used to analyze the monthly time series data to determine the effects of introducing an integrated security management system including closed-circuit television (CCTV), door alarm monitoring, proximity card access, and emergency call boxes to a large privately-owned complex of apartment…

New Management Tools – From Video Management Systems to Business Decision Systems

Directory of Open Access Journals (Sweden)

Emilian Cristian IRIMESCU

2015-06-01

Full Text Available In the last decades management was characterized by the increased use of Business Decision Systems, also called Decision Support Systems. More than that, systems that were until now used in a traditional way, for some simple activities (like security, migrated to the decision area of management. Some examples are the Video Management Systems from the physical security activity. This article will underline the way Video Management Systems passed to Business Decision Systems, which are the advantages of use thereof and which are the trends in this industry. The article will also analyze if at this moment Video Management Systems are real Business Decision Systems or if there are some functions missing to rank them at this level.

New secure communication-layer standard for medical image management (ISCL)

Science.gov (United States)

Kita, Kouichi; Nohara, Takashi; Hosoba, Minoru; Yachida, Masuyoshi; Yamaguchi, Masahiro; Ohyama, Nagaaki

1999-07-01

This paper introduces a summary of the standard draft of ISCL 1.00 which will be published by MEDIS-DC officially. ISCL is abbreviation of Integrated Secure Communication Layer Protocols for Secure Medical Image Management Systems. ISCL is a security layer which manages security function between presentation layer and TCP/IP layer. ISCL mechanism depends on basic function of a smart IC card and symmetric secret key mechanism. A symmetry key for each session is made by internal authentication function of a smart IC card with a random number. ISCL has three functions which assure authentication, confidently and integrity. Entity authentication process is done through 3 path 4 way method using functions of internal authentication and external authentication of a smart iC card. Confidentially algorithm and MAC algorithm for integrity are able to be selected. ISCL protocols are communicating through Message Block which consists of Message Header and Message Data. ISCL protocols are evaluating by applying to regional collaboration system for image diagnosis, and On-line Secure Electronic Storage system for medical images. These projects are supported by Medical Information System Development Center. These project shows ISCL is useful to keep security.

IT Security Management Implementation Model in Iranian Bank Industry

Directory of Open Access Journals (Sweden)

Mona Vanaki

2017-06-01

Full Text Available According to the complexity and differences between Iranian banks and other developed countries the appropriate actions to implement effective security management of information technology have not been taken. The aim of this study was to create a powerful model by selecting the appropriate security controls to protect information assets in the bank. In this model, at first the principle set fort in ISO standard 27001, was extracted and then by further studies derived from best practices carried out in the world on the related subject from 2008 to 2016 using a qualitative descriptive method, points comply with information security management in the banking industry were added to it. With the study of Iranian banks in dealing with IT security management system and with help of action research tools, provisions which prevent the actual implementation of this standard was removed and finally a conceptual model with operating instructions and considering all the principles of information security management standard, as well as banking institutions focusing on the characteristics of Iran was proposed.

Security administration plan for HANDI 2000 business management system

Energy Technology Data Exchange (ETDEWEB)

Wilson, D.

1998-09-29

This document encompasses and standardizes the integrated approach for security within the PP and Ps applications, It also identifies the security tools and methods to be used. The Security Administration Plan becomes effective as of this document`s acceptance and will provide guidance through implementation efforts and, as a ``living document`` will support the operations and maintenance of the system.

Distributed security in closed distributed systems

DEFF Research Database (Denmark)

Hernandez, Alejandro Mario

properties. This is also restricted to distributed systems in which the set of locations is known a priori. All this follows techniques borrowed from both the model checking and the static analysis communities. In the end, we reach a step towards solving the problem of enforcing security in distributed...... systems. We achieve the goal of showing how this can be done, though we restrict ourselves to closed systems and with a limited set of enforceable security policies. In this setting, our approach proves to be efficient. Finally, we achieve all this by bringing together several fields of Computer Science......The goal of the present thesis is to discuss, argue and conclude about ways to provide security to the information travelling around computer systems consisting of several known locations. When developing software systems, security of the information managed by these plays an important role...

12 CFR 792.67 - Security of systems of records.

Science.gov (United States)

2010-01-01

... 12 Banks and Banking 6 2010-01-01 2010-01-01 false Security of systems of records. 792.67 Section... AND PRIVACY ACT, AND BY SUBPOENA; SECURITY PROCEDURES FOR CLASSIFIED INFORMATION The Privacy Act § 792.67 Security of systems of records. (a) Each system manager, with the approval of the head of that...

5 CFR 930.301 - Information systems security awareness training program.

Science.gov (United States)

2010-01-01

... 5 Administrative Personnel 2 2010-01-01 2010-01-01 false Information systems security awareness... (MISCELLANEOUS) Information Security Responsibilities for Employees who Manage or Use Federal Information Systems § 930.301 Information systems security awareness training program. Each Executive Agency must develop a...

Optical Imaging Sensors and Systems for Homeland Security Applications

CERN Document Server

Javidi, Bahram

2006-01-01

Optical and photonic systems and devices have significant potential for homeland security. Optical Imaging Sensors and Systems for Homeland Security Applications presents original and significant technical contributions from leaders of industry, government, and academia in the field of optical and photonic sensors, systems and devices for detection, identification, prevention, sensing, security, verification and anti-counterfeiting. The chapters have recent and technically significant results, ample illustrations, figures, and key references. This book is intended for engineers and scientists in the relevant fields, graduate students, industry managers, university professors, government managers, and policy makers. Advanced Sciences and Technologies for Security Applications focuses on research monographs in the areas of -Recognition and identification (including optical imaging, biometrics, authentication, verification, and smart surveillance systems) -Biological and chemical threat detection (including bios...

Implementing Information Security and Its Technology: A LineManagement Perspective

Energy Technology Data Exchange (ETDEWEB)

Barletta, William A.

2005-08-22

Assuring the security and privacy of institutionalinformation assets is a complex task for the line manager responsible forinternational and multi-national transactions. In the face of an unsureand often conflicting international legal framework, the line managermust employ all available tools in an Integrated Security and PrivacyManagement framework that ranges from legal obligations, to policy, toprocedure, to cutting edge technology to counter the rapidly evolvingcyber threat to information assets and the physical systems thatinformation systems control.

The management of the state reserving system in the aspect of the regional economic security supporting

Directory of Open Access Journals (Sweden)

Aleksandr Yefimovich Zemskov

2011-06-01

Full Text Available This paper reviews the role of the state material reserve system to ensure economic security of the region. A classification of reserves ensuring economic security of the region was elaborated. A scheme of systematic and structural representation of the state material reserve in order to improve the economic security of the region was suggested. Optimization of operational control of the territorial offices, factories, and settlements of custody within the framework of the state material reserve is one of the most effective instruments to enhance the functioning of the whole system. To solve the problem of technological processes optimization of products acquisition and storage in manufacturings, plants and points of consignment storage of the state material reserve, a static economic-mathematical model was developed. The results can be used to develop appropriate computer systems for support of effective management decisions in the system of state of material reserve.

The Effect of Information Security Management on Organizational Processes Integration in Supply Chain

Directory of Open Access Journals (Sweden)

Mohsen Shafiei Nikabadi

2012-03-01

Full Text Available : The major purpose of this article was that how information security management has effect on supply chain integration and the effect of implementing "information security management system" on enhancing supplies chain integration. In this respect, current research was seeking a combination overview to these tow approaches (Information Security Management and Organizational Processes Integration by Enterprise Resources Planning System and after that determined factors of these two important issue by factor analysis. Researchers using a series of comments in the automotive experts (production planning and management and supply chain experts and caregivers car makers and suppliers in the first level and second level supply chain industry. In this way, it has been done that impact on how information security management processes enterprise supply chain integration with the help of statistical correlation analysis. The results of this investigation indicated effect of "information security management system" various dimensions that were coordination of information, prevent human errors and hardware, the accuracy of information and education for users on two dimensions of internal and external integration of business processes, supply chain and finally, it can increased integration of business processes in supply chain. At the end owing to quite these results, deployment of "information security management system" increased the integration of organizational processes in supply chain. It could be demonstrate with the consideration of relation of organizational integration processes whit the level of coordination of information, prevent errors and accuracy of information throughout the supply chain.

The Role of Information Security Management Systems in Supply Chain Performance Improvement

Directory of Open Access Journals (Sweden)

Mohammad Reza Taghva

2012-02-01

Full Text Available In recent years, the researchers have emphasized on positive effect of information system on supply chain performance such as organizational processes integration, information sharing, information technology, etc. In other hand, information security management system is one of the subjects that researches considered its effects on increase accuracy and effective information exchange, access to accurate and timely information and reduce errors of information system. Since, any research has not been done on this ground (the importance of ISMS on supply chain performance. Therefore, it was felt that a research should have done on these approaches on supply chain. In this respect, current research was seeking that how ISMS had impact on supply chain performance in automotive industry and this was the innovative aspect of this paper. So first of all, after the review of the information security management system literature, supply chain performance was considered by the balanced scorecard approach then the most important factors of these two subjects was extracted by correlation analysis. In this way, it was considered that how ISMS had impact on supply chain performance by correlation analysis. The results showed that different dimensions of ISMS (information uniformity, prevent the human and machine mistake, information be accuracy, and rectitude and instruction for users had impact on four dimensions of supply chain performance (customers, financial, internal processes and learning and growth in three levels (strategic, technical, and operational in supply chain. At the end, it was showed that ISMS lays the ground for increase supply chain performance.

Design of security scheme of the radiotherapy planning administration system based on the hospital information system

International Nuclear Information System (INIS)

Zhuang Yongzhi; Zhao Jinzao

2010-01-01

Objective: To design a security scheme of radiotherapy planning administration system. Methods: Power Builder 9i language was used to program the system through the model of client-server machine. Oracle 9i was used as the database server. Results In this system, user registration management, user login management, application-level functions of control, database access control, and audit trail were designed to provide system security. Conclusions: As a prototype for the security analysis and protection of this scheme provides security of the system, application system, important data and message, which ensures the system work normally. (authors)

Network Security: Policies and Guidelines for Effective Network Management

Directory of Open Access Journals (Sweden)

Jonathan Gana KOLO

2008-12-01

Full Text Available Network security and management in Information and Communication Technology (ICT is the ability to maintain the integrity of a system or network, its data and its immediate environment. The various innovations and uses to which networks are being put are growing by the day and hence are becoming complex and invariably more difficult to manage by the day. Computers are found in every business such as banking, insurance, hospital, education, manufacturing, etc. The widespread use of these systems implies crime and insecurity on a global scale. In addition, the tremendous benefits brought about by Internet have also widened the scope of crime and insecurity at an alarming rate. Also, ICT has fast become a primary differentiator for institution/organization leaders as it offers effective and convenient means of interaction with each other across the globe. This upsurge in the population of organizations depending on ICT for business transaction has brought with it a growing number of security threats and attacks on poorly managed and secured networks primarily to steal personal data, particularly financial information and password.This paper therefore proposes some policies and guidelines that should be followed by network administrators in organizations to help them ensure effective network management and security of ICT facilities and data.

Guidelines for developing NASA (National Aeronautics and Space Administration) ADP security risk management plans

Science.gov (United States)

Tompkins, F. G.

1983-01-01

This report presents guidance to NASA Computer security officials for developing ADP security risk management plans. The six components of the risk management process are identified and discussed. Guidance is presented on how to manage security risks that have been identified during a risk analysis performed at a data processing facility or during the security evaluation of an application system.

Implementing Information Security Management System as a part of business processes : Where to gain competitive advantage for ISMS?

OpenAIRE

Flyktman, Jari

2016-01-01

The Idea and background to the study subject lies in the interest in security, leadership and organizational development. The research question was how to provide best practices to fit these all together in harmony. The objective was to help small and medium sized organizations to understand the multifaceted nature of cybersecurity and requirements for successful implementation of information security management system (ISMS). ISMS help companies to form the needed security structures in pra...

System security in the space flight operations center

Science.gov (United States)

Wagner, David A.

1988-01-01

The Space Flight Operations Center is a networked system of workstation-class computers that will provide ground support for NASA's next generation of deep-space missions. The author recounts the development of the SFOC system security policy and discusses the various management and technology issues involved. Particular attention is given to risk assessment, security plan development, security implications of design requirements, automatic safeguards, and procedural safeguards.

A process framework for information security management

Directory of Open Access Journals (Sweden)

Knut Haufe

2016-01-01

Full Text Available Securing sensitive organizational data has become increasingly vital to organizations. An Information Security Management System (ISMS is a systematic approach for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an organization's information security. Key elements of the operation of an ISMS are ISMS processes. However, and in spite of its importance, an ISMS process framework with a description of ISMS processes and their interaction as well as the interaction with other management processes is not available in the literature. Cost benefit analysis of information security investments regarding single measures protecting information and ISMS processes are not in the focus of current research, mostly focused on economics. This article aims to fill this research gap by proposing such an ISMS process framework as the main contribution. Based on a set of agreed upon ISMS processes in existing standards like ISO 27000 series, COBIT and ITIL. Within the framework, identified processes are described and their interaction and interfaces are specified. This framework helps to focus on the operation of the ISMS, instead of focusing on measures and controls. By this, as a main finding, the systemic character of the ISMS consisting of processes and the perception of relevant roles of the ISMS is strengthened.

32 CFR 2001.50 - Telecommunications automated information systems and network security.

Science.gov (United States)

2010-07-01

... NATIONAL SECURITY INFORMATION Safeguarding § 2001.50 Telecommunications automated information systems and... identified in the Committee on National Security Systems (CNSS) issuances and the Intelligence Community Directive (ICD) 503, Intelligence Community Information Technology Systems Security Risk Management...

Information Security Intelligence as a Basis for Modern Information Security Management

OpenAIRE

Natalia Georgievna Miloslavskaya; Aleksandr Ivanovich Tolstoy

2013-01-01

There is a transfer from the simple Log Management Systems and SIEM systems to those supporting Information Security Intelligence (ISI). ISIe as Business Intelligence enables companies to make more informed business decisions through more effective processing of great volumes of available information concerning their IT infrastructure. The relevance of such a transition is defined. The main goal and advantage of ISI are highlighted. The basic functionality of computer-based systems for ISI ar...

Security management of water supply

Directory of Open Access Journals (Sweden)

Tchórzewska-Cieślak Barbara

2017-03-01

Full Text Available The main aim of this work is to present operational problems concerning the safety of the water supply and the procedures for risk management systems functioning public water supply (CWSS and including methods of hazard identification and risk assessment. Developed a problem analysis and risk assessment, including procedures called. WSP, which is recommended by the World Health Organization (WHO as a tool for comprehensive security management of water supply from source to consumer. Water safety plan is a key element of the strategy for prevention of adverse events in CWSS.

Research and realization of info-net security controlling system

Science.gov (United States)

Xu, Tao; Zhang, Wei; Li, Xuhong; Wang, Xia; Pan, Wenwen

2017-03-01

The thesis introduces some relative concepts about Network Cybernetics, and we design and realize a new info-net security controlling system based on Network Cybernetics. The system can control the endpoints, safely save files, encrypt communication, supervise actions of users and show security conditions, in order to realize full-scale security management. At last, we simulate the functions of the system. The results show, the system can ensure the controllability of users and devices, and supervise them real-time. The system can maximize the security of the network and users.

Department of Energy security program needs effective information systems

International Nuclear Information System (INIS)

1991-10-01

Although security is an important, nearly billion-dollar-a-year function in the Department of Energy (DOE), key information systems that hold important data about security weaknesses and incidents have limited analytical capabilities and contain unreliable information. The resultant difficulty in identifying patterns and trends reduces managers' ability to ensure the effectiveness of the security program. Resources are also wasted because DOE has deployed incompatible systems that are unable to electronically share or transfer data, often forcing employees to manually re-enter data that are already stored in computers elsewhere. Finally, continuing data problems with other important security information systems, such as those used to track security clearances and classified documents, indicate that information system deficiencies are extensive. A major reason for these problems is that DOE has not done a comprehensive, strategic assessment of its information and information technology needs of the security program. DOE's efforts are fragmented because it has not assigned to any organization the leadership responsibility to determine security information needs and to plan and manage security information resources Department-wide. This paper reports that a number of changes are needed to correct these problems and take advantage of information technology to help strengthen the security program

Business Information Exchange System with Security, Privacy, and Anonymity

Directory of Open Access Journals (Sweden)

Sead Muftic

2016-01-01

Full Text Available Business Information Exchange is an Internet Secure Portal for secure management, distribution, sharing, and use of business e-mails, documents, and messages. It has three applications supporting three major types of information exchange systems: secure e-mail, secure instant messaging, and secure sharing of business documents. In addition to standard security services for e-mail letters, which are also applied to instant messages and documents, the system provides innovative features of privacy and full anonymity of users and their locations, actions, transactions, and exchanged resources. In this paper we describe design, implementation, and use of the system.

A Distributed Energy-Aware Trust Management System for Secure Routing in Wireless Sensor Networks

Science.gov (United States)

Stelios, Yannis; Papayanoulas, Nikos; Trakadas, Panagiotis; Maniatis, Sotiris; Leligou, Helen C.; Zahariadis, Theodore

Wireless sensor networks are inherently vulnerable to security attacks, due to their wireless operation. The situation is further aggravated because they operate in an infrastructure-less environment, which mandates the cooperation among nodes for all networking tasks, including routing, i.e. all nodes act as “routers”, forwarding the packets generated by their neighbours in their way to the sink node. This implies that malicious nodes (denying their cooperation) can significantly affect the network operation. Trust management schemes provide a powerful tool for the detection of unexpected node behaviours (either faulty or malicious). Once misbehaving nodes are detected, their neighbours can use this information to avoid cooperating with them either for data forwarding, data aggregation or any other cooperative function. We propose a secure routing solution based on a novel distributed trust management system, which allows for fast detection of a wide set of attacks and also incorporates energy awareness.

Security Management in a Multimedia System

Science.gov (United States)

Rednic, Emanuil; Toma, Andrei

2009-01-01

In database security, the issue of providing a level of security for multimedia information is getting more and more known. For the moment the security of multimedia information is done through the security of the database itself, in the same way, for all classic and multimedia records. So what is the reason for the creation of a security…

Information Security Intelligence as a Basis for Modern Information Security Management

Directory of Open Access Journals (Sweden)

Natalia Georgievna Miloslavskaya

2013-12-01

Full Text Available There is a transfer from the simple Log Management Systems and SIEM systems to those supporting Information Security Intelligence (ISI. ISIe as Business Intelligence enables companies to make more informed business decisions through more effective processing of great volumes of available information concerning their IT infrastructure. The relevance of such a transition is defined. The main goal and advantage of ISI are highlighted. The basic functionality of computer-based systems for ISI are determined.

Dynamic Security Assessment Of Computer Networks In Siem-Systems

Directory of Open Access Journals (Sweden)

Elena Vladimirovna Doynikova

2015-10-01

Full Text Available The paper suggests an approach to the security assessment of computer networks. The approach is based on attack graphs and intended for Security Information and Events Management systems (SIEM-systems. Key feature of the approach consists in the application of the multilevel security metrics taxonomy. The taxonomy allows definition of the system profile according to the input data used for the metrics calculation and techniques of security metrics calculation. This allows specification of the security assessment in near real time, identification of previous and future attacker steps, identification of attackers goals and characteristics. A security assessment system prototype is implemented for the suggested approach. Analysis of its operation is conducted for several attack scenarios.

Information security management with ITIL V3

CERN Document Server

Cazemier, Jacques A; Peters, Louk

2010-01-01

This groundbreaking new title looks at Information Security from defining what security measures positively support the business, to implementation to maintaining the required level and anticipating required changes. It covers:Fundamentals of information security ? providing readers insight and give background about what is going to be managed. Topics covered include: types of security controls, business benefits and the perspectives of business, customers, partners, service providers, and auditors.Fundamentals of management of information security - explains what information security manageme

Core security requirements of DRM systems

NARCIS (Netherlands)

Jonker, H.L.; Mauw, S.; Satish, D.

2008-01-01

The use of Digital Rights Management (DRM) systems involves several stakeholders, such as the content provider, the license provider and the user, each having their own incentives to use the system. Proper use of the system implies that these incentives can only be met if certain security

A model for international border management systems.

Energy Technology Data Exchange (ETDEWEB)

Duggan, Ruth Ann

2008-09-01

To effectively manage the security or control of its borders, a country must understand its border management activities as a system. Using its systems engineering and security foundations as a Department of Energy National Security Laboratory, Sandia National Laboratories has developed such an approach to modeling and analyzing border management systems. This paper describes the basic model and its elements developed under Laboratory Directed Research and Development project 08-684.

Biomedical devices and systems security.

Science.gov (United States)

Arney, David; Venkatasubramanian, Krishna K; Sokolsky, Oleg; Lee, Insup

2011-01-01

Medical devices have been changing in revolutionary ways in recent years. One is in their form-factor. Increasing miniaturization of medical devices has made them wearable, light-weight, and ubiquitous; they are available for continuous care and not restricted to clinical settings. Further, devices are increasingly becoming connected to external entities through both wired and wireless channels. These two developments have tremendous potential to make healthcare accessible to everyone and reduce costs. However, they also provide increased opportunity for technology savvy criminals to exploit them for fun and profit. Consequently, it is essential to consider medical device security issues. In this paper, we focused on the challenges involved in securing networked medical devices. We provide an overview of a generic networked medical device system model, a comprehensive attack and adversary model, and describe some of the challenges present in building security solutions to manage the attacks. Finally, we provide an overview of two areas of research that we believe will be crucial for making medical device system security solutions more viable in the long run: forensic data logging, and building security assurance cases.

17 CFR 240.3b-15 - Definition of ancillary portfolio management securities activities.

Science.gov (United States)

2010-04-01

... governing body of the dealer and included in the internal risk management control system for the dealer... of incidental trading activities for portfolio management purposes; and (3) Are limited to risk... portfolio management securities activities. 240.3b-15 Section 240.3b-15 Commodity and Securities Exchanges...

Attachment, self-esteem, worldviews, and terror management: evidence for a tripartite security system.

Science.gov (United States)

Hart, Joshua; Shaver, Phillip R; Goldenberg, Jamie L

2005-06-01

On the basis of prior work integrating attachment theory and terror management theory, the authors propose a model of a tripartite security system consisting of dynamically interrelated attachment, self-esteem, and worldview processes. Four studies are presented that, combined with existing evidence, support the prediction derived from the model that threats to one component of the security system result in compensatory defensive activation of other components. Further, the authors predicted and found that individual differences in attachment style moderate the defenses. In Studies 1 and 2, attachment threats motivated worldview defense among anxiously attached participants and motivated self-enhancement (especially among avoidant participants), effects similar to those caused by mortality salience. In Studies 3 and 4, a worldview threat and a self-esteem threat caused attachment-related proximity seeking among fearful participants and avoidance of proximity among dismissing participants. The authors' model provides an overarching framework within which to study attachment, self-esteem, and worldviews.

A Student Information Management System Based on Fingerprint Identification and Data Security Transmission

Directory of Open Access Journals (Sweden)

Pengtao Yang

2017-01-01

Full Text Available A new type of student information management system is designed to implement student information identification and management based on fingerprint identification. In order to ensure the security of data transmission, this paper proposes a data encryption method based on an improved AES algorithm. A new S-box is cleverly designed, which can significantly reduce the encryption time by improving ByteSub, ShiftRow, and MixColumn in the round transformation of the traditional AES algorithm with the process of look-up table. Experimental results show that the proposed algorithm can significantly improve the encryption time compared with the traditional AES algorithm.

Cyber Security and Resilient Systems

Energy Technology Data Exchange (ETDEWEB)

Robert S. Anderson

2009-07-01

The Department of Energy (DOE) Idaho National Laboratory (INL) has become a center of excellence for critical infrastructure protection, particularly in the field of cyber security. It is one of only a few national laboratories that have enhanced the nation’s cyber security posture by performing industrial control system (ICS) vendor assessments as well as user on-site assessments. Not only are vulnerabilities discovered, but described actions for enhancing security are suggested – both on a system-specific basis and from a general perspective of identifying common weaknesses and their corresponding corrective actions. These cyber security programs have performed over 40 assessments to date which have led to more robust, secure, and resilient monitoring and control systems for the US electrical grid, oil and gas, chemical, transportation, and many other sectors. In addition to cyber assessments themselves, the INL has been engaged in outreach to the ICS community through vendor forums, technical conferences, vendor user groups, and other special engagements as requested. Training programs have been created to help educate all levels of management and worker alike with an emphasis towards real everyday cyber hacking methods and techniques including typical exploits that are used. The asset owner or end user has many products available for its use created from these programs. One outstanding product is the US Department of Homeland Security (DHS) Cyber Security Procurement Language for Control Systems document that provides insight to the user when specifying a new monitoring and control system, particularly concerning security requirements. Employing some of the top cyber researchers in the nation, the INL can leverage this talent towards many applications other than critical infrastructure. Monitoring and control systems are used throughout the world to perform simple tasks such as cooking in a microwave to complex ones such as the monitoring and control of the

Cyber Security and Resilient Systems

International Nuclear Information System (INIS)

Anderson, Robert S.

2009-01-01

The Department of Energy (DOE) Idaho National Laboratory (INL) has become a center of excellence for critical infrastructure protection, particularly in the field of cyber security. It is one of only a few national laboratories that have enhanced the nation's cyber security posture by performing industrial control system (ICS) vendor assessments as well as user on-site assessments. Not only are vulnerabilities discovered, but described actions for enhancing security are suggested - both on a system-specific basis and from a general perspective of identifying common weaknesses and their corresponding corrective actions. These cyber security programs have performed over 40 assessments to date which have led to more robust, secure, and resilient monitoring and control systems for the US electrical grid, oil and gas, chemical, transportation, and many other sectors. In addition to cyber assessments themselves, the INL has been engaged in outreach to the ICS community through vendor forums, technical conferences, vendor user groups, and other special engagements as requested. Training programs have been created to help educate all levels of management and worker alike with an emphasis towards real everyday cyber hacking methods and techniques including typical exploits that are used. The asset owner or end user has many products available for its use created from these programs. One outstanding product is the US Department of Homeland Security (DHS) Cyber Security Procurement Language for Control Systems document that provides insight to the user when specifying a new monitoring and control system, particularly concerning security requirements. Employing some of the top cyber researchers in the nation, the INL can leverage this talent towards many applications other than critical infrastructure. Monitoring and control systems are used throughout the world to perform simple tasks such as cooking in a microwave to complex ones such as the monitoring and control of the

Secure IP mobility management for VANET

CERN Document Server

Taha, Sanaa

2013-01-01

This brief presents the challenges and solutions for VANETs' security and privacy problems occurring in mobility management protocols including Mobile IPv6 (MIPv6), Proxy MIPv6 (PMIPv6), and Network Mobility (NEMO). The authors give an overview of the concept of the vehicular IP-address configurations as the prerequisite step to achieve mobility management for VANETs, and review the current security and privacy schemes applied in the three mobility management protocols. Throughout the brief, the authors propose new schemes and protocols to increase the security of IP addresses within VANETs in

Architecture of security management unit for safe hosting of multiple agents

Science.gov (United States)

Gilmont, Tanguy; Legat, Jean-Didier; Quisquater, Jean-Jacques

1999-04-01

In such growing areas as remote applications in large public networks, electronic commerce, digital signature, intellectual property and copyright protection, and even operating system extensibility, the hardware security level offered by existing processors is insufficient. They lack protection mechanisms that prevent the user from tampering critical data owned by those applications. Some devices make exception, but have not enough processing power nor enough memory to stand up to such applications (e.g. smart cards). This paper proposes an architecture of secure processor, in which the classical memory management unit is extended into a new security management unit. It allows ciphered code execution and ciphered data processing. An internal permanent memory can store cipher keys and critical data for several client agents simultaneously. The ordinary supervisor privilege scheme is replaced by a privilege inheritance mechanism that is more suited to operating system extensibility. The result is a secure processor that has hardware support for extensible multitask operating systems, and can be used for both general applications and critical applications needing strong protection. The security management unit and the internal permanent memory can be added to an existing CPU core without loss of performance, and do not require it to be modified.

76 FR 60067 - Privacy Act of 1974; Department of Homeland Security Federal Emergency Management Agency-012...

Science.gov (United States)

2011-09-28

... 1974; Department of Homeland Security Federal Emergency Management Agency--012 Suspicious Activity... establish a new system of records titled, ``Department of Homeland Security/Federal Emergency Management... Department of Homeland Security/Federal Emergency Management Agency to collect, maintain, and retrieve...

A Stochastic Model for Improving Information Security in Supply Chain Systems

OpenAIRE

Ibrahim Al Kattan; Ahmed Al Nunu; Kassem Saleh

2009-01-01

This article presents a probabilistic security model for supply chain management systems (SCM) in which the basic goals of security (including confidentiality, integrity, availability and accountability, CIAA) are modeled and analyzed. Consequently, the weak points in system security are identified. A stochastic model using measurable values to describe the information system security of a SCM is introduced. Information security is a crucial and integral part of the network of supply chains. ...

Evaluating and projecting the European security system

International Nuclear Information System (INIS)

Dean, J.

1991-01-01

Components of the new European security system are described taking into account the new policy making and possibilities to resolve conflicts. Programmes for political and economic integration and co-operation managed by the European Community will provide main positive content of the new European security system. An insight of the future of nuclear armaments in Europe is included together with confidence building measure and the role of NATO

Design and implementation of a secure workflow system based on PKI/PMI

Science.gov (United States)

Yan, Kai; Jiang, Chao-hui

2013-03-01

As the traditional workflow system in privilege management has the following weaknesses: low privilege management efficiency, overburdened for administrator, lack of trust authority etc. A secure workflow model based on PKI/PMI is proposed after studying security requirements of the workflow systems in-depth. This model can achieve static and dynamic authorization after verifying user's ID through PKC and validating user's privilege information by using AC in workflow system. Practice shows that this system can meet the security requirements of WfMS. Moreover, it can not only improve system security, but also ensures integrity, confidentiality, availability and non-repudiation of the data in the system.

Security Techniques for Sensor Systems and the Internet of Things

Science.gov (United States)

Midi, Daniele

2016-01-01

Sensor systems are becoming pervasive in many domains, and are recently being generalized by the Internet of Things (IoT). This wide deployment, however, presents significant security issues. We develop security techniques for sensor systems and IoT, addressing all security management phases. Prior to deployment, the nodes need to be hardened. We…

The Flask Security Architecture: System Support for Diverse Security Policies

Science.gov (United States)

2006-01-01

Flask microkernel -based operating sys­ tem, that successfully overcomes these obstacles to pol- icy flexibility. The cleaner separation of mechanism and...other object managers in the system to en- force those access control decisions. Although the pro­ totype system is microkernel -based, the security...mecha­ nisms do not depend on a microkernel architecture and will easily generalize beyond it. The resulting system provides policy flexibility. It sup

Security Management Model in Cloud Computing Environment

OpenAIRE

Ahmadpanah, Seyed Hossein

2016-01-01

In the cloud computing environment, cloud virtual machine (VM) will be more and more the number of virtual machine security and management faced giant Challenge. In order to address security issues cloud computing virtualization environment, this paper presents a virtual machine based on efficient and dynamic deployment VM security management model state migration and scheduling, study of which virtual machine security architecture, based on AHP (Analytic Hierarchy Process) virtual machine de...

Power system operational security analysis to obtain sustainable, strategic and economic dispatch

International Nuclear Information System (INIS)

Khan, R.A.J.; Alemadi, N.; Mulla, Y.A.; Choudhry, T.M.

2006-01-01

This paper addresses the most critical question that is static/online security system n power system operation and managements. Therefore, we do originated couple of models with their operational scenarios. How to identify the main security constraints and their most suitable reinforcements needed to maintain the system security as per determine boundary. It would also render instrumental approach to enhance the security operational constraints. Therefore, it will also provide the system operator to take preventive action or formulate the action plan prior to contingencies occurred In past the both demand side management system and load shedding have been used for to provide reliable power system under normal or emergency operation and control [4,5 J.) (author)

Securing a Home Energy Managing Platform

DEFF Research Database (Denmark)

Mikkelsen, Søren Aagaard; Jacobsen, Rune Hylsberg

2016-01-01

Energy management in households gets increasingly more attention in the struggle to integrate more sustainable energy sources. Especially in the electrical system, smart grid towards a better utilisation of the energy production and distribution infrastructure. The Home Energy Management System...... (HEMS) is a critical infrastructure component in this endeavour. Its main goal is to enable energy services utilising smart devices in the households based on the interest of the residential consumers and external actors. With the role of being both an essential link in the communication infrastructure...... for balancing the electrical grid and a surveillance unit in private homes, security and privacy become essential to address. In this chapter, we identify and address potential threats Home Energy Management Platform (HEMP) developers should consider in the progress of designing architecture, selecting hardware...

Security-Enhanced Autonomous Network Management

Science.gov (United States)

Zeng, Hui

2015-01-01

Ensuring reliable communication in next-generation space networks requires a novel network management system to support greater levels of autonomy and greater awareness of the environment and assets. Intelligent Automation, Inc., has developed a security-enhanced autonomous network management (SEANM) approach for space networks through cross-layer negotiation and network monitoring, analysis, and adaptation. The underlying technology is bundle-based delay/disruption-tolerant networking (DTN). The SEANM scheme allows a system to adaptively reconfigure its network elements based on awareness of network conditions, policies, and mission requirements. Although SEANM is generically applicable to any radio network, for validation purposes it has been prototyped and evaluated on two specific networks: a commercial off-the-shelf hardware test-bed using Institute of Electrical Engineers (IEEE) 802.11 Wi-Fi devices and a military hardware test-bed using AN/PRC-154 Rifleman Radio platforms. Testing has demonstrated that SEANM provides autonomous network management resulting in reliable communications in delay/disruptive-prone environments.

Examining the Impact of Non-Technical Security Management Factors on Information Security Management in Health Informatics

Science.gov (United States)

Imam, Abbas H.

2013-01-01

Complexity of information security has become a major issue for organizations due to incessant threats to information assets. Healthcare organizations are particularly concerned with security owing to the inherent vulnerability of sensitive information assets in health informatics. While the non-technical security management elements have been at…

Operating System Security

CERN Document Server

Jaeger, Trent

2008-01-01

Operating systems provide the fundamental mechanisms for securing computer processing. Since the 1960s, operating systems designers have explored how to build "secure" operating systems - operating systems whose mechanisms protect the system against a motivated adversary. Recently, the importance of ensuring such security has become a mainstream issue for all operating systems. In this book, we examine past research that outlines the requirements for a secure operating system and research that implements example systems that aim for such requirements. For system designs that aimed to

Additional Security Considerations for Grid Management

Science.gov (United States)

Eidson, Thomas M.

2003-01-01

The use of Grid computing environments is growing in popularity. A Grid computing environment is primarily a wide area network that encompasses multiple local area networks, where some of the local area networks are managed by different organizations. A Grid computing environment also includes common interfaces for distributed computing software so that the heterogeneous set of machines that make up the Grid can be used more easily. The other key feature of a Grid is that the distributed computing software includes appropriate security technology. The focus of most Grid software is on the security involved with application execution, file transfers, and other remote computing procedures. However, there are other important security issues related to the management of a Grid and the users who use that Grid. This note discusses these additional security issues and makes several suggestions as how they can be managed.

A NEW FORM OF SECURITY COOPERATION AND COLLECTIVECONFLICT MANAGEMENT IN THE POST COLD WARINTERNATIONAL SYSTEM

Directory of Open Access Journals (Sweden)

Sinem KOCAMAZ

2011-01-01

Full Text Available International security environment changed completely after the Cold War.During the Cold War years security challenges wereshaped by competitive powerrelations between Soviet Union and the United States. On the other hand after theend of the Cold War, global security was redefinedand wide range of securitychallenges and threats occurred. After fragmentation of security threats, newthreats emerged such as terrorist attacks, massacres which are made by humansown governments, chronic politic instabilities, environmental degradations etc.Under these circumstances new forms of security cooperation became more vitalin order to cope with these complex challenges. Inthis respect third partiesbecame an actor to manage conflicts, security challenges and crises. Unliketraditional nation-state intervention, regional organizations, international agenciesand non-governmental organizations became more active in conflict managementprocess. In this framework this study will evaluateperformance and theeffectiveness of the main actors in the collectiveconflict management (CCMprocess.

Strategic Management for IT Services on Outsourcing Security Company

Directory of Open Access Journals (Sweden)

Lydia Wijaya

2018-04-01

Full Text Available Information Technology (IT is used by many organizations to enhance competitive advantage, but many outsource security firms have not used IT in their business processes. In this research, we will design Strategic Management for IT Services for outsourcing security company. We use an outsourcing security company as a case study of IT Strategy Management for IT Services development. The purpose of this study is to create an IT services strategy for security outsourcing companies. The framework used is the ITIL (Information Technology Infrastructure Library framework service strategy in strategy management for IT services process. There are several steps taken in the making of the strategy: (a Strategic assessment stage to analyzed internal and external factors of the company. (b Strategy generation by creating the strategic plan. (c Strategy execution to determine the tactical plan. And (d strategy measurement and evaluation. This study produced the proposed IT service system that suits the needs of the company in the form of strategic, tactical plans and strategy measurement. This result can be used as the foundations of IT service development in outsourcing security company. In the process of this study, we work closely with stakeholders; every work product has been verified and validated by stakeholders.

TOWARD HIGHLY SECURE AND AUTONOMIC COMPUTING SYSTEMS: A HIERARCHICAL APPROACH

Energy Technology Data Exchange (ETDEWEB)

Lee, Hsien-Hsin S

2010-05-11

The overall objective of this research project is to develop novel architectural techniques as well as system software to achieve a highly secure and intrusion-tolerant computing system. Such system will be autonomous, self-adapting, introspective, with self-healing capability under the circumstances of improper operations, abnormal workloads, and malicious attacks. The scope of this research includes: (1) System-wide, unified introspection techniques for autonomic systems, (2) Secure information-flow microarchitecture, (3) Memory-centric security architecture, (4) Authentication control and its implication to security, (5) Digital right management, (5) Microarchitectural denial-of-service attacks on shared resources. During the period of the project, we developed several architectural techniques and system software for achieving a robust, secure, and reliable computing system toward our goal.

Proposal for a security management in cloud computing for health care.

Science.gov (United States)

Haufe, Knut; Dzombeta, Srdan; Brandis, Knud

2014-01-01

Cloud computing is actually one of the most popular themes of information systems research. Considering the nature of the processed information especially health care organizations need to assess and treat specific risks according to cloud computing in their information security management system. Therefore, in this paper we propose a framework that includes the most important security processes regarding cloud computing in the health care sector. Starting with a framework of general information security management processes derived from standards of the ISO 27000 family the most important information security processes for health care organizations using cloud computing will be identified considering the main risks regarding cloud computing and the type of information processed. The identified processes will help a health care organization using cloud computing to focus on the most important ISMS processes and establish and operate them at an appropriate level of maturity considering limited resources.

Proposal for a Security Management in Cloud Computing for Health Care

Directory of Open Access Journals (Sweden)

Knut Haufe

2014-01-01

Full Text Available Cloud computing is actually one of the most popular themes of information systems research. Considering the nature of the processed information especially health care organizations need to assess and treat specific risks according to cloud computing in their information security management system. Therefore, in this paper we propose a framework that includes the most important security processes regarding cloud computing in the health care sector. Starting with a framework of general information security management processes derived from standards of the ISO 27000 family the most important information security processes for health care organizations using cloud computing will be identified considering the main risks regarding cloud computing and the type of information processed. The identified processes will help a health care organization using cloud computing to focus on the most important ISMS processes and establish and operate them at an appropriate level of maturity considering limited resources.

Understanding the security management practices of humanitarian organizations.

Science.gov (United States)

Bollettino, Vincenzo

2008-06-01

Humanitarian organisations operate in increasingly hostile environments. Although authoritative statistics are scarce, anecdotal evidence suggests that aid workers face life-threatening risks that are exacerbated by the growing number of humanitarian organisations operating in the field, the diversity of their mandates, the lack of common professional security standards, and limited success in inter-agency security coordination. Despite broad acceptance of the need for better security management and coordination, many humanitarian organisations remain ambivalent about devoting increased resources to security management and security coordination. A critical lack of basic empirical knowledge of the field security environment hampers efforts to enhance security management practices. The absence of a systematic means of sharing incident data undermines the capacity of the humanitarian community to address proactively security threats. In discussions about humanitarian staff safety and security, the least common denominator remains cumulative anecdotal evidence provided by the many security personnel working for humanitarian organisations in the feld.

Tailoring NIST Security Controls for the Ground System: Selection and Implementation -- Recommendations for Information System Owners

Science.gov (United States)

Takamura, Eduardo; Mangum, Kevin

2016-01-01

The National Aeronautics and Space Administration (NASA) invests millions of dollars in spacecraft and ground system development, and in mission operations in the pursuit of scientific knowledge of the universe. In recent years, NASA sent a probe to Mars to study the Red Planet's upper atmosphere, obtained high resolution images of Pluto, and it is currently preparing to find new exoplanets, rendezvous with an asteroid, and bring a sample of the asteroid back to Earth for analysis. The success of these missions is enabled by mission assurance. In turn, mission assurance is backed by information assurance. The information systems supporting NASA missions must be reliable as well as secure. NASA - like every other U.S. Federal Government agency - is required to manage the security of its information systems according to federal mandates, the most prominent being the Federal Information Security Management Act (FISMA) of 2002 and the legislative updates that followed it. Like the management of enterprise information technology (IT), federal information security management takes a "one-size fits all" approach for protecting IT systems. While this approach works for most organizations, it does not effectively translate into security of highly specialized systems such as those supporting NASA missions. These systems include command and control (C&C) systems, spacecraft and instrument simulators, and other elements comprising the ground segment. They must be carefully configured, monitored and maintained, sometimes for several years past the missions' initially planned life expectancy, to ensure the ground system is protected and remains operational without any compromise of its confidentiality, integrity and availability. Enterprise policies, processes, procedures and products, if not effectively tailored to meet mission requirements, may not offer the needed security for protecting the information system, and they may even become disruptive to mission operations

Security Systems Commissioning: An Old Trick for Your New Dog

Science.gov (United States)

Black, James R.

2009-01-01

Sophisticated, software-based security systems can provide powerful tools to support campus security. By nature, such systems are flexible, with many capabilities that can help manage the process of physical protection. However, the full potential of these systems can be overlooked because of unfamiliarity with the products, weaknesses in security…

ORACLE DATABASE SECURITY

OpenAIRE

Cristina-Maria Titrade

2011-01-01

This paper presents some security issues, namely security database system level, data level security, user-level security, user management, resource management and password management. Security is a constant concern in the design and database development. Usually, there are no concerns about the existence of security, but rather how large it should be. A typically DBMS has several levels of security, in addition to those offered by the operating system or network. Typically, a DBMS has user a...

A Systems Engineering Framework for Implementing a Security and Critical Patch Management Process in Diverse Environments (Academic Departments' Workstations)

Science.gov (United States)

Mohammadi, Hadi

2014-01-01

Use of the Patch Vulnerability Management (PVM) process should be seriously considered for any networked computing system. The PVM process prevents the operating system (OS) and software applications from being attacked due to security vulnerabilities, which lead to system failures and critical data leakage. The purpose of this research is to…

Security for decentralized health information systems.

Science.gov (United States)

Bleumer, G

1994-02-01

Health care information systems must reflect at least two basic characteristics of the health care community: the increasing mobility of patients and the personal liability of everyone giving medical treatment. Open distributed information systems bear the potential to reflect these requirements. But the market for open information systems and operating systems hardly provides secure products today. This 'missing link' is approached by the prototype SECURE Talk that provides secure transmission and archiving of files on top of an existing operating system. Its services may be utilized by existing medical applications. SECURE Talk demonstrates secure communication utilizing only standard hardware. Its message is that cryptography (and in particular asymmetric cryptography) is practical for many medical applications even if implemented in software. All mechanisms are software implemented in order to be executable on standard-hardware. One can investigate more or less decentralized forms of public key management and the performance of many different cryptographic mechanisms. That of, e.g. hybrid encryption and decryption (RSA+DES-PCBC) is about 300 kbit/s. That of signing and verifying is approximately the same using RSA with a DES hash function. The internal speed, without disk accesses etc., is about 1.1 Mbit/s. (Apple Quadra 950 (MC 68040, 33 MHz, RAM: 20 MB, 80 ns. Length of RSA modulus is 512 bit).

Homeland Security. Management Challenges Facing Federal Leadership

Science.gov (United States)

2002-12-01

Security Management Challenges Facing Federal Leadership 5a. CONTRACT NUMBER 5b. GRANT NUMBER 5c. PROGRAM ELEMENT NUMBER 6. AUTHOR(S) 5d. PROJECT...including attention to management practices and key success factors. HOMELAND SECURITY Management Challenges Facing Federal Leadership www.gao.gov/cgi...significant management and coordination challenges if it is to provide this leadership and be successful in preventing and responding to any future

Information Security Assessment of SMEs as Coursework -- Learning Information Security Management by Doing

Science.gov (United States)

Ilvonen, Ilona

2013-01-01

Information security management is an area with a lot of theoretical models. The models are designed to guide practitioners in prioritizing management resources in companies. Information security management education should address the gap between the academic ideals and practice. This paper introduces a teaching method that has been in use as…

Advances in network systems architectures, security, and applications

CERN Document Server

Awad, Ali; Furtak, Janusz; Legierski, Jarosław

2017-01-01

This book provides the reader with a comprehensive selection of cutting–edge algorithms, technologies, and applications. The volume offers new insights into a range of fundamentally important topics in network architectures, network security, and network applications. It serves as a reference for researchers and practitioners by featuring research contributions exemplifying research done in the field of network systems. In addition, the book highlights several key topics in both theoretical and practical aspects of networking. These include wireless sensor networks, performance of TCP connections in mobile networks, photonic data transport networks, security policies, credentials management, data encryption for network transmission, risk management, live TV services, and multicore energy harvesting in distributed systems. .

INFORMATION SYSTEM SECURITY (CYBER SECURITY

Directory of Open Access Journals (Sweden)

Muhammad Siddique Ansari

2016-03-01

Full Text Available Abstract - Business Organizations and Government unequivocally relies on upon data to deal with their business operations. The most unfavorable impact on association is disappointment of friendship, goodness, trustworthiness, legitimacy and probability of data and administrations. There is an approach to ensure data and to deal with the IT framework's Security inside association. Each time the new innovation is made, it presents some new difficulties for the insurance of information and data. To secure the information and data in association is imperative on the grounds that association nowadays inside and remotely joined with systems of IT frameworks. IT structures are inclined to dissatisfaction and security infringement because of slips and vulnerabilities. These slips and vulnerabilities can be brought on by different variables, for example, quickly creating headway, human slip, poor key particulars, poor movement schedules or censuring the threat. Likewise, framework changes, new deserts and new strikes are a huge piece of the time displayed, which helpers augmented vulnerabilities, disappointments and security infringement all through the IT structure life cycle. The business went to the confirmation that it is essentially difficult to ensure a slip free, risk free and secure IT structure in perspective of the disfigurement of the disavowing security parts, human pass or oversight, and part or supplies frustration. Totally secure IT frameworks don't exist; just those in which the holders may have changing degrees of certainty that security needs of a framework are fulfilled do. The key viewpoints identified with security of data outlining are examined in this paper. From the start, the paper recommends pertinent legitimate structure and their duties including open association obligation, and afterward it returns to present and future time, system limits, structure security in business division. At long last, two key inadequacy markers

Applying the Action-Research Method to Develop a Methodology to Reduce the Installation and Maintenance Times of Information Security Management Systems

Directory of Open Access Journals (Sweden)

Antonio Santos-Olmo

2016-07-01

Full Text Available Society is increasingly dependent on Information Security Management Systems (ISMS, and having these kind of systems has become vital for the development of Small and Medium-Sized Enterprises (SMEs. However, these companies require ISMS that have been adapted to their special features and have been optimized as regards the resources needed to deploy and maintain them, with very low costs and short implementation periods. This paper discusses the different cycles carried out using the ‘Action Research (AR’ method, which have allowed the development of a security management methodology for SMEs that is able to automate processes and reduce the implementation time of the ISMS.

Managing business compliance using model-driven security management

Science.gov (United States)

Lang, Ulrich; Schreiner, Rudolf

Compliance with regulatory and governance standards is rapidly becoming one of the hot topics of information security today. This is because, especially with regulatory compliance, both business and government have to expect large financial and reputational losses if compliance cannot be ensured and demonstrated. One major difficulty of implementing such regulations is caused the fact that they are captured at a high level of abstraction that is business-centric and not IT centric. This means that the abstract intent needs to be translated in a trustworthy, traceable way into compliance and security policies that the IT security infrastructure can enforce. Carrying out this mapping process manually is time consuming, maintenance-intensive, costly, and error-prone. Compliance monitoring is also critical in order to be able to demonstrate compliance at any given point in time. The problem is further complicated because of the need for business-driven IT agility, where IT policies and enforcement can change frequently, e.g. Business Process Modelling (BPM) driven Service Oriented Architecture (SOA). Model Driven Security (MDS) is an innovative technology approach that can solve these problems as an extension of identity and access management (IAM) and authorization management (also called entitlement management). In this paper we will illustrate the theory behind Model Driven Security for compliance, provide an improved and extended architecture, as well as a case study in the healthcare industry using our OpenPMF 2.0 technology.

Study of Intelligent Secure Chemical Inventory Management System

Science.gov (United States)

Shukran, Mohd Afizi Mohd; Naim Abdullah, Muhammad; Nazri Ismail, Mohd; Maskat, Kamaruzaman; Isa, Mohd Rizal Mohd; Shahfee Ishak, Muhammad; Adib Khairuddin, Muhamad

2017-08-01

Chemical inventory management system has been experiencing a new revolution from traditional inventory system which is manual to an automated inventory management system. In this paper, some review of the classic and modern approaches to chemical inventory management system has been discussed. This paper also describe about both type of inventory management. After a comparative analysis of the traditional method and automated method, it can be said that both methods have some distinctive characteristics. Moreover, the automated inventory management method has higher accuracy of calculation because the calculations are handled by software, eliminating possible errors and saving time. The automated inventory system also allows users and administrators to track the availability, location and consumption of chemicals. The study of this paper can provide forceful review analysis support for the chemical inventory management related research.

OpenDBDDAS Toolkit: Secure MapReduce and Hadoop-like Systems

KAUST Repository

Fabiano, Enrico

2015-06-01

The OpenDBDDAS Toolkit is a software framework to provide support for more easily creating and expanding dynamic big data-driven application systems (DBDDAS) that are common in environmental systems, many engineering applications, disaster management, traffic management, and manufacturing. In this paper, we describe key features needed to implement a secure MapReduce and Hadoop-like system for high performance clusters that guarantees a certain level of privacy of data from other concurrent users of the system. We also provide examples of a secure MapReduce prototype and compare it to another high performance MapReduce, MR-MPI.

Cybernetic Security and Business Intelligence in the System of Diagnostics of Economic Security of the Enterprise

Directory of Open Access Journals (Sweden)

Ruslan Skrynkovskyy

2017-10-01

Full Text Available The purpose of the article is to determine the place, the role and features of cybernetic security and improve the business intelligence scheme in the system of diagnosing economic security of the enterprise. It had been found out that: 1 the term “cybernetic security of an enterprise” should be understood as the state of the protection of the cybernetic space of the whole enterprise or individual objects of its information infrastructure (computer system, computer data, etc. from the risk of external cybernetic influence, which ensures their sustainable development and the formation of prospects, as well as timely detection, prevention and neutralization of real and potential cybernetic interruptions and threats to the interests of the enterprise; 2 the main components of cybernetic security in the system of diagnostics of economic security of the enterprise are: investigation of information and telecommunication systems and cryptosystems of the opposing sides; cybernetic effects; protection of information sphere. It was established that the main task of business intelligence in the system of diagnosing economic security of the enterprise is the verification of the reliability of business information, the provision of cybernetic protection of information resources, information and communication technologies and systems and the elimination of the possibility of misinformation of senior management by the managers of the middle level, suppliers, marketing intermediaries, clientele, competitors or contact audiences of the enterprise. The prospect of further research in this direction is the development of a system of goals of the polycriterial diagnostics of the activity (economic diagnostics of the enterprise (on the basis of the isolation and systematization of its diagnostic purposes, taking into account the presented results of the study.

Hotel Security Management : Case: Original Sokos Hotel Vaakuna Vaasa

OpenAIRE

Koskela, Jere

2016-01-01

This thesis studied hotel security management and examined one case hotel more closely on matters of security management. The case hotel in this research was Original Sokos Hotel Vaakuna Vaasa. The aim of the thesis was to find out how security aspects are managed and how they could be developed in the case hotel. This research was conducted to help the case hotel’s security supervisor to develop and improve security. The thesis consists of a theoretical framework and an empirical study. The ...

Research on information security system of waste terminal disposal process

Science.gov (United States)

Zhou, Chao; Wang, Ziying; Guo, Jing; Guo, Yajuan; Huang, Wei

2017-05-01

Informatization has penetrated the whole process of production and operation of electric power enterprises. It not only improves the level of lean management and quality service, but also faces severe security risks. The internal network terminal is the outermost layer and the most vulnerable node of the inner network boundary. It has the characteristics of wide distribution, long depth and large quantity. The user and operation and maintenance personnel technical level and security awareness is uneven, which led to the internal network terminal is the weakest link in information security. Through the implementation of security of management, technology and physics, we should establish an internal network terminal security protection system, so as to fully protect the internal network terminal information security.

Intelligent community management system based on the devicenet fieldbus

Science.gov (United States)

Wang, Yulan; Wang, Jianxiong; Liu, Jiwen

2013-03-01

With the rapid development of the national economy and the improvement of people's living standards, people are making higher demands on the living environment. And the estate management content, management efficiency and service quality have been higher required. This paper in-depth analyzes about the intelligent community of the structure and composition. According to the users' requirements and related specifications, it achieves the district management systems, which includes Basic Information Management: the management level of housing, household information management, administrator-level management, password management, etc. Service Management: standard property costs, property charges collecting, the history of arrears and other property expenses. Security Management: household gas, water, electricity and security and other security management, security management district and other public places. Systems Management: backup database, restore database, log management. This article also carries out on the Intelligent Community System analysis, proposes an architecture which is based on B / S technology system. And it has achieved a global network device management with friendly, easy to use, unified human - machine interface.

Improving organisational resilience through enterprise security risk management.

Science.gov (United States)

Petruzzi, John; Loyear, Rachelle

Enterprise Security Risk Management (ESRM) is a new philosophy and method of managing security programmes through the use of traditional risk principles. As a philosophy and life cycle, ESRM is focused on creating a business partnership between security practitioners and business leaders to more effectively provide protection against security risks in line with acceptable risk tolerances as defined by business asset owners and stakeholders. This paper explores the basics of the ESRM philosophy and life cycle and also shows how embracing the ESRM philosophy and implementing a risk-based security management model in the business organisation can lead to higher levels of organisational resilience as desired by organisation leaders, executives and the board of directors.

Microsoft System Center 2012 R2 compliance management cookbook

CERN Document Server

Baumgarten, Andreas; Roesner, Susan

2014-01-01

Whether you are an IT manager, an administrator, or security professional who wants to learn how Microsoft Security Compliance Manager and Microsoft System Center can help fulfil compliance and security requirements, this is the book for you. Prior knowledge of Microsoft System Center is required.

Multi-agent integrated password management (MIPM) application secured with encryption

Science.gov (United States)

Awang, Norkhushaini; Zukri, Nurul Hidayah Ahmad; Rashid, Nor Aimuni Md; Zulkifli, Zuhri Arafah; Nazri, Nor Afifah Mohd

2017-10-01

Users use weak passwords and reuse them on different websites and applications. Password managers are a solution to store login information for websites and help users log in automatically. This project developed a system that acts as an agent managing passwords. Multi-Agent Integrated Password Management (MIPM) is an application using encryption that provides users with secure storage of their login account information such as their username, emails and passwords. This project was developed on an Android platform with an encryption agent using Java Agent Development Environment (JADE). The purpose of the embedded agents is to act as a third-party software to ease the encryption process, and in the future, the developed encryption agents can form part of the security system. This application can be used by the computer and mobile users. Currently, users log into many applications causing them to use unique passwords to prevent password leaking. The crypto agent handles the encryption process using an Advanced Encryption Standard (AES) 128-bit encryption algorithm. As a whole, MIPM is developed on the Android application to provide a secure platform to store passwords and has high potential to be commercialised for public use.

Managing the human factor in information security how to win over staff and influence business managers

CERN Document Server

Lacey, David

2009-01-01

With the growth in social networking and the potential for larger and larger breaches of sensitive data,it is vital for all enterprises to ensure that computer users adhere to corporate policy and project staff design secure systems. Written by a security expert with more than 25 years'' experience, this book examines how fundamental staff awareness is to establishing security and addresses such challenges as containing threats, managing politics, developing programs, and getting a business to buy into a security plan. Illustrated with real-world examples throughout, this is a must-have guide for security and IT professionals.

The threat nets approach to information system security risk analysis

NARCIS (Netherlands)

Mirembe, Drake

2015-01-01

The growing demand for healthcare services is motivating hospitals to strengthen outpatient case management using information systems in order to serve more patients using the available resources. Though the use of information systems in outpatient case management raises patient data security

Novel approach to information security management of confidential ...

African Journals Online (AJOL)

Novel approach to information security management of confidential and propriety information ... Journal of Fundamental and Applied Sciences ... valuable information by using steganography it can have a major impact security management.

Audit program for physical security systems at nuclear power plants

International Nuclear Information System (INIS)

Minichino, C.

1982-01-01

Licensees of nuclear power plants conduct audits of their physical security systems to meet the requirements of 10 CFR 73, Physical Protection of Plants and Materials. Section 73.55, Requirements for physical Protection of Licensed Activities in Nuclear Power Reactors Against Radiological Sabotage, requires that the security programs be reviewed at least every 12 months, that the audit be conducted by individuals independent of both security management and security supervision, and that the audit program review all aspects of the physical security system: hardware, personnel, and operational and maintenance procedures. This report contains information for the Nuclear Regulatory Commission (NRC) and for the licensees of nuclear power reactors who carry out these comprehensive audits. Guidance on the overall management of the audit function includes organizational structure and issues concerning the auditors who perform the review: qualifications, independence, due professional care, and standards. Guidance in the audit program includes purpose and scope of the audit, planning, techniques, post-audit procedures, reporting, and follow-up

Security Requirements Management in Software Product Line Engineering

Science.gov (United States)

Mellado, Daniel; Fernández-Medina, Eduardo; Piattini, Mario

Security requirements engineering is both a central task and a critical success factor in product line development due to the complexity and extensive nature of product lines. However, most of the current product line practices in requirements engineering do not adequately address security requirements engineering. Therefore, in this chapter we will propose a security requirements engineering process (SREPPLine) driven by security standards and based on a security requirements decision model along with a security variability model to manage the variability of the artefacts related to security requirements. The aim of this approach is to deal with security requirements from the early stages of the product line development in a systematic way, in order to facilitate conformance with the most relevant security standards with regard to the management of security requirements, such as ISO/IEC 27001 and ISO/IEC 15408.

Global Security Program Management Plan

Energy Technology Data Exchange (ETDEWEB)

Bretzke, John C. [Los Alamos National Lab. (LANL), Los Alamos, NM (United States)

2014-03-25

The Global Security Directorate mission is to protect against proliferant and unconventional nuclear threats –regardless of origin - and emerging new threats. This mission is accomplished as the Los Alamos National Laboratory staff completes projects for our numerous sponsors. The purpose of this Program Management Plan is to establish and clearly describe the GS program management requirements including instructions that are essential for the successful management of projects in accordance with our sponsor requirements. The detailed information provided in this document applies to all LANL staff and their subcontractors that are performing GS portfolio work. GS management is committed to a culture that ensures effective planning, execution, and achievement of measurable results in accordance with the GS mission. Outcomes of such a culture result in better communication, delegated authority, accountability, and increased emphasis on safely and securely achieving GS objectives.

Information Technology Management: Social Security Administration Practices Can Be Improved

National Research Council Canada - National Science Library

Shaw, Clay

2001-01-01

To improve SSAs IT management practices, we recommend that the Acting Commissioner of Social Security direct the Chief Information Officer and the Deputy Commissioner for Systems to complete the following actions...

Security for small computer systems a practical guide for users

CERN Document Server

Saddington, Tricia

1988-01-01

Security for Small Computer Systems: A Practical Guide for Users is a guidebook for security concerns for small computers. The book provides security advice for the end-users of small computers in different aspects of computing security. Chapter 1 discusses the security and threats, and Chapter 2 covers the physical aspect of computer security. The text also talks about the protection of data, and then deals with the defenses against fraud. Survival planning and risk assessment are also encompassed. The last chapter tackles security management from an organizational perspective. The bo

Federal Government Information Systems Security Management and Governance Are Pacing Factors for Innovation

Science.gov (United States)

Edwards, Gregory

2011-01-01

Security incidents resulting from human error or subversive actions have caused major financial losses, reduced business productivity or efficiency, and threatened national security. Some research suggests that information system security frameworks lack emphasis on human involvement as a significant cause for security problems in a rapidly…

Information security management: a proposal to improve the effectiveness of information security in the scientific research environment

International Nuclear Information System (INIS)

Alexandria, Joao Carlos Soares de

2009-01-01

The increase of the connectivity in the business environment, combined with the growing dependency of information systems, has become the information security management an important governance tool. Information security has as main goal to protect the business transactions in order to work normally. In this way, It will be safeguarding the business continuity. The threats of information come from hackers' attacks, electronic frauds and spying, as well as fire, electrical energy interruption and humans fault. Information security is made by implementation of a set of controls, including of the others politics, processes, procedures, organizational structures, software and hardware, which require a continuous management and a well established structure to be able to face such challenges. This work tried to search the reasons why the organizations have difficulties to make a practice of information security management. Many of them just limit to adopt points measures, sometimes they are not consistent with their realities. The market counts on enough quantity of standards and regulations related to information security issues, for example, ISO/IEC 27002, American Sarbanes-Oxley act, Basel capital accord, regulations from regulatory agency (such as the Brazilians ones ANATEL, ANVISA and CVM). The market researches have showed that the information security implementation is concentrated on a well-defined group of organization mainly formed by large companies and from specifics sectors of economy, for example, financial and telecommunication. However, information security must be done by all organizations that use information systems to carry out their activities, independently of its size or economic area that it belongs. The situation of information security in the governmental sector of Brazil, and inside its research institutions, is considered worrying by the Brazilian Court of Accounts (TCU). This research work presents an assessment and diagnostic proposal of

POLICE OFFICE MODEL IMPROVEMENT FOR SECURITY OF SWARM ROBOTIC SYSTEMS

Directory of Open Access Journals (Sweden)

I. A. Zikratov

2014-09-01

Full Text Available This paper focuses on aspects of information security for group of mobile robotic systems with swarm intellect. The ways for hidden attacks realization by the opposing party on swarm algorithm are discussed. We have fulfilled numerical modeling of potentially destructive information influence on the ant shortest path algorithm. We have demonstrated the consequences of attacks on the ant algorithm with different concentration in a swarm of subversive robots. Approaches are suggested for information security mechanisms in swarm robotic systems, based on the principles of centralized security management for mobile agents. We have developed the method of forming a self-organizing information security management system for robotic agents in swarm groups implementing POM (Police Office Model – a security model based on police offices, to provide information security in multi-agent systems. The method is based on the usage of police station network in the graph nodes, which have functions of identification and authentication of agents, identifying subversive robots by both their formal characteristics and their behavior in the swarm. We have suggested a list of software and hardware components for police stations, consisting of: communication channels between the robots in police office, nodes register, a database of robotic agents, a database of encryption and decryption module. We have suggested the variants of logic for the mechanism of information security in swarm systems with different temporary diagrams of data communication between police stations. We present comparative analysis of implementation of protected swarm systems depending on the functioning logic of police offices, integrated in swarm system. It is shown that the security model saves the ability to operate in noisy environments, when the duration of the interference is comparable to the time necessary for the agent to overcome the path between police stations.

Ideal Based Cyber Security Technical Metrics for Control Systems

Energy Technology Data Exchange (ETDEWEB)

W. F. Boyer; M. A. McQueen

2007-10-01

Much of the world's critical infrastructure is at risk from attack through electronic networks connected to control systems. Security metrics are important because they provide the basis for management decisions that affect the protection of the infrastructure. A cyber security technical metric is the security relevant output from an explicit mathematical model that makes use of objective measurements of a technical object. A specific set of technical security metrics are proposed for use by the operators of control systems. Our proposed metrics are based on seven security ideals associated with seven corresponding abstract dimensions of security. We have defined at least one metric for each of the seven ideals. Each metric is a measure of how nearly the associated ideal has been achieved. These seven ideals provide a useful structure for further metrics development. A case study shows how the proposed metrics can be applied to an operational control system.

Mastering System Center 2012 Configuration Manager

CERN Document Server

Rachui, Steve; Martinez, Santos; Daalmans, Peter

2012-01-01

Expert coverage of Microsoft's highly anticipated network software deployment tool The latest version of System Center Configuration Manager (SCCM) is a dramatic update of its predecessor Configuration Manager 2007, and this book offers intermediate-to-advanced coverage of how the new SCCM boasts a simplified hierarchy, role-based security, a new console, flexible application deployment, and mobile management. You'll explore planning and installation, migrating from SCCM 2007, deploying software and operating systems, security, monitoring and troubleshooting, and automating and customizing SCC

A novel proposed network security management approach for cyber attacks

International Nuclear Information System (INIS)

Ahmed, Z.; Nazir, B.; Zafar, M.F.; Anwar, M.M.; Azam, K.; Asar, A.U.

2007-01-01

Network security is a discipline that focuses on securing networks from unauthorized access. Given the Escalating threats of malicious cyber attacks, modern enterprises employ multiple lines of defense. A comprehensive defense strategy against such attacks should include (I) an attack detection component that deter- mines the fact that a program is compromised, (2) an attack identification and prevention component that identifies attack packets so that one can block such packets in the future and prevents the attack from further propagation. Over the last decade, a significant amount of research has been vested in the systems that can detect cyber attacks either statically at compile time or dynamically at run time, However, not much effort is spent on automated attack packet identification or attack prevention. In this paper we present a unified solution to the problems mentioned above. We implemented this solution after the forward engineering of Open Source Security Information Management (OSSIM) system called Preventive Information Security management (PrISM) system that correlates input from different sensors so that the resulting product can automatically detect any cyber attack against it and prevents by identifying the actual attack packet(s). The PrISM was always able to detect the attacks, identify the attack packets and most often prevent by blocking the attacker's IP address to continue normal execution. There is no additional run-time performance overhead for attack prevention. (author)

User Behaviours Associated with Password Security and Management

Directory of Open Access Journals (Sweden)

Kay Bryant

2006-11-01

Full Text Available Control mechanisms established on the boundary of an information system are an important preliminary step to minimising losses from security breaches. The primary function of such controls is to restrict the use of information systems and resources to authorized users. Password-based systems remain the predominant method of user authentication despite the many sophisticated and viable security alternatives that have emerged from research and development. However, the literature shows that passwords are often compromised through the poor security and management practices of users. This paper examines user password composition and security practices for email accounts. The results of a survey that examines user practice in creating and using passwords are reported. The results show that many users know about the risks of hackers, viruses and so on and take preliminary steps to combat them such as having passwords longer than eight characters. However, this appears to be as far as many users are willing to accede to the probability that their information and computing resources can be compromised. This paper makes some recommendations for the education of users in creating and maintaining their passwords. The responsibility for these educational programs can be shared between governments, organisations, educational institutions at all levels, and software vendors.

Enterprise security IT security solutions : concepts, practical experiences, technologies

CERN Document Server

Fumy, Walter

2013-01-01

Addressing IT managers and staff, as well as CIOs and other executives dealing with corporate IT security, this book provides a broad knowledge on the major security issues affecting today's corporations and organizations, and presents state-of-the-art concepts and current trends for securing an enterprise.Areas covered include information security management, network and system security, identity and access management (IAM), authentication (including smart card based solutions and biometrics), and security certification. In-depth discussion of relevant technologies and standards (including cr

Verification Account Management System (VAMS)

Data.gov (United States)

Social Security Administration — The Verification Account Management System (VAMS) is the centralized location for maintaining SSA's verification and data exchange accounts. VAMS account management...

Natural Resources Management for Sustainable Food Security in ...

International Development Research Centre (IDRC) Digital Library (Canada)

Natural Resources Management for Sustainable Food Security in the Sahel ... as well as strategies for managing the resource base with a view to improving food security. ... InnoVet-AMR grants to support development of innovative veterinary ...

Security management of next generation telecommunications networks and services

CERN Document Server

Jacobs, Stuart

2014-01-01

This book will cover network management security issues and currently available security mechanisms by discussing how network architectures have evolved into the contemporary NGNs which support converged services (voice, video, TV, interactive information exchange, and classic data communications). It will also analyze existing security standards and their applicability to securing network management. This book will review 21st century security concepts of authentication, authorization, confidentiality, integrity, nonrepudiation, vulnerabilities, threats, risks, and effective approaches to enc

Network Security Is Manageable

Science.gov (United States)

Roberts, Gary

2006-01-01

An effective systems librarian must understand security vulnerabilities and be proactive in preventing problems. Specifics of future attacks or security challenges cannot possibly be anticipated, but this paper suggests some simple measures that can be taken to make attacks less likely to occur: program the operating system to get automatic…

Methodology for Management of Information Security in Industrial Control Systems: A Proof of Concept aligned with Enterprise Objectives.

Directory of Open Access Journals (Sweden)

Fabian Bustamante

2017-04-01

Full Text Available This article is an extended version of the study presented at the IEEE Ecuador Technical Chapters Meeting (ETCM-2016. At that time, a methodological proposal was designed, implemented, and applied in a group of industrial plants for the management of the information security of the Industrial control systems (ICS. The present study displays an adaptation and improvement of such methodology with the purpose of aligning the proposal for the effective management of information security with the strategic objectives. The development of this study has been divided into three distinctive phases. Firstly, we induced the articulation of PMI-PMBOK v5 and ITIL v3 both for the management of the project and for the verification of risks in the IT services. Second, we applied a set of risk mitigation strategies based on international standards as NIST 800-82 and 800-30. Thirdly, we assembled the two mentioned phases in a Guide for standards-based instructions and security policies, which previously have been encouraged on NIST 800-82, 800-53 and 800-12. Hereby, we observed the reduction of incidents of information security, the correct delimitation of the functions of the direct responsible of the ICS and the improvement of the communication between the operative and technical areas of the involved companies. The results demonstrate the functionality of these improvements, especially in the context of the availability and integrity of information, which generates an added value to the enterprise.

Spent fuel reprocessing system security engineering capability maturity model

International Nuclear Information System (INIS)

Liu Yachun; Zou Shuliang; Yang Xiaohua; Ouyang Zigen; Dai Jianyong

2011-01-01

In the field of nuclear safety, traditional work places extra emphasis on risk assessment related to technical skills, production operations, accident consequences through deterministic or probabilistic analysis, and on the basis of which risk management and control are implemented. However, high quality of product does not necessarily mean good safety quality, which implies a predictable degree of uniformity and dependability suited to the specific security needs. In this paper, we make use of the system security engineering - capability maturity model (SSE-CMM) in the field of spent fuel reprocessing, establish a spent fuel reprocessing systems security engineering capability maturity model (SFR-SSE-CMM). The base practices in the model are collected from the materials of the practice of the nuclear safety engineering, which represent the best security implementation activities, reflect the regular and basic work of the implementation of the security engineering in the spent fuel reprocessing plant, the general practices reveal the management, measurement and institutional characteristics of all process activities. The basic principles that should be followed in the course of implementation of safety engineering activities are indicated from 'what' and 'how' aspects. The model provides a standardized framework and evaluation system for the safety engineering of the spent fuel reprocessing system. As a supplement to traditional methods, this new assessment technique with property of repeatability and predictability with respect to cost, procedure and quality control, can make or improve the activities of security engineering to become a serial of mature, measurable and standard activities. (author)

Strategy and management of network security at KEK

International Nuclear Information System (INIS)

Kiyoharu Hashimoto; Teiji Nakamura; Hitoshi Hirose, Yukio Karita; Youhei Morita; Soh Suzuki; Fukuko Yuasa

2001-01-01

Recently the troubles related to the network security have often occurred at KEK. According to their security policy, the authors have started the strategy against the daily attacks. It consists of two fundamental things; the monitoring and the access control. To monitor the network, the authors have installed the intrusion detection system and have managed it since 1998. For the second thing, the authors arranged three categories to classify all hosts (about 5000 hosts) at KEK according to their security level. To realize these three categories, the authors filter the incoming packet from outside KEK whether it has a SYN flag or not. The network monitoring and the access control produced good effects in keeping the security level high. Since 2000 the authors have started the transition of LAN from shared-media network to switched network. Now almost part of LAN was re-configured and in this new LAN 10 Mbps 100 Mbps/1Gbps Ethernet are supported. Currently the authors are planning further speedup (10 Gbps) and redundancy of network. Not only LAN but also WAN, network speed will be upgraded to 10 Gbps thanks to the strong promotion of IT by Japanese government. In this very high speed network, the authors' current strategy will be affected and again the network security becomes a big issue. The authors describe the experiences in practice of the current strategy and management know-how together with the discussion on the new strategy

Assessment of Information Security Management System based on ISO/IEC 27001:2013 On Subdirectorate of Data Center and Data Recovery Center in Ministry of Internal Affairs

Science.gov (United States)

Kurnianto, Ari; Isnanto, Rizal; Widodo, Aris Puji

2018-02-01

Information security is a problem effected business process of an organization, so it needs special concern. Information security assessment which is good and has international standard is done using Information Security Management System (ISMS) ISO/IEC 27001:2013. In this research, the high level assessment has been done using ISO/IEC 27001:2013 to observe the strength of information secuity in Ministry of Internal Affairs. The research explains about the assessment of information security management which is built using PHP. The input data use primary and secondary data which passed observation. The process gets maturity using the assessment of ISO/IEC 27001:2013. GAP Analysis observes the condition now a days and then to get recommendation and road map. The result of this research gets all of the information security process which has not been already good enough in Ministry of Internal Affairs, gives recommendation and road map to improve part of all information system being running. It indicates that ISO/IEC 27001:2013 is good used to rate maturity of information security management. As the next analyzation, this research use Clause and Annex in ISO/IEC 27001:2013 which is suitable with condition of Data Center and Data Recovery Center, so it gets optimum result and solving problem of the weakness information security.

EUROATLANTIC SECURITY AND CRISIS MANAGEMENT

Directory of Open Access Journals (Sweden)

Constantin MINCU

2011-06-01

Full Text Available This article briefly presents the international security environment developments, evaluated in a realistic way in the new ,,Strategic Concept – NATO (Lisbon 2010"; potential threats and hazards, both military and non-military, are present on a global, regional, national scale, determining an adequate NATO and EU reaction, and also from the member states. States and organizations currently pay and will pay special attention to building up and strengthening viable and effective systems of ”Emergency Situations (Crisis Management". This is also the case of Romania which has started this complex and expensive process in 2004, with satisfying results until now.

Information security management handbook, v.7

CERN Document Server

O'Hanley, Richard

2013-01-01

Updated annually, the Information Security Management Handbook, Sixth Edition, Volume 7 is the most comprehensive and up-to-date reference available on information security and assurance. Bringing together the knowledge, skills, techniques, and tools required of IT security professionals, it facilitates the up-to-date understanding required to stay one step ahead of evolving threats, standards, and regulations. Reporting on the latest developments in information security and recent changes to the (ISC)2(R) CISSP Common Body of Knowledge (CBK(R)), this volume features 27 new chapters on topics

Information security in SCADA systems in nuclear power plants

International Nuclear Information System (INIS)

Satyamurty, S.A.V.

2013-01-01

Few decades back most of the I and C systems are Hardwired based. With the developments in digital electronics, micro processors and micro controllers, the I and C systems are becoming more and more Computer based. Though it brought convenience to the designer, comfort to the operator in the form of better GUI, it also brought many challenges in the form of information security. The talk covers the typical I and C design using SCADA systems, the challenges, typical problems faced and the need for information security. The talk illustrates various security measures to be implemented in the design, development and testing stages. These security measures have to be taken both in the development environment and deployment environment. Verification and validation of computer based system is very important. Configuration change management is very essential for smooth running of the plant. The talk illustrates the various measures need to be taken. (author)

Information Security System and Development of a Modern Organization

OpenAIRE

Wawak, Slawomir

2009-01-01

Information security management systems are increasingly applied in a number of sectors of the new, global, interconnected economy. They are used by production and service companies, businesses that provide information technology and telecom services, state administration authorities and local governments. Specifically, they are used in case of crime groups or as a means of securing illegal transactions.

Information Systems Security Job Advertisement Analysis: Skills Review and Implications for Information Systems Curriculum

Science.gov (United States)

Brooks, Nita G.; Greer, Timothy H.; Morris, Steven A.

2018-01-01

The authors' focus was the assessment of skill requirements for information systems security positions to understand expectations for security jobs and to highlight issues relevant to curriculum management. The analysis of 798 job advertisements involved the exploration of domain-related and soft skills as well as degree and certification…

Integrated security systems design a complete reference for building enterprise-wide digital security systems

CERN Document Server

Norman, Thomas L

2014-01-01

Integrated Security Systems Design, 2nd Edition, is recognized as the industry-leading book on the subject of security systems design. It explains how to design a fully integrated security system that ties together numerous subsystems into one complete, highly coordinated, and highly functional system. With a flexible and scalable enterprise-level system, security decision makers can make better informed decisions when incidents occur and improve their operational efficiencies in ways never before possible. The revised edition covers why designing an integrated security system is essential a

Mobile Customer Relationship Management and Mobile Security

Science.gov (United States)

Sanayei, Ali; Mirzaei, Abas

The purpose of this study is twofold. First, in order to guarantee a coherent discussion about mobile customer relationship management (mCRM), this paper presents a conceptualization of mCRM delineating its unique characteristics because of Among the variety of mobile services, considerable attention has been devoted to mobile marketing and in particular to mobile customer relationship management services. Second, the authors discusses the security risks in mobile computing in different level(user, mobile device, wireless network,...) and finally we focus on enterprise mobile security and it's subgroups with a series of suggestion and solution for improve mobile computing security.

Auditing Organizational Security

Science.gov (United States)

2017-01-01

Organi- zation for Standardiza- tion ( ISO ): ISO 27000 : Information Systems Se- curity Management. A robust program of internal auditing of a...improvement is the basis and underpinning of the ISO . All processes must be considered ongoing and never at an “end state.” Top management develops a...security management system, including security policies and security objectives, plus threats and risks. Orga- nizations already working with ISO 9000

Metrics for border management systems.

Energy Technology Data Exchange (ETDEWEB)

Duggan, Ruth Ann

2009-07-01

There are as many unique and disparate manifestations of border systems as there are borders to protect. Border Security is a highly complex system analysis problem with global, regional, national, sector, and border element dimensions for land, water, and air domains. The complexity increases with the multiple, and sometimes conflicting, missions for regulating the flow of people and goods across borders, while securing them for national security. These systems include frontier border surveillance, immigration management and customs functions that must operate in a variety of weather, terrain, operational conditions, cultural constraints, and geopolitical contexts. As part of a Laboratory Directed Research and Development Project 08-684 (Year 1), the team developed a reference framework to decompose this complex system into international/regional, national, and border elements levels covering customs, immigration, and border policing functions. This generalized architecture is relevant to both domestic and international borders. As part of year two of this project (09-1204), the team determined relevant relative measures to better understand border management performance. This paper describes those relative metrics and how they can be used to improve border management systems.

Using a Prediction Model to Manage Cyber Security Threats

Directory of Open Access Journals (Sweden)

Venkatesh Jaganathan

2015-01-01

Full Text Available Cyber-attacks are an important issue faced by all organizations. Securing information systems is critical. Organizations should be able to understand the ecosystem and predict attacks. Predicting attacks quantitatively should be part of risk management. The cost impact due to worms, viruses, or other malicious software is significant. This paper proposes a mathematical model to predict the impact of an attack based on significant factors that influence cyber security. This model also considers the environmental information required. It is generalized and can be customized to the needs of the individual organization.

Using a Prediction Model to Manage Cyber Security Threats.

Science.gov (United States)

Jaganathan, Venkatesh; Cherurveettil, Priyesh; Muthu Sivashanmugam, Premapriya

2015-01-01

Cyber-attacks are an important issue faced by all organizations. Securing information systems is critical. Organizations should be able to understand the ecosystem and predict attacks. Predicting attacks quantitatively should be part of risk management. The cost impact due to worms, viruses, or other malicious software is significant. This paper proposes a mathematical model to predict the impact of an attack based on significant factors that influence cyber security. This model also considers the environmental information required. It is generalized and can be customized to the needs of the individual organization.

Using a Prediction Model to Manage Cyber Security Threats

Science.gov (United States)

Muthu Sivashanmugam, Premapriya

2015-01-01

Cyber-attacks are an important issue faced by all organizations. Securing information systems is critical. Organizations should be able to understand the ecosystem and predict attacks. Predicting attacks quantitatively should be part of risk management. The cost impact due to worms, viruses, or other malicious software is significant. This paper proposes a mathematical model to predict the impact of an attack based on significant factors that influence cyber security. This model also considers the environmental information required. It is generalized and can be customized to the needs of the individual organization. PMID:26065024

COORDINATION IN MULTILEVEL NETWORK-CENTRIC CONTROL SYSTEMS OF REGIONAL SECURITY: APPROACH AND FORMAL MODEL

Directory of Open Access Journals (Sweden)

A. V. Masloboev

2015-01-01

Full Text Available The paper deals with development of methods and tools for mathematical and computer modeling of the multilevel network-centric control systems of regional security. This research is carried out under development strategy implementation of the Arctic zone of the Russian Federation and national safeguarding for the period before 2020 in the Murmansk region territory. Creation of unified interdepartmental multilevel computer-aided system is proposed intended for decision-making information support and socio-economic security monitoring of the Arctic regions of Russia. The distinctive features of the investigated system class are openness, self-organization, decentralization of management functions and decision-making, weak hierarchy in the decision-making circuit and goal generation capability inside itself. Research techniques include functional-target approach, mathematical apparatus of multilevel hierarchical system theory and principles of network-centric control of distributed systems with pro-active components and variable structure. The work considers network-centric management local decisions coordination problem-solving within the multilevel distributed systems intended for information support of regional security. The coordination problem-solving approach and problem formalization in the multilevel network-centric control systems of regional security have been proposed based on developed multilevel recurrent hierarchical model of regional socio-economic system complex security. The model provides coordination of regional security indexes, optimized by the different elements of multilevel control systems, subject to decentralized decision-making. The model specificity consists in application of functional-target technology and mathematical apparatus of multilevel hierarchical system theory for coordination procedures implementation of the network-centric management local decisions. The work-out and research results can find further

Enabling Dynamic Security Management of Networked Systems via Device-Embedded Security

National Research Council Canada - National Science Library

Ganger, Gregory

2000-01-01

This report contains the technical content of a recent funding proposal. In it, we propose a new approach to network security in which each individual device erects its own security perimeter and defends its own critical resources...

Modeling, simulation and analysis of a securities settlement system:The case of Central Securities Depository of Mexico

OpenAIRE

Muñoz, David F; Palacios, Arturo; Lascurain, Miguel

2012-01-01

The Instituto para el Depósito de Valores (INDEVAL) is the Central Securities Depository of Mexico. It is the only Mexican institution authorized to perform, in an integrated manner, the activities of safe-keeping, custody, management, clearing, settlement and transfer of securities. In this article, we report the modeling, simulation and analysis of a new Securities Settlement System (SSS) implemented by INDEVAL, as part of a project for the implementation of a safer and more efficient opera...

Modeling, simulation and analysis of a securities settlement system: the case of Central Securities Depository of Mexico

OpenAIRE

Muñoz, David F.; Palacios, Arturo; de Lascurain, Miguel

2012-01-01

The Instituto para el Depósito de Valores (INDEVAL) is the Central Securities Depository of Mexico. It is the only Mexican institution authorized to perform, in an integrated manner, the activities of safe-keeping, custody, management, clearing, settlement and transfer of securities. In this article, we report the modeling, simulation and analysis of a new Securities Settlement System (SSS) implemented by INDEVAL, as part of a project for the implementation of a safer and more efficient opera...

The application of algorithm in taxi security system

Science.gov (United States)

Luo, Chengyu

2017-08-01

With the booming of the society and economy today, Taxis and private cars have gradually become one of the most popular tools in transportation for their low price and convenience. However, because of the breakdown in the security system, a few accidents occurred due to the illegal taxi. The unreliable security management has attributed to the lack of trust in taxi companies and relevant regulatory authorities, which considered to be the reason why people are worried about it. Accordingly, we put forward a design for a taxi security system, making use of modern technology such as NFC, iBeacon, GPS combined with algorithms, automatically recognize the taxi we take, and reflecting basic information of taxi and driver on our mobile phone.

FORMATION OF THE CONTENT OF THE PROJECT OF ORGANIZATION OF SECURITY SYSTEMS IN HOTEL BUSINESS

Directory of Open Access Journals (Sweden)

Антон Іванович РОГОВИЙ

2015-05-01

Full Text Available The article identified and analyzed features of the project management in systems of creating security systems for security systems for the enterprise of hotel business. We have identified the main technical means, which should provide maximum protection of people and infrastructure of hotels. In the article revealed the criteria that should guide the manager in the selection of one or other technical means. In summery we highlighted works, which have to be included in the content of the project of organization of complex security system of companies in the hotel business.

Assessment of Information Security Management System based on ISO/IEC 27001:2013 On Subdirectorate of Data Center and Data Recovery Center in Ministry of Internal Affairs

Directory of Open Access Journals (Sweden)

Kurnianto Ari

2018-01-01

Full Text Available Information security is a problem effected business process of an organization, so it needs special concern. Information security assessment which is good and has international standard is done using Information Security Management System (ISMS ISO/IEC 27001:2013. In this research, the high level assessment has been done using ISO/IEC 27001:2013 to observe the strength of information secuity in Ministry of Internal Affairs. The research explains about the assessment of information security management which is built using PHP. The input data use primary and secondary data which passed observation. The process gets maturity using the assessment of ISO/IEC 27001:2013. GAP Analysis observes the condition now a days and then to get recommendation and road map. The result of this research gets all of the information security process which has not been already good enough in Ministry of Internal Affairs, gives recommendation and road map to improve part of all information system being running. It indicates that ISO/IEC 27001:2013 is good used to rate maturity of information security management. As the next analyzation, this research use Clause and Annex in ISO/IEC 27001:2013 which is suitable with condition of Data Center and Data Recovery Center, so it gets optimum result and solving problem of the weakness information security.

Nuclear material facilities - security systems and technology R and D trends

International Nuclear Information System (INIS)

Ellis, D.; Steele, B.

2002-01-01

Full text: In the US, physical security research and development (R and D) during the 1970s and 1980s created a body of technology and systems engineering that largely defined the industry for several decades. However, despite today's terrorists threats and risks, the overall funding of new and innovative physical security solutions is relatively very small. Such factors constraining physical security R and D include the expansion of overall security responsibilities, the emphasis on programmatic and business performance, in addition to evolving (mis)perceptions that 'the problem has been solved' or that 'anyone can do security'. Underlying these factors, the lack of robust standards and certifications has limited the development and application of physical security products, systems, and services. The research and development of new security technologies must be evaluated against very demanding constraints - including costs/benefits, emerging threats, and policies. Going forward, the goal will be to create a more comprehensive approach to physical security of nuclear material facilities that matches evolving threats and that will complement the transition to an integrated security/operations management environment. Such a management model evaluates the additional value of increasing security alternatives in addition to determining trade-offs between the programmatic mission and security issues. Correspondingly, more explicit and strategically useful measures must be developed to determine importance that, in turn, will influence security-related R and D efforts. The research and development of security technologies should be based upon identified needs and requirements resulting from a systematic analysis of the threat and other conditions. In particular, security technologies and systems must be evaluated in terms of current and long-term impacts. Such needs are (will be) diverse and will depend upon sustained research investments in a broad range of technologies

Center for computer security: Computer Security Group conference. Summary

Energy Technology Data Exchange (ETDEWEB)

None

1982-06-01

Topics covered include: computer security management; detection and prevention of computer misuse; certification and accreditation; protection of computer security, perspective from a program office; risk analysis; secure accreditation systems; data base security; implementing R and D; key notarization system; DOD computer security center; the Sandia experience; inspector general's report; and backup and contingency planning. (GHT)

OpenDBDDAS Toolkit: Secure MapReduce and Hadoop-like Systems

KAUST Repository

Fabiano, Enrico; Seo, Mookwon; Wu, Xiaoban; Douglas, Craig

2015-01-01

management, traffic management, and manufacturing. In this paper, we describe key features needed to implement a secure MapReduce and Hadoop-like system for high performance clusters that guarantees a certain level of privacy of data from other concurrent

Security for Key Management Interfaces

OpenAIRE

Kremer , Steve; Steel , Graham; Warinschi , Bogdan

2011-01-01

International audience; We propose a much-needed formal definition of security for cryptographic key management APIs. The advantages of our definition are that it is general, intuitive, and applicable to security proofs in both symbolic and computational models of cryptography. Our definition relies on an idealized API which allows only the most essential functions for generating, exporting and importing keys, and takes into account dynamic corruption of keys. Based on this we can define the ...

Remodeling Strategic Staff Safety and Security Risks Management in Nigerian Tertiary Institutions

Directory of Open Access Journals (Sweden)

Sunday S. AKPAN

2015-10-01

Full Text Available This paper examined safety and security risk management in tertiary institutions in Nigeria. The frequent attacks at workplace, especially schools, have placed safety and security in the front burner of discussion in both business and political circles. This therefore, forms the imperative for the conduct of this study. The work adopted a cross sectional survey research design and collected data from respondents who are security personnel of the University of Uyo. Analysis of data was done with simple percentage statistics while the research hypotheses were tested with mean and simple regression and correlation statistics. The findings of the study revealed that assassination, kidnappings and bombings were principal risk incidents threatening the safety and security of staff in University of Uyo. A significant positive relationship was found between the funding of security management and workers’ performance. It was discovered specifically that employment screening, regular training of security personnel, regular safety and security meetings and strategic security policy formation were the main strategies for managing safety and security in University of Uyo. The paper concluded that safety and security management and control involves every worker (management and staff of University of Uyo. It was recommended, among others, that management should be more committed to safety and security management in the University by means of making safety and security issues an integral part of University’s strategic plan and also by adopting the management line model – one form of management structure-where safety and security are located, with other general management responsibilities. This way, the resurgent cases of kidnapping, hired assassination, etc. would be reduced if not completely eradicated in the University.

On Security Management: Improving Energy Efficiency, Decreasing Negative Environmental Impact, and Reducing Financial Costs for Data Centers

Directory of Open Access Journals (Sweden)

Katarzyna Mazur

2015-01-01

Full Text Available Security management is one of the most significant issues in nowadays data centers. Selection of appropriate security mechanisms and effective energy consumption management together with caring for the environment enforces a profound analysis of the considered system. In this paper, we propose a specialized decision support system with a multilevel, comprehensive analysis scheme. As a result of the extensive use of mathematical methods and statistics, guidelines and indicators returned by the proposed approach facilitate the decision-making process and conserve decision-maker’s time and attention. In the paper we utilized proposed multilevel analysis scheme to manage security-based data flow in the example data center. Determining the most secure, energy-efficient, environmental friendly security mechanisms, we implemented the role-based access control method in Quality of Protection Modeling Language (QoP-ML and evaluated its performance in terms of mentioned factors.

Functional Security Model: Managers Engineers Working Together

Science.gov (United States)

Guillen, Edward Paul; Quintero, Rulfo

2008-05-01

Information security has a wide variety of solutions including security policies, network architectures and technological applications, they are usually designed and implemented by security architects, but in its own complexity this solutions are difficult to understand by company managers and they are who finally fund the security project. The main goal of the functional security model is to achieve a solid security platform reliable and understandable in the whole company without leaving of side the rigor of the recommendations and the laws compliance in a single frame. This paper shows a general scheme of the model with the use of important standards and tries to give an integrated solution.

Integrated security system definition

International Nuclear Information System (INIS)

Campbell, G.K.; Hall, J.R. II

1985-01-01

The objectives of an integrated security system are to detect intruders and unauthorized activities with a high degree of reliability and the to deter and delay them until effective response/engagement can be accomplished. Definition of an effective integrated security system requires proper application of a system engineering methodology. This paper summarizes a methodology and describes its application to the problem of integrated security system definition. This process includes requirements identification and analysis, allocation of identified system requirements to the subsystem level and provides a basis for identification of synergistic subsystem elements and for synthesis into an integrated system. The paper discusses how this is accomplished, emphasizing at each step how system integration and subsystem synergism is considered. The paper concludes with the product of the process: implementation of an integrated security system

Preparing Information Systems (IS) Graduates to Meet the Challenges of Global IT Security: Some Suggestions

Science.gov (United States)

Sauls, Jeff; Gudigantala, Naveen

2013-01-01

Managing IT security and assurance is a top priority for organizations. Aware of the costs associated with a security or privacy breach, organizations are constantly vigilant about protecting their data and IT systems. In addition, organizations are investing heavily in IT resources to keep up with the challenges of managing their IT security and…

Y-12 Integrated Materials Management System

Energy Technology Data Exchange (ETDEWEB)

Alspaugh, D. H.; Hickerson, T. W.

2002-06-03

The Integrated Materials Management System, when fully implemented, will provide the Y-12 National Security Complex with advanced inventory information and analysis capabilities and enable effective assessment, forecasting and management of nuclear materials, critical non-nuclear materials, and certified supplies. These capabilities will facilitate future Y-12 stockpile management work, enhance interfaces to existing National Nuclear Security Administration (NNSA) corporate-level information systems, and enable interfaces to planned NNSA systems. In the current national nuclear defense environment where, for example, weapons testing is not permitted, material managers need better, faster, more complete information about material properties and characteristics. They now must manage non-special nuclear material at the same high-level they have managed SNM, and information capabilities about both must be improved. The full automation and integration of business activities related to nuclear and non-nuclear materials that will be put into effect by the Integrated Materials Management System (IMMS) will significantly improve and streamline the process of providing vital information to Y-12 and NNSA managers. This overview looks at the kinds of information improvements targeted by the IMMS project, related issues, the proposed information architecture, and the progress to date in implementing the system.

Y-12 Integrated Materials Management System

International Nuclear Information System (INIS)

Alspaugh, D. H.; Hickerson, T. W.

2002-01-01

The Integrated Materials Management System, when fully implemented, will provide the Y-12 National Security Complex with advanced inventory information and analysis capabilities and enable effective assessment, forecasting and management of nuclear materials, critical non-nuclear materials, and certified supplies. These capabilities will facilitate future Y-12 stockpile management work, enhance interfaces to existing National Nuclear Security Administration (NNSA) corporate-level information systems, and enable interfaces to planned NNSA systems. In the current national nuclear defense environment where, for example, weapons testing is not permitted, material managers need better, faster, more complete information about material properties and characteristics. They now must manage non-special nuclear material at the same high-level they have managed SNM, and information capabilities about both must be improved. The full automation and integration of business activities related to nuclear and non-nuclear materials that will be put into effect by the Integrated Materials Management System (IMMS) will significantly improve and streamline the process of providing vital information to Y-12 and NNSA managers. This overview looks at the kinds of information improvements targeted by the IMMS project, related issues, the proposed information architecture, and the progress to date in implementing the system

An Overview of Android Operating System and Its Security Features

OpenAIRE

Rajinder Singh

2014-01-01

Android operating system is one of the most widely used operating system these days. Android Operating System is mainly divided into four main layers: the kernel, libraries, application framework and applications. Its kernel is based on Linux. Linux kernel is used to manage core system services such as virtual memory, networking, drivers, and power management. In these paper different features of architecture of Android OS as well security features of Android OS are discussed.

A Development Framework for Software Security in Nuclear Safety Systems: Integrating Secure Development and System Security Activities

Energy Technology Data Exchange (ETDEWEB)

Park, Jaekwan; Suh, Yongsuk [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of)

2014-02-15

The protection of nuclear safety software is essential in that a failure can result in significant economic loss and physical damage to the public. However, software security has often been ignored in nuclear safety software development. To enforce security considerations, nuclear regulator commission recently issued and revised the security regulations for nuclear computer-based systems. It is a great challenge for nuclear developers to comply with the security requirements. However, there is still no clear software development process regarding security activities. This paper proposes an integrated development process suitable for the secure development requirements and system security requirements described by various regulatory bodies. It provides a three-stage framework with eight security activities as the software development process. Detailed descriptions are useful for software developers and licensees to understand the regulatory requirements and to establish a detailed activity plan for software design and engineering.

Security of Dependable Systems

DEFF Research Database (Denmark)

Ahmed, Naveed; Jensen, Christian D.

2011-01-01

Security and dependability are crucial for designing trustworthy systems. The approach “security as an add-on” is not satisfactory, yet the integration of security in the development process is still an open problem. Especially, a common framework for specifying dependability and security is very...... much needed. There are many pressing challenges however; here, we address some of them. Firstly, security for dependable systems is a broad concept and traditional view of security, e.g., in terms of confidentiality, integrity and availability, does not suffice. Secondly, a clear definition of security...... in the dependability context is not agreed upon. Thirdly, security attacks cannot be modeled as a stochastic process, because the adversary’s strategy is often carefully planned. In this chapter, we explore these challenges and provide some directions toward their solutions....

Security Management and Safeguards Office

Science.gov (United States)

Bewley, Nathaniel M.

2004-01-01

The Security Management and Safeguards Office at NASA is here to keep the people working in a safe environment. They also are here to protect the buildings and documents from sabotage, espionage, and theft. During the summer of 2004, I worked with Richard Soppet in Physical Security. While I was working here I helped out with updating the map that we currently use at NASA Glenn Research Center, attended meetings for homeland security, worked with the security guards and the locksmith. The meetings that I attended for homeland security talked about how to protect ourselves before something happened, they told us to always be on the guard and look for anything suspicious, and the different ways that terrorist groups operate. When I was with the security guards I was taught how to check someone into the base, showed how to use a radar gun, observed a security guard make a traffic stop for training and was with them while they patrolled NASA Glenn Research Center to make sure things were running smooth and no one was in danger. When I was with the lock smith I was taught how to make keys and locks for the employees here at NASA. The lock smith also showed me that he had inventory cabinets of files that show how many keys were out to people and who currently has access to the rooms that they keys were made for. I also helped out the open house at NASA Glenn Research Center. I helped out by showing the Army Reserves, and Brook Park's SWAT team where all the main events were going to take place a week before the open house was going to begin. Then during the open house I helped out by making sure people had there IDS, checked through there bags, and handed out a map to them that showed where the different activities were going to take place. So the main job here at NASA Glenn Research Center for the Security Management and Safeguards Office is to make sure that nothing is stolen, sabotaged, and espionaged. Also most importantly make sure all the employees here at NASA are

Computer Security Systems Enable Access.

Science.gov (United States)

Riggen, Gary

1989-01-01

A good security system enables access and protects information from damage or tampering, but the most important aspects of a security system aren't technical. A security procedures manual addresses the human element of computer security. (MLW)

Quality of Security Service: Adaptive Security

National Research Council Canada - National Science Library

Levin, Timothy E; Irvine, Cynthia E; Spyropoulou, Evdoxia

2004-01-01

The premise of Quality of Security Service is that system and network management functions can be more effective if variable levels of security services and requirements can be presented to users or network tasks...

The Design and Analysis of a Secure Personal Healthcare System Based on Certificates

Directory of Open Access Journals (Sweden)

Jungho Kang

2016-11-01

Full Text Available Due to the development of information technology (IT, it has been applied to various fields such as the smart home, medicine, healthcare, and the smart car. For these fields, IT has been providing continuous prevention and management, including health conditions beyond the mere prevention of disease, improving the quality of life. e-Healthcare is a health management and medical service to provide prevention, diagnosis, treatment, and the follow-up management of diseases at any time and place in connection with information communication technology, without requiring patients to visit hospitals. However, e-Healthcare has been exposed to eavesdropping, manipulation, and the forgery of information that is personal, biological, medical, etc., and is a security threat from malicious attackers. This study suggests a security service model to exchange personal health records (PHRs for e-Healthcare environments. To be specific, this study suggests a scheme in which communicators are able to securely authorize and establish security channels by constituting the infrastructure each organization relies on. In addition, the possibility of establishing a security service model is indicated by suggesting an e-Healthcare system for a secure e-Healthcare environment as a secure personal health record system. This is anticipated to provide securer communication in e-Healthcare environments in the future through the scheme suggested in this study.

Use of a "secure room" and a security guard in the management of the violent, aggressive or suicidal patient in a rural hospital: a 3-year audit.

Science.gov (United States)

Brock, Gordon; Gurekas, Vydas; Gelinas, Anne-Fredrique; Rollin, Karina

2009-01-01

Little has been published on the management of psychiatric crises in rural areas, and little is known of the security needs or use of "secure rooms" in rural hospitals. We conducted a 3-year retrospective chart audit on the use of our secure room/security guard system at a rural hospital in a town of 3500, located 220 km from our psychiatric referral centre. Use of our secure room/security guard system occurred at the rate of 1.1 uses/1000 emergency department visits, with the most common indication being physician perception of risk of patient suicide or self-harm. Concern for staff safety was a factor in 10% of uses. Eighty percent of patients were treated locally, with most being released from the secure room after 2 days or less. Fourteen percent of patients required ultimate transfer to our psychiatric referral centre and 6% to a detoxification centre. The average annual cost of security was $16 259.61. A secure room can provide the opportunity for close observation of a potentially self-harming patient, additional security for staff and early warning if a patient flees the hospital. Most admissions were handled locally, obviating the need for transfer to distant psychiatric referral centres. Most patients who were admitted were already known as having a psychiatric illness and 80% of the patients required the use of the secure room/security guard system for less than a 2-night stay, suggesting that most rural mental health crises pass quickly. Most patients admitted to a rural hospital with a mental health crisis can be managed locally if an adequate secure room/security guard system is available.

A review of the security of insulin pump infusion systems.

Science.gov (United States)

Paul, Nathanael; Kohno, Tadayoshi; Klonoff, David C

2011-11-01

Insulin therapy has enabled patients with diabetes to maintain blood glucose control to lead healthier lives. Today, rather than injecting insulin manually using syringes, a patient can use a device such as an insulin pump to deliver insulin programmatically. This allows for more granular insulin delivery while attaining blood glucose control. Insulin pump system features have increasingly benefited patients, but the complexity of the resulting system has grown in parallel. As a result, security breaches that can negatively affect patient health are now possible. Rather than focus on the security of a single device, we concentrate on protecting the security of the entire system. In this article, we describe the security issues as they pertain to an insulin pump system that includes an embedded system of components, which include the insulin pump, continuous glucose management system, blood glucose monitor, and other associated devices (e.g., a mobile phone or personal computer). We detail not only the growing wireless communication threat in each system component, but also describe additional threats to the system (e.g., availability and integrity). Our goal is to help create a trustworthy infusion pump system that will ultimately strengthen pump safety, and we describe mitigating solutions to address identified security issues. © 2011 Diabetes Technology Society.

Process Control/SCADA system vendor security awareness and security posture.

NARCIS (Netherlands)

Luiijf, H.A.M.; Lüders, S.

2009-01-01

A starting point for the adequate security of process control/SCADA systems is the security awareness and security posture by the manufacturers, vendors, system integrators, and service organisations. The results of a short set of questions indicate that major security improvements are required in

Security Information System Digital Simulation

OpenAIRE

Tao Kuang; Shanhong Zhu

2015-01-01

The study built a simulation model for the study of food security information system relay protection. MATLAB-based simulation technology can support the analysis and design of food security information systems. As an example, the food security information system fault simulation, zero-sequence current protection simulation and transformer differential protection simulation are presented in this study. The case studies show that the simulation of food security information system relay protect...

Whither probabilistic security management for real-time operation of power systems ?

OpenAIRE

Karangelos, Efthymios; Panciatici, Patrick; Wehenkel, Louis

2016-01-01

This paper investigates the stakes of introducing probabilistic approaches for the management of power system’s security. In real-time operation, the aim is to arbitrate in a rational way between preventive and corrective control, while taking into account i) the prior probabilities of contingencies, ii) the possible failure modes of corrective control actions, iii) the socio-economic consequences of service interruptions. This work is a first step towards the construction of a globally co...

The Shaping of Managers' Security Objectives through Information Security Awareness Training

Science.gov (United States)

Harris, Mark A.

2010-01-01

Information security research states that corporate security policy and information security training should be socio-technical in nature and that corporations should consider training as a primary method of protecting their information systems. However, information security policies and training are predominately technical in nature. In addition,…

Information Security Management: The Study of Lithuanian State Institutions

OpenAIRE

Jastiuginas, Saulius

2012-01-01

Growing information security cases and scope illustrate that the relevance of information security issues becomes critical and present information security means are not sufficient enough to manage information security. Narrow comprehension of information security merely as technological problem is broadened by the research results of economic, managerial, psychological, legal and other related aspects’ influence to information security. Information is named as the object of information s...

Tailoring ISO/IEC 27001 for SMEs: A Guide to Implement an Information Security Management System in Small Settings

Science.gov (United States)

Valdevit, Thierry; Mayer, Nicolas; Barafort, Béatrix

While Information Security Management Systems (ISMS) are being adopted by the biggest IT companies, it remains quite difficult for smaller entities to implement and maintain all the requirements of ISO/IEC 27001. In order to increase information security in Luxembourg, the Public Research Centre Henri Tudor has been charged by the Luxembourg Ministry of Economy and Foreign Trade to find solutions to facilitate ISMS deployment for SMEs. After an initial experiment aiming at assisting a SME in getting the first national ISO/IEC 27001 certification for a private company, an implementation guide for deploying an ISMS, validated by local experts and experimented in SMEs, has been released and is presented in this paper.

Multimedia Security System for Security and Medical Applications

Science.gov (United States)

Zhou, Yicong

2010-01-01

This dissertation introduces a new multimedia security system for the performance of object recognition and multimedia encryption in security and medical applications. The system embeds an enhancement and multimedia encryption process into the traditional recognition system in order to improve the efficiency and accuracy of object detection and…

Document Management and Exchange System – Supporting Education Process

Directory of Open Access Journals (Sweden)

Emil Egredzija

2010-03-01

Full Text Available Development and implementation of new technologies are very important in education. One of the most challenging tasks in the education process is to build efficient and cost-friendly system for content management and exchange. The system has to be reliable, easy manageable and open. Centralized storage, secured access, and ubiquitous client technologies have emerged as best-practice solutions in engineering that kind of services. Users can easily publish or exchange documents and not need to worry about their distribution, storage or technical skills required for efficient document management. The system that will be presented is built on open source technologies and is deployable on all today's popular web software platforms. The web server, the programming language and operating system that are used to build and deploy such a system are all non-proprietary and completely open because our mission was to build system that can be easily extended and not limited by its corporate license. The system uses security mechanisms such as user group access policy, operating system level security (file system and secured data storage in database. Because of the growing need for document management in education process we believe that this project will find its place in practice.

Planning Security Services for IT Systems

OpenAIRE

Henderson, Marie; Page, Howard Philip

2014-01-01

Often the hardest job is to get business representatives to look at security as something that makes managing their risks and achieving their objectives easier, with security compliance as just part of that journey. This paper addresses that by making planning for security services a 'business tool'.

Securing the Global Airspace System Via Identity-Based Security

Science.gov (United States)

Ivancic, William D.

2015-01-01

Current telecommunications systems have very good security architectures that include authentication and authorization as well as accounting. These three features enable an edge system to obtain access into a radio communication network, request specific Quality-of-Service (QoS) requirements and ensure proper billing for service. Furthermore, the links are secure. Widely used telecommunication technologies are Long Term Evolution (LTE) and Worldwide Interoperability for Microwave Access (WiMAX) This paper provides a system-level view of network-centric operations for the global airspace system and the problems and issues with deploying new technologies into the system. The paper then focuses on applying the basic security architectures of commercial telecommunication systems and deployment of federated Authentication, Authorization and Accounting systems to provide a scalable, evolvable reliable and maintainable solution to enable a globally deployable identity-based secure airspace system.

Problems and solutions of information security management in Latvia

Directory of Open Access Journals (Sweden)

Deruma S.

2014-01-01

Security cannot exist as a standalone function, it should be integrated in the associated processes continuously supervising and improving the security management programme based on predefined criteria. Adopting a holistic approach with regard to security has proven to be a critical contributing factor to effective security in organizations.

Obsessive-Compulsive Homeland Security: Insights from the Neurobiological Security Motivation System

Science.gov (United States)

2018-03-01

HOMELAND SECURITY: INSIGHTS FROM THE NEUROBIOLOGICAL SECURITY MOTIVATION SYSTEM by Marissa D. Madrigal March 2018 Thesis Advisor...FROM THE NEUROBIOLOGICAL SECURITY MOTIVATION SYSTEM 5. FUNDING NUMBERS 6. AUTHOR(S) Marissa D. Madrigal 7. PERFORMING ORGANIZATION NAME(S) AND...how activation of the neurobiological security- motivation system can lead to securitization in response to a security speech act. It explores the model

Comparison of Routable Control System Security Approaches

Energy Technology Data Exchange (ETDEWEB)

Edgar, Thomas W.; Hadley, Mark D.; Carroll, Thomas E.; Manz, David O.; Winn, Jennifer D.

2011-06-01

This document is an supplement to the 'Secure and Efficient Routable Control Systems.' It addressed security in routable control system communication. The control system environment that monitors and manages the power grid historically has utilized serial communication mechanisms. Leased-line serial communication environments operating at 1200 to 9600 baud rates are common. However, recent trends show that communication media such as fiber, optical carrier 3 (OC-3) speeds, mesh-based high-speed wireless, and the Internet are becoming the media of choice. In addition, a dichotomy has developed between the electrical transmission and distribution environments, with more modern communication infrastructures deployed by transmission utilities. The preceding diagram represents a typical control system. The Communication Links cloud supports all of the communication mechanisms a utility might deploy between the control center and devices in the field. Current methodologies used for security implementations are primarily led by single vendors or standards bodies. However, these entities tend to focus on individual protocols. The result is an environment that contains a mixture of security solutions that may only address some communication protocols at an increasing operational burden for the utility. A single approach is needed that meets operational requirements, is simple to operate, and provides the necessary level of security for all control system communication. The solution should be application independent (e.g., Distributed Network Protocol/Internet Protocol [DNP/IP], International Electrotechnical Commission [IEC] C37.118, Object Linking and Embedding for Process Control [OPC], etc.) and focus on the transport layer. In an ideal setting, a well-designed suite of standards for control system communication will be used for vendor implementation and compliance testing. An expected outcome of this effort is an international standard.

Blockchain Technology: A new secured Electronic Health Record System

OpenAIRE

Tamazirt , Lotfi; Alilat , Farid; Agoulmine , Nazim

2018-01-01

International audience; Nowadays, health systems are looking for effective ways to manage more patients in a shorter time, and to increase the quality of care through better coordination to provide quick, accurate and non-invasive diagnostics to patients. This paper aims to solve the dependence on trusted third parties by proposing a new management strategy, storage and security in a decentralized network through Blockchain technology. The proposed system also aims to offer a solution to help...

A mapping of information security in health Information Systems in Latin America and Brazil.

Science.gov (United States)

Pereira, Samáris Ramiro; Fernandes, João Carlos Lopes; Labrada, Luis; Bandiera-Paiva, Paulo

2013-01-01

In health, Information Systems are patient records, hospital administration or other, have advantages such as cost, availability and integration. However, for these benefits to be fully met, it is necessary to guarantee the security of information maintained and provided by the systems. The lack of security can lead to serious consequences such as lawsuits and induction to medical errors. The management of information security is complex and is used in various fields of knowledge. Often, it is left in the background for not being the ultimate goal of a computer system, causing huge financial losses to corporations. This paper by systematic review methodologies, presented a mapping in the literature, in order to identify the most relevant aspects that are addressed by security researchers of health information, as to the development of computerized systems. They conclude through the results, some important aspects, for which the managers of computerized health systems should remain alert.

46 CFR 16.500 - Management Information System requirements.

Science.gov (United States)

2010-10-01

... 46 Shipping 1 2010-10-01 2010-10-01 false Management Information System requirements. 16.500 Section 16.500 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MERCHANT MARINE OFFICERS AND SEAMEN CHEMICAL TESTING Management Information System § 16.500 Management Information System requirements. (a...

Information governance and security protecting and managing your company's proprietary information

CERN Document Server

Iannarelli, John G

2014-01-01

Information Governance and Security shows managers in any size organization how to create and implement the policies, procedures and training necessary to keep their organization's most important asset-its proprietary information-safe from cyber and physical compromise. Many intrusions can be prevented if appropriate precautions are taken, and this book establishes the enterprise-level systems and disciplines necessary for managing all the information generated by an organization. In addition, the book encompasses the human element by considering proprietary information lost, damaged, or destroyed through negligence. By implementing the policies and procedures outlined in Information Governance and Security, organizations can proactively protect their reputation against the threats that most managers have never even thought of. Provides a step-by-step outline for developing an information governance policy that is appropriate for your organization Includes real-world examples and cases to help illustrate key ...

Functional dependency between the logistics security system and the MySAP ERP in metallurgy

Directory of Open Access Journals (Sweden)

P. Ranitović

2013-10-01

Full Text Available MySAP ERP - Enterprise Resource Planning (system - solution which provides a whole set of functions for the business analytics, finance, human resources management, logistics and corporate services has developed from SAP R/3. It is one of the main products of the SAP AG German multinational company and as such, it is a very important element of the international industrial and technological security system. By defining the functional dependency between the security systems (logistics security systems and the IT (My SAP ERP systems in metallurgy, a concept for designing MY SAP ERP system in metallurgic industry is defined, based on the security aspects.

A simple security architecture for smart water management system

CSIR Research Space (South Africa)

Ntuli, N

2016-05-01

Full Text Available . Secure booting prevents installation of malicious code onto the device. By making sure that the booting process is secured, we can establish securely the root of trust for the device. Public key cryptography is utilized at this stage. During... Architecture 1168 Nonhlanhla Ntuli and Adnan Abu-Mahfouz / Procedia Computer Science 83 ( 2016 ) 1164 – 1169 3.2. Secure Communication While public key cryptography can be used in the first step (secure booting), it would be too heavy to use during...

NOSArmor: Building a Secure Network Operating System

Directory of Open Access Journals (Sweden)

Hyeonseong Jo

2018-01-01

Full Text Available Software-Defined Networking (SDN, controlling underlying network devices (i.e., data plane in a logically centralized manner, is now actively adopted in many real world networking environments. It is clear that a network administrator can easily understand and manage his networking environments with the help of SDN. In SDN, a network operating system (NOS, also known as an SDN controller, is the most critical component because it should be involved in all transactions for controlling network devices, and thus the security of NOS cannot be highly exaggerated. However, in spite of its importance, no previous works have thoroughly investigated the security of NOS. In this work, to address this problem, we present the NOSArmor, which integrates several security mechanisms, named as security building block (SBB, into a consolidated SDN controller. NOSArmor consists of eight SBBs and each of them addresses different security principles of network assets. For example, while role-based authorization focuses on securing confidentiality of internal storage from malicious applications, OpenFlow protocol verifier protects availability of core service in the controller from malformed control messages received from switches. In addition, NOSArmor shows competitive performance compared to existing other controllers (i.e., ONOS, Floodlight with secureness of network assets.

The research on information security technology for the industrial control system of special equipment

International Nuclear Information System (INIS)

Chen Ligang; Liu Hongye; Zhang Wei; Sun Jianying; Lan Peng; Dai Sidan

2014-01-01

With the rapid development of information technology in enterprise application, industrial control network and management network is becoming more and more closely linked. Development and application of special equipment control system from the traditional industrial control system, not considered when designing communication security problem mainly, therefore, the industrial control system opened at the same time, isolation control system and the outside was weakened, the safety problems of industrial control system had become more and more serious. The practical application combined with the special equipment control system, analysis and elaboration in view of security problems for the control network, also, provide appropriate security solutions for professional characteristics of industrial control network, design on process control system specially, provide security partition protection scheme, in order to improve security ability of industrial control system information. (authors)

5 CFR 9701.405 - Performance management system requirements.

Science.gov (United States)

2010-01-01

... feedback, and developing, rating, and rewarding performance; and (6) Specify the criteria and procedures to... 5 Administrative Personnel 3 2010-01-01 2010-01-01 false Performance management system... HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Performance Management § 9701.405 Performance...

Function allocation in distributed safeguards and security systems

International Nuclear Information System (INIS)

Barlich, G.L.

1991-01-01

Computerized distributed systems are being used to collect and manage data for activities such as nuclear materials accounting, process control, laboratory coordination, and security. Poor choices made in allocating functions to individual processors can make a system unusable by burdening machines with excessive network retrievals and updates. During system design phases, data allocation algorithms based on operation frequencies, field sizes, security information, and reliability requirements can be applied in sensitivity studies to mathematically ensure processor efficiency. The Los Alamos Network Design System (NDS) implements such an allocation algorithm. The authors analyzed a large, existing distributed system to test the cost functions and to compare actual network problems with NDS results. Several common configurations were also designed and studied using the software. From these studies, some basic principles for allocating functions emerged. In this paper recommendations for function allocation in generic systems and related design options are discussed

The Identity Crisis. Security, Privacy and Usability Issues in Identity Management

NARCIS (Netherlands)

Alpár, G.; Hoepman, J.H.; Siljee, B.I.J.

2011-01-01

This paper studies the current "identity crisis" caused by the substantial security, privacy and usability shortcomings encountered in existing systems for identity management. Some of these issues are well known, while others are much less understood. This paper brings them together in a single,

Security Risks: Management and Mitigation in the Software Life Cycle

Science.gov (United States)

Gilliam, David P.

2004-01-01

A formal approach to managing and mitigating security risks in the software life cycle is requisite to developing software that has a higher degree of assurance that it is free of security defects which pose risk to the computing environment and the organization. Due to its criticality, security should be integrated as a formal approach in the software life cycle. Both a software security checklist and assessment tools should be incorporated into this life cycle process and integrated with a security risk assessment and mitigation tool. The current research at JPL addresses these areas through the development of a Sotfware Security Assessment Instrument (SSAI) and integrating it with a Defect Detection and Prevention (DDP) risk management tool.

Panel on protection and management of plutonium: Subpanel on safeguards and security

International Nuclear Information System (INIS)

Tape, J.W.

1995-01-01

Nuclear materials safeguards and security systems are described in the context of the nuclear nonproliferation regime. Materials of interest to safeguards, threats, proposals to strengthen International Atomic Energy Agency safeguards, evolving safeguards issues and requirements, system effectiveness, and elements of a global nuclear materials management regime are discussed. Safeguards are seen as an essential element of nuclear materials management, but not a driver for decisions regarding nuclear power or the disposal of excess weapon nuclear materials

INDUSTRIAL CONTROL SYSTEM CYBER SECURITY: QUESTIONS AND ANSWERS RELEVANT TO NUCLEAR FACILITIES, SAFEGUARDS AND SECURITY

Energy Technology Data Exchange (ETDEWEB)

Robert S. Anderson; Mark Schanfein; Trond Bjornard; Paul Moskowitz

2011-07-01

Typical questions surrounding industrial control system (ICS) cyber security always lead back to: What could a cyber attack do to my system(s) and; how much should I worry about it? These two leading questions represent only a fraction of questions asked when discussing cyber security as it applies to any program, company, business, or organization. The intent of this paper is to open a dialog of important pertinent questions and answers that managers of nuclear facilities engaged in nuclear facility security and safeguards should examine, i.e., what questions should be asked; and how do the answers affect an organization's ability to effectively safeguard and secure nuclear material. When a cyber intrusion is reported, what does that mean? Can an intrusion be detected or go un-noticed? Are nuclear security or safeguards systems potentially vulnerable? What about the digital systems employed in process monitoring, and international safeguards? Organizations expend considerable efforts to ensure that their facilities can maintain continuity of operations against physical threats. However, cyber threats particularly on ICSs may not be well known or understood, and often do not receive adequate attention. With the disclosure of the Stuxnet virus that has recently attacked nuclear infrastructure, many organizations have recognized the need for an urgent interest in cyber attacks and defenses against them. Several questions arise including discussions about the insider threat, adequate cyber protections, program readiness, encryption, and many more. These questions, among others, are discussed so as to raise the awareness and shed light on ways to protect nuclear facilities and materials against such attacks.

Industrial Control System Cyber Security: Questions And Answers Relevant To Nuclear Facilities, Safeguards And Security

International Nuclear Information System (INIS)

Anderson, Robert S.; Schanfein, Mark; Bjornard, Trond; Moskowitz, Paul

2011-01-01

Typical questions surrounding industrial control system (ICS) cyber security always lead back to: What could a cyber attack do to my system(s) and; how much should I worry about it? These two leading questions represent only a fraction of questions asked when discussing cyber security as it applies to any program, company, business, or organization. The intent of this paper is to open a dialog of important pertinent questions and answers that managers of nuclear facilities engaged in nuclear facility security and safeguards should examine, i.e., what questions should be asked; and how do the answers affect an organization's ability to effectively safeguard and secure nuclear material. When a cyber intrusion is reported, what does that mean? Can an intrusion be detected or go un-noticed? Are nuclear security or safeguards systems potentially vulnerable? What about the digital systems employed in process monitoring, and international safeguards? Organizations expend considerable efforts to ensure that their facilities can maintain continuity of operations against physical threats. However, cyber threats particularly on ICSs may not be well known or understood, and often do not receive adequate attention. With the disclosure of the Stuxnet virus that has recently attacked nuclear infrastructure, many organizations have recognized the need for an urgent interest in cyber attacks and defenses against them. Several questions arise including discussions about the insider threat, adequate cyber protections, program readiness, encryption, and many more. These questions, among others, are discussed so as to raise the awareness and shed light on ways to protect nuclear facilities and materials against such attacks.

Cloud management and security

CERN Document Server

Abbadi, Imad M

2014-01-01

Written by an expert with over 15 years' experience in the field, this book establishes the foundations of Cloud computing, building an in-depth and diverse understanding of the technologies behind Cloud computing. In this book, the author begins with an introduction to Cloud computing, presenting fundamental concepts such as analyzing Cloud definitions, Cloud evolution, Cloud services, Cloud deployment types and highlighting the main challenges. Following on from the introduction, the book is divided into three parts: Cloud management, Cloud security, and practical examples. Part one presents the main components constituting the Cloud and federated Cloud infrastructure(e.g., interactions and deployment), discusses management platforms (resources and services), identifies and analyzes the main properties of the Cloud infrastructure, and presents Cloud automated management services: virtual and application resource management services. Part two analyzes the problem of establishing trustworthy Cloud, discuss...

Commercial off the shelf systems security: resource guide - TAFICS/RS/1

International Nuclear Information System (INIS)

2017-05-01

This document is a resource book that catalogues various aspects related to cyber protection of commercial off the shelf (COTS) systems used in I and C systems at nuclear facilities, particularly those relevant to DAE. It covers: (a) important cyber attacks on COTS systems used in various industries across the world; (b) taxonomy of threats and vulnerabilities of COTS systems; (c) COTS security issues specific to NFs; and (d) the standards, guides and technical articles related to security of COTS systems. This resource book is used in preparation of I and C security guides on COTS systems by TAFICS. The resource book is valuable to I and C designers to build effective counter measures against cyber threats to COTS systems. It is also useful to operating plant managers and the regulators for general awareness about this topic. (author)

Managing the security of nursing data in the electronic health record.

Science.gov (United States)

Samadbeik, Mahnaz; Gorzin, Zahra; Khoshkam, Masomeh; Roudbari, Masoud

2015-02-01

The Electronic Health Record (EHR) is a patient care information resource for clinicians and nursing documentation is an essential part of comprehensive patient care. Ensuring privacy and the security of health information is a key component to building the trust required to realize the potential benefits of electronic health information exchange. This study was aimed to manage nursing data security in the EHR and also discover the viewpoints of hospital information system vendors (computer companies) and hospital information technology specialists about nursing data security. This research is a cross sectional analytic-descriptive study. The study populations were IT experts at the academic hospitals and computer companies of Tehran city in Iran. Data was collected by a self-developed questionnaire whose validity and reliability were confirmed using the experts' opinions and Cronbach's alpha coefficient respectively. Data was analyzed through Spss Version 18 and by descriptive and analytic statistics. The findings of the study revealed that user name and password were the most important methods to authenticate the nurses, with mean percent of 95% and 80%, respectively, and also the most significant level of information security protection were assigned to administrative and logical controls. There was no significant difference between opinions of both groups studied about the levels of information security protection and security requirements (p>0.05). Moreover the access to servers by authorized people, periodic security update, and the application of authentication and authorization were defined as the most basic security requirements from the viewpoint of more than 88 percent of recently-mentioned participants. Computer companies as system designers and hospitals information technology specialists as systems users and stakeholders present many important views about security requirements for EHR systems and nursing electronic documentation systems. Prioritizing

A Secure, Scalable and Elastic Autonomic Computing Systems Paradigm: Supporting Dynamic Adaptation of Self-* Services from an Autonomic Cloud

Directory of Open Access Journals (Sweden)

Abdul Jaleel

2018-05-01

Full Text Available Autonomic computing embeds self-management features in software systems using external feedback control loops, i.e., autonomic managers. In existing models of autonomic computing, adaptive behaviors are defined at the design time, autonomic managers are statically configured, and the running system has a fixed set of self-* capabilities. An autonomic computing design should accommodate autonomic capability growth by allowing the dynamic configuration of self-* services, but this causes security and integrity issues. A secure, scalable and elastic autonomic computing system (SSE-ACS paradigm is proposed to address the runtime inclusion of autonomic managers, ensuring secure communication between autonomic managers and managed resources. Applying the SSE-ACS concept, a layered approach for the dynamic adaptation of self-* services is presented with an online ‘Autonomic_Cloud’ working as the middleware between Autonomic Managers (offering the self-* services and Autonomic Computing System (requiring the self-* services. A stock trading and forecasting system is used for simulation purposes. The security impact of the SSE-ACS paradigm is verified by testing possible attack cases over the autonomic computing system with single and multiple autonomic managers running on the same and different machines. The common vulnerability scoring system (CVSS metric shows a decrease in the vulnerability severity score from high (8.8 for existing ACS to low (3.9 for SSE-ACS. Autonomic managers are introduced into the system at runtime from the Autonomic_Cloud to test the scalability and elasticity. With elastic AMs, the system optimizes the Central Processing Unit (CPU share resulting in an improved execution time for business logic. For computing systems requiring the continuous support of self-management services, the proposed system achieves a significant improvement in security, scalability, elasticity, autonomic efficiency, and issue resolving time

45 CFR 2508.9 - What officials are responsible for the security, management and control of Corporation record...

Science.gov (United States)

2010-10-01

..., management and control of Corporation record keeping systems? 2508.9 Section 2508.9 Public Welfare... IMPLEMENTATION OF THE PRIVACY ACT OF 1974 § 2508.9 What officials are responsible for the security, management and control of Corporation record keeping systems? (a) The Director of Administration and Management...

Secure Software Configuration Management Processes for nuclear safety software development environment

International Nuclear Information System (INIS)

Chou, I.-Hsin

2011-01-01

Highlights: → The proposed method emphasizes platform-independent security processes. → A hybrid process based on the nuclear SCM and security regulations is proposed. → Detailed descriptions and Process Flow Diagram are useful for software developers. - Abstract: The main difference between nuclear and generic software is that the risk factor is infinitely greater in nuclear software - if there is a malfunction in the safety system, it can result in significant economic loss, physical damage or threat to human life. However, secure software development environment have often been ignored in the nuclear industry. In response to the terrorist attacks on September 11, 2001, the US Nuclear Regulatory Commission (USNRC) revised the Regulatory Guide (RG 1.152-2006) 'Criteria for use of computers in safety systems of nuclear power plants' to provide specific security guidance throughout the software development life cycle. Software Configuration Management (SCM) is an essential discipline in the software development environment. SCM involves identifying configuration items, controlling changes to those items, and maintaining integrity and traceability of them. For securing the nuclear safety software, this paper proposes a Secure SCM Processes (S 2 CMP) which infuses regulatory security requirements into proposed SCM processes. Furthermore, a Process Flow Diagram (PFD) is adopted to describe S 2 CMP, which is intended to enhance the communication between regulators and developers.

Integrated homeland security system with passive thermal imaging and advanced video analytics

Science.gov (United States)

Francisco, Glen; Tillman, Jennifer; Hanna, Keith; Heubusch, Jeff; Ayers, Robert

2007-04-01

A complete detection, management, and control security system is absolutely essential to preempting criminal and terrorist assaults on key assets and critical infrastructure. According to Tom Ridge, former Secretary of the US Department of Homeland Security, "Voluntary efforts alone are not sufficient to provide the level of assurance Americans deserve and they must take steps to improve security." Further, it is expected that Congress will mandate private sector investment of over $20 billion in infrastructure protection between 2007 and 2015, which is incremental to funds currently being allocated to key sites by the department of Homeland Security. Nearly 500,000 individual sites have been identified by the US Department of Homeland Security as critical infrastructure sites that would suffer severe and extensive damage if a security breach should occur. In fact, one major breach in any of 7,000 critical infrastructure facilities threatens more than 10,000 people. And one major breach in any of 123 facilities-identified as "most critical" among the 500,000-threatens more than 1,000,000 people. Current visible, nightvision or near infrared imaging technology alone has limited foul-weather viewing capability, poor nighttime performance, and limited nighttime range. And many systems today yield excessive false alarms, are managed by fatigued operators, are unable to manage the voluminous data captured, or lack the ability to pinpoint where an intrusion occurred. In our 2006 paper, "Critical Infrastructure Security Confidence Through Automated Thermal Imaging", we showed how a highly effective security solution can be developed by integrating what are now available "next-generation technologies" which include: Thermal imaging for the highly effective detection of intruders in the dark of night and in challenging weather conditions at the sensor imaging level - we refer to this as the passive thermal sensor level detection building block Automated software detection

Security and confidentiality of health information systems: implications for physicians.

Science.gov (United States)

Dorodny, V S

1998-01-01

Adopting and developing the new generation of information systems will be essential to remain competitive in a quality conscious health care environment. These systems enable physicians to document patient encounters and aggregate the information from the population they treat, while capturing detailed data on chronic medical conditions, medications, treatment plans, risk factors, severity of conditions, and health care resource utilization and management. Today, the knowledge-based information systems should offer instant, around-the-clock access for the provider, support simple order entry, facilitate data capture and retrieval, and provide eligibility verification, electronic authentication, prescription writing, security, and reporting that benchmarks outcomes management based upon clinical/financial decisions and treatment plans. It is an integral part of any information system to incorporate and integrate transactional (financial/administrative) information, as well as analytical (clinical/medical) data in a user-friendly, readily accessible, and secure form. This article explores the technical, financial, logistical, and behavioral obstacles on the way to the Promised Land.

Intelligent data analysis for e-learning enhancing security and trustworthiness in online learning systems

CERN Document Server

Miguel, Jorge; Xhafa, Fatos

2016-01-01

Intelligent Data Analysis for e-Learning: Enhancing Security and Trustworthiness in Online Learning Systems addresses information security within e-Learning based on trustworthiness assessment and prediction. Over the past decade, many learning management systems have appeared in the education market. Security in these systems is essential for protecting against unfair and dishonest conduct-most notably cheating-however, e-Learning services are often designed and implemented without considering security requirements. This book provides functional approaches of trustworthiness analysis, modeling, assessment, and prediction for stronger security and support in online learning, highlighting the security deficiencies found in most online collaborative learning systems. The book explores trustworthiness methodologies based on collective intelligence than can overcome these deficiencies. It examines trustworthiness analysis that utilizes the large amounts of data-learning activities generate. In addition, as proc...

Nuclear Security Management for Research Reactors and Related Facilities

International Nuclear Information System (INIS)

2016-03-01

This publication provides a single source guidance to assist those responsible for the implementation of nuclear security measures at research reactors and associated facilities in developing and maintaining an effective and comprehensive programme covering all aspects of nuclear security on the site. It is based on national experience and practices as well as on publications in the field of nuclear management and security. The scope includes security operations, security processes, and security forces and their relationship with the State’s nuclear security regime. The guidance is provided for consideration by States, competent authorities and operators

Cyber Security Testing and Training Programs for Industrial Control Systems

Energy Technology Data Exchange (ETDEWEB)

Daniel Noyes

2012-03-01

Service providers rely on industrial control systems (ICS) to manage the flow of water at dams, open breakers on power grids, control ventilation and cooling in nuclear power plants, and more. In today's interconnected environment, this can present a serious cyber security challenge. To combat this growing challenge, government, private industry, and academia are working together to reduce cyber risks. The Idaho National Laboratory (INL) is a key contributor to the Department of Energy National SCADA Test Bed (NSTB) and the Department of Homeland Security (DHS) Control Systems Security Program (CSSP), both of which focus on improving the overall security posture of ICS in the national critical infrastructure. In support of the NSTB, INL hosts a dedicated SCADA testing facility which consists of multiple control systems supplied by leading national and international manufacturers. Within the test bed, INL researchers systematically examine control system components and work to identify vulnerabilities. In support of the CSSP, INL develops and conducts training courses which are designed to increase awareness and defensive capabilities for IT/Control System professionals. These trainings vary from web-based cyber security trainings for control systems engineers to more advanced hands-on training that culminates with a Red Team/ Blue Team exercise that is conducted within an actual control systems environment. INL also provides staffing and operational support to the DHS Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) Security Operations Center which responds to and analyzes control systems cyber incidents across the 18 US critical infrastructure sectors.

Carboy Security Testing and Training Programs for Industrial Control Systems

International Nuclear Information System (INIS)

Noyes, Daniel

2012-01-01

Service providers rely on industrial control systems (ICS) to manage the flow of water at dams, open breakers on power grids, control ventilation and cooling in nuclear power plants, and more. In today's interconnected environment, this can present a serious cyber security challenge. To combat this growing challenge, government, private industry, and academia are working together to reduce cyber risks. The Idaho National Laboratory (INL) is a key contributor to the Department of Energy National SCADA Test Bed (NSTB) and the Department of Homeland Security (DHS) Control Systems Security Program (CSSP), both of which focus on improving the overall security posture of ICS in the national critical infrastructure. In support of the NSTB, INL hosts a dedicated SCADA testing facility which consists of multiple control systems supplied by leading national and international manufacturers. Within the test bed, INL researchers systematically examine control system components and work to identify vulnerabilities. In support of the CSSP, INL develops and conducts training courses which are designed to increase awareness and defensive capabilities for IT/Control System professionals. These training vary from web-based cyber security training for control systems engineers to more advanced hands-on training that culminates with a Red Team/Blue Team exercise that is conducted within an actual control systems environment. INL also provides staffing and operational support to the DHS Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) Security Operations Center which responds to and analyzes control systems cyber incidents across the 18 US critical infrastructure sectors

Cyber Security Testing and Training Programs for Industrial Control Systems

International Nuclear Information System (INIS)

Noyes, Daniel

2012-01-01

Service providers rely on industrial control systems (ICS) to manage the flow of water at dams, open breakers on power grids, control ventilation and cooling in nuclear power plants, and more. In today's interconnected environment, this can present a serious cyber security challenge. To combat this growing challenge, government, private industry, and academia are working together to reduce cyber risks. The Idaho National Laboratory (INL) is a key contributor to the Department of Energy National SCADA Test Bed (NSTB) and the Department of Homeland Security (DHS) Control Systems Security Program (CSSP), both of which focus on improving the overall security posture of ICS in the national critical infrastructure. In support of the NSTB, INL hosts a dedicated SCADA testing facility which consists of multiple control systems supplied by leading national and international manufacturers. Within the test bed, INL researchers systematically examine control system components and work to identify vulnerabilities. In support of the CSSP, INL develops and conducts training courses which are designed to increase awareness and defensive capabilities for IT/Control System professionals. These trainings vary from web-based cyber security trainings for control systems engineers to more advanced hands-on training that culminates with a Red Team/ Blue Team exercise that is conducted within an actual control systems environment. INL also provides staffing and operational support to the DHS Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) Security Operations Center which responds to and analyzes control systems cyber incidents across the 18 US critical infrastructure sectors.

Carboy Security Testing and Training Programs for Industrial Control Systems

Energy Technology Data Exchange (ETDEWEB)

Noyes, Daniel [Idaho National Laboratory, Idaho (United States)

2012-03-15

Service providers rely on industrial control systems (ICS) to manage the flow of water at dams, open breakers on power grids, control ventilation and cooling in nuclear power plants, and more. In today's interconnected environment, this can present a serious cyber security challenge. To combat this growing challenge, government, private industry, and academia are working together to reduce cyber risks. The Idaho National Laboratory (INL) is a key contributor to the Department of Energy National SCADA Test Bed (NSTB) and the Department of Homeland Security (DHS) Control Systems Security Program (CSSP), both of which focus on improving the overall security posture of ICS in the national critical infrastructure. In support of the NSTB, INL hosts a dedicated SCADA testing facility which consists of multiple control systems supplied by leading national and international manufacturers. Within the test bed, INL researchers systematically examine control system components and work to identify vulnerabilities. In support of the CSSP, INL develops and conducts training courses which are designed to increase awareness and defensive capabilities for IT/Control System professionals. These training vary from web-based cyber security training for control systems engineers to more advanced hands-on training that culminates with a Red Team/Blue Team exercise that is conducted within an actual control systems environment. INL also provides staffing and operational support to the DHS Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) Security Operations Center which responds to and analyzes control systems cyber incidents across the 18 US critical infrastructure sectors.

Implementing an Information Security Program

Energy Technology Data Exchange (ETDEWEB)

Glantz, Clifford S.; Lenaeus, Joseph D.; Landine, Guy P.; O' Neil, Lori Ross; Leitch, Rosalyn; Johnson, Christopher; Lewis, John G.; Rodger, Robert M.

2017-11-01

The threats to information security have dramatically increased with the proliferation of information systems and the internet. Chemical, biological, radiological, nuclear, and explosives (CBRNe) facilities need to address these threats in order to protect themselves from the loss of intellectual property, theft of valuable or hazardous materials, and sabotage. Project 19 of the European Union CBRN Risk Mitigation Centres of Excellence Initiative is designed to help CBRN security managers, information technology/cybersecurity managers, and other decision-makers deal with these threats through the application of cost-effective information security programs. Project 19 has developed three guidance documents that are publically available to cover information security best practices, planning for an information security management system, and implementing security controls for information security.

Automated Transportation Management System (ATMS) Configuration Management Plan. Revision 1

International Nuclear Information System (INIS)

Weidert, R.S.

1994-01-01

This document describes the Software Configuration Management (SCM) approach and procedures to be utilized in developing and maintaining the Automated Transportation Management System (ATMS). The configuration management procedures are necessary to ensure that any changes made to software and related documentation are consistent with ATMS goals and contained securely in a central library. This plan applies to all software and associated documentation used in producing ATMS V1.0 and ATMS V2.0 system

MAINTENANCE MANAGEMENT ACCOUNTING SYSTEM OF WASTE WATER DISPOSAL SYSTEMS

Science.gov (United States)

Hori, Michihiro; Tsuruta, Takashi; Kaito, Kiyoyuki; Kobayashi, Kiyoshi

Sewage works facilities consist of various assets groups. And there are many kinds of financial resources. In order to optimize the maintenance plan, and to secure the stability and sustainability of sewage works management, it is necessary to carry out financial simulation based on the life-cycle cost analysis. Furthermore, it is important to develop management accounting system that is interlinked with the financial accounting system, because many sewage administration bodies have their financial accounting systems as public enterprises. In this paper, a management accounting system, which is designed to provide basic information for asset management of sewage works facilities, is presented. Also the applicability of the management accounting system presented in this paper is examined through financial simulations.

Systems analysis of a security alarm system

International Nuclear Information System (INIS)

Schiff, A.

1975-01-01

When the Lawrence Livermore Laboratory found that its security alarm system was causing more false alarms and maintenance costs than LLL felt was tolerable, a systems analysis was undertaken to determine what should be done about the situation. This report contains an analysis of security alarm systems in general and ends with a review of the existing Security Alarm Control Console (SACC) and recommendations for its improvement, growth and change. (U.S.)

Audit for Information Systems Security

Directory of Open Access Journals (Sweden)

Ana-Maria SUDUC

2010-01-01

Full Text Available The information and communication technologies advances made available enormous and vast amounts of information. This availability generates also significant risks to computer systems, information and to the critical operations and infrastructures they support. In spite of significant advances in the information security area many information systems are still vulnerable to inside or outside attacks. The existence of an internal audit for information system security increases the probability of adopting adequate security measures and preventing these attacks or lowering the negative consequences. The paper presents an exploratory study on informatics audit for information systems security.

On Building Secure Communication Systems

DEFF Research Database (Denmark)

Carvalho Quaresma, Jose Nuno

This thesis presents the Guided System Development (GSD) framework, which aims at supporting the development of secure communication systems. A communication system is specified in a language similar to the Alice and Bob notation, a simple and intuitive language used to describe the global...... the verification and implementation of the system. The translation is semi-automatic because the developer has the option of choosing which implementation to use in order to achieve the specified security requirements. The implementation options are given by plugins defined in the framework. The framework......’s flexibility allows for the addition of constructs that model new security properties as well as new plugins that implement the security properties. In order to provide higher security assurances, the system specification can be verified by formal methods tools such as the Beliefs and Knowledge (BAK) tool...

75 FR 11191 - Privacy Act of 1974; Retirement of Department of Homeland Security Federal Emergency Management...

Science.gov (United States)

2010-03-10

... 20472. For privacy issues please contact: Mary Ellen Callahan (703-235- 0780), Chief Privacy Officer... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary Privacy Act of 1974; Retirement of Department of Homeland Security Federal Emergency Management Agency System of Records AGENCY: Privacy Office...

Security Risks Management in Selected Academic Libraries in Osun ...

African Journals Online (AJOL)

The survival of a library depends to a large extent on how secured its collections are. Security of collections constitutes a critical challenge facing academic libraries in Nigeria. It is against this background that this study investigated the security risks management in selected academic libraries in Osun State, Nigeria.

Develop security architecture for both in-house healthcare information systems and electronic patient record

Science.gov (United States)

Zhang, Jianguo; Chen, Xiaomeng; Zhuang, Jun; Jiang, Jianrong; Zhang, Xiaoyan; Wu, Dongqing; Huang, H. K.

2003-05-01

In this paper, we presented a new security approach to provide security measures and features in both healthcare information systems (PACS, RIS/HIS), and electronic patient record (EPR). We introduced two security components, certificate authoring (CA) system and patient record digital signature management (DSPR) system, as well as electronic envelope technology, into the current hospital healthcare information infrastructure to provide security measures and functions such as confidential or privacy, authenticity, integrity, reliability, non-repudiation, and authentication for in-house healthcare information systems daily operating, and EPR exchanging among the hospitals or healthcare administration levels, and the DSPR component manages the all the digital signatures of patient medical records signed through using an-symmetry key encryption technologies. The electronic envelopes used for EPR exchanging are created based on the information of signers, digital signatures, and identifications of patient records stored in CAS and DSMS, as well as the destinations and the remote users. The CAS and DSMS were developed and integrated into a RIS-integrated PACS, and the integration of these new security components is seamless and painless. The electronic envelopes designed for EPR were used successfully in multimedia data transmission.

Systems Security Engineering

Science.gov (United States)

2010-08-22

environment that contains network- borne cybersecurity threats, an argument may be made that the firewall increases overall system functionality by reserving...the number of administered devices. This approach to security analysis is at once old and new. In the early days of eCommerce , security

Service Oriented Architecture in Network Security - a novel Organisation in Security Systems

OpenAIRE

Hilker, Michael; Schommer, Christoph

2008-01-01

Current network security systems are a collection of various security components, which are directly installed in the operating system. These check the whole node for suspicious behaviour. Armouring intrusions e.g. have the ability to hide themselves from being checked. We present in this paper an alternative organisation of security systems. The node is completely virtualized with current virtualization systems so that the operating system with applications and the security system is disting...

Exploration of the financing and management model of a children's critical disease security system in China based on the implementation of Shanghai Children Hospital Care Aid.

Science.gov (United States)

Zhang, Zhi-ruo; Wen, Zhao-jun; Chen, Sai-juan; Chen, Zhu

2011-03-01

This study is designed to serve as a reference for the establishment of health security systems for children’s critical diseases. Through analysis of the operation of Shanghai Children Hospital Care Aid (SCHCA), this study explored the financing model and management of a children’s critical disease healthcare system and analyzed the possibility of expanding this system to other areas. It is found that a premium as low as RMB 7 per capita per year under SCHCA can provide high-level security for children’s critical diseases. With the good experience in Shanghai and based on the current basic medical insurance system for urban residents and the new rural cooperative medical scheme (NRCMS), it is necessary and feasible to build a health security system for children’s critical diseases at the national level.

17 CFR 229.403 - (Item 403) Security ownership of certain beneficial owners and management.

Science.gov (United States)

2010-04-01

... of certain beneficial owners and management. 229.403 Section 229.403 Commodity and Securities... Management and Certain Security Holders § 229.403 (Item 403) Security ownership of certain beneficial owners and management. (a) Security ownership of certain beneficial owners. Furnish the following information...

Bank Customers Management System

Directory of Open Access Journals (Sweden)

Ebubeogu Amarachukwu Felix

2015-08-01

Full Text Available ABSTRACT The purpose of this project is in partial fulfilment of the requirements of Bachelor of Science Hon in Information Technology. The Design and development of this Bank customers Management system provides a more secured approach in managing bank customers information which strengthens the relationships between banks and their customers by providing the right solutions that uses a multi-level security to improve customer satisfaction. The technology used in developing this project is ASP.NET and the programming language used to develop this project is C and the IDE used is Microsoft Visual Studio 2013 professional in designing the front end while the back end uses Microsoft SQL Server 2012.

Recommended Practice for Patch Management of Control Systems

Energy Technology Data Exchange (ETDEWEB)

Steven Tom; Dale Christiansen; Dan Berrett

2008-12-01

A key component in protecting a nation’s critical infrastructure and key resources is the security of control systems. The term industrial control system refers to supervisory control and data acquisition, process control, distributed control, and any other systems that control, monitor, and manage the nation’s critical infrastructure. Critical Infrastructure and Key Resources (CIKR) consists of electric power generators, transmission systems, transportation systems, dam and water systems, communication systems, chemical and petroleum systems, and other critical systems that cannot tolerate sudden interruptions in service. Simply stated, a control system gathers information and then performs a function based on its established parameters and the information it receives. The patch management of industrial control systems software used in CIKR is inconsistent at best and nonexistent at worst. Patches are important to resolve security vulnerabilities and functional issues. This report recommends patch management practices for consideration and deployment by industrial control systems owners.

Improving Information Security Risk Management

Science.gov (United States)

Singh, Anand

2009-01-01

manaOptimizing risk to information to protect the enterprise as well as to satisfy government and industry mandates is a core function of most information security departments. Risk management is the discipline that is focused on assessing, mitigating, monitoring and optimizing risks to information. Risk assessments and analyses are critical…

IT Security Support for the Spaceport Command Control System Development

Science.gov (United States)

Varise, Brian

2014-01-01

My job title is IT Security support for the Spaceport Command & Control System Development. As a cyber-security analyst it is my job to ensure NASA's information stays safe from cyber threats, such as, viruses, malware and denial-of-service attacks by establishing and enforcing system access controls. Security is very important in the world of technology and it is used everywhere from personal computers to giant networks ran by Government agencies worldwide. Without constant monitoring analysis, businesses, public organizations and government agencies are vulnerable to potential harmful infiltration of their computer information system. It is my responsibility to ensure authorized access by examining improper access, reporting violations, revoke access, monitor information request by new programming and recommend improvements. My department oversees the Launch Control System and networks. An audit will be conducted for the LCS based on compliance with the Federal Information Security Management Act (FISMA) and The National Institute of Standards and Technology (NIST). I recently finished analyzing the SANS top 20 critical controls to give cost effective recommendations on various software and hardware products for compliance. Upon my completion of this internship, I will have successfully completed my duties as well as gain knowledge that will be helpful to my career in the future as a Cyber Security Analyst.

Media rights and media security

Science.gov (United States)

Baugher, Mark

2005-03-01

Digital Rights Management (DRM) systems typically do not treat rights management as a security problem. DRM uses cryptographic techniques but not security relationships. Instead, DRM systems use "tamper-resistant mechanisms" to discourage unauthorized access to rights-managed content. Although proven ineffective in practice, tamper-resistant mechanisms penalize legitimate customers with added complexity and costs that arise from tamper-resisting data or program code. This paper explores how a security relationship between provider and consumer might be more effective for managing rights to content works on two-way networks.

Control system security in nuclear power plant

International Nuclear Information System (INIS)

Li Jianghai; Huang Xiaojin

2012-01-01

The digitalization and networking of control systems in nuclear power plants has brought significant improvements in system control, operation and maintenance. However, the highly digitalized control system also introduces additional security vulnerabilities. Moreover, the replacement of conventional proprietary systems with common protocols, software and devices makes these vulnerabilities easy to be exploited. Through the interaction between control systems and the physical world, security issues in control systems impose high risks on health, safety and environment. These security issues may even cause damages of critical infrastructures and threaten national security. The importance of control system security by reviewing several control system security incidents that happened in nuclear power plants was showed in recent years. Several key difficulties in addressing these security issues were described. Finally, existing researches on control system security and propose several promising research directions were reviewed. (authors)

Audit Characteristics for Information System Security

OpenAIRE

Marius POPA; Mihai DOINEA

2007-01-01

The paper presents the main aspects regarding the development of the information security and assurance of their security. The information systems, standards and audit processes definitions are offered. There are presented the most important security standards used in information system security assessment

Secure integrated circuits and systems

CERN Document Server

Verbauwhede, Ingrid MR

2010-01-01

On any advanced integrated circuit or 'system-on-chip' there is a need for security. In many applications the actual implementation has become the weakest link in security rather than the algorithms or protocols. The purpose of the book is to give the integrated circuits and systems designer an insight into the basics of security and cryptography from the implementation point of view. As a designer of integrated circuits and systems it is important to know both the state-of-the-art attacks as well as the countermeasures. Optimizing for security is different from optimizations for speed, area,

Research on the information security system in electrical gis system in mobile application

Science.gov (United States)

Zhou, Chao; Feng, Renjun; Jiang, Haitao; Huang, Wei; Zhu, Daohua

2017-05-01

With the rapid development of social informatization process, the demands of government, enterprise, and individuals for spatial information becomes larger. In addition, the combination of wireless network technology and spatial information technology promotes the generation and development of mobile technologies. In today’s rapidly developed information technology field, network technology and mobile communication have become the two pillar industries by leaps and bounds. They almost absorbed and adopted all the latest information, communication, computer, electronics and so on new technologies. Concomitantly, the network coverage is more and more big, the transmission rate is faster and faster, the volume of user’s terminal is smaller and smaller. What’s more, from LAN to WAN, from wired network to wireless network, from wired access to mobile wireless access, people’s demand for communication technology is increasingly higher. As a result, mobile communication technology is facing unprecedented challenges as well as unprecedented opportunities. When combined with the existing mobile communication network, it led to the development of leaps and bounds. However, due to the inherent dependence of the system on the existing computer communication network, information security problems cannot be ignored. Today’s information security has penetrated into all aspects of life. Information system is a complex computer system, and it’s physical, operational and management vulnerabilities constitute the security vulnerability of the system. Firstly, this paper analyzes the composition of mobile enterprise network and information security threat. Secondly, this paper puts forward the security planning and measures, and constructs the information security structure.

A review of game theory approach to cyber security risk management

African Journals Online (AJOL)

A review of game theory approach to cyber security risk management. ... This paper presents a review of game theoretic-based model for cyber security risk management. Specifically, issues on ... AJOL African Journals Online. HOW TO USE ...

A data-management system using sensor technology and wireless devices for port security

Science.gov (United States)

Saldaña, Manuel; Rivera, Javier; Oyola, Jose; Manian, Vidya

2014-05-01

Sensor technologies such as infrared sensors and hyperspectral imaging, video camera surveillance are proven to be viable in port security. Drawing from sources such as infrared sensor data, digital camera images and processed hyperspectral images, this article explores the implementation of a real-time data delivery system. In an effort to improve the manner in which anomaly detection data is delivered to interested parties in port security, this system explores how a client-server architecture can provide protected access to data, reports, and device status. Sensor data and hyperspectral image data will be kept in a monitored directory, where the system will link it to existing users in the database. Since this system will render processed hyperspectral images that are dynamically added to the server - which often occupy a large amount of space - the resolution of these images is trimmed down to around 1024×768 pixels. Changes that occur in any image or data modification that originates from any sensor will trigger a message to all users that have a relation with the aforementioned. These messages will be sent to the corresponding users through automatic email generation and through a push notification using Google Cloud Messaging for Android. Moreover, this paper presents the complete architecture for data reception from the sensors, processing, storage and discusses how users of this system such as port security personnel can use benefit from the use of this service to receive secure real-time notifications if their designated sensors have detected anomalies and/or have remote access to results from processed hyperspectral imagery relevant to their assigned posts.

Security systems engineering overview

Science.gov (United States)

Steele, Basil J.

1997-01-01

Crime prevention is on the minds of most people today. The concern for public safety and the theft of valuable assets are being discussed at all levels of government and throughout the public sector. There is a growing demand for security systems that can adequately safeguard people and valuable assets against the sophistication of those criminals or adversaries who pose a threat. The crime in this country has been estimated at 70 billion dollars in direct costs and up to 300 billion dollars in indirect costs. Health insurance fraud alone is estimated to cost American businesses 100 billion dollars. Theft, warranty fraud, and counterfeiting of computer hardware totaled 3 billion dollars in 1994. A threat analysis is a prerequisite to any security system design to assess the vulnerabilities with respect to the anticipated threat. Having established a comprehensive definition of the threat, crime prevention, detection, and threat assessment technologies can be used to address these criminal activities. This talk will outline the process used to design a security system regardless of the level of security. This methodology has been applied to many applications including: government high security facilities; residential and commercial intrusion detection and assessment; anti-counterfeiting/fraud detection technologies; industrial espionage detection and prevention; security barrier technology.

Building a highly available and intrusion tolerant Database Security and Protection System (DSPS).

Science.gov (United States)

Cai, Liang; Yang, Xiao-Hu; Dong, Jin-Xiang

2003-01-01

Database Security and Protection System (DSPS) is a security platform for fighting malicious DBMS. The security and performance are critical to DSPS. The authors suggested a key management scheme by combining the server group structure to improve availability and the key distribution structure needed by proactive security. This paper detailed the implementation of proactive security in DSPS. After thorough performance analysis, the authors concluded that the performance difference between the replicated mechanism and proactive mechanism becomes smaller and smaller with increasing number of concurrent connections; and that proactive security is very useful and practical for large, critical applications.

Efficiency audit for IT-systems of state management strategic objects

Directory of Open Access Journals (Sweden)

Abasov V.A.

2017-06-01

Full Text Available Hackers’ attacks at the end of 2016 and at the beginning of 2017 р. on governmental information and telecommunication systems, including Ministry of Finance in Ukraine, and State Treasury Department, caused vast delays in budgetary payments. They showed «sensitiveness» and insecurity of governmental institutions for cyber-attacks because of control absence of three main security measures, such as technical limitations for downloading programs, limited use of rights for local administrators, systematical software renewals. International experience shows these security measures of governmental IT-systems have to be the audit subject of state financial control authorities. The base of information technology audit was initiated in the studies of І.К. Drozd, S.V. Іvachnenkova, М.М. Benko, Ju.А. Кuxminskiy, А.V. Мamyshev. Simultaneously, the issue of IT-system state audit was examined in theoretical researches partially because there is no practice of such audit in Ukraine. That is why it is necessary to learn international practice of efficiency audit for IT-systems and world standards for establishments of state management sector. The research allowed to propose the methodology of efficiency audit for IT-systems for state institutions; the methodology provides planning and conducting the main procedures on the base of risk estimation of security threats for information systems. The author determines the peculiarities in security risk management for IT-systems by means of risk estimation of security components of IT-systems while conducting efficiency audit. The author sets the method of descending step-by-step detailing for audit estimation of IT-system risk management efficiency at strategic enterprises belonging to state management sector by means of adaptation of ISSAI standard norms. The paper proposes three possible options of management solution concerning IT-system risk management efficiency on the base of information about the

Learning from the blackouts. Transmission system security in competitive electricity markets

Energy Technology Data Exchange (ETDEWEB)

none

2005-07-01

Electricity market reform has fundamentally changed the environment for maintaining reliable and secure power supplies. Growing inter-regional trade has placed new demands on transmission systems, creating a more integrated and dynamic network environment with new real-time challenges for reliable and secure transmission system operation. Despite these fundamental changes, system operating rules and practices remain largely unchanged. The major blackouts of 2003 and 2004 raised searching questions about the appropriateness of these arrangements. Management of system security needs to be transformed to maintain reliable electricity services in this more dynamic operating environment. These challenges raise fundamental issues for policymakers. This publication presents case studies drawn from recent large-scale blackouts in Europe, North America, and Australia. It concludes that a comprehensive, integrated policy response is required to avoid preventable large-scale blackouts in the future.

Managing information security in a process industrial environment; Gestao de seguranca da informacao em processos industriais

Energy Technology Data Exchange (ETDEWEB)

Pereira, Raphael Gomes; Aguiar, Leandro Pfleger de [Siemens Company (Brazil)

2008-07-01

With the recently globalization expansion (growth), the exploration of energetic resources is crossing over countries boundaries, resulting in worldwide companies exploring Oil and Gas fields available in any place of the world. To the government's bodies, this information about those fields should be treated as a national security interest subject by bringing an adequate management and protection to all the important and critical information and assets, and making possible, at the same time, the freedom and transparency in concurrence processes. This create a complex security context to be managed, where information disruption might, for instance, imply in broke of integrity in public auctions processes as a result of privileged information usage. Furthermore, with the terrorism problem, the process itself becomes an attractive target for different kinds of attacks, motivated by the opportunism to explore the known incapacity of the big industries in well manage their large and complex environments. With all transformations that are happening in productive processes, as the growing TCP/IP protocol usage, the Windows operating systems adoption in SCADA systems and the integration of industrial with business network, are factors that contribute to an eminent landscape of problems. This landscape demonstrates the need from the organizations and countries that are operating in energetic resources exploration, for renew their risk management areas, establishing a unique and integrated process to protect information security infrastructure. This work presents a study of the challenges to be faced by the organizations while rebuilding their internal processes to integrate the risk management and information security areas, as long as a set of essential steps to establish an affective corporative governance of risk management and compliance aspects. Moreover, the work presents the necessary points of the government involvement to improve all the regulatory aspects

Developing Scalable Information Security Systems

Directory of Open Access Journals (Sweden)

Valery Konstantinovich Ablekov

2013-06-01

Full Text Available Existing physical security systems has wide range of lacks, including: high cost, a large number of vulnerabilities, problems of modification and support system. This paper covers an actual problem of developing systems without this list of drawbacks. The paper presents the architecture of the information security system, which operates through the network protocol TCP/IP, including the ability to connect different types of devices and integration with existing security systems. The main advantage is a significant increase in system reliability, scalability, both vertically and horizontally, with minimal cost of both financial and time resources.

ITIL® and information security

International Nuclear Information System (INIS)

Jašek, Roman; Králík, Lukáš; Popelka, Miroslav

2015-01-01

This paper discusses the context of ITIL framework and management of information security. It is therefore a summary study, where the first part is focused on the safety objectives in connection with the ITIL framework. First of all, there is a focus on ITIL process ISM (Information Security Management), its principle and system management. The conclusion is about link between standards, which are related to security, and ITIL framework

33 CFR 127.705 - Security systems.

Science.gov (United States)

2010-07-01

... 33 Navigation and Navigable Waters 2 2010-07-01 2010-07-01 false Security systems. 127.705 Section 127.705 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED... Waterfront Facilities Handling Liquefied Natural Gas Security § 127.705 Security systems. The operator shall...

Integrated Safeguards and Security Management Self-Assessment 2004

Energy Technology Data Exchange (ETDEWEB)

Lunford, Dan; Ramsey, Dwayne

2005-04-01

In 2002 Ernest Orlando Lawrence Berkeley National Laboratory deployed the first Integrated Safeguards and Security Management (ISSM) Self-Assessment process, designed to measure the effect of the Laboratory's ISSM efforts. This process was recognized by DOE as a best practice and model program for self-assessment and training. In 2004, the second Self-Assessment was launched. The cornerstone of this process was an employee survey that was designed to meet several objectives: (1) Ensure that Laboratory assets are protected. (2) Provide a measurement of the Laboratory's current security status that can be compared against the 2002 Self-Assessment baseline. (3) Educate all Laboratory staff about security responsibilities, tools, and practices. (4) Provide security staff with feedback on the effectiveness of security programs. (5) Provide line management with the information they need to make informed decisions about security. This 2004 Self Assessment process began in July 2004 with every employee receiving an information packet and instructions for completing the ISSM survey. The Laboratory-wide survey contained questions designed to measure awareness and conformance to policy and best practices. The survey response was excellent--90% of Berkeley Lab employees completed the questionnaire. ISSM liaisons from each division followed up on the initial survey results with individual employees to improve awareness and resolve ambiguities uncovered by the questionnaire. As with the 2002 survey, the Self-Assessment produced immediate positive results for the ISSM program and revealed opportunities for longer-term corrective actions. Results of the questionnaire provided information for organizational profiles and an institutional summary. The overall level of security protection and awareness was very high--often above 90%. Post-survey work by the ISSM liaisons and line management consistently led to improved awareness and metrics, as shown by a comparison of

System Health Monitoring Using a Novel Method: Security Unified Process

Directory of Open Access Journals (Sweden)

Alireza Shameli-Sendi

2012-01-01

and change management, and project management. The dynamic dimension, or phases, contains inception, analysis and design, construction, and monitoring. Risk assessment is a major part of the ISMS process. In SUP, we present a risk assessment model, which uses a fuzzy expert system to assess risks in organization. Since, the classification of assets is an important aspect of risk management and ensures that effective protection occurs, a Security Cube is proposed to identify organization assets as an asset classification model. The proposed model leads us to have an offline system health monitoring tool that is really a critical need in any organization.

Sewer System Management Plan.

Energy Technology Data Exchange (ETDEWEB)

Holland, Robert C. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)

2017-08-01

A Sewer System Management Plan (SSMP) is required by the State Water Resources Control Board (SWRCB) Order No. 2006-0003-DWQ Statewide General Waste Discharge Requirements (WDR) for Sanitary Sewer Systems (General Permit). DOE, National Nuclear Security Administration (NNSA), Sandia Field Office has filed a Notice of Intent to be covered under this General Permit. The General Permit requires a proactive approach to reduce the number and frequency of sanitary sewer overflows (SSOs) within the State. SSMPs must include provisions to provide proper and efficient management, operation, and maintenance of sanitary sewer systems and must contain a spill response plan.

Managing the risks of legacy radioactive sources from a security perspective

International Nuclear Information System (INIS)

Alexander, Mark; Murray, Allan

2008-01-01

The safety and security risk posed by highly radioactive, long-lived sources at the end of their normal use has not been consistently well-managed in previous decades. The Brazilian Cs-137 accident in 1986 and the Thailand Co-60 accident in 2000 are prime examples of the consequences that ensue from the loss of control of highly dangerous sources after their normal use. With the new international emphasis on security of radioactive sources throughout their life cycle, there is now further incentive to address the management of risks posed by legacy, highly dangerous radioactive sources. The ANSTO South-East Asia Regional Security of Radioactive Sources (RSRS) Project has identified, and is addressing, a number of legacy situations that have arisen as a result of inadequate management practices in the past. Specific examples are provided of these legacy situations and the lessons learned for managing the consequent safety and security risk, and for future complete life-cycle management of highly radioactive sources. (author)

Tools for an effective annual review of the Security Management Plan.

Science.gov (United States)

Daniel, Matthew

2014-01-01

A hospital's Security Management Plan, required by the Joint Commission, can also be used by security management professionals, the author points out, to ensure that they are continually monitoring and improving the program in a changing healthcare environment.

Internet security information system implement method

International Nuclear Information System (INIS)

Liu Baoxu; Mei Jie; Xu Rongsheng; An Dehai; Yu Mingjian; Chen Xiangyang; Zheng Peng

1999-01-01

On the basis of analysis of the key elements that will affect the Internet Security Information System, the author takes UNIX Operating System as an example, and provides the important stages that must be considered when implementing the Internet Security Information System. An implemental model of the Internet Security Information System is given

Macro Security Methodology for Conducting Facility Security and Sustainability Assessments

International Nuclear Information System (INIS)

Herdes, Greg A.; Freier, Keith D.; Wright, Kyle A.

2007-01-01

Pacific Northwest National Laboratory (PNNL) has developed a macro security strategy that not only addresses traditional physical protection systems, but also focuses on sustainability as part of the security assessment and management process. This approach is designed to meet the needs of virtually any industry or environment requiring critical asset protection. PNNL has successfully demonstrated the utility of this macro security strategy through its support to the NNSA Office of Global Threat Reduction implementing security upgrades at international facilities possessing high activity radioactive sources that could be used in the assembly of a radiological dispersal device, commonly referred to as a 'dirty bomb'. Traditional vulnerability assessments provide a snap shot in time of the effectiveness of a physical protection system without significant consideration to the sustainability of the component elements that make up the system. This paper describes the approach and tools used to integrate technology, plans and procedures, training, and sustainability into a simple, quick, and easy-to-use security assessment and management tool.

Physician office readiness for managing Internet security threats.

Science.gov (United States)

Keshavjee, K; Pairaudeau, N; Bhanji, A

2006-01-01

Internet security threats are evolving toward more targeted and focused attacks.Increasingly, organized crime is involved and they are interested in identity theft. Physicians who use Internet in their practice are at risk for being invaded. We studied 16 physician practices in Southern Ontario for their readiness to manage internet security threats. Overall, physicians have an over-inflated sense of preparedness. Security practices such as maintaining a firewall and conducting regular virus checks were not consistently done.

17 CFR 240.3b-14 - Definition of cash management securities activities.

Science.gov (United States)

2010-04-01

... derivative instruments or other financial instruments; (b) Cash management, in connection with any securities... § 240.15a-1 or any non-securities activities that involve eligible OTC derivative instruments or other... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Definition of cash management...

Management of library and archival security from the outside looking in

CERN Document Server

O'Neill, Robert K

2014-01-01

Providing a substantive approach to the issue, Management of Library and Archival Security: From the Outside Looking In gives librarians and collection directors practical and helpful suggestions for developing policies and procedures to minimize theft. In addition, this text prepares you to deal with the aftermath of a robbery or natural disaster that destroys priceless materials. Through expert opinions and advice, Management of Library and Archival Security will teach you how to protect and secure invaluable collections and the finances invested in them.In addition, Management of Library an

Research on a Valuation Standard and the Actual Condition About Security Management in PACS

International Nuclear Information System (INIS)

Jeong, Jae Ho; Son, Gi Gyeong; Kang, Hee Doo; Dong, Kyung Rae; Kweon, Dae Cheol; Kim, Hyun Soo

2008-01-01

This study is to prepare an evaluation standard about personal information protection and security management of a medical institution and to build up a grade standard of evaluation in PACS environment. We built up evaluation index based on 10 detailed items in four big categories (political security, technical security, data management security and physical security) by referring to ISO17799 (BS 7799), HIPPA (Health Insurance and Portability and Accountability Act of 1996) and domestic medical law. We have investigated at the thirty places where medical facility with the extracted security criteria and security evaluation index. Average score of physical security list, one of the big categories, was 18.5/20 (93%) at all medical institutions. Political security score was 18.5/30 (62%), data management security score was 12/20 (60%) and technical security score was 17.5/30 (58%). Therefore, security evaluation score was average 67 in 30 general hospitals, which was 4th level. The results showed that it is necessary to establish evaluation and management standard about personal information protection and security consciousness which are weak in PACS environment.

Security issues at the Department of Energy and records management

International Nuclear Information System (INIS)

NUSBAUM, ANNA W.

2000-01-01

In order to discuss the connection between security issues within the Department of Energy and records management, the author covers a bit of security history and talks about what she calls ''the Amazing Project''. Initiated in late May 1999, it was to be a tri-laboratory (Lawrence Livermore National Laboratory of Livermore, California, Los Alamos National Laboratory of Los Alamos, New Mexico, and Sandia National Laboratories of Albuquerque, New Mexico, and Livermore, California) project. The team that formed was tasked to develop the best set of security solutions that still enabled weapon mission work to get done and the security solutions were to be the same set for everyone. The amazing project was called ''The Integrated Security Management Project'', or ''ISecM' for short. She'll describe why she thinks this project was so amazing and what it accomplished. There's a bit of sad news about the project, but then she'll move onto discuss what was learned at Sandia as a result of the project and what they're currently doing in records management

Cost and performance analysis of physical security systems

International Nuclear Information System (INIS)

Hicks, M.J.; Yates, D.; Jago, W.H.

1997-01-01

CPA - Cost and Performance Analysis - is a prototype integration of existing PC-based cost and performance analysis tools: ACEIT (Automated Cost Estimating Integrated Tools) and ASSESS (Analytic System and Software for Evaluating Safeguards and Security). ACE is an existing DOD PC-based tool that supports cost analysis over the full life cycle of a system; that is, the cost to procure, operate, maintain and retire the system and all of its components. ASSESS is an existing DOE PC-based tool for analysis of performance of physical protection systems. Through CPA, the cost and performance data are collected into Excel workbooks, making the data readily available to analysts and decision makers in both tabular and graphical formats and at both the system and subsystem levels. The structure of the cost spreadsheets incorporates an activity-based approach to cost estimation. Activity-based costing (ABC) is an accounting philosophy used by industry to trace direct and indirect costs to the products or services of a business unit. By tracing costs through security sensors and procedures and then mapping the contributions of the various sensors and procedures to system effectiveness, the CPA architecture can provide security managers with information critical for both operational and strategic decisions. The architecture, features and applications of the CPA prototype are presented. 5 refs., 3 figs

On Business-Driven IT Security Management and Mismatches between Security Requirements in Firms, Industry Standards and Research Work

Science.gov (United States)

Frühwirth, Christian

Industry managers have long recognized the vital importance of information security for their businesses, but at the same time they perceived security as a technology-driven rather then a business-driven field. Today, this notion is changing and security management is shifting from technology- to business-oriented approaches. Whereas there is evidence of this shift in the literature, this paper argues that security standards and academic work have not yet taken it fully into account. We examine whether this disconnect has lead to a misalignment of IT security requirements in businesses versus industry standards and academic research. We conducted 13 interviews with practitioners from 9 different firms to investigate this question. The results present evidence for a significant gap between security requirements in industry standards and actually reported security vulnerabilities. We further find mismatches between the prioritization of security factors in businesses, standards and real-world threats. We conclude that security in companies serves the business need of protecting information availability to keep the business running at all times.

MANAGEMENT OF RESOURCES IN DYNAMICALLY CHANGING SECURITY ENVRIONMENT

Directory of Open Access Journals (Sweden)

Sevdalina Dimitrova

2014-09-01

Full Text Available The monograph recommends integration between science and practice, experts from national bodies and scientific research potential of academic community of military universities in the field of management of resources of security and defence in accordance to the challenges in security environment caused by its dynamic and often unpredictable changes.

Information Security Monitoring Process Research in Russian Federation Banking System Organization

Directory of Open Access Journals (Sweden)

Anton Sergeevich Zaytsev

2013-09-01

Full Text Available In this article the author considers documents and scientific articles that should be used to configure monitoring and information security incident management process in an organization of banking system of Russia. Also key principles of monitoring configuration were marked up and a technique of monitoring configuration was proposed. Principles of monitoring system configuration were defined and a set of documents used to legitimate monitoring and information incident management process was considered.

The development of KAERI management information system (II) -The development of Time Sheet Management System-

International Nuclear Information System (INIS)

Kang, Sin Bok; Kim, Yeong Taek; Park, Soo Jin; Ko, Yeong Cheol; Lee, Jong Bok; Han, Eun Sook; Kim, Hyeon Jeong

1994-01-01

The purpose of this report is to describe the work done for the development, operation and maintenance of Time Sheet Management System. This work is a part of the development KAERI management information system. Manpower management is essential to cope with the external circumstances promptly and to maximize the productivity of the organization. This work aims at setting up a basis for the manpower management system. It is widely recognized that neither timely decision making nor competitive edge can be secured with the traditional management technology in so a rapidly changing situations home and abroad, which can be characterized by openness and informality. The necessity of efficient and scientific man-power management by time-study has emerged on the reorganization of KAERI by expanding matrix system in order to enhance the R and D productivity. (Author)

RISK MANAGEMENT FROM THE INFORMATION SECURITY PERSPECTIVE

Directory of Open Access Journals (Sweden)

Riza Ionuț

2017-11-01

Full Text Available Risk management has emerged ever since the appearance of human communities and it has developed at a slow rate. Over time, a significant improvement was made, from accepting hazards to the identification, evaluation and control of unwanted events, threat prevention and exploitation of opportunities through scientific risk management actions. The fundamental role of research in cyber security is to concentrate the efforts on those contexts and conditions which determine the way in which key players reach a common understanding of the way to conceive and eventually answer to certain challenges in cyber security. In order to build a clear perception of these effects, this work presents the main elements which define cyber space, to come to the aid of turning the management process into an efficient one, especially when talking about cyber space as a space for conflicts, both economic and political.

5 CFR 9701.508 - Homeland Security Labor Relations Board.

Science.gov (United States)

2010-01-01

... MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Labor-Management Relations § 9701.508 Homeland Security Labor... impression or a major policy. (2) In cases where the full HSLRB acts, a vote of the majority of the HSLRB (or...

HITACHI security concept for industrial control systems

International Nuclear Information System (INIS)

Endoh, H.; Yamada, T.; Okubo, S.; Nakano, T.

2012-01-01

Security is a necessary factor for the safe and efficient operation of today's control systems. To ensure safe operation of control systems throughout their lifetime, security measures must be carefully planned in the development phase and then maintained continuously during the operation phase and other following phases. To ensure operation within the system's safe states, Hitachi proposes security concept processes (1) to derive security measures rationally and (2) to maintain the security model over the system life cycle. Hitachi also proposes security development programs which support the integration of standards-compliant systems and development of robust control equipment. (author)

Managing Materials and Wastes for Homeland Security Incidents

Science.gov (United States)

To provide information on waste management planning and preparedness before a homeland security incident, including preparing for the large amounts of waste that would need to be managed when an incident occurs, such as a large-scale natural disaster.

Emergency management and homeland security: Exploring the relationship.

Science.gov (United States)

Kahan, Jerome H

2015-01-01

In the years after the 9/11 tragedy, the United States continues to face risks from all forms of major disasters, from potentially dangerous terrorist attacks to catastrophic acts of nature. Professionals in the fields of emergency management and homeland security have responsibilities for ensuring that all levels of government, urban areas and communities, nongovernmental organizations, businesses, and individual citizens are prepared to deal with such hazards though actions that reduce risks to lives and property. Regrettably, the overall efficiency and effectiveness of the nation's ability to deal with disasters is unnecessarily challenged by the absence of a common understanding on how these fields are related in the workforce and educational arenas. Complicating matters further is the fact that neither of these fields has developed agreed definitions. In many ways, homeland security and emergency management have come to represent two different worlds and cultures. These conditions can have a deleterious effect on preparedness planning for public and private stakeholders across the nation when coordinated responses among federal, state, and local activities are essential for dealing with consequential hazards. This article demonstrates that the fields of emergency management and homeland security share many responsibilities but are not identical in scope or skills. It argues that emergency management should be considered a critical subset of the far broader and more strategic field of homeland security. From analytically based conclusions, it recommends five steps that be taken to bring these fields closer together to benefit more from their synergist relationship as well as from their individual contributions.

You Outsource the Service but Not the Risk: Supply Chain Risk Management for the Cyber Security of Safety Critical Systems

OpenAIRE

Johnson, Chris W.

2016-01-01

Companies increasingly form interdependent relationships between contractors and sub-contractors that extend\\ud across national borders and legal jurisdictions. In consequence, supply chain risk management (SCRM) is an\\ud increasing concern for the cyber security of safety-critical systems. The following pages argue that outsourcing\\ud undermines SCRM by eroding technical expertise, which companies need to select and audit their suppliers. They\\ud are still held accountable when the failure o...

Managing domino effect-related security of industrial areas

NARCIS (Netherlands)

Reniers, Genserik L L; Dullaert, W.; Audenaert, Amaryllis; Ale, B. J.M.; Soudan, K.

In chemical enterprises, security managers are interested in easy-to-handle and user-friendly decision-support tools, providing them with straightforward information ready for implementation. Therefore, a theoretical conceptualization on how to manage-in a relatively simple way-the prevention and

Securing the long-term financing of decommissioning and radioactive waste management - From cost estimates to a comprehensive financing system

International Nuclear Information System (INIS)

Aebersold, Michael

2003-01-01

One of the most important issues in the area of waste disposal concerns the long-term securing of the necessary financing. Large amounts of money will have to be invested, managed and subsequently spent at the appropriate time, over an extended period of 100 years or more. In an electricity market that is opening up across Europe and is characterised by complicated legal structures, a focus on a handful of major groups and cost pressure due to increased competition, it will be necessary to create the corresponding background conditions. The anticipated costs for decommissioning and disposal will have to be calculated or estimated on the basis of available know-how and criteria. The required funds will then have to be collected and invested on the domestic and international money markets, which given the current situation on the stock markets will by no means be an easy task. But the assurance that enough money will be available is essential for public confidence. Using Switzerland as an example, the author wishes to demonstrate which steps are necessary in order to calculate the potential decommissioning and waste disposal costs based on a defined disposal concept and programme, determine the annual contributions to be paid in by operators, and establish a suitable system for securing the necessary funding. This paper deals with the following issues: 1. Political background and legislative framework in Switzerland; 2. Swiss radioactive waste management policy and programmes; 3. Calculating the decommissioning and waste management costs; 4. Calculating the contributions to the Funds; 5. Financing system

CC-based Design of Secure Application Systems

DEFF Research Database (Denmark)

Sharp, Robin

2009-01-01

This paper describes some experiences with using the Common Criteria for Information Security Evaluation as the basis for a design methodology for secure application systems. The examples considered include a Point-of-Sale (POS) system, a wind turbine park monitoring and control system and a secu...... an effective and secure design, starting with the formulation of a Protection Profile and ending with a concrete design, within the project timeframe.......This paper describes some experiences with using the Common Criteria for Information Security Evaluation as the basis for a design methodology for secure application systems. The examples considered include a Point-of-Sale (POS) system, a wind turbine park monitoring and control system and a secure...

Healthcare Blockchain System Using Smart Contracts for Secure Automated Remote Patient Monitoring.

Science.gov (United States)

Griggs, Kristen N; Ossipova, Olya; Kohlios, Christopher P; Baccarini, Alessandro N; Howson, Emily A; Hayajneh, Thaier

2018-06-06

As Internet of Things (IoT) devices and other remote patient monitoring systems increase in popularity, security concerns about the transfer and logging of data transactions arise. In order to handle the protected health information (PHI) generated by these devices, we propose utilizing blockchain-based smart contracts to facilitate secure analysis and management of medical sensors. Using a private blockchain based on the Ethereum protocol, we created a system where the sensors communicate with a smart device that calls smart contracts and writes records of all events on the blockchain. This smart contract system would support real-time patient monitoring and medical interventions by sending notifications to patients and medical professionals, while also maintaining a secure record of who has initiated these activities. This would resolve many security vulnerabilities associated with remote patient monitoring and automate the delivery of notifications to all involved parties in a HIPAA compliant manner.

Cybersecurity managing systems, conducting testing, and investigating intrusions

CERN Document Server

Mowbray, Thomas J

2013-01-01

A must-have, hands-on guide for working in the cybersecurity profession Cybersecurity involves preventative methods to protect information from attacks. It requires a thorough understanding of potential threats, such as viruses and other malicious code, as well as system vulnerability and security architecture. This essential book addresses cybersecurity strategies that include identity management, risk management, and incident management, and also serves as a detailed guide for anyone looking to enter the security profession. Doubling as the text for a cybersecurity course, it is also a usef

Lighting system with thermal management system having point contact synthetic jets

Science.gov (United States)

Arik, Mehmet; Weaver, Stanton Earl; Kuenzler, Glenn Howard; Wolfe, Jr., Charles Franklin; Sharma, Rajdeep

2013-12-10

Lighting system having unique configurations are provided. For instance, the lighting system may include a light source, a thermal management system and driver electronics, each contained within a housing structure. The light source is configured to provide illumination visible through an opening in the housing structure. The thermal management system includes a plurality of synthetic jets. The synthetic jets are arranged within the lighting system such that they are secured at contact points.

Information security becoming a priority for utilities

Energy Technology Data Exchange (ETDEWEB)

Nicolaides, S. [Numerex, Atlanta, GA (United States)

2009-10-15

As part of North America's national critical infrastructure, utilities are finding themselves at the forefront of a security issue. In October 2007, a leading security service provider reported a 90 per cent increase in the number of hackers attempting to attack its utility clients in just one year. Utilities are vulnerable to cyber attacks that could disrupt power production and the transmission system. This article discussed the need for intelligent technologies in securely enabling resource management and operational efficiency of the utilities market. It discussed the unique security challenges that utilities face at a time of greater regulatory activity, heightened environmental concerns, tighter data security requirements and an increasing need for remote monitoring and control. A new tool has emerged for cyber security in the form of an international standard that may offer a strong guideline to work toward 11 security domains. These include security policy; organization of information security; asset management; human resources security; physical and environmental security; communications and operations management; access control; information systems acquisition; development and maintenance; information security incident management; business continuity management; and compliance. 2 figs.

SMS security system for smart home detectors

OpenAIRE

Cekova, Katerina; Gelev, Saso

2016-01-01

Security has always been an important problem everywhere. Home security has been a major issue where crime is increasing and everybody wants home security to protect the home. Safety from theft and flame are the most important requirements of a home security system for people. A remote home security system offers many benefits from keeping homeowners, and their property safe. This paper present controlling of the home security system remotely from Android Application. Owners can turn on or...

Security Controls for NPP I and C Systems

International Nuclear Information System (INIS)

Kim, Y. M.; Jeong, C. H.; Kim, T. H.

2014-01-01

In Korea, regulatory body have required cyber security plan for nuclear I and C system. Also, all I and C systems and equipment must be classified according to cyber security level and technical, operational and managerial security controls must be provided based on each level. It is necessary to determine the best set of security controls for NPP I and C system. In our research, selection, implementation and verification process of security controls which can be used for I and C systems has developed. For establishing the cyber security of the nuclear I and C system, special cyber security system which consider the difference between general IT system and nuclear I and C system is needed. This research, we developed security improvement methodology for NPP I and C system through establishing security control, applying and verifying activity. Also, the cyber security activities which are needed during development are defined. It is expected that the methodology which has been developed by this research can be used for establish, implement, evaluate the security controls for protecting nuclear I and C system from cyber-attacks

Security Controls for NPP I and C Systems

Energy Technology Data Exchange (ETDEWEB)

Kim, Y. M.; Jeong, C. H. [Korea Institute of Nuclear Safety, Daejeon (Korea, Republic of); Kim, T. H. [Formal Works Inc., Seoul (Korea, Republic of)

2014-05-15

In Korea, regulatory body have required cyber security plan for nuclear I and C system. Also, all I and C systems and equipment must be classified according to cyber security level and technical, operational and managerial security controls must be provided based on each level. It is necessary to determine the best set of security controls for NPP I and C system. In our research, selection, implementation and verification process of security controls which can be used for I and C systems has developed. For establishing the cyber security of the nuclear I and C system, special cyber security system which consider the difference between general IT system and nuclear I and C system is needed. This research, we developed security improvement methodology for NPP I and C system through establishing security control, applying and verifying activity. Also, the cyber security activities which are needed during development are defined. It is expected that the methodology which has been developed by this research can be used for establish, implement, evaluate the security controls for protecting nuclear I and C system from cyber-attacks.