Security Measures to Protect Mobile Agents

Science.gov (United States)

Dadhich, Piyanka; Govil, M. C.; Dutta, Kamlesh

2010-11-01

The security issues of mobile agent systems have embarrassed its widespread implementation. Mobile agents that move around the network are not safe because the remote hosts that accommodate the agents initiates all kinds of attacks. These hosts try to analyze the agent's decision logic and their accumulated data. So, mobile agent security is the most challenging unsolved problems. The paper analyzes various security measures deeply. Security especially the attacks performed by hosts to the visiting mobile agent (the malicious hosts problem) is a major obstacle that prevents mobile agent technology from being widely adopted. Being the running environment for mobile agent, the host has full control over them and could easily perform many kinds of attacks against them.

A model based security testing method for protocol implementation.

Science.gov (United States)

Fu, Yu Long; Xin, Xiao Long

2014-01-01

The security of protocol implementation is important and hard to be verified. Since the penetration testing is usually based on the experience of the security tester and the specific protocol specifications, a formal and automatic verification method is always required. In this paper, we propose an extended model of IOLTS to describe the legal roles and intruders of security protocol implementations, and then combine them together to generate the suitable test cases to verify the security of protocol implementation.

Security of Nuclear Information. Implementing Guide

International Nuclear Information System (INIS)

2015-01-01

This publication provides guidance on implementing the principle of confidentiality and on the broader aspects of information security (i.e. integrity and availability). It assists States in bridging the gap between existing government and industry standards on information security, the particular concepts and considerations that apply to nuclear security and the special provisions and conditions that exist when dealing with nuclear material and other radioactive material. Specifically it seeks to assist states in the identification, classification, and assignment of appropriate security controls to information that could adversely impact nuclear security if compromised

Cyber security awareness toolkit for national security: an approach to South Africa's cyber security policy implementation

CSIR Research Space (South Africa)

Phahlamohlaka, LJ

2011-05-01

Full Text Available The aim of this paper is to propose an approach that South Africa could follow in implementing its proposed cyber security policy. The paper proposes a Cyber Security Awareness Toolkit that is underpinned by key National Security imperatives...

76 FR 78009 - Information Collection; Implementation of Information Technology Security Provision

Science.gov (United States)

2011-12-15

...] Information Collection; Implementation of Information Technology Security Provision AGENCY: General Services... collection requirement regarding Implementation of Information Technology Security Provision. Public comments... Information Collection 3090- 0294, Implementation of Information Technology Security Provision, by any of the...

Computer-implemented security evaluation methods, security evaluation systems, and articles of manufacture

Science.gov (United States)

Muller, George; Perkins, Casey J.; Lancaster, Mary J.; MacDonald, Douglas G.; Clements, Samuel L.; Hutton, William J.; Patrick, Scott W.; Key, Bradley Robert

2015-07-28

Computer-implemented security evaluation methods, security evaluation systems, and articles of manufacture are described. According to one aspect, a computer-implemented security evaluation method includes accessing information regarding a physical architecture and a cyber architecture of a facility, building a model of the facility comprising a plurality of physical areas of the physical architecture, a plurality of cyber areas of the cyber architecture, and a plurality of pathways between the physical areas and the cyber areas, identifying a target within the facility, executing the model a plurality of times to simulate a plurality of attacks against the target by an adversary traversing at least one of the areas in the physical domain and at least one of the areas in the cyber domain, and using results of the executing, providing information regarding a security risk of the facility with respect to the target.

Effect of Organizational Factors on Information Security Implementations

Science.gov (United States)

Perez, Rafael G.

2013-01-01

The purpose of this quantitative inferential study is to determine the level of correlation between the organizational factors of information security awareness, balanced security processes, and organizational structure with the size of the estimation gap of information security implementations mediated by the end user intentionality. The study…

Security engineering: Phisical security measures for high-risk personnel

Directory of Open Access Journals (Sweden)

Jelena S. Cice

2013-06-01

Full Text Available The design of physical security measures is a specialized technical area that does not fall in the normal skill record and resume of commanders, architects, engineers, and project managers. This document provides guidance to those parties tasked with implementing existing and emerging physical protection system requirements: -    Creation of a single-source reference for the design and construction of physical security measures for high-risk personnel (HRP. -    Promulgation of multi-service standard recommendations and considerations. -    Potential increase of productivity of HRP and reduced temporary housing costs through clarification of considerations, guidance on planning, and provision of design solutions. -    Reduction of facility project costs. -    Better performance of modernized facilities, in terms of force protection, than original facilities. Throughout this process you must ensure: confidentiality, appropriate Public Relations, sustainability, compliance with all industrial guidelines and legal and regulatory requirement, constant review and revision to accommodate new circumstances or threats. Introduction Physical security is an extremely broad topic. It encompasses access control devices such as smart cards, air filtration and fireproofing. It is also heavily reliant on infrastructure. This means that many of the ideal physical security measures may not be economically or physically feasible for existing sites. Many businesses do not have the option of building their own facility from the ground up; thus physical security often must be integrated into an existing structure. This limits the overall set of security measures that can be installed. There is an aspect of physical security that is often overlooked; the humans that interact with it. Humans commit crime for a number of reasons. The document focuses on two building types: the HRP office and the HRP residence. HRP are personnel who are likely to be

Security in the transport of radioactive material: Implementing guide. Spanish edition

International Nuclear Information System (INIS)

2013-01-01

This guide provides States with guidance in implementing, maintaining or enhancing a nuclear security regime to protect radioactive material (including nuclear material) in transport against theft, sabotage or other malicious acts that could, if successful, have unacceptable radiological consequences. From a security point of view, a threshold is defined for determining which packages or types of radioactive material need to be protected beyond prudent management practice. Minimizing the likelihood of theft or sabotage of radioactive material in transport is accomplished by a combination of measures to deter, detect, delay and respond to such acts. These measures are complemented by other measures to recover stolen material and to mitigate possible consequences, in order to further reduce the risks

Security in the Transport of Radioactive Material. Implementing Guide (French Edition)

International Nuclear Information System (INIS)

2012-01-01

This guide provides States with guidance in implementing, maintaining or enhancing a nuclear security regime to protect radioactive material (including nuclear material) in transport against theft, sabotage or other malicious acts that could, if successful, have unacceptable radiological consequences. From a security point of view, a threshold is defined for determining which packages or types of radioactive material need to be protected beyond prudent management practice. Minimizing the likelihood of theft or sabotage of radioactive material in transport is accomplished by a combination of measures to deter, detect, delay and respond to such acts. These measures are complemented by other measures to recover stolen material and to mitigate possible consequences, in order to further reduce the risks.

Security in the Transport of Radioactive Material. Implementing Guide (Chinese Edition)

International Nuclear Information System (INIS)

2012-01-01

This guide provides States with guidance in implementing, maintaining or enhancing a nuclear security regime to protect radioactive material (including nuclear material) in transport against theft, sabotage or other malicious acts that could, if successful, have unacceptable radiological consequences. From a security point of view, a threshold is defined for determining which packages or types of radioactive material need to be protected beyond prudent management practice. Minimizing the likelihood of theft or sabotage of radioactive material in transport is accomplished by a combination of measures to deter, detect, delay and respond to such acts. These measures are complemented by other measures to recover stolen material and to mitigate possible consequences, in order to further reduce the risks.

Implementation Support of Security Design Patterns Using Test Templates

Directory of Open Access Journals (Sweden)

Masatoshi Yoshizawa

2016-06-01

Full Text Available Security patterns are intended to support software developers as the patterns encapsulate security expert knowledge. However, these patterns may be inappropriately applied because most developers are not security experts, leading to threats and vulnerabilities. Here we propose a support method for security design patterns in the implementation phase of software development. Our method creates a test template from a security design pattern, consisting of an “aspect test template” to observe the internal processing and a “test case template”. Providing design information creates a test from the test template with a tool. Because our test template is reusable, it can easily perform a test to validate a security design pattern. In an experiment involving four students majoring in information sciences, we confirm that our method can realize an effective test, verify pattern applications, and support pattern implementation.

Security Guidelines for the Development of Accessible Web Applications through the implementation of intelligent systems

Directory of Open Access Journals (Sweden)

Luis Joyanes Aguilar

2009-12-01

Full Text Available Due to the significant increase in threats, attacks and vulnerabilities that affect the Web in recent years has resulted the development and implementation of pools and methods to ensure security measures in the privacy, confidentiality and data integrity of users and businesses. Under certain circumstances, despite the implementation of these tools do not always get the flow of information which is passed in a secure manner. Many of these security tools and methods cannot be accessed by people who have disabilities or assistive technologies which enable people to access the Web efficiently. Among these security tools that are not accessible are the virtual keyboard, the CAPTCHA and other technologies that help to some extent to ensure safety on the Internet and are used in certain measures to combat malicious code and attacks that have been increased in recent times on the Web. Through the implementation of intelligent systems can detect, recover and receive information on the characteristics and properties of the different tools and hardware devices or software with which the user is accessing a web application and through analysis and interpretation of these intelligent systems can infer and automatically adjust the characteristics necessary to have these tools to be accessible by anyone regardless of disability or navigation context. This paper defines a set of guidelines and specific features that should have the security tools and methods to ensure the Web accessibility through the implementation of intelligent systems.

33 CFR 105.230 - Maritime Security (MARSEC) Level coordination and implementation.

Science.gov (United States)

2010-07-01

... 33 Navigation and Navigable Waters 1 2010-07-01 2010-07-01 false Maritime Security (MARSEC) Level..., DEPARTMENT OF HOMELAND SECURITY MARITIME SECURITY MARITIME SECURITY: FACILITIES Facility Security Requirements § 105.230 Maritime Security (MARSEC) Level coordination and implementation. (a) The facility owner...

33 CFR 104.240 - Maritime Security (MARSEC) Level coordination and implementation.

Science.gov (United States)

2010-07-01

... 33 Navigation and Navigable Waters 1 2010-07-01 2010-07-01 false Maritime Security (MARSEC) Level..., DEPARTMENT OF HOMELAND SECURITY MARITIME SECURITY MARITIME SECURITY: VESSELS Vessel Security Requirements § 104.240 Maritime Security (MARSEC) Level coordination and implementation. (a) The vessel owner or...

Cyber security awareness toolkit for national security: An approach to South Africa’s cybersecurity policy implementation

CSIR Research Space (South Africa)

Phahlamohlaka, LJ

2011-05-01

Full Text Available The aim of this paper is to propose an approach that South Africa could follow in implementing its proposed Cyber security policy. The paper proposes a Cyber Security Awareness Toolkit that is underpinned by key National Security imperatives as well...

Experience of executing security measures

International Nuclear Information System (INIS)

Nakano, Hiromasa

1995-01-01

Japan possesses many nuclear power stations and atomic energy research and development facilities, and obtained much experience of security measures such as the inspection by the government and IAEA, the technical development and so on in respective facilities. In this report, the activities of security measures in Japan are introduced, centering around the experience of Power Reactor and Nuclear Fuel Development Corporation. Japan ratified the nuclear nonproliferation treaty (NPT) in 1976, and concluded the agreement with IAEA in 1977. It is called security measures to technically confirm that nuclear substances are not used for nuclear weapons, and to find early and prevent the production of nuclear weapons. The security measures consist of the quantity management by the balance of nuclear substances are the inspection by the government and IAEA. The present state of security measures in centrifugal uranium enrichment plants, the fabrication factories of low enriched uranium fuel, nuclear reactors, fuel reprocessing plants, and plutonium fuel factories is reported. The amount of inspection works of the government was 1861 man-day/year in 1993. As the subjects related to security measures of hereafter, the quantity management by respective facilities, the technology of verifying the measurement by inspectors, the points of beginning and finishing security measures, the security measures of hereafter and the international cooperation are described. (K.I.)

Security Measures in Data Mining

OpenAIRE

Anish Gupta; Vimal Bibhu; Rashid Hussain

2012-01-01

Data mining is a technique to dig the data from the large databases for analysis and executive decision making. Security aspect is one of the measure requirement for data mining applications. In this paper we present security requirement measures for the data mining. We summarize the requirements of security for data mining in tabular format. The summarization is performed by the requirements with different aspects of security measure of data mining. The performances and outcomes are determin...

IT Security Management Implementation Model in Iranian Bank Industry

Directory of Open Access Journals (Sweden)

Mona Vanaki

2017-06-01

Full Text Available According to the complexity and differences between Iranian banks and other developed countries the appropriate actions to implement effective security management of information technology have not been taken. The aim of this study was to create a powerful model by selecting the appropriate security controls to protect information assets in the bank. In this model, at first the principle set fort in ISO standard 27001, was extracted and then by further studies derived from best practices carried out in the world on the related subject from 2008 to 2016 using a qualitative descriptive method, points comply with information security management in the banking industry were added to it. With the study of Iranian banks in dealing with IT security management system and with help of action research tools, provisions which prevent the actual implementation of this standard was removed and finally a conceptual model with operating instructions and considering all the principles of information security management standard, as well as banking institutions focusing on the characteristics of Iran was proposed.

Monitoring the Implementation of State Regulation of National Economic Security

Directory of Open Access Journals (Sweden)

Hubarieva Iryna O.

2018-03-01

Full Text Available The aim of the article is to improve the methodological tools for monitoring the implementation of state regulation of national economic security. The approaches to defining the essence of the concept of “national economic security” are generalized. Assessment of the level of national economic security is a key element in monitoring the implementation of state regulation in this area. Recommendations for improving the methodology for assessing national economic security, the calculation algorithm of which includes four interrelated components (economic, political, social, spiritual one, suggests using analysis methods (correlation and cluster analysis, and taxonomy, which allows to determine the level and disproportion of development, can serve as a basis for monitoring the implementation of state regulation of national economic security. Such an approach to assessing national economic security makes it possible to determine the place (rank that a country occupies in a totality of countries, the dynamics of changing ranks over a certain period of time, to identify problem components, and monitor the effectiveness of state regulation of the national economic security. It the course of the research it was determined that the economic sphere is the main problem component of ensuring the security of Ukraine’s economy. The analysis made it possible to identify the most problematic partial indicators in the economic sphere of Ukraine: economic globalization, uneven economic development, level of infrastructure, level of financial market development, level of economic instability, macroeconomic stability. These indicators have a stable negative dynamics and a downward trend, which requires an immediate intervention of state bodies to ensure the national economic security.

METHOD FOR SECURITY SPECIFICATION SOFTWARE REQUIREMENTS AS A MEANS FOR IMPLEMENTING A SOFTWARE DEVELOPMENT PROCESS SECURE - MERSEC

Directory of Open Access Journals (Sweden)

Castro Mecías, L.T.

2015-06-01

Full Text Available Often security incidents that have the object or use the software as a means of causing serious damage and legal, economic consequences, etc. Results of a survey by Kaspersky Lab reflectvulnerabilities in software are the main cause of security incidents in enterprises, the report shows that 85% of them have reported security incidents and vulnerabilities in software are the main reason is further estimated that incidents can cause significant losses estimated from 50,000 to $ 649.000. (1 In this regard academic and industry research focuses on proposals based on reducing vulnerabilities and failures of technology, with a positive influence on how the software is developed. A development process for improved safety practices and should include activities from the initial phases of the software; so that security needs are identified, manage risk and appropriate measures are implemented. This article discusses a method of analysis, acquisition and requirements specification of the software safety analysis on the basis of various proposals and deficiencies identified from participant observation in software development teams. Experiments performed using the proposed yields positive results regarding the reduction of security vulnerabilities and compliance with the safety objectives of the software.

IMPLEMENTATION OF SECURITY CONTROLS ACCORDING TO ISO/IEC 27002 IN A SMALL ORGANISATION

Directory of Open Access Journals (Sweden)

MATÚŠ HORVÁTH

2009-12-01

Full Text Available Information security should be today a key issue in any organization. With the implementation of information security management system (ISMS the organization can identify and reduce risks in this area. This the area of information security management covers a numbers of ISO / IEC 27000 standards, which are based on best practice solutions. However, smaller organizations are often discourages with the implementation of these systems, because of fear of high cost and complexity. Especially due to the fact that the standards does not strictly require implementation of all security controls it is possible to implement these systems in small-size organizations. In this article, we want to point on this fact through describing practical experience with ISMS implementation in small-size organization.

Study On Safeguard Measures for Implementing Overall Planning of Land Use

Institute of Scientific and Technical Information of China (English)

2011-01-01

Based on minutely analysing the main problems existing in safeguard measures for implementing a new round of overall planning of land use,this paper constructs implementation security system of overall planning of land use,and puts forward the principles and basis of formulating safeguard measures for implementing overall planning of land use.Finally,this paper establishes the content system of safeguard measures:effectively strengthen social supervision;strengthen administrative management of land use planning;strengthen economic management of land use planning;reinforce the legal status of planning;establish incentive and constraint mechanism for reinforcing implementation;improve support system of planning.

University building safety index measurement using risk and implementation matrix

Science.gov (United States)

Rahman, A.; Arumsari, F.; Maryani, A.

2018-04-01

Many high rise building constructed in several universities in Indonesia. The high-rise building management must provide the safety planning and proper safety equipment in each part of the building. Unfortunately, most of the university in Indonesia have not been applying safety policy yet and less awareness on treating safety facilities. Several fire accidents in university showed that some significant risk should be managed by the building management. This research developed a framework for measuring the high rise building safety index in university The framework is not only assessed the risk magnitude but also designed modular building safety checklist for measuring the safety implementation level. The safety checklist has been developed for 8 types of the university rooms, i.e.: office, classroom, 4 type of laboratories, canteen, and library. University building safety index determined using risk-implementation matrix by measuring the risk magnitude and assessing the safety implementation level. Building Safety Index measurement has been applied in 4 high rise buildings in ITS Campus. The building assessment showed that the rectorate building in secure condition and chemical department building in beware condition. While the library and administration center building was in less secure condition.

FPGA implementation cost and performance evaluation of IEEE 802.11 protocol encryption security schemes

Science.gov (United States)

Sklavos, N.; Selimis, G.; Koufopavlou, O.

2005-01-01

The explosive growth of internet and consumer demand for mobility has fuelled the exponential growth of wireless communications and networks. Mobile users want access to services and information, from both internet and personal devices, from a range of locations without the use of a cable medium. IEEE 802.11 is one of the most widely used wireless standards of our days. The amount of access and mobility into wireless networks requires a security infrastructure that protects communication within that network. The security of this protocol is based on the wired equivalent privacy (WEP) scheme. Currently, all the IEEE 802.11 market products support WEP. But recently, the 802.11i working group introduced the advanced encryption standard (AES), as the security scheme for the future IEEE 802.11 applications. In this paper, the hardware integrations of WEP and AES are studied. A field programmable gate array (FPGA) device has been used as the hardware implementation platform, for a fair comparison between the two security schemes. Measurements for the FPGA implementation cost, operating frequency, power consumption and performance are given.

FPGA implementation cost and performance evaluation of IEEE 802.11 protocol encryption security schemes

International Nuclear Information System (INIS)

Sklavos, N; Selimis, G; Koufopavlou, O

2005-01-01

The explosive growth of internet and consumer demand for mobility has fuelled the exponential growth of wireless communications and networks. Mobile users want access to services and information, from both internet and personal devices, from a range of locations without the use of a cable medium. IEEE 802.11 is one of the most widely used wireless standards of our days. The amount of access and mobility into wireless networks requires a security infrastructure that protects communication within that network. The security of this protocol is based on the wired equivalent privacy (WEP) scheme. Currently, all the IEEE 802.11 market products support WEP. But recently, the 802.11i working group introduced the advanced encryption standard (AES), as the security scheme for the future IEEE 802.11 applications. In this paper, the hardware integrations of WEP and AES are studied. A field programmable gate array (FPGA) device has been used as the hardware implementation platform, for a fair comparison between the two security schemes. Measurements for the FPGA implementation cost, operating frequency, power consumption and performance are given

A study on the development of national guide for implementing nuclear security culture in ROK

Energy Technology Data Exchange (ETDEWEB)

Koh, Moonsung; Lee, Youngwook; Yoo, Hosik [Korea Institute of Nuclear Nonproliferation and Control, Daejeon (Korea, Republic of)

2014-05-15

Among the extended concepts, a remarkable thing is that nuclear security began to be focused on the human factor as well as technical factors (hardware and software system) because most security lapses at nuclear power facilities result from human failings such as low motivation, miscalculation, or malice. Nuclear Security Culture (NSC) is designed to improve the performance of the human factor and to make its interface with security technology and regulations more effective and smooth. There is a need to develop a variety of more efficient tools for achieving sustainable nuclear security culture. We studied for the implementing guide to establish and enhance the nuclear security culture. We have developed the Nuclear Security Culture Implementing Guidelines for licensees in order to enhance nuclear security culture. Licensees have separately established a separate code of conduct on nuclear security culture for their daily business based on such Implementing Guidelines. The Nuclear Security Culture Implementing Guidelines were developed with sufficient consideration of both the IAEA Security Series on nuclear security culture and the Korean circumstances. In all, the Korean government and licensees have timely established and applied the Implementing Guidelines and code of conduct and consequently paved the way for further improvements of the Korean nuclear security regime. The nuclear security culture will facilitate and optimize the human aspects in our nuclear security programs.

A study on the development of national guide for implementing nuclear security culture in ROK

International Nuclear Information System (INIS)

Koh, Moonsung; Lee, Youngwook; Yoo, Hosik

2014-01-01

Among the extended concepts, a remarkable thing is that nuclear security began to be focused on the human factor as well as technical factors (hardware and software system) because most security lapses at nuclear power facilities result from human failings such as low motivation, miscalculation, or malice. Nuclear Security Culture (NSC) is designed to improve the performance of the human factor and to make its interface with security technology and regulations more effective and smooth. There is a need to develop a variety of more efficient tools for achieving sustainable nuclear security culture. We studied for the implementing guide to establish and enhance the nuclear security culture. We have developed the Nuclear Security Culture Implementing Guidelines for licensees in order to enhance nuclear security culture. Licensees have separately established a separate code of conduct on nuclear security culture for their daily business based on such Implementing Guidelines. The Nuclear Security Culture Implementing Guidelines were developed with sufficient consideration of both the IAEA Security Series on nuclear security culture and the Korean circumstances. In all, the Korean government and licensees have timely established and applied the Implementing Guidelines and code of conduct and consequently paved the way for further improvements of the Korean nuclear security regime. The nuclear security culture will facilitate and optimize the human aspects in our nuclear security programs

The Strengthening Nuclear Security Implementation initiative: evolution, status and next steps

NARCIS (Netherlands)

Dal, B.; Herbach, J.; Luongo, K.N.

2015-01-01

The "Strengthening Nuclear Security Implementation" initiative broke new ground at the 2014 Nuclear Security Summit in the effort to harmonize and strengthen the global nuclear security regime. This report discusses the significance of the initiative, the importance of expanding its signatories, and

A Methodology to Implement an Information Security Management System

Directory of Open Access Journals (Sweden)

Alaíde Barbosa Martins

2005-08-01

Full Text Available Information security has actually been a major challenge to most organizations. Indeed, information security is an ongoing risk management process that covers all of the information that needs to be protected. ISO 17799 offers what companies need in order to better manage information security. The best way to implement this standard is to ease the security management process using a methodology that will define will define guidelines, procedures and tools that will be needed along the way. Hence, this paper proposes a methodology to assist companies in assessing their compliance with BS 7799/ ISO 17799 as well as planning and implementing the actions necessary to become compliant or certified to the standard. The concepts and ideas presented here had been applied in a case study involving the Cetrel S/A - Company of Environmental Protection. For this company, responsible for treatment of industrial residues generated by the Camaçari Petrochemical Complex and adjacent areas, to assure confidentiality and integrity of customers' data is a basic requirement.

Securing a control system: experiences from ISO 27001 implementation

International Nuclear Information System (INIS)

Vuppala, V.; Vincent, J.; Kusler, J.; Davidson, K.

2012-01-01

Recent incidents of breaches, in control systems in specific and information systems in general, have emphasized the importance of security and operational continuity in achieving the quality objectives of an organization, and the safety of its personnel and infrastructure. However, security and disaster recovery are either completely ignored or given a low priority during the design and development of an accelerator control system, the underlying technologies, and the overlaid applications. This leads to an operational facility that is easy to breach, and difficult to recover. Retrofitting security into a control system becomes much more difficult during operations. In this paper we describe our experiences with implementing ISO/IEC 27001 Standard for information security at the Electronics Department of the National Superconducting Cyclotron Laboratory (NSCL) located on the campus of Michigan State University. We describe our risk assessment methodology, the identified risks, the selected controls, their implementation, and our documentation structure. We also report the current status of the project. We conclude with the challenges faced and the lessons learnt. (authors)

Wide Area Measurement Based Security Assessment & Monitoring of Modern Power System: A Danish Power System Case Study

DEFF Research Database (Denmark)

Rather, Zakir Hussain; Chen, Zhe; Thøgersen, Paul

2013-01-01

Power System security has become a major concern across the global power system community. This paper presents wide area measurement system (WAMS) based security assessment and monitoring of modern power system. A new three dimensional security index (TDSI) has been proposed for online security...... monitoring of modern power system with large scale renewable energy penetration. Phasor measurement unit (PMU) based WAMS has been implemented in western Danish Power System to realize online security monitoring and assessment in power system control center. The proposed security monitoring system has been...

Pitfalls and Security Measures for the Mobile EMR System in Medical Facilities.

Science.gov (United States)

Yeo, Kiho; Lee, Keehyuck; Kim, Jong-Min; Kim, Tae-Hun; Choi, Yong-Hoon; Jeong, Woo-Jin; Hwang, Hee; Baek, Rong Min; Yoo, Sooyoung

2012-06-01

The goal of this paper is to examine the security measures that should be reviewed by medical facilities that are trying to implement mobile Electronic Medical Record (EMR) systems designed for hospitals. The study of the security requirements for a mobile EMR system is divided into legal considerations and sectional security investigations. Legal considerations were examined with regard to remote medical services, patients' personal information and EMR, medical devices, the establishment of mobile systems, and mobile applications. For the 4 sectional security investigations, the mobile security level SL-3 from the Smartphone Security Standards of the National Intelligence Service (NIS) was used. From a compliance perspective, legal considerations for various laws and guidelines of mobile EMR were executed according to the model of the legal considerations. To correspond to the SL-3, separation of DMZ and wireless network is needed. Mobile access servers must be located in only the smartphone DMZ. Furthermore, security measures like 24-hour security control, WIPS, VPN, MDM, and ISMS for each section are needed to establish a secure mobile EMR system. This paper suggested a direction for applying regulatory measures to strengthen the security of a mobile EMR system in accordance with the standard security requirements presented by the Smartphone Security Guideline of the NIS. A future study on the materialization of these suggestions after their application at actual medical facilities can be used as an illustrative case to determine the degree to which theory and reality correspond with one another.

Pro PHP Security From Application Security Principles to the Implementation of XSS Defenses

CERN Document Server

Snyder, Chris; Southwell, Michael

2010-01-01

PHP security, just like PHP itself, has advanced. Updated for PHP 5.3, the second edition of this authoritative PHP security book covers foundational PHP security topics like SQL injection, XSS, user authentication, and secure PHP development. Chris Snyder and Tom Myer also dive into recent developments like mobile security, the impact of Javascript, and the advantages of recent PHP hardening efforts. Pro PHP Security, Second Edition will serve as your complete guide for taking defensive and proactive security measures within your PHP applications. Beginners in secure programming will find a l

How to implement security controls for an information security program at CBRN facilities

International Nuclear Information System (INIS)

Lenaeus, Joseph D.; O'Neil, Lori Ross; Leitch, Rosalyn M.; Glantz, Clifford S.; Landine, Guy P.; Bryant, Janet L.; Lewis, John; Mathers, Gemma; Rodger, Robert; Johnson, Christopher

2015-01-01

This document was prepared by PNNL within the framework of Project 19 of the European Union Chemical Biological Radiological and Nuclear Risk Mitigation Centres of Excellence Initiative entitled, ''Development of procedures and guidelines to create and improve secure information management systems and data exchange mechanisms for CBRN materials under regulatory control.'' It provides management and workers at CBRN facilities, parent organization managers responsible for those facilities, and regulatory agencies (governmental and nongovernmental) with guidance on the best practices for protecting information security. The security mitigation approaches presented in this document were chosen because they present generally accepted guidance in an easy-to-understand manner, making it easier for facility personnel to grasp key concepts and envision how security controls could be implemented by the facility. This guidance is presented from a risk management perspective.

How to implement security controls for an information security program at CBRN facilities

Energy Technology Data Exchange (ETDEWEB)

Lenaeus, Joseph D. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); O' Neil, Lori Ross [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Leitch, Rosalyn M. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Glantz, Clifford S. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Landine, Guy P. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Bryant, Janet L. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Lewis, John [National Nuclear Lab., Workington (United Kingdom); Mathers, Gemma [National Nuclear Lab., Workington (United Kingdom); Rodger, Robert [National Nuclear Lab., Workington (United Kingdom); Johnson, Christopher [National Nuclear Lab., Workington (United Kingdom)

2015-12-01

This document was prepared by PNNL within the framework of Project 19 of the European Union Chemical Biological Radiological and Nuclear Risk Mitigation Centres of Excellence Initiative entitled, ''Development of procedures and guidelines to create and improve secure information management systems and data exchange mechanisms for CBRN materials under regulatory control.'' It provides management and workers at CBRN facilities, parent organization managers responsible for those facilities, and regulatory agencies (governmental and nongovernmental) with guidance on the best practices for protecting information security. The security mitigation approaches presented in this document were chosen because they present generally accepted guidance in an easy-to-understand manner, making it easier for facility personnel to grasp key concepts and envision how security controls could be implemented by the facility. This guidance is presented from a risk management perspective.

Internal Interface Diversification as a Security Measure in Sensor Networks

Directory of Open Access Journals (Sweden)

Sampsa Rauti

2018-03-01

Full Text Available More actuator and sensor devices are connected to the Internet of Things (IoT every day, and the network keeps growing, while software security of the devices is often incomplete. Sensor networks and the IoT in general currently cover a large number of devices with an identical internal interface structure. By diversifying the internal interfaces, the interfaces on each node of the network are made unique, and it is possible to break the software monoculture of easily exploitable identical systems. This paper proposes internal interface diversification as a security measure for sensor networks. We conduct a study on diversifiable internal interfaces in 20 IoT operating systems. We also present two proof-of-concept implementations and perform experiments to gauge the feasibility in the IoT environment. Internal interface diversification has practical limitations, and not all IoT operating systems have that many diversifiable interfaces. However, because of low resource requirements, compatibility with other security measures and wide applicability to several interfaces, we believe internal interface diversification is a promising and effective approach for securing nodes in sensor networks.

Design and Hardware Implementation of a New Chaotic Secure Communication Technique.

Directory of Open Access Journals (Sweden)

Li Xiong

Full Text Available In this paper, a scheme for chaotic modulation secure communication is proposed based on chaotic synchronization of an improved Lorenz system. For the first time, the intensity limit and stability of the transmitted signal, the characteristics of broadband and the requirements for accuracy of electronic components are presented by Multisim simulation. In addition, some improvements are made on the measurement method and the proposed experimental circuit in order to facilitate the experiments of chaotic synchronization, chaotic non-synchronization, experiment without signal and experiment with signal. To illustrate the effectiveness of the proposed scheme, some numerical simulations are presented. Then, the proposed chaotic secure communication circuit is implemented through analog electronic circuit, which is characterized by its high accuracy and good robustness.

Design and Hardware Implementation of a New Chaotic Secure Communication Technique.

Science.gov (United States)

Xiong, Li; Lu, Yan-Jun; Zhang, Yong-Fang; Zhang, Xin-Guo; Gupta, Parag

2016-01-01

In this paper, a scheme for chaotic modulation secure communication is proposed based on chaotic synchronization of an improved Lorenz system. For the first time, the intensity limit and stability of the transmitted signal, the characteristics of broadband and the requirements for accuracy of electronic components are presented by Multisim simulation. In addition, some improvements are made on the measurement method and the proposed experimental circuit in order to facilitate the experiments of chaotic synchronization, chaotic non-synchronization, experiment without signal and experiment with signal. To illustrate the effectiveness of the proposed scheme, some numerical simulations are presented. Then, the proposed chaotic secure communication circuit is implemented through analog electronic circuit, which is characterized by its high accuracy and good robustness.

Sandia's experience in designing and implementing integrated high security physical protection systems

International Nuclear Information System (INIS)

Caskey, D.L.

1986-01-01

As DOE's lead laboratory for physical security, Sandia National Laboratories has had a major physical security program for over ten years. Activities have ranged from component development and evaluation, to full scale system design and implementation. This paper presents some of the lessons learned in designing and implementing state-of-the-art high security physical protection systems for a number of government facilities. A generic system design is discussed for illustration purposes. Sandia efforts to transfer technology to industry are described

The role of Nigerian youths in effective implementation of security ...

African Journals Online (AJOL)

... effective implementation of security and social development intervention in Nigeria cannot be over-emphasized. This is because youths have been deeply involved in various self-help projects in various Local and State Governments in Nigeria. Their areas of interventions cover projects involving trade, commerce, security ...

Pitfalls and Security Measures for the Mobile EMR System in Medical Facilities

Science.gov (United States)

Yeo, Kiho; Lee, Keehyuck; Kim, Jong-Min; Kim, Tae-Hun; Choi, Yong-Hoon; Jeong, Woo-Jin; Hwang, Hee; Baek, Rong Min

2012-01-01

Objectives The goal of this paper is to examine the security measures that should be reviewed by medical facilities that are trying to implement mobile Electronic Medical Record (EMR) systems designed for hospitals. Methods The study of the security requirements for a mobile EMR system is divided into legal considerations and sectional security investigations. Legal considerations were examined with regard to remote medical services, patients' personal information and EMR, medical devices, the establishment of mobile systems, and mobile applications. For the 4 sectional security investigations, the mobile security level SL-3 from the Smartphone Security Standards of the National Intelligence Service (NIS) was used. Results From a compliance perspective, legal considerations for various laws and guidelines of mobile EMR were executed according to the model of the legal considerations. To correspond to the SL-3, separation of DMZ and wireless network is needed. Mobile access servers must be located in only the smartphone DMZ. Furthermore, security measures like 24-hour security control, WIPS, VPN, MDM, and ISMS for each section are needed to establish a secure mobile EMR system. Conclusions This paper suggested a direction for applying regulatory measures to strengthen the security of a mobile EMR system in accordance with the standard security requirements presented by the Smartphone Security Guideline of the NIS. A future study on the materialization of these suggestions after their application at actual medical facilities can be used as an illustrative case to determine the degree to which theory and reality correspond with one another. PMID:22844648

3 CFR - Implementation of the Executive Order, “Classified National Security Information”

Science.gov (United States)

2010-01-01

... 29, 2009 Implementation of the Executive Order, “Classified National Security Information” Memorandum..., “Classified National Security Information” (the “order”), which substantially advances my goals for reforming... or handles classified information shall provide the Director of the Information Security Oversight...

Designing, Implementing, and Evaluating Secure Web Browsers

Science.gov (United States)

Grier, Christopher L.

2009-01-01

Web browsers are plagued with vulnerabilities, providing hackers with easy access to computer systems using browser-based attacks. Efforts that retrofit existing browsers have had limited success since modern browsers are not designed to withstand attack. To enable more secure web browsing, we design and implement new web browsers from the ground…

I and C security program for nuclear facilities: implementation guide - TAFICS/IG/2

International Nuclear Information System (INIS)

2016-04-01

This is the second in a series of documents being developed by TAFICS for protecting computer-based I and C systems of Indian nuclear facilities from cyber attacks. The document provides guidance to nuclear facility management to establish, implement and maintain a robust I and C security program - consisting of security plan and a set of security controls. In order to provide a firm basis for the security program, the document also identifies the fundamental security principles and foundational security requirements related to computer-based I and C systems of nuclear facilities. It is recommended that all applicable Indian nuclear facilities should implement the security program - with required adaptation - so as to provide the necessary assurance that the I and C systems are adequately protected against cyber attacks. (author)

Implementation of a security system in the radiotherapy process

International Nuclear Information System (INIS)

Orellana Salas, A.; Melgar Perez, J.; Arrocha Aceveda, J. F.

2011-01-01

Systems of work within the field of health are complex. Even the most routine activities involving chain and coordinate a number of actions to be developed by different professionals of different specialties. These systems often fail due to a combination of small errors along the process, each insufficient to cause an accident. We must ensure safe systems of work for each process we are involved, so it is essential to implement security systems to evaluate and find the vulnerabilities in all phases of the process. In the Service of Radio Physics and Radiation Protection of Punta de Europa Hospital has implemented a security system for radiotherapy process after the analysis and evaluation of the safety culture of the Service.

75 FR 43528 - Seeking Public Comment on Draft National Health Security Strategy Biennial Implementation Plan

Science.gov (United States)

2010-07-26

... National Health Security Strategy Biennial Implementation Plan AGENCY: Department of Health and Human... National Health Security Strategy (NHSS) of the United States of America (2009) and build upon the NHSS Interim Implementation Guide for the National Health Security Strategy of the United States of America...

Security of Radioactive Sources. Implementing Guide (French Edition)

International Nuclear Information System (INIS)

2012-01-01

There are concerns that terrorist or criminal groups could gain access to high activity radioactive sources and use these sources maliciously. The IAEA is working with Member States to increase control, accounting and security of radioactive sources to prevent their malicious use and the associated potential consequences. Based on extensive input from technical and legal experts, this implementation guide sets forth guidance on the security of sources and will serve as a useful tool for legislators and regulators, physical protection specialists and facility and transport operators, as well as for law enforcement officers.

Measuring Efficacy of Information Security Policies : A Case Study of UAE based company

OpenAIRE

Qureshi, Muhammad Sohail

2012-01-01

Nowadays information security policies are operative in many organizations. Currently few organizations take the pain of verifying the efficacy of these policies. Different standards and procedures exist about methods of measuring efficacy of information security policies. Choosing and implementing them depends mainly on the key performance indicators (KPIs) and key risk indicators (KRIs) of any particular organization. This thesis is a case study of an organization in United Arab Emirates (U...

Aspects regarding the implementation of information security standards in organizations

Directory of Open Access Journals (Sweden)

Mihai Bârsan

2017-03-01

Full Text Available Information security is one of the major challenges of the information and knowledge based society. The preoccupation of organizations to ensure the security of information in the digital environment has led to the emergence of specific standards in the field. Thus, ISO 27000 brings together reference standards in the field. Starting from ISO 27001, which summarizes policies and procedures on physical, legal and technological security risks, this paper looks at the steps the organization must undertake to implement the standards.

Detector-device-independent quantum key distribution: Security analysis and fast implementation

International Nuclear Information System (INIS)

Boaron, Alberto; Korzh, Boris; Boso, Gianluca; Martin, Anthony; Zbinden, Hugo; Houlmann, Raphael; Lim, Charles Ci Wen

2016-01-01

One of the most pressing issues in quantum key distribution (QKD) is the problem of detector side-channel attacks. To overcome this problem, researchers proposed an elegant “time-reversal” QKD protocol called measurement-device-independent QKD (MDI-QKD), which is based on time-reversed entanglement swapping. However, MDI-QKD is more challenging to implement than standard point-to-point QKD. Recently, an intermediary QKD protocol called detector-device-independent QKD (DDI-QKD) has been proposed to overcome the drawbacks of MDI-QKD, with the hope that it would eventually lead to a more efficient detector side-channel-free QKD system. Here, we analyze the security of DDI-QKD and elucidate its security assumptions. We find that DDI-QKD is not equivalent to MDI-QKD, but its security can be demonstrated with reasonable assumptions. On the more practical side, we consider the feasibility of DDI-QKD and present a fast experimental demonstration (clocked at 625 MHz), capable of secret key exchange up to more than 90 km.

Software Implementation of a Secure Firmware Update Solution in an IOT Context

Directory of Open Access Journals (Sweden)

Lukas Kvarda

2016-01-01

Full Text Available The present paper is concerned with the secure delivery of firmware updates to Internet of Things (IoT devices. Additionally, it deals with the design of a safe and secure bootloader for a UHF RFID reader. A software implementation of a secure firmware update solution is performed. The results show there is space to integrate even more security features into existing devices.

Implementation of Strategies to Leverage Public and Private Resources for National Security Workforce Development

Energy Technology Data Exchange (ETDEWEB)

None

2009-04-01

This report documents implementation strategies to leverage public and private resources for the development of an adequate national security workforce as part of the National Security Preparedness Project (NSPP), being performed under a U.S. Department of Energy (DOE)/National Nuclear Security Administration (NNSA) grant. There are numerous efforts across the United States to develop a properly skilled and trained national security workforce. Some of these efforts are the result of the leveraging of public and private dollars. As budget dollars decrease and the demand for a properly skilled and trained national security workforce increases, it will become even more important to leverage every education and training dollar. This report details some of the efforts that have been implemented to leverage public and private resources, as well as implementation strategies to further leverage public and private resources.

A study on the promotion of Japan's Nuclear Security Culture. Based on the Implementing Guide of IAEA and actually-occurred threat cases

International Nuclear Information System (INIS)

Inamura, Tomoaki

2014-01-01

The ministerial ordinance relating to the Nuclear Reactor Regulation Law, revised in 2012, requires licensees of nuclear facilities to establish a system to foster Nuclear Security Culture. However, such measures are introduced without thorough consideration of essentials of Nuclear Security Culture. This report aims to provide deeper understanding of the concept and raise issues relating to implementation of nuclear security measures by reviewing the Implementing Guide of Nuclear Security Culture published by International Atomic Energy Agency and related documents, as well as analyzing security threats that actually happened recently. The results are summarized as follows: 1) Two beliefs, namely, 'a credible threat exists' and 'nuclear security is important', form the basis of Nuclear Security Culture. Nuclear Security Culture bears a high degree of resemblance to Nuclear Safety Culture because the both assume the same organizational culture model. The differences between the two are derived from whether the malevolence of adversaries should be taken into consideration or not. As the questioning attitude plays an important role to implant the two beliefs, a proper management system of Nuclear Security Culture is necessary to cultivate it. 2) Based on the related documents and an analysis of the cases of actual threats, the following viewpoints should be made clear: (a) the role of the actors of Nuclear Security Culture, (b) flexible sensitivity to share the same understanding about the credible threat, (c) systematic revision of the related regulation about sensitive information management and security clearance of the personnel, and complementary measures such as hotline, (d) measures to encourage the positive action of the personnel, (e) how to construct continuous cycle of improvement of Nuclear Security Culture at state level. (author)

I and C security audit of nuclear facilities: implementation guide - TAFICS/IG/3

International Nuclear Information System (INIS)

2017-05-01

This document provides guidance to I and C Security audit team to prepare, plan, and execute security audit of Instrumentation and Control (I and C) systems at DAE's nuclear facilities, including I and C system development and manufacturing organisations. The audit is expected to check efficacy of I and C security program - plan, policies, procedures and controls - implemented at a nuclear facility to protect I and C systems from potential cyber attacks. The document contains detailed audit procedures, which specify the audit objectives, audit objects and audit methods for each element of I and C security described in implementation guides promulgated by TAFICS to all DAE Units. (author)

Symmetry in Social Construction during ERP Implementation: A Systems Security Perspective

Directory of Open Access Journals (Sweden)

Kennedy Njenga

2014-03-01

Full Text Available The principle of symmetry in enterprise resource planning (ERP systems implementation holds that the researcher should deploy impartial explanation in cases of success as in cases of failure. This article examines the symmetry intrinsic in social construction within the various stages of the ERP development life cycle, from initiation to implementation. Discourse on symmetry focuses on whether social constructs are able to influence ERP implementation positively (success or negatively (failure and whether this exposes ERP systems to information security risk. The theoretical lens of social construction of technology (SCOT theory, a theory premised on social interaction between agents and technology artefacts, is applied for this purpose. The research was quantitative with a survey having been conducted on information technology (IT and information security (IS practitioners. Results of the study highlight the significant role social construction plays because of the direct linkage it has with the implementation of information security controls in ERP systems.  The research delineated five social constructs, namely positional influence, reward influence, coercive influence, expert influence and referent influence. For purposes of this research and on the sampling criteria applied, the construct ‘expert influence’, a typology of social construction, is shown to be more domineering than other typologies of social construction and is seen as providing symmetrical balance between governing ERP security (success and risk (failure. Implications of these results for theory and practice are discussed in the main article.

PCI compliance understand and implement effective PCI data security standard compliance

CERN Document Server

Williams, Branden R

2012-01-01

The credit card industry established the PCI Data Security Standards to provide a minimum standard for how vendors should protect data to ensure it is not stolen by fraudsters. PCI Compliance, 3e, provides the information readers need to understand the current PCI Data Security standards, which have recently been updated to version 2.0, and how to effectively implement security within your company to be compliant with the credit card industry guidelines and protect sensitive and personally identifiable information. Security breaches continue to occur on a regular basis, affecting millions of

Gross anatomy of network security

Science.gov (United States)

Siu, Thomas J.

2002-01-01

Information security involves many branches of effort, including information assurance, host level security, physical security, and network security. Computer network security methods and implementations are given a top-down description to permit a medically focused audience to anchor this information to their daily practice. The depth of detail of network functionality and security measures, like that of the study of human anatomy, can be highly involved. Presented at the level of major gross anatomical systems, this paper will focus on network backbone implementation and perimeter defenses, then diagnostic tools, and finally the user practices (the human element). Physical security measures, though significant, have been defined as beyond the scope of this presentation.

Assessment of Performance Measures for Security of the Maritime Transportation Network, Port Security Metrics : Proposed Measurement of Deterrence Capability

Science.gov (United States)

2007-01-03

This report is the thirs in a series describing the development of performance measures pertaining to the security of the maritime transportation network (port security metrics). THe development of measures to guide improvements in maritime security ...

The implementation of the situational control concept of information security in automated training systems

Directory of Open Access Journals (Sweden)

A. M. Chernih

2016-01-01

Full Text Available The main approaches to ensuring security of information in the automated training systems are considered, need of application of situational management of security of information for the automated training systems is proved, the mathematical model and a problem definition of situational control is offered, the technique of situational control of security of information is developed.The purpose of the study. The aim of the study is to base the application of situational control of information security by subsystem of the control and protection of information in automated learning systems and to develop implementation methods of the situational control concept.Materials and methods. It is assumed that the automated learning system is a fragment of a larger information system that contains several information paths, each of them treats different information in the protection degree from information, containing constituting state secrets, to open access information.It is considered that the technical methods, measures and means of information protection in automated learning systems implement less than half (30% functions of subsystems of control and protection information. The main part of the functions of this subsystem are organizational measures to protect information. It is obvious that the task of ensuring the security of information in automated learning systems associated with the adoption of decisions on rational selection and proper combination of technical methods and institutional arrangements. Conditions of practical application of automated learning systems change over time and transform the situation of such a decision, and this leads to the use of situational control methods.When situational control is implementing, task of the protection of information in automated learning system is solved by the subsystem control and protection of information by distributing the processes ensuring the security of information and resources of

Implementation of Learning Organization Components in Ardabil Social Security Hospital

OpenAIRE

Azadeh Zirak

2015-01-01

This study aimed to investigate the implementation of learning organization characteristics based on Marquardt systematic model in Ardabil Social Security Hospital. The statistical population of this research was 234 male and female employees of Ardabil Social Security Hospital. For data collection, Marquardt questionnaire was used in the present study which its validity and reliability had been confirmed. Statistical analysis of hypotheses based on independent samples t-test showed that lear...

Design and implementation of a high performance network security processor

Science.gov (United States)

Wang, Haixin; Bai, Guoqiang; Chen, Hongyi

2010-03-01

The last few years have seen many significant progresses in the field of application-specific processors. One example is network security processors (NSPs) that perform various cryptographic operations specified by network security protocols and help to offload the computation intensive burdens from network processors (NPs). This article presents a high performance NSP system architecture implementation intended for both internet protocol security (IPSec) and secure socket layer (SSL) protocol acceleration, which are widely employed in virtual private network (VPN) and e-commerce applications. The efficient dual one-way pipelined data transfer skeleton and optimised integration scheme of the heterogenous parallel crypto engine arrays lead to a Gbps rate NSP, which is programmable with domain specific descriptor-based instructions. The descriptor-based control flow fragments large data packets and distributes them to the crypto engine arrays, which fully utilises the parallel computation resources and improves the overall system data throughput. A prototyping platform for this NSP design is implemented with a Xilinx XC3S5000 based FPGA chip set. Results show that the design gives a peak throughput for the IPSec ESP tunnel mode of 2.85 Gbps with over 2100 full SSL handshakes per second at a clock rate of 95 MHz.

Use of Nuclear Material Accounting and Control for Nuclear Security Purposes at Facilities. Implementing Guide

International Nuclear Information System (INIS)

2015-01-01

Nuclear material accounting and control (NMAC) works in a complementary fashion with the international safeguards programme and physical protection systems to help prevent, deter or detect the unauthorized acquisition and use of nuclear materials. These three methodologies are employed by Member States to defend against external threats, internal threats and both state actors and non-state actors. This publication offers guidance for implementing NMAC measures for nuclear security at the nuclear facility level. It focuses on measures to mitigate the risk posed by insider threats and describes elements of a programme that can be implemented at a nuclear facility in coordination with the physical protection system for the purpose of deterring and detecting unauthorized removal of nuclear material

Measuring relational security in forensic mental health services.

Science.gov (United States)

Chester, Verity; Alexander, Regi T; Morgan, Wendy

2017-12-01

Aims and method Relational security is an important component of care and risk assessment in mental health services, but the utility of available measures remains under-researched. This study analysed the psychometric properties of two relational security tools, the See Think Act (STA) scale and the Relational Security Explorer (RSE). Results The STA scale had good internal consistency and could highlight differences between occupational groups, whereas the RSE did not perform well as a psychometric measure. Clinical implications The measures provide unique and complimentary perspectives on the quality of relational security within secure services, but have some limitations. Use of the RSE should be restricted to its intended purpose; to guide team discussions about relational security, and services should refrain from collecting and aggregating this data. Until further research validates their use, relational security measurement should be multidimensional and form part of a wider process of service quality assessment.

Measuring relational security in forensic mental health services

Science.gov (United States)

Chester, Verity; Alexander, Regi T.; Morgan, Wendy

2017-01-01

Aims and method Relational security is an important component of care and risk assessment in mental health services, but the utility of available measures remains under-researched. This study analysed the psychometric properties of two relational security tools, the See Think Act (STA) scale and the Relational Security Explorer (RSE). Results The STA scale had good internal consistency and could highlight differences between occupational groups, whereas the RSE did not perform well as a psychometric measure. Clinical implications The measures provide unique and complimentary perspectives on the quality of relational security within secure services, but have some limitations. Use of the RSE should be restricted to its intended purpose; to guide team discussions about relational security, and services should refrain from collecting and aggregating this data. Until further research validates their use, relational security measurement should be multidimensional and form part of a wider process of service quality assessment. PMID:29234515

Implementation of QoSS (Quality-of-Security Service) for NoC-Based SoC Protection

Science.gov (United States)

Sepúlveda, Johanna; Pires, Ricardo; Strum, Marius; Chau, Wang Jiang

Many of the current electronic systems embedded in a SoC (System-on-Chip) are used to capture, store, manipulate and access critical data, as well as to perform other key functions. In such a scenario, security is considered as an important issue. The Network-on-chip (NoC), as the foreseen communication structure of next-generation SoC devices, can be used to efficiently incorporate security. Our work proposes the implementation of QoSS (Quality of Security Service) to overcome present SoC vulnerabilities. QoSS is a novel concept for data protection that introduces security as a dimension of QoS. In this paper, we present the implementation of two security services (access control and authentication), that may be configured to assume one from several possible levels, the implementation of a technique to avoid denial-of-service (DoS) attacks, evaluate their effectiveness and estimate their impact on NoC performance.

Conceptual Design Approach to Implementing Hardware-based Security Controls in Data Communication Systems

International Nuclear Information System (INIS)

Ibrahim, Ahmad Salah; Jung, Jaecheon

2016-01-01

In the Korean Advanced Power Reactor (APR1400), safety control systems network is electrically isolated and physically separated from non-safety systems data network. Unidirectional gateways, include data diode fiber-optic cabling and computer-based servers, transmit the plant safety critical parameters to the main control room (MCR) for control and monitoring processes. The data transmission is only one-way from safety to non-safety. Reverse communication is blocked so that safety systems network is protected from potential cyberattacks or intrusions from non-safety side. Most of commercials off-the-shelf (COTS) security devices are software-based solutions that require operating systems and processors to perform its functions. Field Programmable Gate Arrays (FPGAs) offer digital hardware solutions to implement security controls such as data packet filtering and deep data packet inspection. This paper presents a conceptual design to implement hardware-based network security controls for maintaining the availability of gateway servers. A conceptual design of hardware-based network security controls was discussed in this paper. The proposed design is aiming at utilizing the hardware-based capabilities of FPGAs together with filtering and DPI functions of COTS software-based firewalls and intrusion detection and prevention systems (IDPS). The proposed design implemented a network security perimeter between the DCN-I zone and gateway servers zone. Security control functions are to protect the gateway servers from potential DoS attacks that could affect the data availability and integrity

Conceptual Design Approach to Implementing Hardware-based Security Controls in Data Communication Systems

Energy Technology Data Exchange (ETDEWEB)

Ibrahim, Ahmad Salah; Jung, Jaecheon [KEPCO International Nuclear Graduate School, Ulsan (Korea, Republic of)

2016-10-15

In the Korean Advanced Power Reactor (APR1400), safety control systems network is electrically isolated and physically separated from non-safety systems data network. Unidirectional gateways, include data diode fiber-optic cabling and computer-based servers, transmit the plant safety critical parameters to the main control room (MCR) for control and monitoring processes. The data transmission is only one-way from safety to non-safety. Reverse communication is blocked so that safety systems network is protected from potential cyberattacks or intrusions from non-safety side. Most of commercials off-the-shelf (COTS) security devices are software-based solutions that require operating systems and processors to perform its functions. Field Programmable Gate Arrays (FPGAs) offer digital hardware solutions to implement security controls such as data packet filtering and deep data packet inspection. This paper presents a conceptual design to implement hardware-based network security controls for maintaining the availability of gateway servers. A conceptual design of hardware-based network security controls was discussed in this paper. The proposed design is aiming at utilizing the hardware-based capabilities of FPGAs together with filtering and DPI functions of COTS software-based firewalls and intrusion detection and prevention systems (IDPS). The proposed design implemented a network security perimeter between the DCN-I zone and gateway servers zone. Security control functions are to protect the gateway servers from potential DoS attacks that could affect the data availability and integrity.

[The concept and measurement of food security].

Science.gov (United States)

Kim, Kirang; Kim, Mi Kyung; Shin, Young Jeon

2008-11-01

During the past two decades, food deprivation and hunger have been recognized to be not just the concerns of only underdeveloped or developing countries, but as problems for many affluent Western nations as well. Many countries have made numerous efforts to define and measure the extent of these problems. Based on these efforts, the theory and practice of food security studies has significantly evolved during the last decades. Thus, this study aims to provide a comprehensive review of the concept and measurement of food security. In this review, we introduce the definition and background of food security, we describe the impact of food insecurity on nutrition and health, we provide its measurements and operational instruments and we discuss its applications and implications. Some practical information for the use of the food security index in South Korea is also presented. Food security is an essential element in achieving a good nutritional and health status and it has an influence to reduce poverty. The information about the current understanding of food security can help scientists, policy makers and program practitioners conduct research and maintain outreach programs that address the issues of poverty and the promotion of food security.

Portfolio analysis of layered security measures.

Science.gov (United States)

Chatterjee, Samrat; Hora, Stephen C; Rosoff, Heather

2015-03-01

Layered defenses are necessary for protecting the public from terrorist attacks. Designing a system of such defensive measures requires consideration of the interaction of these countermeasures. In this article, we present an analysis of a layered security system within the lower Manhattan area. It shows how portfolios of security measures can be evaluated through portfolio decision analysis. Consideration is given to the total benefits and costs of the system. Portfolio diagrams are created that help communicate alternatives among stakeholders who have differing views on the tradeoffs between security and economic activity. © 2014 Society for Risk Analysis.

Towards Comprehensive Food Security Measures: Comparing Key ...

African Journals Online (AJOL)

Food security is a multi-dimensional issue that has been difficult to measure comprehensively, given the one-dimensional focus of existing indicators. Three indicators dominate the food security measurement debate: Household Food Insecurity Access Scale (HFIAS), Dietary Diversity Score (DDS) and Coping Strategies ...

Agile IT Security Implementation Methodology

CERN Document Server

Laskowski, Jeff

2011-01-01

The book is a tutorial that goes from basic to professional level for Agile IT security. It begins by assuming little knowledge of agile security. Readers should hold a good knowledge of security methods and agile development. The book is targeted at IT security managers, directors, and architects. It is useful for anyone responsible for the deployment of IT security countermeasures. Security people with a strong knowledge of agile software development will find this book to be a good review of agile concepts.

Implementation of Safety and Security Issues in the Transport of Radioactive Material in Argentina

International Nuclear Information System (INIS)

López Vietri, J.; Elechosa, C.; Gerez Miranda, C.; Menossi, S.; Rodríguez Roldán, M.S.; Fernández, A.

2016-01-01

This paper is intended to describe implementation of safety and security issues in the transport of radioactive material by the Nuclear Regulatory Authority (in Spanish Autoridad Regulatoria Nuclear, ARN), which is the Competent Authority of Argentina in Safety, Security and Safeguards of radioactive and nuclear material. There are depicted main regulatory activities dealing with the mentioned issues, and relevant milestones of national regulatory standards and guidance applied, that are based on requirements and guides from IAEA. Interfaces between Safety and Security sections are most of the times complementary but sometimes conflictive, therefore the resolution of such conflicts and goals achieved during their implementation are also commented; as well as future joint planned activities between both sections of ARN as a way to provide safety and security without compromising one or the other. (author)

Implementing Physical Protection Education for an Enhanced Nuclear Security Culture

Energy Technology Data Exchange (ETDEWEB)

Lee, Jeong Ho; Kim, Hyun Chul; Shin, Ick Hyun; Lee, Hyung Kyung; Choe, Kwan Kyoo [KINAC, Daejeon (Korea, Republic of)

2013-10-15

In this paper, we are going to outline our efforts and experiences at implementing physical protection education. KINAC (as the only designated educational institute) places great effort in delivering an effective and a high-quality education program for physical protection. We have also provided a way for nuclear operators to share the lessons they have gained through their own experiences. We made physical protection education an important communication channel, not only among nuclear operators but also between operators and a regulatory body. There is growing attention given to education and training on the subject of physical protection in order to enhance the nuclear security culture. The IAEA recommends that all personnel in organizations directly involved with the nuclear industry receive regularly education in physical protection according to the recently revised INFCIRC/225/Rev.5. The Korea Institute of Nuclear Nonproliferation and Control (KINAC) and the Nuclear Safety and Security Commission (NSSC), which are mainly responsible for the national nuclear security regime, have already recognized the importance of education and training in physical protection. The NSSC enacted its decree on physical protection education and training in 2010. KINAC was designated as the first educational institute in 2011 and implemented physical protection education as mandatory from 2012.

Implementing Physical Protection Education for an Enhanced Nuclear Security Culture

International Nuclear Information System (INIS)

Lee, Jeong Ho; Kim, Hyun Chul; Shin, Ick Hyun; Lee, Hyung Kyung; Choe, Kwan Kyoo

2013-01-01

In this paper, we are going to outline our efforts and experiences at implementing physical protection education. KINAC (as the only designated educational institute) places great effort in delivering an effective and a high-quality education program for physical protection. We have also provided a way for nuclear operators to share the lessons they have gained through their own experiences. We made physical protection education an important communication channel, not only among nuclear operators but also between operators and a regulatory body. There is growing attention given to education and training on the subject of physical protection in order to enhance the nuclear security culture. The IAEA recommends that all personnel in organizations directly involved with the nuclear industry receive regularly education in physical protection according to the recently revised INFCIRC/225/Rev.5. The Korea Institute of Nuclear Nonproliferation and Control (KINAC) and the Nuclear Safety and Security Commission (NSSC), which are mainly responsible for the national nuclear security regime, have already recognized the importance of education and training in physical protection. The NSSC enacted its decree on physical protection education and training in 2010. KINAC was designated as the first educational institute in 2011 and implemented physical protection education as mandatory from 2012

A Survey on Security-Aware Measurement in SDN

Directory of Open Access Journals (Sweden)

Heng Zhang

2018-01-01

Full Text Available Software-defined networking (SDN is one of the most prevailing networking paradigms in current and next-generation networks. Basically, the highly featured separation of control and data planes makes SDN a proper solution towards many practical problems that challenge legacy networks, for example, energy efficiency, dynamic network configuration, agile network measurement, and flexible network deployment. Although the SDN and its applications have been extensively studied for several years, the research of SDN security is still in its infancy. Typically, the SDN suffers from architecture defect and OpenFlow protocol loopholes such as single controller problem, deficiency of communication verification, and network resources constraint. Hence, network measurement is a fundamental technique of protecting SDN against the above security threats. Specifically, network measurement aims to understand and quantify a variety of network behaviors to facilitate network management and monitoring, anomaly detection, network troubleshooting, and the establishment of security mechanisms. In this paper, we present a systematic survey on security-aware measurement technology in SDN. In particular, we first review the basic architecture of SDN and corresponding security challenges. Then, we investigate two performance measurement techniques in SDN, namely, link latency and available bandwidth measurements. After that, we further provide a general overview of topology measurement in SDN including intradomain and interdomain topology discovering techniques. Finally, we list three interesting future directions of security-aware measurement in SDN followed by giving conclusion remarks.

The passage and initial implementation of Oregon's Measure 44

Science.gov (United States)

Goldman, L.; Glantz, S.

1999-01-01

OBJECTIVE—To prepare a history of the passage and early implementation of Ballot Measure 44, "An Act to Support the Oregon Health Plan", and tobacco control policymaking in Oregon. Measure 44 raised cigarette taxes in Oregon by US$0.30 per pack, and dedicated 10% of the revenues to tobacco control.
METHODS—Data were gathered from interviews with members of the Committee to Support the Oregon Health Plan, Measure 44's campaign committee, as well as with state and local officials, and tobacco control advocates. Additional information was obtained from public documents, internal memoranda, and news reports.
RESULTS—Although the tobacco industry outspent Measure 44's supporters 7 to 1, the initiative passed with 56% of the vote. Even before the election, tobacco control advocates were working to develop an implementation plan for the tobacco control programme. They mounted a successful lobbying campaign to see that the legislature did not divert tobacco control funds to other uses. They also stopped industry efforts to limit the scope of the programme. The one shortcoming of the tobacco control forces was not getting involved in planning the initiative early enough to influence the amount of money that was devoted to tobacco control. Although public health groups provided 37% of the money it cost to pass Measure 44, only 10% of revenues were devoted to tobacco control.
CONCLUSIONS—Proactive planning and aggressive implementation can secure passage of tobacco control initiatives and see that the associated implementing legislation follows good public health practice.


Keywords: advocacy; legislation; implementation; tobacco tax PMID:10599577

CLOUD SECURITY AND COMPLIANCE - A SEMANTIC APPROACH IN END TO END SECURITY

OpenAIRE

Kalaiprasath, R.; Elankavi, R.; Udayakumar, R.

2017-01-01

The Cloud services are becoming an essential part of many organizations. Cloud providers have to adhere to security and privacy policies to ensure their users' data remains confidential and secure. Though there are some ongoing efforts on developing cloud security standards, most cloud providers are implementing a mish-mash of security and privacy controls. This has led to confusion among cloud consumers as to what security measures they should expect from the cloud services, and whether thes...

Radiological Protection Measurements Implemented during the 16. Pan American and 4. ParaPan American Games: Guadalajara, Mexico, 2011

International Nuclear Information System (INIS)

2014-02-01

Terrorism remains a threat to international stability and security. Often national and international high level public events are the subject of much public interest and receive extensive coverage in the media. In this sense, it is well known that there is a real threat of a terrorist attack in important public events, such as major economic summits, high level political meetings or sporting events. In 1955 and 1975, the 2nd and 7th Pan American Games were organized by the City of Mexico. In 2011, the Pan American Games was the third event of its kind held in Guadalajara, Jalisco. At the national level, the implementation of nuclear security measures in the Pan American Games laid the foundations for a sustainable national nuclear security framework that will continue long after the event. The political decision, the existing legal basis and structure, agency coordination facilitated the incorporation of nuclear security measures. It was also a challenge to integrate all the relevant organizations, provide focus to the threat of terrorism linked to weapons of mass destruction for security games, plan resources and execute the project on time, among other details. For this reason, information and lessons learned that are reported in this document, received in Mexico during the 16th edition of the Pan American Games will be useful for the implementation of nuclear security measures in States with similar situations

Measuring the Perception of Travel Security – Comparative Analysis of Students in Two Different Fields: Tourism and Security

Directory of Open Access Journals (Sweden)

Sebastjan Repnik

2015-01-01

Full Text Available The aim of the research was to determine how students/respondents perceive security on their travels in Europe. The respondents belong to two different study programmes, one focusing on the field of security (Faculty of Criminal Justice and Security, University of Maribor and the other on the field of tourism (Higher Vocational School for Catering and Tourism. Our main presumption was that students of the two institutions developed a different attitude towards travel security since their studies focus on two substantively different academic-professional fields. We examined their attitude towards security factors such as: security climate, self-protection and collective security. In our research we included a sample of 100 students/respondents. We used an instrument in the form of a questionnaire for the quantitative measurement of responses on a 5-point Likert scale. To portray the results of the research we also used various statistical indicators in the computer programme SPSS such as: arithmetic mean, Man-Whitney test, frequency distribution of responses, where independent variables are displayed. The findings suggest that the students/respondents attitude towards safety and their expectations on individual elements of all three security factors differ in the two target groups. The expectations of students/respondents of FCJS regarding the implementation and provision of security are higher compared to students/respondents of HVC. Respondents have different experience with security on their travels, as the number of travels varies quite substantially between students. Both institutions can use the results of the research in the evaluation processes of their study programmes. On the basis of the results of the research it is substantiated that the field and content of study have an impact on the students’ attitude to elements of security while travelling. The findings are intended to all researchers in the field of security and tourism, as

Hadoop-Based Healthcare Information System Design and Wireless Security Communication Implementation

Directory of Open Access Journals (Sweden)

Hongsong Chen

2015-01-01

Full Text Available Human health information from healthcare system can provide important diagnosis data and reference to doctors. However, continuous monitoring and security storage of human health data are challenging personal privacy and big data storage. To build secure and efficient healthcare application, Hadoop-based healthcare security communication system is proposed. In wireless biosensor network, authentication and key transfer should be lightweight. An ECC (Elliptic Curve Cryptography based lightweight digital signature and key transmission method are proposed to provide wireless secure communication in healthcare information system. Sunspot wireless sensor nodes are used to build healthcare secure communication network; wireless nodes and base station are assigned different tasks to achieve secure communication goal in healthcare information system. Mysql database is used to store Sunspot security entity table and measure entity table. Hadoop is used to backup and audit the Sunspot security entity table. Sqoop tool is used to import/export data between Mysql database and HDFS (Hadoop distributed file system. Ganglia is used to monitor and measure the performance of Hadoop cluster. Simulation results show that the Hadoop-based healthcare architecture and wireless security communication method are highly effective to build a wireless healthcare information system.

Design and Implementation of GSM Based Automated Home Security System

Directory of Open Access Journals (Sweden)

Love Aggarwal

2014-05-01

Full Text Available The Automated Home Security System aims at building a security system for common households using GSM modem, sensors and microcontroller. Since many years, impeccable security system has been the prime need of every man who owns a house. The increasing crime rate has further pressed the need for it. Our system is an initiative in this direction. The system provides security function by monitoring the surroundings at home for intruders, fire, gas leakages etc. using sensors and issue alerts to the owners and local authorities by using GSM via SMS. It provides the automation function as it can control (On/Off the various home appliances while the owners are away via SMS. Thus the Automated Home Security System is self-sufficient and can be relied upon undoubtedly. Also, it is capable of establishing two way communication with its owner so that he/she can keep a watch on his/her home via sensor information or live video streaming. A camera can be installed for continuous monitoring of the system and its surroundings. The system consists of two main parts: hardware and software. Hardware consists of Microcontroller, Sensors, Buzzer and GSM modem while software is implemented by tools using Embedded ‘C’.

Validity and reliability of food security measures.

Science.gov (United States)

Cafiero, Carlo; Melgar-Quiñonez, Hugo R; Ballard, Terri J; Kepple, Anne W

2014-12-01

This paper reviews some of the existing food security indicators, discussing the validity of the underlying concept and the expected reliability of measures under reasonably feasible conditions. The main objective of the paper is to raise awareness on existing trade-offs between different qualities of possible food security measurement tools that must be taken into account when such tools are proposed for practical application, especially for use within an international monitoring framework. The hope is to provide a timely, useful contribution to the process leading to the definition of a food security goal and the associated monitoring framework within the post-2015 Development Agenda. © 2014 New York Academy of Sciences.

Radioactive Sources in Medicine: Impact of Additional Security Measures

International Nuclear Information System (INIS)

Classic, K. L.; Vetter, R. J.; Nelson, K. L.

2004-01-01

For many years, medical centers and hospitals have utilized appropriate security measures to prevent theft or unauthorized use of radioactive materials. Recent anxiety about orphan sources and terrorism has heightened concern about diversion of radioactive sources for purposes of constructing a radiological dispersion device. Some medical centers and hospitals may have responded by conducting threat assessments and incorporating additional measures into their security plans, but uniform recommendations or regulations have not been promulgated by regulatory agencies. The International Atomic Energy Agency drafted interim guidance for the purpose of assisting member states in deciding what security measures should be taken for various radioactive sources. The recommendations are aimed at regulators, but suppliers and users also may find the recommendations to be helpful. The purpose of this paper is to describe threat assessments and additional security actions that were taken by one large and one medium-sized medical center and the impact these measures had on operations. Both medical centers possess blood bank irradiators, low-dose-rate therapy sources, and Mo-99/Tc-99m generators that are common to many health care organizations. Other medical devices that were evaluated include high-dose-rate after loaders, intravascular brachytherapy sources, a Co-60 stereotactic surgery unit, and self-shielded irradiators used in biomedical research. This paper will discuss the impact additional security has had on practices that utilize these sources, cost of various security alternatives, and the importance of a security culture in assuring the integrity of security measures without negatively impacting beneficial use of these sources. (Author) 10 refs

Economic Security Environment and Implementation of Planning, Programming, Budgeting, Execution (PPBE) System in Georgia

Science.gov (United States)

2004-06-01

Roy J. What Determines Economic Growth? Economic Review – Second Quarter 1993 [References: Barro (1991); Mankiw , Romer, and Well (1992); De Long...NAVAL POSTGRADUATE SCHOOL MONTEREY, CALIFORNIA THESIS Approved for public release: distribution unlimited ECONOMIC SECURITY...DATES COVERED Master’s Thesis 4. TITLE AND SUBTITLE: Economic Security Environment and Implementation of Planning, Programming, Budgeting, Execution

Implementing the Payment Card Industry (PCI Data Security Standard (DSS

Directory of Open Access Journals (Sweden)

John O' Raw

2011-08-01

Full Text Available Underpinned by the rise in online criminality, the payment card industry (PCI data security standards (DSS were introduced which outlines a subset of the core principals and requirements that must be followed, including precautions relating to the software that processes credit card data. The necessity to implement these requirements in existing software applications can present software owners and developers with a range of issues. We present here a generic solution to the sensitive issue of PCI compliance where aspect orientated programming (AOP can be applied to meet the requirement of masking the primary account number (PAN. Our architecture allows a definite amount of code to be added which intercepts all the methods specified in the aspect, regardless of future additions to the system thus reducing the amount of work required to the maintain aspect. We believe that the concepts here will provide an insight into how to approach the PCI requirements to undertake the task. The software artefact should also serve as a guide to developers attempting to implement new applications, where security and design are fundamental elements that should be considered through each phase of the software development lifecycle and not as an afterthought.

Software Implementation of Secure Firmware Update in IoT Concept

Directory of Open Access Journals (Sweden)

Lukas Kvarda

2017-01-01

Full Text Available This paper focuses on a survey of secure firmware update in the Internet of Things, design and description of safe and secure bootloader implementation on RFID UHF reader, encryption with AES-CCM and versioning with use of external backup flash memory device. In the case of problems with HW compatibility or other unexpected errors with new FW version, it is possible to downgrade to previous FW image, including the factory image. Authentication is provided by the UHF RFID service tag used to extract unique initialization vector of the encryption algorithm for each update session. The results show slower update speed with this new upgrade method of approximately 27% compared to older one, using the only AES-CBC algorithm.

Validity evidence for the Security Scale as a measure of perceived attachment security in adolescence.

Science.gov (United States)

Van Ryzin, Mark J; Leve, Leslie D

2012-04-01

In this study, the validity of a self-report measure of children's perceived attachment security (the Kerns Security Scale) was tested using adolescents. With regards to predictive validity, the Security Scale was significantly associated with (1) observed mother-adolescent interactions during conflict and (2) parent- and teacher-rated social competence. With regards to convergent validity, the Security Scale was significantly associated with all subscales of the Adult Attachment Scale (i.e., Depend, Anxiety, and Close) as measured 3 years later. Further, these links were found even after controlling for mother-child relationship quality as assessed by the Inventory of Parent and Peer Attachment (IPPA), and chi-square difference tests indicated that the Security Scale was generally a stronger predictor as compared to the IPPA. These results suggest that the Security Scale can be used to assess perceived attachment security across both childhood and adolescence, and thus could contribute significantly to developmental research during this period. Copyright © 2011 The Foundation for Professionals in Services for Adolescents. Published by Elsevier Ltd. All rights reserved.

Punishment in School: The Role of School Security Measures

Directory of Open Access Journals (Sweden)

Thomas J Mowen

2014-09-01

Full Text Available Although investigation of school security measures and their relationships to various outcomes including school crime rates (Gottfredson, 2001, perpetuation of social inequality (Ferguson, 2001; Nolan, 2011; Welch & Payne, 2010, and the impact on childhood experiences has seen significant growth within the last 20 years (Newman, 2004; Kupchik, 2010, few studies have sought to explore the impacts of these measures on suspension rates. Using data from the Educational Longitudinal Study (2002, I explore the relationship between security measures and in-school, out-of-school, and overall suspension rates. Results indicate schools with a security officer experience higher rates of in-school suspensions but have no difference in rates of out-of-school or overall suspensions compared to schools without a security officer. No other measure of security was related to higher suspension rates. As prior literature suggests, schools with greater proportions of black students experienced significantly higher rates of all suspension types. Finally, different types of parental involvement correlated with both higher and lower suspension rates.

A Security Checklist for ERP Implementations

Science.gov (United States)

Hughes, Joy R.; Beer, Robert

2007-01-01

The EDUCAUSE/Internet2 Computer and Network Security Task Force consulted with IT security professionals on campus about concerns with the current state of security in enterprise resource planning (ERP) systems. From these conversations, it was clear that security issues generally fell into one of two areas: (1) It has become extremely difficult…

12 CFR 208.61 - Bank security procedures.

Science.gov (United States)

2010-01-01

... procedures for opening and closing for business and for the safekeeping of all currency, negotiable...; the cost of the security devices; other security measures in effect at the banking office; and the... directors on the implementation, administration, and effectiveness of the security program. (e) Reserve...

75 FR 51619 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/United States...

Science.gov (United States)

2010-08-23

... regulations to exempt portions of a Department of Homeland Security/United States Citizenship and Immigration system of records entitled the ``United States Citizenship and Immigration Services--009 Compliance... of 1974: Implementation of Exemptions; Department of Homeland Security/United States Citizenship and...

Validity Evidence for the Security Scale as a Measure of Perceived Attachment Security in Adolescence

Science.gov (United States)

Van Ryzin, Mark J.; Leve, Leslie D.

2012-01-01

In this study, the validity of a self-report measure of children's perceived attachment security (the Kerns Security Scale) was tested using adolescents. With regards to predictive validity, the Security Scale was significantly associated with (1) observed mother-adolescent interactions during conflict and (2) parent- and teacher-rated social…

Interface for safety and security of radioactive sources

International Nuclear Information System (INIS)

Seggane, Richard

2016-04-01

In facilities and activities involving use of radiation sources, safety and security measures have in common the aim of protecting human life and health and the environment. In addition, safety and security measures must be designed and implemented in an integrated manner, so that security measures do not compromise safety and safety measures do not compromise security measures. This work reviewed issues related to establishing a clear interface between safety and security of radiation sources. The Government, the Regulatory Authority and licensee/registrants and other relevant stakeholders should work together and contribute to ensure that safety and security of sources is ensured and well interfaced. A Radiotherapy facility has been used as a case study. (au)

75 FR 69604 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security Office of...

Science.gov (United States)

2010-11-15

... Security, Washington, DC 20528. For privacy issues please contact: Mary Ellen Callahan (703-235- [[Page...] Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security Office of Operations... System of Records AGENCY: Privacy Office, DHS. ACTION: Notice of proposed rulemaking. SUMMARY: The...

Cross layers security approach via an implementation of data privacy and by authentication mechanism for mobile WSNs

Directory of Open Access Journals (Sweden)

Imen Bouabidi

2017-01-01

Full Text Available To implement a new secure network with high mobility and low energy consumption, we use smart sensors. These sensors are powered by micro batteries generally non rechargeable. So, to extend their lifetime, it is necessary to implement new energy conservation techniques. Existing works separate the two features (security, energy conservation and are interested specifically in only one layer. Consequently, the originality of this work consists to combine together the two features using a crossing between three layers: physical layer, data link layer and network layer. Our proposition consists firstly in developing a new network deployment in hierarchical areas. This model takes place at the network layer. Secondly, implementing an energy efficient and secure MAC protocol providing a secure authentication, data privacy and integrity in a mobile WSN. Finally, implementing an intrusion detection system protecting the physical layer from malware and viruses that threaten it. We have been used OMNet++ for simulation .Our proposed protocol SXMachiavel offered the best performances and more reliability at the mobility rate (can reach 99% compared with XMachiavel, which doesn’t exceed 35%, loss packets rate (0.05% for a small network size and energy consumption (decreases by 0.01% for each exchanged packet.

Validation of the "Security Needs Assessment Profile" for measuring the profiles of security needs of Chinese forensic psychiatric inpatients.

Science.gov (United States)

Siu, B W M; Au-Yeung, C C Y; Chan, A W L; Chan, L S Y; Yuen, K K; Leung, H W; Yan, C K; Ng, K K; Lai, A C H; Davies, S; Collins, M

Mapping forensic psychiatric services with the security needs of patients is a salient step in service planning, audit and review. A valid and reliable instrument for measuring the security needs of Chinese forensic psychiatric inpatients was not yet available. This study aimed to develop and validate the Chinese version of the Security Needs Assessment Profile for measuring the profiles of security needs of Chinese forensic psychiatric inpatients. The Security Needs Assessment Profile by Davis was translated into Chinese. Its face validity, content validity, construct validity and internal consistency reliability were assessed by measuring the security needs of 98 Chinese forensic psychiatric inpatients. Principal factor analysis for construct validity provided a six-factor security needs model explaining 68.7% of the variance. Based on the Cronbach's alpha coefficient, the internal consistency reliability was rated as acceptable for procedural security (0.73), and fair for both physical security (0.62) and relational security (0.58). A significant sex difference (p=0.002) in total security score was found. The Chinese version of the Security Needs Assessment Profile is a valid and reliable instrument for assessing the security needs of Chinese forensic psychiatric inpatients. Copyright © 2017 Elsevier Ltd. All rights reserved.

Implementation of Learning Organization Components in Ardabil Social Security Hospital

Directory of Open Access Journals (Sweden)

Azadeh Zirak

2015-06-01

Full Text Available This study aimed to investigate the implementation of learning organization characteristics based on Marquardt systematic model in Ardabil Social Security Hospital. The statistical population of this research was 234 male and female employees of Ardabil Social Security Hospital. For data collection, Marquardt questionnaire was used in the present study which its validity and reliability had been confirmed. Statistical analysis of hypotheses based on independent samples t-test showed that learning organization characteristics were used more than average level in some subsystems of Marquardt model and there was a significant difference between current position and excellent position based on learning organization characteristic application. According to the research findings, more attention should be paid to the subsystems of learning organization establishment and balanced development of these subsystems.

Enhancing QKD security with weak measurements

Science.gov (United States)

Farinholt, Jacob M.; Troupe, James E.

2016-10-01

Publisher's Note: This paper, originally published on 10/24/2016, was replaced with a corrected/revised version on 11/8/2016. If you downloaded the original PDF but are unable to access the revision, please contact SPIE Digital Library Customer Service for assistance. In the late 1980s, Aharonov and colleagues developed the notion of a weak measurement of a quantum observable that does not appreciably disturb the system.1, 2 The measurement results are conditioned on both the pre-selected and post-selected state of the quantum system. While any one measurement reveals very little information, by making the same measurement on a large ensemble of identically prepared pre- and post-selected (PPS) states and averaging the results, one may obtain what is known as the weak value of the observable with respect to that PPS ensemble. Recently, weak measurements have been proposed as a method of assessing the security of QKD in the well-known BB84 protocol.3 This weak value augmented QKD protocol (WV-QKD) works by additionally requiring the receiver, Bob, to make a weak measurement of a particular observable prior to his strong measurement. For the subset of measurement results in which Alice and Bob's measurement bases do not agree, the weak measurement results can be used to detect any attempt by an eavesdropper, Eve, to correlate her measurement results with Bob's. Furthermore, the well-known detector blinding attacks, which are known to perfectly correlate Eve's results with Bob's without being caught by conventional BB84 implementations, actually make the eavesdropper more visible in the new WV-QKD protocol. In this paper, we will introduce the WV-QKD protocol and discuss its generalization to the 6-state single qubit protocol. We will discuss the types of weak measurements that are optimal for this protocol, and compare the predicted performance of the 6- and 4-state WV-QKD protocols.

Measuring Stability and Security in Iraq

National Research Council Canada - National Science Library

2007-01-01

... 1308 of Public Law 110-28. The report includes specific performance indicators and measures of progress toward political, economic, and security stability in Iraq, as directed in that legislation...

Cost-effectiveness of Security Measures: A model-based Framework

DEFF Research Database (Denmark)

Pieters, Wolter; Probst, Christian W.; Lukszo, Zofia

2014-01-01

Recently, cyber security has become an important topic on the agenda of many organisations. It is already widely acknowledged that attacks do happen, and decision makers face the problem of how to respond. As it is almost impossible to secure a complex system completely, it is important to have...... an adequate estimate of the effectiveness of security measures when making investment decisions. Risk concepts are known in principle, but estimating the effectiveness of countermeasure proves to be difficult and cannot be achieved by qualitative approaches only. In this chapter, the authors consider...... the question of how to guarantee cost-effectiveness of security measures. They investigate the possibility of using existing frameworks and tools, the challenges in a security context as opposed to a safety context, and directions for future research....

Security in the transport of radioactive material: Implementing guide. Spanish edition; La seguridad fisica en el transporte de materiales radiactivos. Guia de aplicacion

Energy Technology Data Exchange (ETDEWEB)

NONE

2013-07-01

This guide provides States with guidance in implementing, maintaining or enhancing a nuclear security regime to protect radioactive material (including nuclear material) in transport against theft, sabotage or other malicious acts that could, if successful, have unacceptable radiological consequences. From a security point of view, a threshold is defined for determining which packages or types of radioactive material need to be protected beyond prudent management practice. Minimizing the likelihood of theft or sabotage of radioactive material in transport is accomplished by a combination of measures to deter, detect, delay and respond to such acts. These measures are complemented by other measures to recover stolen material and to mitigate possible consequences, in order to further reduce the risks.

Security aspects of database systems implementation

OpenAIRE

Pokorný, Tomáš

2009-01-01

The aim of this thesis is to provide a comprehensive overview of database systems security. Reader is introduced into the basis of information security and its development. Following chapter defines a concept of database system security using ISO/IEC 27000 Standard. The findings from this chapter form a complex list of requirements on database security. One chapter also deals with legal aspects of this domain. Second part of this thesis offers a comparison of four object-relational database s...

Implementation of chaotic secure communication systems based on OPA circuits

International Nuclear Information System (INIS)

Huang, C.-K.; Tsay, S.-C.; Wu, Y.-R.

2005-01-01

In this paper, we proposed a novel three-order autonomous circuit to construct a chaotic circuit with double scroll characteristic. The design idea is to use RLC elements and a nonlinear resistor. The one of salient features of the chaotic circuit is that the circuit with two flexible breakpoints of nonlinear element, and the advantage of the flexible breakpoint is that it increased complexity of the dynamical performance. Here, if we take a large and suitable breakpoint value, then the chaotic state can masking a large input signal in the circuit. Furthermore, we proposed a secure communication hyperchaotic system based on the proposed chaotic circuits, where the chaotic communication system is constituted by a chaotic transmitter and a chaotic receiver. To achieve the synchronization between the transmitter and the receiver, we are using a suitable Lyapunov function and Lyapunov theorem to design the feedback control gain. Thus, the transmitting message masked by chaotic state in the transmitter can be guaranteed to perfectly recover in the receiver. To achieve the systems performance, some basic components containing OPA, resistor and capacitor elements are used to implement the proposed communication scheme. From the viewpoints of circuit implementation, this proposed chaotic circuit is superior to the Chua chaotic circuits. Finally, the test results containing simulation and the circuit measurement are shown to demonstrate that the proposed method is correct and feasible

No nuclear safety without security

International Nuclear Information System (INIS)

Anon.

2016-01-01

ead of Health and Safety - Nuclear Safety and Corporate Security at ENGIE Benelux, Pierre Doumont has the delicate job of defining and implementing measures, including cybersecurity, to prevent the risk of malevolent acts against tangible and intangible assets. He gives some hints on the contribution of nuclear security to safety.

Evaluation of Data Security Measures in a Network Environment Towards Developing Cooperate Data Security Guidelines

OpenAIRE

Ayub Hussein Shirandula; Dr. G. Wanyembi; Mr. Maina karume

2012-01-01

Data security in a networked environment is a topic that has become significant in organizations. As companies and organizations rely more on technology to run their businesses, connecting system to each other in different departments for efficiency data security is the concern for administrators. This research assessed the data security measures put in place at Mumias Sugar Company and the effort it was using to protect its data. The researcher also highlighted major security issues that wer...

Vague Sets Security Measure for Steganographic System Based on High-Order Markov Model

Directory of Open Access Journals (Sweden)

Chun-Juan Ouyang

2017-01-01

Full Text Available Security measure is of great importance in both steganography and steganalysis. Considering that statistical feature perturbations caused by steganography in an image are always nondeterministic and that an image is considered nonstationary, in this paper, the steganography is regarded as a fuzzy process. Here a steganographic security measure is proposed. This security measure evaluates the similarity between two vague sets of cover images and stego images in terms of n-order Markov chain to capture the interpixel correlation. The new security measure has proven to have the properties of boundedness, commutativity, and unity. Furthermore, the security measures of zero order, first order, second order, third order, and so forth are obtained by adjusting the order value of n-order Markov chain. Experimental results indicate that the larger n is, the better the measuring ability of the proposed security measure will be. The proposed security measure is more sensitive than other security measures defined under a deterministic distribution model, when the embedding is low. It is expected to provide a helpful guidance for designing secure steganographic algorithms or reliable steganalytic methods.

The adoption of IT security standards in a healthcare environment.

Science.gov (United States)

Gomes, Rui; Lapão, Luís Velez

2008-01-01

Security is a vital part of daily life to Hospitals that need to ensure that the information is adequately secured. In Portugal, more CIOs are seeking that their hospital IS departments are properly protecting information assets from security threats. It is imperative to take necessary measures to ensure risk management and business continuity. Security management certification provides just such a guarantee, increasing patient and partner confidence. This paper introduces one best practice for implementing four security controls in a hospital datacenter infrastructure (ISO27002), and describes the security assessment for implementing such controls.

Measuring Stability and Security in Iraq

National Research Council Canada - National Science Library

2007-01-01

This report to Congress, Measuring Stability and Security in Iraq, is submitted pursuant to Section 9010 of the Department of Defense Appropriations Act 2007, Public Law 109-289 as amended by Section...

76 FR 39315 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/ALL-030 Use of...

Science.gov (United States)

2011-07-06

... the Terrorist Screening Database System of Records relates to official DHS national security and law... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary 6 CFR Part 5 [Docket No. DHS-2011-0060] Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/ALL--030 Use of the...

Contemporary security management

CERN Document Server

Fay, John

2010-01-01

Contemporary Security Management, 3rd Edition teaches security professionals how to operate an efficient security department and how to integrate smoothly with other groups inside and outside their own organizations. Fay demonstrates the specifics of security management: * how to organize, plan, develop and manage a security operation. * how to identify vulnerabilities. * how to determine the protective resources required to offset threats. * how to implement all necessary physical and IT security measures. Security professionals share the responsibility for mitigating damage, serving as a resource to an Emergency Tactical Center, assisting the return of business continuity, and liaising with local response agencies such as police and fire departments, emergency medical responders, and emergency warning centers. At the organizational level, the book addresses budgeting, employee performance, counseling, hiring and termination, employee theft and other misconduct, and offers sound advice on building constructi...

Information security management with ITIL V3

CERN Document Server

Cazemier, Jacques A; Peters, Louk

2010-01-01

This groundbreaking new title looks at Information Security from defining what security measures positively support the business, to implementation to maintaining the required level and anticipating required changes. It covers:Fundamentals of information security ? providing readers insight and give background about what is going to be managed. Topics covered include: types of security controls, business benefits and the perspectives of business, customers, partners, service providers, and auditors.Fundamentals of management of information security - explains what information security manageme

Implementation of continuous-variable quantum key distribution with composable and one-sided-device-independent security against coherent attacks.

Science.gov (United States)

Gehring, Tobias; Händchen, Vitus; Duhme, Jörg; Furrer, Fabian; Franz, Torsten; Pacher, Christoph; Werner, Reinhard F; Schnabel, Roman

2015-10-30

Secret communication over public channels is one of the central pillars of a modern information society. Using quantum key distribution this is achieved without relying on the hardness of mathematical problems, which might be compromised by improved algorithms or by future quantum computers. State-of-the-art quantum key distribution requires composable security against coherent attacks for a finite number of distributed quantum states as well as robustness against implementation side channels. Here we present an implementation of continuous-variable quantum key distribution satisfying these requirements. Our implementation is based on the distribution of continuous-variable Einstein-Podolsky-Rosen entangled light. It is one-sided device independent, which means the security of the generated key is independent of any memoryfree attacks on the remote detector. Since continuous-variable encoding is compatible with conventional optical communication technology, our work is a step towards practical implementations of quantum key distribution with state-of-the-art security based solely on telecom components.

Implementation of continuous-variable quantum key distribution with composable and one-sided-device-independent security against coherent attacks

Science.gov (United States)

Gehring, Tobias; Händchen, Vitus; Duhme, Jörg; Furrer, Fabian; Franz, Torsten; Pacher, Christoph; Werner, Reinhard F.; Schnabel, Roman

2015-10-01

Secret communication over public channels is one of the central pillars of a modern information society. Using quantum key distribution this is achieved without relying on the hardness of mathematical problems, which might be compromised by improved algorithms or by future quantum computers. State-of-the-art quantum key distribution requires composable security against coherent attacks for a finite number of distributed quantum states as well as robustness against implementation side channels. Here we present an implementation of continuous-variable quantum key distribution satisfying these requirements. Our implementation is based on the distribution of continuous-variable Einstein-Podolsky-Rosen entangled light. It is one-sided device independent, which means the security of the generated key is independent of any memoryfree attacks on the remote detector. Since continuous-variable encoding is compatible with conventional optical communication technology, our work is a step towards practical implementations of quantum key distribution with state-of-the-art security based solely on telecom components.

Security Measurement for Unknown Threats Based on Attack Preferences

Directory of Open Access Journals (Sweden)

Lihua Yin

2018-01-01

Full Text Available Security measurement matters to every stakeholder in network security. It provides security practitioners the exact security awareness. However, most of the works are not applicable to the unknown threat. What is more, existing efforts on security metric mainly focus on the ease of certain attack from a theoretical point of view, ignoring the “likelihood of exploitation.” To help administrator have a better understanding, we analyze the behavior of attackers who exploit the zero-day vulnerabilities and predict their attack timing. Based on the prediction, we propose a method of security measurement. In detail, we compute the optimal attack timing from the perspective of attacker, using a long-term game to estimate the risk of being found and then choose the optimal timing based on the risk and profit. We design a learning strategy to model the information sharing mechanism among multiattackers and use spatial structure to model the long-term process. After calculating the Nash equilibrium for each subgame, we consider the likelihood of being attacked for each node as the security metric result. The experiment results show the efficiency of our approach.

On the implementation of a deterministic secure coding protocol using polarization entangled photons

OpenAIRE

Ostermeyer, Martin; Walenta, Nino

2007-01-01

We demonstrate a prototype-implementation of deterministic information encoding for quantum key distribution (QKD) following the ping-pong coding protocol [K. Bostroem, T. Felbinger, Phys. Rev. Lett. 89 (2002) 187902-1]. Due to the deterministic nature of this protocol the need for post-processing the key is distinctly reduced compared to non-deterministic protocols. In the course of our implementation we analyze the practicability of the protocol and discuss some security aspects of informat...

Security of Radioactive Waste

International Nuclear Information System (INIS)

Goldammer, W.

2003-01-01

Measures to achieve radioactive waste security are discussed. Categorization of waste in order to implement adequate and consistent security measures based on potential consequences is made. The measures include appropriate treatment/storage/disposal of waste to minimize the potential and consequences of malicious acts; management of waste only within an authorised, regulated, legal framework; management of the security of personnel and information; measures to minimize the acquisition of radioactive waste by those with malicious intent. The specific measures are: deter unauthorized access to the waste; detect any such attempt or any loss or theft of waste; delay unauthorized access; provide timely response to counter any attempt to gain unauthorised access; measures to minimize acts of sabotage; efforts to recover any lost or stolen waste; mitigation and emergency plans in case of release of radioactivity. An approach to develop guidance, starting with the categorisation of sources and identification of dangerous sources, is presented. Dosimetric criteria for internal and external irradiation are set. Different exposure scenarios are considered. Waste categories and security categories based on the IAEA INFCIRC/225/Rev.4 are presented

Beyond grid security

International Nuclear Information System (INIS)

Hoeft, B; Epting, U; Koenig, T

2008-01-01

While many fields relevant to Grid security are already covered by existing working groups, their remit rarely goes beyond the scope of the Grid infrastructure itself. However, security issues pertaining to the internal set-up of compute centres have at least as much impact on Grid security. Thus, this talk will present briefly the EU ISSeG project (Integrated Site Security for Grids). In contrast to groups such as OSCT (Operational Security Coordination Team) and JSPG (Joint Security Policy Group), the purpose of ISSeG is to provide a holistic approach to security for Grid computer centres, from strategic considerations to an implementation plan and its deployment. The generalised methodology of Integrated Site Security (ISS) is based on the knowledge gained during its implementation at several sites as well as through security audits, and this will be briefly discussed. Several examples of ISS implementation tasks at the Forschungszentrum Karlsruhe will be presented, including segregation of the network for administration and maintenance and the implementation of Application Gateways. Furthermore, the web-based ISSeG training material will be introduced. This aims to offer ISS implementation guidance to other Grid installations in order to help avoid common pitfalls

New computer security measures

CERN Multimedia

IT Department

2008-01-01

As a part of the long-term strategy to improve computer security at CERN, and especially given the attention focused to CERN by the start-up of the LHC, two additional security measures concerning DNS and Tor will shortly be introduced. These are described in the following texts and will affect only a small number of users. "PHISHING" ATTACKS CONTINUE CERN computer users continue to be subjected to attacks by people trying to infect our machines and obtain passwords and other confidential information by social engineering trickery. Recent examples include an e-mail message sent from "La Poste" entitled "Colis Postal" on 21 August, a fake mail sent from web and mail services on 8 September, and an e-mail purporting to come from Hallmark Cards announcing the arrival of an electronic postcard. However, there are many other examples and there are reports of compromised mail accounts being used for more realistic site-specific phishing attempts. Given the increased publicity rela...

Measuring the security of energy exports demand in OPEC economies

International Nuclear Information System (INIS)

Dike, Jude Chukwudi

2013-01-01

One of the objectives of OPEC is the security of demand for the crude oil exports of its members. Achieving this objective is imperative with the projected decline in OECD countries' crude oil demand among other crude oil demand shocks. This paper focuses on determining the external crude oil demand security risks of OPEC member states. In assessing these risks, this study introduces two indexes. The first index, Risky Energy Exports Demand (REED), indicates the level of energy export demand security risks for OPEC members. It combines measures of export dependence, economic dependence, monopsony risk and transportation risk. The second index, Contribution to OPEC Risk Exposure (CORE), indicates the individual contribution of the OPEC members to OPEC's risk exposure. This study utilises the disaggregated index approach in measuring energy demand security risks for crude oil and natural gas and involves a country level analysis. With the disaggregated approach, the study shows that OPEC's energy export demand security risks differ across countries and energy types. - Highlights: • REED and CORE indexes are suitable measures for energy exports demand security risk. • The indexes show that energy demand security risk is different for each OPEC country. • The countries contribution to OPEC's energy demand security risk is also different. • The outcome is necessary for OPEC's common energy and climate change policies. • The outcome makes a case for oil demand security as a topical issue in the literature

Improving ward environments and developing skills for discharge with the implementation of self-catering on a low secure forensic unit.

Science.gov (United States)

O'Reilly, Alison

2016-01-01

The opportunities for service users to develop skills for more independent living and take control of their environments are limited in secure mental health units. This paper will outline a quality improvement project that changed how the catering services were delivered in a low secure unit in East London NHS Foundation Trust (ELFT). A Quality Improvement methodology was adopted incorporating the Plan, Do, Study, Act (PDSA) cycle which included the trial of service users preparing their own meals on a daily basis. The participation rates were measured and functional daily living skills were recorded. Following success of the trial, long-term implementation of self-catering was agreed, with service users being supported to prepare a shared evening meal every day on the ward with an average of 60% participation. Functional living skills indicated an improvement in the area of process skills. The project aligned with ELFT's aims of service users working in collaboration with staff to implement changes in service delivery.

75 FR 5491 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/U.S. Customs...

Science.gov (United States)

2010-02-03

... addressing privacy concerns. The fifteen- year retention period will allow CBP to access the data when needed... security, law enforcement and counterterrorism missions, while addressing privacy concerns. Legal or...] Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/U.S. Customs and Border...

Measuring Stability and Security in Iraq

National Research Council Canada - National Science Library

2008-01-01

... 1308 of Public Law 110-28 and Section 1224 of Public Law 110-181.1 The report includes specific performance indicators and measures of progress toward political, economic, and security stability in Iraq, as directed in that legislation...

Objective and Essential Elements of a State's Nuclear Security Regime. Nuclear Security Fundamentals

International Nuclear Information System (INIS)

2013-01-01

The possibility that nuclear material or other radioactive material could be used for criminal purposes or intentionally used in an unauthorized manner cannot be ruled out in the current global situation. States have responded to this risk by engaging in a collective commitment to strengthen the protection and control of such material and to respond effectively to nuclear security events. States have agreed to strengthen existing instruments and have established new international legal instruments to enhance nuclear security worldwide. Nuclear security is fundamental in the management of nuclear technologies and in applications where nuclear material or other radioactive material is used or transported. Through its nuclear security programme, the IAEA supports States to establish, maintain and sustain an effective nuclear security regime. The IAEA has adopted a comprehensive approach to nuclear security. This recognizes that an effective national nuclear security regime builds on: the implementation of relevant international legal instruments; information protection; physical protection; material accounting and control; detection of and response to trafficking in such material; national response plans; and contingency measures. With its Nuclear Security Series, the IAEA aims to assist States in implementing and sustaining such a regime in a coherent and integrated manner. The IAEA Nuclear Security Series comprises: Nuclear Security Fundamentals, which include the objective and essential elements of a State's nuclear security regime; Recommendations; Implementing Guides; and Technical Guidance. Each State carries the full responsibility for nuclear security. Specifically, each State has the responsibility to provide for the security of nuclear material and other radioactive material and their associated facilities and activities; to ensure the security of such material in use, storage, or in transport; to combat illicit trafficking and the inadvertent movement of

Security patterns in practice designing secure architectures using software patterns

CERN Document Server

Fernandez-Buglioni, Eduardo

2013-01-01

Learn to combine security theory and code to produce secure systems Security is clearly a crucial issue to consider during the design and implementation of any distributed software architecture. Security patterns are increasingly being used by developers who take security into serious consideration from the creation of their work. Written by the authority on security patterns, this unique book examines the structure and purpose of security patterns, illustrating their use with the help of detailed implementation advice, numerous code samples, and descriptions in UML. Provides

Radiological Threat Reduction (RTR) program: implementing physical security to protect large radioactive sources worldwide

International Nuclear Information System (INIS)

Lowe, Daniel L.

2004-01-01

The U.S. Department of Energy's Radiological Threat Reduction (RTR) Program strives to reduce the threat of a Radiological Dispersion Device (RDD) incident that could affect U.S. interests worldwide. Sandia National Laboratories supports the RTR program on many different levels. Sandia works directly with DOE to develop strategies, including the selection of countries to receive support and the identification of radioactive materials to be protected. Sandia also works with DOE in the development of guidelines and in training DOE project managers in physical protection principles. Other support to DOE includes performing rapid assessments and providing guidance for establishing foreign regulatory and knowledge infrastructure. Sandia works directly with foreign governments to establish cooperative agreements necessary to implement the RTR Program efforts to protect radioactive sources. Once necessary agreements are in place, Sandia works with in-country organizations to implement various security related initiatives, such as installing security systems and searching for (and securing) orphaned radioactive sources. The radioactive materials of interest to the RTR program include Cobalt 60, Cesium 137, Strontium 90, Iridium 192, Radium 226, Plutonium 238, Americium 241, Californium 252, and Others. Security systems are implemented using a standardized approach that provides consistency through out the RTR program efforts at Sandia. The approach incorporates a series of major tasks that overlap in order to provide continuity. The major task sequence is to: Establish in-country contacts - integrators, Obtain material characterizations, Perform site assessments and vulnerability assessments, Develop upgrade plans, Procure and install equipment, Conduct acceptance testing and performance testing, Develop procedures, and Conduct training. Other tasks are incorporated as appropriate and commonly include such as support of reconfiguring infrastructure, and developing security

Security measures in transport of radiation source in Jordan

Energy Technology Data Exchange (ETDEWEB)

Mohammad, Alslman [Korea Advanced Institute of Science and Technology, Kaist Daejeon (Korea, Republic of); Choi, Kwang Sik [Korea Institute of Nuclear Safety, Daejeon (Korea, Republic of)

2011-05-15

Radioactive materials are used in Jordan for peaceful applications in medicine, industry, agriculture, environmental science, education and research and military applications. Most of these radioactive sources used are imported, therefore trans-boundary movement is a significant factor in consideration of security measures during movement of these sources. After 11/9 2001 event, IAEA efforts began to focus and concentrate on security in transport of radioactive materials, after the emergence of risks of using these sources in terrorist activities. In 2002, Efforts were initiated by the IAEA to provide additional guidance for security in the transport of radioactive materials, based upon the new security requirements in the Recommendations on the Transport of Dangerous Goods. This paper reviews some of the measures relating to the transport of radioactive materials in Jordan

Measuring Stability and Security in Iraq

National Research Council Canada - National Science Library

2008-01-01

... by Section 1308 of Public Law 110-28 and Section 1224 of Public Law 110-181. The report includes specific performance indicators and measures of progress toward political, economic, and security stability in Iraq, as directed in that legislation...

An FPGA Implementation of Secured Steganography Communication System

Directory of Open Access Journals (Sweden)

Ahlam Fadhil Mahmood

2013-04-01

Full Text Available     Steganography is the idea of hiding secret message in multimedia cover which will be transmitted through the Internet. The cover carriers can be image, video, sound or text data. This paper presents an implementation of color image steganographic system on Field Programmable Gate Array and the information hiding/extracting techniques in various images. The proposed algorithm is based on merge between the idea from the random pixel manipulation methods and the Least Significant Bit (LSB matching of Steganography embedding and extracting method.        In a proposed steganography hardware approach, Linear Feedback Shift Register (LFSR method has been used in stego architecture to hide the information in the image. The LFSRs are utilized in this approach as address generators. Different LFSR arrangements using different connection unit have been implemented at the hardware level for hiding/extracting the secret data. Multilayer embedding is implemented in parallel manner with a three-stage pipeline on FPGA.      This work showed attractive results especially in the high throughputs, better stego-image quality, requires little calculation and less utilization of FPGA area. The imperceptibility of the technique combined with high payload, robustness of embedded data and accurate data retrieval renders the proposed Steganography system is suitable for covert communication and secures data transmission applications

An FPGA Implementation of Secured Steganography Communication System

Directory of Open Access Journals (Sweden)

Ahlam Mahmood

2014-04-01

Full Text Available Steganography is the idea of hiding secret message in multimedia cover which will be transmitted through the Internet. The cover carriers can be image, video, sound or text data. This paper presents an implementation of color image steganographic system on Field Programmable Gate Array and the information hiding/extracting techniques in various images. The proposed algorithm is based on merge between the idea from the random pixel manipulation methods and the Least Significant Bit (LSB matching of Steganography embedding and extracting method.  In a proposed steganography hardware approach, Linear Feedback Shift Register (LFSR method has been used in stego architecture to hide the information in the image. The LFSRs are utilized in this approach as address generators. Different LFSR arrangements using different connection unit have been implemented at the hardware level for hiding/extracting the secret data. Multilayer embedding is implemented in parallel manner with a three-stage pipeline on FPGA.  This work showed attractive results especially in the high throughputs, better stego-image quality, requires little calculation and less utilization of FPGA area. The imperceptibility of the technique combined with high payload, robustness of embedded data and accurate data retrieval renders the proposed Steganography system is suitable for covert communication and secure data transmission applications

75 FR 7979 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/ALL-027 The...

Science.gov (United States)

2010-02-23

... privacy issues please contact: Mary Ellen Callahan (703-235-0780), Chief Privacy Officer, Privacy Office...] Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/ALL-027 The History of the Department of Homeland Security System of Records AGENCY: Privacy Office, DHS. ACTION: Notice of...

MEASURING CHILDREN'S FOOD SECURITY IN U.S. HOUSEHOLDS, 1995-99

OpenAIRE

Nord, Mark; Bickel, Gary

2002-01-01

The capacity to accurately measure the food security status of children in household surveys is an essential tool for monitoring food insecurity and hunger at the most severe levels in U.S. households and for assessing programs designed to prevent or ameliorate these conditions. USDA has developed a children's food security scale to meet this measurement need. The scale is calculated from 8 questions in the 18-item food security survey module that ask specifically about food-related experienc...

[Research and implementation of the TLS network transport security technology based on DICOM standard].

Science.gov (United States)

Lu, Xiaoqi; Wang, Lei; Zhao, Jianfeng

2012-02-01

With the development of medical information, Picture Archiving and Communications System (PACS), Hospital Information System/Radiology Information System(HIS/RIS) and other medical information management system become popular and developed, and interoperability between these systems becomes more frequent. So, these enclosed systems will be open and regionalized by means of network, and this is inevitable. If the trend becomes true, the security of information transmission may be the first problem to be solved. Based on the need for network security, we investigated the Digital Imaging and Communications in Medicine (DICOM) Standard and Transport Layer Security (TLS) Protocol, and implemented the TLS transmission of the DICOM medical information with OpenSSL toolkit and DCMTK toolkit.

Building and implementing a security certification and accreditation program official (ISC)2 guide to the CAPCM CBK

CERN Document Server

Howard, Patrick D

2004-01-01

Building and Implementing a Security Certification and Accreditation Program: Official (ISC)2 Guide to the CAP CBK demonstrates the practicality and effectiveness of certification and accreditation (C&A) as a risk management methodology for IT systems in both public and private organizations. It provides security professionals with an overview of C&A components, enabling them to document the status of the security controls of their IT systems, and learn how to secure systems via standard, repeatable processes.  This book consists of four main sections. It begins with a description of what it

Tailoring NIST Security Controls for the Ground System: Selection and Implementation -- Recommendations for Information System Owners

Science.gov (United States)

Takamura, Eduardo; Mangum, Kevin

2016-01-01

. Certain protective measures for the general enterprise may not be as efficient within the ground segment. This is what the authors have concluded through observations and analysis of patterns identified from the various security assessments performed on NASA missions such as MAVEN, OSIRIS-REx, New Horizons and TESS, to name a few. The security audits confirmed that the framework for managing information system security developed by the National Institute of Standards and Technology (NIST) for the federal government, and adopted by NASA, is indeed effective. However, the selection of the technical, operational and management security controls offered by the NIST model - and how they are implemented - does not always fit the nature and the environment where the ground system operates in even though there is no apparent impact on mission success. The authors observed that unfit controls, that is, controls that are not necessarily applicable or sufficiently effective in protecting the mission systems, are often selected to facilitate compliance with security requirements and organizational expectations even if the selected controls offer minimum or non-existent protection. This paper identifies some of the standard security controls that can in fact protect the ground system, and which of them offer little or no benefit at all. It offers multiple scenarios from real security audits in which the controls are not effective without, of course, disclosing any sensitive information about the missions assessed. In addition to selection and implementation of controls, the paper also discusses potential impact of recent legislation such as the Federal Information Security Modernization Act (FISMA) of 2014 - aimed at the enterprise - on the ground system, and offers other recommendations to Information System Owners (ISOs).

Fluctuations of Internal Transmittance in Security of Measurement-Device-Independent Quantum Key Distribution with an Untrusted Source*

International Nuclear Information System (INIS)

Wang Yang; Bao Wan-Su; Chen Rui-Ke; Zhou Chun; Jiang Mu-Sheng; Li Hong-Wei

2017-01-01

Measurement-device-independent quantum key distribution (MDI-QKD) is immune to detector side channel attacks, which is a crucial security loophole problem in traditional QKD. In order to relax a key assumption that the sources are trusted in MDI-QKD, an MDI-QKD protocol with an untrusted source has been proposed. For the security of MDI-QKD with an untrusted source, imperfections in the practical experiment should also be taken into account. In this paper, we analyze the effects of fluctuations of internal transmittance on the security of a decoy-state MDI-QKD protocol with an untrusted source. Our numerical results show that both the secret key rate and the maximum secure transmission distance decrease when taken fluctuations of internal transmittance into consideration. Especially, they are more sensitive when Charlie’s mean photon number per pulse is smaller. Our results emphasize that the stability of correlative optical devices is important for practical implementations . (paper)

Secure it now or secure it later: the benefits of addressing cyber-security from the outset

Science.gov (United States)

Olama, Mohammed M.; Nutaro, James

2013-05-01

The majority of funding for research and development (R&D) in cyber-security is focused on the end of the software lifecycle where systems have been deployed or are nearing deployment. Recruiting of cyber-security personnel is similarly focused on end-of-life expertise. By emphasizing cyber-security at these late stages, security problems are found and corrected when it is most expensive to do so, thus increasing the cost of owning and operating complex software systems. Worse, expenditures on expensive security measures often mean less money for innovative developments. These unwanted increases in cost and potential slowing of innovation are unavoidable consequences of an approach to security that finds and remediate faults after software has been implemented. We argue that software security can be improved and the total cost of a software system can be substantially reduced by an appropriate allocation of resources to the early stages of a software project. By adopting a similar allocation of R&D funds to the early stages of the software lifecycle, we propose that the costs of cyber-security can be better controlled and, consequently, the positive effects of this R&D on industry will be much more pronounced.

Measuring Short-term Energy Security

Energy Technology Data Exchange (ETDEWEB)

NONE

2011-07-01

Ensuring energy security has been at the centre of the IEA mission since its inception, following the oil crises of the early 1970s. While the security of oil supplies remains important, contemporary energy security policies must address all energy sources and cover a comprehensive range of natural, economic and political risks that affect energy sources, infrastructures and services. In response to this challenge, the IEA is currently developing a Model Of Short-term Energy Security (MOSES) to evaluate the energy security risks and resilience capacities of its member countries. The current version of MOSES covers short-term security of supply for primary energy sources and secondary fuels among IEA countries. It also lays the foundation for analysis of vulnerabilities of electricity and end-use energy sectors. MOSES contains a novel approach to analysing energy security, which can be used to identify energy security priorities, as a starting point for national energy security assessments and to track the evolution of a country's energy security profile. By grouping together countries with similar 'energy security profiles', MOSES depicts the energy security landscape of IEA countries. By extending the MOSES methodology to electricity security and energy services in the future, the IEA aims to develop a comprehensive policy-relevant perspective on global energy security. This Brochure provides and overview of the analysis and results. Readers interested in an in-depth discussion of methodology are referred to the MOSES Working Paper.

Forensic nursing in secure environments.

Science.gov (United States)

Shelton, Deborah

2009-01-01

There are few well-designed studies of corrections or prison nursing roles. This study seeks to describe the corrections or prison role of forensic nurses in the United States who provide care in secure environments. National data detailing the scope of practice in secure environments are limited. This pencil and paper survey describes the roles of 180 forensic nurses from 14 states who work in secure environments. Descriptive statistics are utilized. A repeated measures ANOVA with post hoc analyses was implemented. These nurses were older than average in age, but had 10 years or less experience in forensic nursing practice. Two significant roles emerged to "promote and implement principles that underpin effective quality and practice" and to "assess, develop, implement, and improve programs of care for individuals." Significant roles varied based upon the security classification of the unit or institution in which the nurses were employed. Access to information about these nurses and their nursing practice was difficult in these closed systems. Minimal data are available nationally, indicating a need for collection of additional data over time to examine changes in role. It is through such developments that forensic nursing provided in secure environments will define its specialization and attract the attention it deserves.

Data Security Measures in the IT Service Industry: A Balance between Knowledge & Action

Directory of Open Access Journals (Sweden)

N. Mlitwa

2008-12-01

Full Text Available That knowledge is power is fast becoming a cliche within the intelligentsia. Such power however, depends largely on how knowledge itself is exchanged and used, which says a lot about the tools of its transmission, exchange, and storage. Information and communication technology (ICT plays a significant role in this respect. As a networked tool, it enables efficient exchanges of video, audio and text data beyond geographical and time constraints. Since this data is exchanged over the worldwide web (www, it can be accessible by anyone in the world using the internet. The risk of unauthorised access, interception, modification, or even theft of confidential information, leading to financial losses in information dependant competitive institutions is therefore high. Improving efficiencies through ICT therefore, comes with security responsibilities. The problem however is that most organizations tend to focus on task-enhancing efficiencies and neglect security. Possibly due to limited awareness about security, underestimating the problem, concerns about security costs, or through plain negligence. The activity theory of Engestrm and the activity analysis development framework of Mursu et al are used as analytical lenses to the cybercrime challenge in this paper. A practical case study of Company X, an IT service provider in Malawi is then used to understand the extent to which organisations that offer electronic data solutions prioritise security in their operations. It is found that even better informed organisations fall short in taking adequate data security measures. A recommendation for all organisations is that they should not only have a clear policy, but also ensure that it is routinely and consistently implemented throughout the operations if information capital is to be secured. A framework towards a holistic approach to thinking about, and in addressing cybercrime is suggested, and recommended in the paper.

Information Security: USDA Needs to Implement Its Departmentwide Information Security Plan

National Research Council Canada - National Science Library

2000-01-01

USDA has taken positive steps to begin improving its information security by developing its August 1999 Action Plan with recommendations to strengthen department-wide information security and hiring...

Gas markets and security of supply

International Nuclear Information System (INIS)

Gibot, G.

1997-01-01

In the natural gas business, some European states and companies seem to be concerned by security of supply. Security of supply for a governmental organisation is discussed, to share the author's conception and experience. The targets of a security of supply policy and the measures that can be set are described. The possible changes in implementing this policy are considered, according to recent developments in the field of gas security. The specificity of European gas markets justify the concern in security of supply, as concluded the Commission and the IEA. The integration of national gas markets in Europe will give new opportunities for managing this security of supply. (R.P.)

Developing measures of food and nutrition security within an Australian context.

Science.gov (United States)

Archer, Claire; Gallegos, Danielle; McKechnie, Rebecca

2017-10-01

To develop a measure of food and nutrition security for use among an Australian population that measures all pillars of food security and to establish its content validity. The study consisted of two phases. Phase 1 involved focus groups with experts working in the area of food security. Data were assessed using content analysis and results informed the development of a draft tool. Phase 2 consisted of a series of three online surveys using the Delphi technique. Findings from each survey were used to establish content validity and progressively modify the tool until consensus was reached for all items. Australia. Phase 1 focus groups involved twenty-five experts working in the field of food security, who were attending the Dietitians Association of Australia National Conference, 2013. Phase 2 included twenty-five experts working in food security, who were recruited via email. Findings from Phase 1 supported the need for an Australian-specific tool and highlighted the failure of current tools to measure across all pillars of food security. Participants encouraged the inclusion of items to measure barriers to food acquisition and the previous single item to enable comparisons with previous data. Phase 2 findings informed the selection and modification of items for inclusion in the final tool. The results led to the development of a draft tool to measure food and nutrition security, and supported its content validity. Further research is needed to validate the tool among the Australian population and to establish inter- and intra-rater reliability.

Implementation of continuous-variable quantum key distribution with composable and one-sided-device-independent security against coherent attacks

DEFF Research Database (Denmark)

Gehring, Tobias; Haendchen, Vitus; Duhme, Joerg

2015-01-01

Secret communication over public channels is one of the central pillars of a modern information society. Using quantum key distribution this is achieved without relying on the hardness of mathematical problems, which might be compromised by improved algorithms or by future quantum computers. State......-of-the-art quantum key distribution requires composable security against coherent attacks for a finite number of distributed quantum states as well as robustness against implementation side channels. Here we present an implementation of continuous-variable quantum key distribution satisfying these requirements. Our...... with conventional optical communication technology, our work is a step towards practical implementations of quantum key distribution with state-of-the-art security based solely on telecom components....

Assessment of Performance Measures for Security of the Maritime Transportation Network. Port Security Metrics: Proposed Measurement of Deterrence Capability

National Research Council Canada - National Science Library

Hoaglund, Robert; Gazda, Walter

2007-01-01

The goal of this analysis is to provide ASCO and its customers with a comprehensive approach to the development of quantitative performance measures to assess security improvements to the port system...

Implementing healthcare information security: standards can help.

Science.gov (United States)

Orel, Andrej; Bernik, Igor

2013-01-01

Using widely spread common approaches to systems security in health dedicated controlled environments, a level of awareness, confidence and acceptance of relevant standardisation is evaluated. Patients' information is sensitive, so putting appropriate organisational techniques as well as modern technology in place to secure health information is of paramount importance. Mobile devices are becoming the top priorities in advanced information security planning with healthcare environments being no exception. There are less and less application areas in healthcare without having a need for a mobile functionality which represents an even greater information security challenge. This is also true in emergency treatments, rehabilitation and homecare just to mention a few areas outside hospital controlled environments. Unfortunately quite often traditional unsecured communications principles are still in routine use for communicating sensitive health related information. The security awareness level with users, patients and care professionals is not high enough so potential threats and risks may not be addressed and the respective information security management is therefore weak. Standards like ISO/IEC 27000 ISMS family, the ISO/IEC 27799 information security guidelines in health are often not well known, but together with legislation principles such as HIPAA, they can help.

Enhancing China’s energy security: Determining influential factors and effective strategic measures

International Nuclear Information System (INIS)

Ren, Jingzheng; Sovacool, Benjamin K.

2014-01-01

Highlights: • The most influential factors affecting China’s energy security are identified. • Fuzzy AHP is used to quantify the importance of influential factors. • Strategic measures for enhancing China’s energy security are prioritized. • Fuzzy AHP is used to determine the priorities of the strategic measures. - Abstract: This study investigates the most influential factors affecting China’s energy security. It also identifies the most effective strategic measures for enhancing it. Fuzzy AHP has been used to determine weights for ranking the importance of Chinese energy security factors, and it has also been used to determine the priorities of the strategic measures with respect to enhancing those same factors. The study argues that a low proportion of renewable energy penetration is the most severe factor threatening China’s energy security, and that conducting research and development on energy technologies and improving energy efficiency is the most salient, positive, and necessary strategic measure

Objective and Essential Elements of a State's Nuclear Security Regime. Nuclear Security Fundamentals (Chinese Edition)

International Nuclear Information System (INIS)

2014-01-01

The possibility that nuclear material or other radioactive material could be used for criminal purposes or intentionally used in an unauthorized manner cannot be ruled out in the current global situation. States have responded to this risk by engaging in a collective commitment to strengthen the protection and control of such material and to respond effectively to nuclear security events. States have agreed to strengthen existing instruments and have established new international legal instruments to enhance nuclear security worldwide. Nuclear security is fundamental in the management of nuclear technologies and in applications where nuclear material or other radioactive material is used or transported. Through its nuclear security programme, the IAEA supports States to establish, maintain and sustain an effective nuclear security regime. The IAEA has adopted a comprehensive approach to nuclear security. This recognizes that an effective national nuclear security regime builds on: the implementation of relevant international legal instruments; information protection; physical protection; material accounting and control; detection of and response to trafficking in such material; national response plans; and contingency measures. With its Nuclear Security Series, the IAEA aims to assist States in implementing and sustaining such a regime in a coherent and integrated manner. The IAEA Nuclear Security Series comprises: Nuclear Security Fundamentals, which include the objective and essential elements of a State's nuclear security regime; Recommendations; Implementing Guides; and Technical Guidance. Each State carries the full responsibility for nuclear security. Specifically, each State has the responsibility to provide for the security of nuclear material and other radioactive material and their associated facilities and activities; to ensure the security of such material in use, storage, or in transport; to combat illicit trafficking and the inadvertent movement of

Objective and Essential Elements of a State's Nuclear Security Regime. Nuclear Security Fundamentals (Arabic Edition)

International Nuclear Information System (INIS)

2014-01-01

The possibility that nuclear material or other radioactive material could be used for criminal purposes or intentionally used in an unauthorized manner cannot be ruled out in the current global situation. States have responded to this risk by engaging in a collective commitment to strengthen the protection and control of such material and to respond effectively to nuclear security events. States have agreed to strengthen existing instruments and have established new international legal instruments to enhance nuclear security worldwide. Nuclear security is fundamental in the management of nuclear technologies and in applications where nuclear material or other radioactive material is used or transported. Through its nuclear security programme, the IAEA supports States to establish, maintain and sustain an effective nuclear security regime. The IAEA has adopted a comprehensive approach to nuclear security. This recognizes that an effective national nuclear security regime builds on: the implementation of relevant international legal instruments; information protection; physical protection; material accounting and control; detection of and response to trafficking in such material; national response plans; and contingency measures. With its Nuclear Security Series, the IAEA aims to assist States in implementing and sustaining such a regime in a coherent and integrated manner. The IAEA Nuclear Security Series comprises: Nuclear Security Fundamentals, which include the objective and essential elements of a State's nuclear security regime; Recommendations; Implementing Guides; and Technical Guidance. Each State carries the full responsibility for nuclear security. Specifically, each State has the responsibility to provide for the security of nuclear material and other radioactive material and their associated facilities and activities; to ensure the security of such material in use, storage, or in transport; to combat illicit trafficking and the inadvertent movement of

Objective and Essential Elements of a State's Nuclear Security Regime. Nuclear Security Fundamentals (Spanish Edition)

International Nuclear Information System (INIS)

2014-01-01

The possibility that nuclear material or other radioactive material could be used for criminal purposes or intentionally used in an unauthorized manner cannot be ruled out in the current global situation. States have responded to this risk by engaging in a collective commitment to strengthen the protection and control of such material and to respond effectively to nuclear security events. States have agreed to strengthen existing instruments and have established new international legal instruments to enhance nuclear security worldwide. Nuclear security is fundamental in the management of nuclear technologies and in applications where nuclear material or other radioactive material is used or transported. Through its nuclear security programme, the IAEA supports States to establish, maintain and sustain an effective nuclear security regime. The IAEA has adopted a comprehensive approach to nuclear security. This recognizes that an effective national nuclear security regime builds on: the implementation of relevant international legal instruments; information protection; physical protection; material accounting and control; detection of and response to trafficking in such material; national response plans; and contingency measures. With its Nuclear Security Series, the IAEA aims to assist States in implementing and sustaining such a regime in a coherent and integrated manner. The IAEA Nuclear Security Series comprises: Nuclear Security Fundamentals, which include the objeurity Fundamentals, which include the objective and essential elements of a State's nuclear security regime; Recommendations; Implementing Guides; and Technical Guidance. Each State carries the full responsibility for nuclear security. Specifically, each State has the responsibility to provide for the security of nuclear material and other radioactive material and their associated facilities and activities; to ensure the security of such material in use, storage, or in transport; to combat illicit

Objective and Essential Elements of a State's Nuclear Security Regime. Nuclear Security Fundamentals (French Edition)

International Nuclear Information System (INIS)

2014-01-01

The possibility that nuclear material or other radioactive material could be used for criminal purposes or intentionally used in an unauthorized manner cannot be ruled out in the current global situation. States have responded to this risk by engaging in a collective commitment to strengthen the protection and control of such material and to respond effectively to nuclear security events. States have agreed to strengthen existing instruments and have established new international legal instruments to enhance nuclear security worldwide. Nuclear security is fundamental in the management of nuclear technologies and in applications where nuclear material or other radioactive material is used or transported. Through its nuclear security programme, the IAEA supports States to establish, maintain and sustain an effective nuclear security regime. The IAEA has adopted a comprehensive approach to nuclear security. This recognizes that an effective national nuclear security regime builds on: the implementation of relevant international legal instruments; information protection; physical protection; material accounting and control; detection of and response to trafficking in such material; national response plans; and contingency measures. With its Nuclear Security Series, the IAEA aims to assist States in implementing and sustaining such a regime in a coherent and integrated manner. The IAEA Nuclear Security Series comprises: Nuclear Security Fundamentals, which include the objective and essential elements of a State's nuclear security regime; Recommendations; Implementing Guides; and Technical Guidance. Each State carries the full responsibility for nuclear security. Specifically, each State has the responsibility to provide for the security of nuclear material and other radioactive material and their associated facilities and activities; to ensure the security of such material in use, storage, or in transport; to combat illicit trafficking and the inadvertent movement of

Implementing New-age Authentication Techniques using OpenID for Security Automation

OpenAIRE

Dharmendra Choukse; Umesh Kumar Singh; Deepak Sukheja; Rekha Shahapurkar

2010-01-01

Security of any software can be enhanced manifolds if multiple factors for authorization and authentication are used .The main aim of this work was to design and implement an Academy Automation Software for IPS Academy which uses OpenID and Windows CardSpace as Authentication Techniques in addition to Role Based Authentication (RBA) System to ensure that only authentic users can access the predefined roles as per their Authorization level. The Automation covers different computing hardware an...

Security Protocols in a Nutshell

OpenAIRE

Toorani, Mohsen

2016-01-01

Security protocols are building blocks in secure communications. They deploy some security mechanisms to provide certain security services. Security protocols are considered abstract when analyzed, but they can have extra vulnerabilities when implemented. This manuscript provides a holistic study on security protocols. It reviews foundations of security protocols, taxonomy of attacks on security protocols and their implementations, and different methods and models for security analysis of pro...

Security Protocols: Specification, Verification, Implementation, and Composition

DEFF Research Database (Denmark)

Almousa, Omar

An important aspect of Internet security is the security of cryptographic protocols that it deploys. We need to make sure that such protocols achieve their goals, whether in isolation or in composition, i.e., security protocols must not suffer from any aw that enables hostile intruders to break...... results. The most important generalization is the support for all security properties of the geometric fragment proposed by [Gut14]....... their security. Among others, tools like OFMC [MV09b] and Proverif [Bla01] are quite efficient for the automatic formal verification of a large class of protocols. These tools use different approaches such as symbolic model checking or static analysis. Either approach has its own pros and cons, and therefore, we...

School Security Measures and Longitudinal Trends in Adolescents' Experiences of Victimization.

Science.gov (United States)

Fisher, Benjamin W; Mowen, Thomas J; Boman, John H

2018-06-01

Although school security measures have become a common fixture in public schools across the United States, research on the relationship between security and adolescent victimization is mixed, with very few studies examining trends in adolescent victimization across time. Using two waves of data from the Educational Longitudinal Study 2002 (N = 7659; 50.6% female; 56.7% White, 13.3% Black, 13.5% Hispanic, 11.3% Asian American, 5.4% other race), results from a series of multi-level models demonstrate that adolescents in schools with more security measures report higher odds of being threatened with harm, and no difference in odds of being in a physical altercation or having something stolen over time. Although prior research has established racial disparities in using school security measures, results demonstrate inconsistent patterns in the extent to which adolescents' race conditions the relationship between security and victimization. The findings are discussed in light of existing theoretical and empirical work, and implications for both research and practice are offered.

Unification of Information Security Policies for Network Security Solutions

Directory of Open Access Journals (Sweden)

D.S. Chernyavskiy

2012-03-01

Full Text Available Diversity of command languages on network security solutions’ (NSS interfaces causes problems in a process of information security policy (ISP deployment. Unified model for security policy representation and implementation in NSS could aid to avoid such problems and consequently enhance efficiency of the process. The proposed solution is Unified language for network security policy (ULNSP. The language is based on formal languages theory, and being coupled with its translator, ULNSP makes it possible to formalize and implement ISP independently of particular NSS.

A study on the barriers of the implementation of social security act in ...

African Journals Online (AJOL)

In this study, an analytical review was done on the historical process and contexts of welfare system and social security in order to analyze and evaluate the main features of this act especially in the area of medical services. It was also attempted to study the executive barriers of the appropriate implementation of social ...

Securing Hadoop

CERN Document Server

Narayanan, Sudheesh

2013-01-01

This book is a step-by-step tutorial filled with practical examples which will focus mainly on the key security tools and implementation techniques of Hadoop security.This book is great for Hadoop practitioners (solution architects, Hadoop administrators, developers, and Hadoop project managers) who are looking to get a good grounding in what Kerberos is all about and who wish to learn how to implement end-to-end Hadoop security within an enterprise setup. It's assumed that you will have some basic understanding of Hadoop as well as be familiar with some basic security concepts.

Overview of security culture

International Nuclear Information System (INIS)

Matulanya, M. A.

2014-04-01

Nuclear Security culture concept has been aggressively promoted over the past several years as a tool to improve the physical protection of the nuclear and radioactive materials due to growing threats of catastrophic terrorism and other new security challenges. It is obvious that, the scope of nuclear security and the associated cultures need to be extended beyond the traditional task of protecting weapons-usable materials. The role of IAEA is to strengthen the nuclear security framework globally and in leading the coordination of international activities in this field. Therefore all governments should work closely with the IAEA to take stronger measures to ensure the physical protection, the safety and security of the nuclear and radioactive materials. In the effort to reflect this new realities and concerns, the IAEA in 2008 came up with the document, the Nuclear Security Culture, Nuclear Security Series No. 7, Implementing Guide to the member states which urged every member state to take appropriate measures to promote security culture with respect to nuclear and radioactive materials. The document depicted this cultural approach as the way to protect individual, society and the environment. Among other things, the document defined nuclear security culture as characteristics and attitudes in organizations and of individuals which establishes that, nuclear security issues receives attention warranted by their significance. (au)

Super-Encryption Implementation Using Monoalphabetic Algorithm and XOR Algorithm for Data Security

Science.gov (United States)

Rachmawati, Dian; Andri Budiman, Mohammad; Aulia, Indra

2018-03-01

The exchange of data that occurs offline and online is very vulnerable to the threat of data theft. In general, cryptography is a science and art to maintain data secrecy. An encryption is a cryptography algorithm in which data is transformed into cipher text, which is something that is unreadable and meaningless so it cannot be read or understood by other parties. In super-encryption, two or more encryption algorithms are combined to make it more secure. In this work, Monoalphabetic algorithm and XOR algorithm are combined to form a super- encryption. Monoalphabetic algorithm works by changing a particular letter into a new letter based on existing keywords while the XOR algorithm works by using logic operation XOR Since Monoalphabetic algorithm is a classical cryptographic algorithm and XOR algorithm is a modern cryptographic algorithm, this scheme is expected to be both easy-to-implement and more secure. The combination of the two algorithms is capable of securing the data and restoring it back to its original form (plaintext), so the data integrity is still ensured.

Implementing Information Security Management System as a part of business processes : Where to gain competitive advantage for ISMS?

OpenAIRE

Flyktman, Jari

2016-01-01

The Idea and background to the study subject lies in the interest in security, leadership and organizational development. The research question was how to provide best practices to fit these all together in harmony. The objective was to help small and medium sized organizations to understand the multifaceted nature of cybersecurity and requirements for successful implementation of information security management system (ISMS). ISMS help companies to form the needed security structures in pra...

Information Security and Wireless: Alternate Approaches for Controlling Access to Critical Information

National Research Council Canada - National Science Library

Nandram, Winsome

2004-01-01

.... Typically, network managers implement countermeasures to augment security. The goal of this thesis is to research approaches that compliment existing security measures with fine grain access control measures. The Extensible Markup Language (XML) is adopted to accommodate such granular access control as it provides the mechanisms for scaling security down to the document content level.

The Challenges of Balancing Safety and Security in Implantable Medical Devices.

Science.gov (United States)

Katzis, Konstantinos; Jones, Richard W; Despotou, George

2016-01-01

Modern Implantable Medical Devices (IMDs), implement capabilities that have contributed significantly to patient outcomes, as well as quality of life. The ever increasing connectivity of IMD's does raise security concerns though there are instances where implemented security measures might impact on patient safety. The paper discusses challenges of addressing both of these attributes in parallel.

Safety Evaluation Approach with Security Controls for Safety I and C Systems on Nuclear Power Plants

International Nuclear Information System (INIS)

Kim, D. H.; Jeong, S. Y.; Kim, Y. M.; Park, H. S.; Lee, M. S.; Kim, T. H.

2016-01-01

This paper addresses concepts of safety and security and relations between them for assessing effects of security features in safety systems. Also, evaluation approach for avoiding confliction with safety requirements and cyber security features which may be adopted in safety-related digital I and C system will be described. In this paper, safety-security life cycle model based confliction avoidance method was proposed to evaluate the effects when the cyber security control features are implemented in the safety I and C system. Also, safety effect evaluation results using the proposed evaluation method were described. In case of technical security controls, many of them are expected to conflict with safety requirements, otherwise operational and managerial controls are not relatively. Safety measures and cyber security measures for nuclear power plants should be implemented not to conflict with one another. Where safety function and security features are both required within the systems, and also where security features are implemented within safety systems, they should be justified

Safety Evaluation Approach with Security Controls for Safety I and C Systems on Nuclear Power Plants

Energy Technology Data Exchange (ETDEWEB)

Kim, D. H.; Jeong, S. Y.; Kim, Y. M.; Park, H. S. [KINS, Daejeon (Korea, Republic of); Lee, M. S.; Kim, T. H. [Formal Works Inc., Seoul (Korea, Republic of)

2016-05-15

This paper addresses concepts of safety and security and relations between them for assessing effects of security features in safety systems. Also, evaluation approach for avoiding confliction with safety requirements and cyber security features which may be adopted in safety-related digital I and C system will be described. In this paper, safety-security life cycle model based confliction avoidance method was proposed to evaluate the effects when the cyber security control features are implemented in the safety I and C system. Also, safety effect evaluation results using the proposed evaluation method were described. In case of technical security controls, many of them are expected to conflict with safety requirements, otherwise operational and managerial controls are not relatively. Safety measures and cyber security measures for nuclear power plants should be implemented not to conflict with one another. Where safety function and security features are both required within the systems, and also where security features are implemented within safety systems, they should be justified.

Visible School Security Measures and Student Academic Performance, Attendance, and Postsecondary Aspirations.

Science.gov (United States)

Tanner-Smith, Emily E; Fisher, Benjamin W

2016-01-01

Many U.S. schools use visible security measures (security cameras, metal detectors, security personnel) in an effort to keep schools safe and promote adolescents' academic success. This study examined how different patterns of visible security utilization were associated with U.S. middle and high school students' academic performance, attendance, and postsecondary educational aspirations. The data for this study came from two large national surveys--the School Crime Supplement to the National Crime Victimization Survey (N = 38,707 students; 51% male, 77% White, MAge = 14.72) and the School Survey on Crime and Safety (N = 10,340 schools; average student composition of 50% male, 57% White). The results provided no evidence that visible security measures had consistent beneficial effects on adolescents' academic outcomes; some security utilization patterns had modest detrimental effects on adolescents' academic outcomes, particularly the heavy surveillance patterns observed in a small subset of high schools serving predominantly low socioeconomic students. The findings of this study provide no evidence that visible security measures have any sizeable effects on academic performance, attendance, or postsecondary aspirations among U.S. middle and high school students.

Detection of Total Knee Arthroplasties at Airport Security Checkpoints: How Do Updated Security Measures Affect Patients?

Science.gov (United States)

Issa, Kimona; Pierce, Todd P; Gwam, Chukwuweieke; Goljan, Peter; Festa, Anthony; Scillia, Anthony J; Mont, Michael A

2017-07-01

Airport security measures continue to be updated with the incorporation of the new body scanners and automatic target recognition software. The purpose of this study was analyze the incidence of: (1) triggering the security alarm; (2) extra security searches; (3) perceived inconvenience; and (4) presence of other surgical hardware in those who underwent total knee arthroplasty (TKA) and passed through airport security. A questionnaire was given to 125 consecutive patients with a TKA. Those who passed through airport security after January 2014 were considered for inclusion. A questionnaire was administered that addressed the number of encounters with airport security, metal detector activation, additional screening procedures, and perceived inconvenience. Out of the 125 patients, 53 met inclusion criteria. Out of the 53 patients, 20 (38%) reported that their prosthesis triggered a metal detector. Out of the 20 patients, 8 (40%) who reported triggering of metal detectors also reported the presence of surgical hardware elsewhere in the body. Eighteen of the 53 patients (34%) believed having a TKA was inconvenient for airplane travel. Compared with the historical cohort, alarms were triggered in 70 of 97 patients ( p  = 0.0001) and 50 of 97 reported inconvenience when traveling ( n  = 50 of 97 patients; p  = 0.04). The incidences of those who underwent TKA triggering alarms and perceiving inconvenience when passing through airport security have decreased from previously published studies. This is most likely due to the recent updates and modifications to screening. As these security measures are modified and implant designs continue to evolve, this is an area of investigation that should continue. Thieme Medical Publishers 333 Seventh Avenue, New York, NY 10001, USA.

Pro Spring security

CERN Document Server

Scarioni, Carlo

2013-01-01

Security is a key element in the development of any non-trivial application. The Spring Security Framework provides a comprehensive set of functionalities to implement industry-standard authentication and authorization mechanisms for Java applications. Pro Spring Security will be a reference and advanced tutorial that will do the following: Guides you through the implementation of the security features for a Java web application by presenting consistent examples built from the ground-up. Demonstrates the different authentication and authorization methods to secure enterprise-level applications

Design and Implementation of a Secure Wireless Mote-Based Medical Sensor Network

Science.gov (United States)

Malasri, Kriangsiri; Wang, Lan

2009-01-01

A medical sensor network can wirelessly monitor vital signs of humans, making it useful for long-term health care without sacrificing patient comfort and mobility. For such a network to be viable, its design must protect data privacy and authenticity given that medical data are highly sensitive. We identify the unique security challenges of such a sensor network and propose a set of resource-efficient mechanisms to address these challenges. Our solution includes (1) a novel two-tier scheme for verifying the authenticity of patient data, (2) a secure key agreement protocol to set up shared keys between sensor nodes and base stations, and (3) symmetric encryption/decryption for protecting data confidentiality and integrity. We have implemented the proposed mechanisms on a wireless mote platform, and our results confirm their feasibility. PMID:22454585

IAEA Nuclear Security - Achievements 2002-2011

International Nuclear Information System (INIS)

2012-03-01

The possibility that nuclear or other radioactive material could be used for malicious purposes is real. This calls for a collective commitment to the control of, and accountancy for, material, as well as to adequate levels of protection in order to prevent criminal or unauthorized access to the material or associated facilities. Sharing of knowledge and experience, coordination among States and collaboration with other international organizations, initiatives and industries supports an effective international nuclear security framework. In 2001, the Board of Governors tasked the IAEA with improving nuclear security worldwide. The report that follows provides an overview of accomplishments over the last decade and reflects the importance that States assign to keeping material in the right hands. The IAEA has established a comprehensive nuclear security programme, described first in the Nuclear Security Plan of 2002-2005 and subsequently in the second plan of 2006- 2009. Activities included developing internationally accepted nuclear security guidance, supporting international legal instruments, protecting material and facilities, securing transport and borders, detecting and interdicting illicit nuclear trafficking, strengthening human resource capacity and preparing response plans should a nuclear security event occur. The IAEA has begun the implementation of its third Nuclear Security Plan, to be completed at the end of 2013. This approach to nuclear security recognizes that an effective national nuclear security regime builds on a number of factors: the implementation of relevant international legal instruments; IAEA guidance and standards; information protection; physical protection; material accounting and control; detection of, and response to, trafficking in such material; national response plans and contingency measures. Implemented in a systematic manner, these building blocks make up a sustainable national nuclear security regime and contribute to global

Measuring Human Performance within Computer Security Incident Response Teams

Energy Technology Data Exchange (ETDEWEB)

McClain, Jonathan T. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Silva, Austin Ray [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Avina, Glory Emmanuel [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Forsythe, James C. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)

2015-09-01

Human performance has become a pertinen t issue within cyber security. However, this research has been stymied by the limited availability of expert cyber security professionals. This is partly attributable to the ongoing workload faced by cyber security professionals, which is compound ed by the limited number of qualified personnel and turnover of p ersonnel across organizations. Additionally, it is difficult to conduct research, and particularly, openly published research, due to the sensitivity inherent to cyber ope rations at most orga nizations. As an alternative, the current research has focused on data collection during cyb er security training exercises. These events draw individuals with a range of knowledge and experience extending from seasoned professionals to recent college gradu ates to college students. The current paper describes research involving data collection at two separate cyber security exercises. This data collection involved multiple measures which included behavioral performance based on human - machine transactions and questionnaire - based assessments of cyber security experience.

Nuclear Security Management for Research Reactors and Related Facilities

International Nuclear Information System (INIS)

2016-03-01

This publication provides a single source guidance to assist those responsible for the implementation of nuclear security measures at research reactors and associated facilities in developing and maintaining an effective and comprehensive programme covering all aspects of nuclear security on the site. It is based on national experience and practices as well as on publications in the field of nuclear management and security. The scope includes security operations, security processes, and security forces and their relationship with the State’s nuclear security regime. The guidance is provided for consideration by States, competent authorities and operators

Measuring the energy security implications of fossil fuel resource concentration

International Nuclear Information System (INIS)

Lefevre, Nicolas

2010-01-01

Economic assessments of the welfare effects of energy insecurity are typically uncertain and fail to provide clear guidance to policy makers. As a result, governments have had little analytical support to complement expert judgment in the assessment of energy security. This is likely to be inadequate when considering multiple policy goals, and in particular the intersections between energy security and climate change mitigation policies. This paper presents an alternative approach which focuses on gauging the causes of energy insecurity as a way to assist policy making. The paper focuses on the energy security implications of fossil fuel resource concentration and distinguishes between the price and physical availability components of energy insecurity. It defines two separate indexes: the energy security price index (ESPI), based on the measure of market concentration in competitive fossil fuel markets, and the energy security physical availability index (ESPAI), based on the measure of supply flexibility in regulated markets. The paper illustrates the application of ESPI and ESPAI with two case studies-France and the United Kingdom-looking at the evolution of both indexes to 2030.

Measuring the energy security implications of fossil fuel resource concentration

Energy Technology Data Exchange (ETDEWEB)

Lefevre, Nicolas [Woodrow Wilson School of Public and International Affairs, Princeton University, New Jersey (United States)

2010-04-15

Economic assessments of the welfare effects of energy insecurity are typically uncertain and fail to provide clear guidance to policy makers. As a result, governments have had little analytical support to complement expert judgment in the assessment of energy security. This is likely to be inadequate when considering multiple policy goals, and in particular the intersections between energy security and climate change mitigation policies. This paper presents an alternative approach which focuses on gauging the causes of energy insecurity as a way to assist policy making. The paper focuses on the energy security implications of fossil fuel resource concentration and distinguishes between the price and physical availability components of energy insecurity. It defines two separate indexes: the energy security price index (ESPI), based on the measure of market concentration in competitive fossil fuel markets, and the energy security physical availability index (ESPAI), based on the measure of supply flexibility in regulated markets. The paper illustrates the application of ESPI and ESPAI with two case studies - France and the United Kingdom - looking at the evolution of both indexes to 2030. (author)

Spent fuel reprocessing system security engineering capability maturity model

International Nuclear Information System (INIS)

Liu Yachun; Zou Shuliang; Yang Xiaohua; Ouyang Zigen; Dai Jianyong

2011-01-01

In the field of nuclear safety, traditional work places extra emphasis on risk assessment related to technical skills, production operations, accident consequences through deterministic or probabilistic analysis, and on the basis of which risk management and control are implemented. However, high quality of product does not necessarily mean good safety quality, which implies a predictable degree of uniformity and dependability suited to the specific security needs. In this paper, we make use of the system security engineering - capability maturity model (SSE-CMM) in the field of spent fuel reprocessing, establish a spent fuel reprocessing systems security engineering capability maturity model (SFR-SSE-CMM). The base practices in the model are collected from the materials of the practice of the nuclear safety engineering, which represent the best security implementation activities, reflect the regular and basic work of the implementation of the security engineering in the spent fuel reprocessing plant, the general practices reveal the management, measurement and institutional characteristics of all process activities. The basic principles that should be followed in the course of implementation of safety engineering activities are indicated from 'what' and 'how' aspects. The model provides a standardized framework and evaluation system for the safety engineering of the spent fuel reprocessing system. As a supplement to traditional methods, this new assessment technique with property of repeatability and predictability with respect to cost, procedure and quality control, can make or improve the activities of security engineering to become a serial of mature, measurable and standard activities. (author)

Conceptualizing and measuring energy security: A synthesized approach

International Nuclear Information System (INIS)

Sovacool, Benjamin K.; Mukherjee, Ishani

2011-01-01

This article provides a synthesized, workable framework for analyzing national energy security policies and performance. Drawn from research interviews, survey results, a focused workshop, and an extensive literature review, this article proposes that energy security ought to be comprised of five dimensions related to availability, affordability, technology development, sustainability, and regulation. We then break these five dimensions down into 20 components related to security of supply and production, dependency, and diversification for availability; price stability, access and equity, decentralization, and low prices for affordability; innovation and research, safety and reliability, resilience, energy efficiency, and investment for technology development; land use, water, climate change, and air pollution for sustainability; and governance, trade, competition, and knowledge for sound regulation. Further still, our synthesis lists 320 simple indicators and 52 complex indicators that policymakers and scholars can use to analyze, measure, track, and compare national performance on energy security. The article concludes by offering implications for energy policy more broadly. -- Highlights: → Energy security should consist of five dimensions related to availability, affordability, technology development, sustainability, and regulation. → The dimensions of energy security can be broken down into 20 components. → These components can be distilled into 320 simple indicators and 52 complex indicators.

The implementation of security for microBHT

CERN Document Server

Purvis, J

1997-01-01

With the construction of LHC and the funding of up to 80% of the new experiments (ATLAS and CMS) to come from outside CERN it is important that budget responsibles have secure and instantaneous access to view their financial data which is managed by CERN. MicroBHT (BHT)is a system specifically designed to cater for these requirements. MicroBHT provides for secure web-based access for Teams (and other budget holders) to view their financial data. The security mechanism for BHT which is detailed in this paper uses the standards adopted by banks and other institutions who use the web with maximum security and confidentialy of for both their data and their customers.

33 CFR 106.270 - Security measures for delivery of stores and industrial supplies.

Science.gov (United States)

2010-07-01

... stores and industrial supplies. (a) General. The OCS facility owner or operator must ensure that security...). These additional security measures may include: (1) Intensifying inspection of the stores or industrial... 33 Navigation and Navigable Waters 1 2010-07-01 2010-07-01 false Security measures for delivery of...

Information Security Service Branding – beyond information security awareness

Directory of Open Access Journals (Sweden)

Rahul Rastogi

2012-12-01

Full Text Available End-users play a critical role in the effective implementation and running of an information security program in any organization. The success of such a program depends primarily on the effective implementation and execution of associated information security policies and controls and the resultant behavior and actions of end-users. However, end-users often have negative perception of information security in the organization and exhibit non-compliance. In order to improve compliance levels, it is vital to improve the image of information security in the minds of end-users. This paper borrows the concepts of brands and branding from the domain of marketing to achieve this objective and applies these concepts to information security. The paper also describes a process for creating the information security service brand in the organization.

Current status of securing Category 1 and 2 radioactive sources in Taiwan

Energy Technology Data Exchange (ETDEWEB)

Cheng, Y-F.; Tsai, C-H. [Atomic Energy Council of Executive Yuan of Taiwan (China)

2014-07-01

For enhancing safe and secure management of Category 1 and 2 radioactive sources against theft or unauthorized removal, AEC (Atomic Energy Council) of Taiwan have been regulating the import/export of the sources ever since 2005, in compliance with the IAEA's (International Atomic Energy Agency) 'Guidance on the Import and Export of Radioactive Sources'. Furthermore in consulting the IAEA Nuclear Security Series No.11 report, administrative regulations on the program of securing the sources have been embodied into AECL's regulatory system since 2012, for the purpose of enforcing medical and non-medical licensees and industrial radiographers to establish their own radioactive source security programs. Regulations require that security functions such as access control, detection, delay, response and communication and security management measures are to be implemented within the programs. This paper is to introduce the current status in implementing the security control measures in Taiwan. (author)

76 FR 18954 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security Federal...

Science.gov (United States)

2011-04-06

... issues please contact: Mary Ellen Callahan (703-235- 0780), Chief Privacy Officer, Privacy Office...] Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security Federal Emergency Management Agency DHS/FEMA-011 Training and Exercise Program Records System of Records AGENCY: Privacy Office...

Governing for Enterprise Security (GES) Implementation Guide

National Research Council Canada - National Science Library

Westby, Jody R; Allen, Julia H

2007-01-01

.... If an organization's management does not establish and reinforce the business need for effective enterprise security, the organization's desired state of security will not be articulated, achieved, or sustained...

Center for computer security: Computer Security Group conference. Summary

Energy Technology Data Exchange (ETDEWEB)

None

1982-06-01

Topics covered include: computer security management; detection and prevention of computer misuse; certification and accreditation; protection of computer security, perspective from a program office; risk analysis; secure accreditation systems; data base security; implementing R and D; key notarization system; DOD computer security center; the Sandia experience; inspector general's report; and backup and contingency planning. (GHT)

Effectiveness of Using a Change Management Approach to Convey the Benefits of an Information Security Implementation to Technology Users

Science.gov (United States)

Bennett, Jeannine B.

2012-01-01

This study addressed the problems associated with users' understanding, accepting, and complying with requirements of security-oriented solutions. The goal of the research was not to dispute existing theory on IT project implementations, but rather to further the knowledge on the topic of technology user acceptance of security-oriented IT…

Measuring Information Security Performance with 10 by 10 Model for Holistic State Evaluation.

Directory of Open Access Journals (Sweden)

Igor Bernik

Full Text Available Organizations should measure their information security performance if they wish to take the right decisions and develop it in line with their security needs. Since the measurement of information security is generally underdeveloped in practice and many organizations find the existing recommendations too complex, the paper presents a solution in the form of a 10 by 10 information security performance measurement model. The model-ISP 10×10M is composed of ten critical success factors, 100 key performance indicators and 6 performance levels. Its content was devised on the basis of findings presented in the current research studies and standards, while its structure results from an empirical research conducted among information security professionals from Slovenia. Results of the study show that a high level of information security performance is mostly dependent on measures aimed at managing information risks, employees and information sources, while formal and environmental factors have a lesser impact. Experts believe that information security should evolve systematically, where it's recommended that beginning steps include technical, logical and physical security controls, while advanced activities should relate predominantly strategic management activities. By applying the proposed model, organizations are able to determine the actual level of information security performance based on the weighted indexing technique. In this manner they identify the measures they ought to develop in order to improve the current situation. The ISP 10×10M is a useful tool for conducting internal system evaluations and decision-making. It may also be applied to a larger sample of organizations in order to determine the general state-of-play for research purposes.

Measuring Information Security Performance with 10 by 10 Model for Holistic State Evaluation.

Science.gov (United States)

Bernik, Igor; Prislan, Kaja

Organizations should measure their information security performance if they wish to take the right decisions and develop it in line with their security needs. Since the measurement of information security is generally underdeveloped in practice and many organizations find the existing recommendations too complex, the paper presents a solution in the form of a 10 by 10 information security performance measurement model. The model-ISP 10×10M is composed of ten critical success factors, 100 key performance indicators and 6 performance levels. Its content was devised on the basis of findings presented in the current research studies and standards, while its structure results from an empirical research conducted among information security professionals from Slovenia. Results of the study show that a high level of information security performance is mostly dependent on measures aimed at managing information risks, employees and information sources, while formal and environmental factors have a lesser impact. Experts believe that information security should evolve systematically, where it's recommended that beginning steps include technical, logical and physical security controls, while advanced activities should relate predominantly strategic management activities. By applying the proposed model, organizations are able to determine the actual level of information security performance based on the weighted indexing technique. In this manner they identify the measures they ought to develop in order to improve the current situation. The ISP 10×10M is a useful tool for conducting internal system evaluations and decision-making. It may also be applied to a larger sample of organizations in order to determine the general state-of-play for research purposes.

Implementing Security Sector Reform

Science.gov (United States)

2008-12-04

ownership and genuine reform. His experience in Diyala Province indicated that the most effective means of pursuing transition and transformation among...that I have no solution to the security situation in Afghanistan, or to the questions of violence, crime, insurrection, or militias vs . army vs ...than to merge those interests into a greater whole. Franchising of problems or solutions is often the result. In Afghanistan, problems and

Measuring food security in the Republic of Serbia

Directory of Open Access Journals (Sweden)

Papić-Brankov Tatjana

2015-01-01

Full Text Available The overall goal of this paper is analysis of Serbian food security system across a set of indicators, with special emphasis to 2012 Global Food Security Index (GFSI. The results generally provided two major weakness of the Serbian food system: Gross domestic product (GDP per capita based on purchasing power parity and Corruption. Paper points out the need to improve the current food security system and proposed a number of measures for its improvement. Among other things appropriate nutritional standards and strategies will have to be adopted; investors' confidence must be strengthened and must be dealt with in a serious fight against corruption in the agriculture and food sector. The development of rural areas, reducing regional disparities and stabilization of agricultural production will certainly contribute to the tough battle against poverty.

Secure Multiparty AES

Science.gov (United States)

Damgård, Ivan; Keller, Marcel

We propose several variants of a secure multiparty computation protocol for AES encryption. The best variant requires 2200 + {{400}over{255}} expected elementary operations in expected 70 + {{20}over{255}} rounds to encrypt one 128-bit block with a 128-bit key. We implemented the variants using VIFF, a software framework for implementing secure multiparty computation (MPC). Tests with three players (passive security against at most one corrupted player) in a local network showed that one block can be encrypted in 2 seconds. We also argue that this result could be improved by an optimized implementation.

Design, implementation and security of a typical educational laboratory computer network

Directory of Open Access Journals (Sweden)

Martin Pokorný

2013-01-01

Full Text Available Computer network used for laboratory training and for different types of network and security experiments represents a special environment where hazardous activities take place, which may not affect any production system or network. It is common that students need to have administrator privileges in this case which makes the overall security and maintenance of such a network a difficult task. We present our solution which has proved its usability for more than three years. First of all, four user requirements on the laboratory network are defined (access to educational network devices, to laboratory services, to the Internet, and administrator privileges of the end hosts, and four essential security rules are stipulated (enforceable end host security, controlled network access, level of network access according to the user privilege level, and rules for hazardous experiments, which protect the rest of the laboratory infrastructure as well as the outer university network and the Internet. The main part of the paper is dedicated to a design and implementation of these usability and security rules. We present a physical diagram of a typical laboratory network based on multiple circuits connecting end hosts to different networks, and a layout of rack devices. After that, a topological diagram of the network is described which is based on different VLANs and port-based access control using the IEEE 802.1x/EAP-TLS/RADIUS authentication to achieve defined level of network access. In the second part of the paper, the latest innovation of our network is presented that covers a transition to the system virtualization at the end host devices – inspiration came from a similar solution deployed at the Department of Telecommunications at Brno University of Technology. This improvement enables a greater flexibility in the end hosts maintenance and a simultaneous network access to the educational devices as well as to the Internet. In the end, a vision of a

75 FR 7978 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security Transportation...

Science.gov (United States)

2010-02-23

... Security Administration, 601 South 12th Street, Arlington, VA 20598-6036. For privacy issues please contact... Secretary 6 CFR Part 5 [Docket No. DHS-2009-0137] Privacy Act of 1974: Implementation of Exemptions... Program System of Records AGENCY: Privacy Office, DHS. ACTION: Notice of proposed rulemaking. SUMMARY: The...

The Firewall and Security of Information Systems

OpenAIRE

Radut Carmen; Albici Mihaela; Tenovici Cristina Otilia

2010-01-01

Information security is a broader concept which refers to ensuring the integrity, confidentiality and availability of information. The dynamics of information technology to induce new risks to which organizations must implement new measures of control. Technological development has been accompanied by security solutions, equipment manufacturers and applications including technical methods of protection performance. However, while in information technology change is exponential, the human comp...

Tailoring ISO/IEC 27001 for SMEs: A Guide to Implement an Information Security Management System in Small Settings

Science.gov (United States)

Valdevit, Thierry; Mayer, Nicolas; Barafort, Béatrix

While Information Security Management Systems (ISMS) are being adopted by the biggest IT companies, it remains quite difficult for smaller entities to implement and maintain all the requirements of ISO/IEC 27001. In order to increase information security in Luxembourg, the Public Research Centre Henri Tudor has been charged by the Luxembourg Ministry of Economy and Foreign Trade to find solutions to facilitate ISMS deployment for SMEs. After an initial experiment aiming at assisting a SME in getting the first national ISO/IEC 27001 certification for a private company, an implementation guide for deploying an ISMS, validated by local experts and experimented in SMEs, has been released and is presented in this paper.

Social security for seafarers globally

DEFF Research Database (Denmark)

Jensen, Olaf; Canals, Luisa; Haarløv, Erik

2013-01-01

Social security for seafarers globally Background: Social security protection is one of the essential elements of decent work. The issue is complex and no previous epidemiological studies of the coverage among seafarers have yet been performed. Objectives: The aim was to overcome the gap...... of knowledge to promote the discussion and planning of the implementation of social security for all seafarers. Methods: The seafarers completed a short questionnaire concerning their knowledge about their social security status. Results: Significant disparities of coverage of social security were pointed out...... comes from poorer countries without substantial social security systems. The solutions suggested are to implement the minimum requirements as recommended by the ILO 2006 Convention, to survey the implementation and in the long term to struggle for global social equality. Key words: Social security...

PCI Compliance Understand and Implement Effective PCI Data Security Standard Compliance

CERN Document Server

Chuvakin, Anton

2010-01-01

Identity theft and other confidential information theft have now topped the charts as the #1 cybercrime. In particular, credit card data is preferred by cybercriminals. Is your payment processing secure and compliant?. Now in its second edition, PCI Compliance has been revised to follow the new PCI DSS standard 1.2.1. Also new to this edition: Each chapter has how-to guidance to walk you through implementing concepts, and real-world scenarios to help you relate to the information and better grasp how it impacts your data. This book provides the information that you need to understand the curre

Secure software development training course

Directory of Open Access Journals (Sweden)

Victor S. Gorbatov

2017-06-01

Full Text Available Information security is one of the most important criteria for the quality of developed software. To obtain a sufficient level of application security companies implement security process into software development life cycle. At this stage software companies encounter with deficit employees who able to solve problems of software design, implementation and application security. This article provides a description of the secure software development training course. Training course of application security is designed for co-education students of different IT-specializations.

Outcomes and Suggestions of the Nuclear Security Summit

International Nuclear Information System (INIS)

Kim, Jae San; Jung, Myung Tak

2014-01-01

Through The third Nuclear Security Summit (NSS), the measurement for the nuclear security has become more strengthening and participating countries could recognize the importance of nuclear security than before. From the NSS sessions, the leaders of participating countries and international organizations (IAEA, UN, EU and INTERPOL) had an in-depth discussion about the seriousness of the nuclear terrorism, the urgency issues for strengthening the nuclear security, etc. What issues was discussed in NSS processes since 2010 and which facts become more important than ever for nuclear security? The purpose of this paper is to provide the substantive outcomes from the 1st to 3rd NSS and suggestions for consolidating the next NSS. The summit process has helped strengthen the nuclear security measures. In the following two years before 4th NSS, there will be various follow-up activities for making an effort to implementing national commitments, joint statement, continuous outreach with IAEA/UN and agreed measures in Hague. It should produce the substantial measures for enhancing the nuclear security that are aimed to the each country. And preemptively, it is necessary to understand the each nuclear security level by using the concrete questionnaire sheets substitute for the national progress report

Outcomes and Suggestions of the Nuclear Security Summit

Energy Technology Data Exchange (ETDEWEB)

Kim, Jae San; Jung, Myung Tak [Korea Institute of Nuclear Nonproliferation and Control Daejeon (Korea, Republic of)

2014-10-15

Through The third Nuclear Security Summit (NSS), the measurement for the nuclear security has become more strengthening and participating countries could recognize the importance of nuclear security than before. From the NSS sessions, the leaders of participating countries and international organizations (IAEA, UN, EU and INTERPOL) had an in-depth discussion about the seriousness of the nuclear terrorism, the urgency issues for strengthening the nuclear security, etc. What issues was discussed in NSS processes since 2010 and which facts become more important than ever for nuclear security? The purpose of this paper is to provide the substantive outcomes from the 1st to 3rd NSS and suggestions for consolidating the next NSS. The summit process has helped strengthen the nuclear security measures. In the following two years before 4th NSS, there will be various follow-up activities for making an effort to implementing national commitments, joint statement, continuous outreach with IAEA/UN and agreed measures in Hague. It should produce the substantial measures for enhancing the nuclear security that are aimed to the each country. And preemptively, it is necessary to understand the each nuclear security level by using the concrete questionnaire sheets substitute for the national progress report.

Cooperative monitoring of regional security agreements

Energy Technology Data Exchange (ETDEWEB)

Pregenzer, A.L.; Vannoni, M.; Biringer, K.L. [Sandia National Labs., Albuquerque, NM (United States). Nonproliferation and Arms Control Analysis Dept.

1996-11-01

This paper argues that cooperative monitoring plays a critical role in the implementation of regional security agreements and confidence building measures. A framework for developing cooperative monitoring options is proposed and several possibilities for relating bilateral and regional monitoring systems to international monitoring systems are discussed. Three bilateral or regional agreements are analyzed briefly to illustrate different possibilities. These examples illustrate that the relationship of regional or bilateral arms control or security agreements to international agreements depends on a number of factors: the overlap of provisions between regional and international agreements; the degree of interest in a regional agreement among the international community; efficiency in implementing the agreement; and numerous political considerations. Given the importance of regional security to the international community, regions should be encouraged to develop their own infrastructure for implementing regional arms control and other security agreements. A regional infrastructure need not preclude participation in an international regime. On the contrary, establishing regional institutions for arms control and nonproliferation could result in more proactive participation of regional parties in developing solutions for regional and international problems, thereby strengthening existing and future international regimes. Possible first steps for strengthening regional infrastructures are identified and potential technical requirements are discussed.

Information technology - Security techniques - Information security management systems - Requirements

CERN Document Server

International Organization for Standardization. Geneva

2005-01-01

ISO/IEC 27001:2005 covers all types of organizations (e.g. commercial enterprises, government agencies, not-for profit organizations). ISO/IEC 27001:2005 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization's overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof. ISO/IEC 27001:2005 is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties. ISO/IEC 27001:2005 is intended to be suitable for several different types of use, including the following: use within organizations to formulate security requirements and objectives; use within organizations as a way to ensure that security risks are cost effectively managed; use within organizations to ensure comp...

Measurable Control System Security through Ideal Driven Technical Metrics

Energy Technology Data Exchange (ETDEWEB)

Miles McQueen; Wayne Boyer; Sean McBride; Marie Farrar; Zachary Tudor

2008-01-01

The Department of Homeland Security National Cyber Security Division supported development of a small set of security ideals as a framework to establish measurable control systems security. Based on these ideals, a draft set of proposed technical metrics was developed to allow control systems owner-operators to track improvements or degradations in their individual control systems security posture. The technical metrics development effort included review and evaluation of over thirty metrics-related documents. On the bases of complexity, ambiguity, or misleading and distorting effects the metrics identified during the reviews were determined to be weaker than necessary to aid defense against the myriad threats posed by cyber-terrorism to human safety, as well as to economic prosperity. Using the results of our metrics review and the set of security ideals as a starting point for metrics development, we identified thirteen potential technical metrics - with at least one metric supporting each ideal. Two case study applications of the ideals and thirteen metrics to control systems were then performed to establish potential difficulties in applying both the ideals and the metrics. The case studies resulted in no changes to the ideals, and only a few deletions and refinements to the thirteen potential metrics. This led to a final proposed set of ten core technical metrics. To further validate the security ideals, the modifications made to the original thirteen potential metrics, and the final proposed set of ten core metrics, seven separate control systems security assessments performed over the past three years were reviewed for findings and recommended mitigations. These findings and mitigations were then mapped to the security ideals and metrics to assess gaps in their coverage. The mappings indicated that there are no gaps in the security ideals and that the ten core technical metrics provide significant coverage of standard security issues with 87% coverage. Based

Enhancing China’s Energy Security: Determining Influential Factors and Effective Strategic Measures

DEFF Research Database (Denmark)

Ren, Jingzheng; Sovacool, Benjamin

2014-01-01

This study investigates the most influential factors affecting China’s energy security. It also identifies the most effective strategic measures for enhancing it. Fuzzy AHP has been used to determine weights for ranking the importance of Chinese energy security factors, and it has also been used...... to determine the priorities of the strategic measures with respect to enhancing those same factors. The study argues that a low proportion of renewable energy penetration is the most severe factor threatening China’s energy security, and that conducting research and development on energy technologies...

Design And Implementation Of Bank Locker Security System Based On Fingerprint Sensing Circuit And RFID Reader

Directory of Open Access Journals (Sweden)

Khaing Mar Htwe

2015-07-01

Full Text Available Abstract The main goal of this system is to design a locker security system using RFID and Fingerprint. In this system only authenticated person can open the door. A security system is implemented containing door locking system using passive type of RFID which can activate authenticate and validate the user and unlock the door in real time for secure access. The advantage of using passive RFID is that it functions without a battery and passive tags are lighter and are less expensive than the active tags. This system consists of fingerprint reader microcontroller RFID reader and PC. The RFID reader reads the id number from passive. The fingerprint sensor will check incoming image with enrolled data and it will send confirming signal for C program. If both RFID check and fingerprint image confirmation are matched the microcontroller will drive door motor according to sensors at door edges. This system is more secure than other systems because two codes protection method used.

On Building Secure Communication Systems

DEFF Research Database (Denmark)

Carvalho Quaresma, Jose Nuno

This thesis presents the Guided System Development (GSD) framework, which aims at supporting the development of secure communication systems. A communication system is specified in a language similar to the Alice and Bob notation, a simple and intuitive language used to describe the global...... the verification and implementation of the system. The translation is semi-automatic because the developer has the option of choosing which implementation to use in order to achieve the specified security requirements. The implementation options are given by plugins defined in the framework. The framework......’s flexibility allows for the addition of constructs that model new security properties as well as new plugins that implement the security properties. In order to provide higher security assurances, the system specification can be verified by formal methods tools such as the Beliefs and Knowledge (BAK) tool...

A Secure System Architecture for Measuring Instruments in Legal Metrology

Directory of Open Access Journals (Sweden)

Daniel Peters

2015-03-01

Full Text Available Embedded systems show the tendency of becoming more and more connected. This fact combined with the trend towards the Internet of Things, from which measuring instruments are not immune (e.g., smart meters, lets one assume that security in measuring instruments will inevitably play an important role soon. Additionally, measuring instruments have adopted general-purpose operating systems to offer the user a broader functionality that is not necessarily restricted towards measurement alone. In this paper, a flexible software system architecture is presented that addresses these challenges within the framework of essential requirements laid down in the Measuring Instruments Directive of the European Union. This system architecture tries to eliminate the risks general-purpose operating systems have by wrapping them, together with dedicated applications, in secure sandboxes, while supervising the communication between the essential parts and the outside world.

A Reliable Measure of Information Security Awareness and the Identification of Bias in Responses

Directory of Open Access Journals (Sweden)

Agata McCormac

2017-11-01

Full Text Available The Human Aspects of Information Security Questionnaire (HAIS-Q is designed to measure Information Security Awareness. More specifically, the tool measures an individual’s knowledge, attitude, and self-reported behaviour relating to information security in the workplace. This paper reports on the reliability of the HAIS-Q, including test-retest reliability and internal consistency. The paper also assesses the reliability of three preliminary over-claiming items, designed specifically to complement the HAIS-Q, and identify those individuals who provide socially desirable responses. A total of 197 working Australians completed two iterations of the HAIS-Q and the over-claiming items, approximately 4 weeks apart. Results of the analysis showed that the HAIS-Q was externally reliable and internally consistent. Therefore, the HAIS-Q can be used to reliably measure information security awareness. Reliability testing on the preliminary over-claiming items was not as robust and further development is required and recommended. The implications of these findings mean that organisations can confidently use the HAIS-Q to not only measure the current state of employee information security awareness within their organisation, but they can also measure the effectiveness and impacts of training interventions, information security awareness programs and campaigns. The influence of cultural changes and the effect of security incidents can also be assessed.

6 CFR 7.10 - Authority of the Chief Security Officer, Office of Security.

Science.gov (United States)

2010-01-01

...) Direct and administer DHS implementation and compliance with the National Industrial Security Program in... 6 Domestic Security 1 2010-01-01 2010-01-01 false Authority of the Chief Security Officer, Office of Security. 7.10 Section 7.10 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE...

75 FR 50846 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/ALL-001...

Science.gov (United States)

2010-08-18

... INFORMATION CONTACT: For general questions and privacy issues please contact: Mary Ellen Callahan (703-235...] Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/ALL--001 Freedom of Information Act and Privacy Act Records System of Records AGENCY: Privacy Office, DHS. ACTION: Final rule...

Strengthening of safety and security of radioactive sources: new regulatory challenges

Energy Technology Data Exchange (ETDEWEB)

El Messaoudi, M.; Essadki M Lferde, H.; Moutia, Z. [Faculte des Sciences, Dept. de Physique, Rabat (Morocco)

2006-07-01

The answer to these new regulatory challenges was given by implementation of divers measures aimed at strengthening of safety and security of radioactive sources and to prevent the malevolent use of radioactive sources. The international basic safety standards for protection against ionizing radiation and for the safety of radiation sources (B.S.S.) require the establishment and implementation of security measures of radioactive sources to ensure that protection and safety requirements are met. The IAEA has engaged in an extensive effort to establish and/or strengthen national radiation protection and radiological safety infrastructure, including legislation and regulation, a regulatory authority empowered to authorize and inspect regulated activities, an adequate number of trained personnel and technical services that are beyond the capabilities required of the authorized legal persons. The Moroccan authority makes steady efforts to strengthen national radiation safety infrastructure by participating in IAEA model project for upgrading radiation protection infrastructure, to implement the revised version of code of conduct on the safety and security of radioactive sources. Indeed, Morocco expressed its adhesion with the technical assistance project of the IAEA in 2001, carrying on the reinforcement of the national infrastructure of regulation and control of the radioactive materials. The control over radioactive sources is an essential element for maintaining high level of security and safety of radioactive sources. The IAEA T.E.C.-D.O.C.-1388 serves as reference document to implement the control culture. The security problems with which the world is confronted showed that the uses of radioactive sources should subject reinforcements of safety, of control and of security of the radioactive sources. For this purpose, the IAEA launched an action plan for the safety and security of radioactive sources. The IAEA guide Security of radioactive sources will help the

Strengthening of safety and security of radioactive sources: new regulatory challenges

International Nuclear Information System (INIS)

El Messaoudi, M.; Essadki M Lferde, H.; Moutia, Z.

2006-01-01

The answer to these new regulatory challenges was given by implementation of divers measures aimed at strengthening of safety and security of radioactive sources and to prevent the malevolent use of radioactive sources. The international basic safety standards for protection against ionizing radiation and for the safety of radiation sources (B.S.S.) require the establishment and implementation of security measures of radioactive sources to ensure that protection and safety requirements are met. The IAEA has engaged in an extensive effort to establish and/or strengthen national radiation protection and radiological safety infrastructure, including legislation and regulation, a regulatory authority empowered to authorize and inspect regulated activities, an adequate number of trained personnel and technical services that are beyond the capabilities required of the authorized legal persons. The Moroccan authority makes steady efforts to strengthen national radiation safety infrastructure by participating in IAEA model project for upgrading radiation protection infrastructure, to implement the revised version of code of conduct on the safety and security of radioactive sources. Indeed, Morocco expressed its adhesion with the technical assistance project of the IAEA in 2001, carrying on the reinforcement of the national infrastructure of regulation and control of the radioactive materials. The control over radioactive sources is an essential element for maintaining high level of security and safety of radioactive sources. The IAEA T.E.C.-D.O.C.-1388 serves as reference document to implement the control culture. The security problems with which the world is confronted showed that the uses of radioactive sources should subject reinforcements of safety, of control and of security of the radioactive sources. For this purpose, the IAEA launched an action plan for the safety and security of radioactive sources. The IAEA guide Security of radioactive sources will help the

Information Systems Security Audit

OpenAIRE

Gheorghe Popescu; Veronica Adriana Popescu; Cristina Raluca Popescu

2007-01-01

The article covers:Defining an information system; benefits obtained by introducing new information technologies; IT management;Defining prerequisites, analysis, design, implementation of IS; Information security management system; aspects regarding IS security policy; Conceptual model of a security system; Auditing information security systems and network infrastructure security.

Impact of Implementing VPN to Secure Wireless LAN

OpenAIRE

H. Bourdoucen; A. Al Naamany; A. Al Kalbani

2009-01-01

Many corporations are seriously concerned about security of networks and therefore, their network supervisors are still reluctant to install WLANs. In this regards, the IEEE802.11i standard was developed to address the security problems, even though the mistrust of the wireless LAN technology is still existing. The thought was that the best security solutions could be found in open standards based technologies that can be delivered by Virtual Private Networking (VPN) bein...

A Security Risk Measurement for the RAdAC Model

National Research Council Canada - National Science Library

Britton, David W; Brown, Ian A

2007-01-01

.... The intent is to quantify the risk involved in a single information transaction. Additionally, this thesis will attempt to identify the risk factors involved when calculating the total security risk measurement...

Process Control System Cyber Security Standards - An Overview

Energy Technology Data Exchange (ETDEWEB)

Robert P. Evans

2006-05-01

The use of cyber security standards can greatly assist in the protection of process control systems by providing guidelines and requirements for the implementation of computer-controlled systems. These standards are most effective when the engineers and operators, using the standards, understand what each standard addresses. This paper provides an overview of several standards that deal with the cyber security of process measurements and control systems.

Implementation of a security system in the radiotherapy process; Implantacion de un sistema de seguridad en el proceso radioterapico

Energy Technology Data Exchange (ETDEWEB)

Orellana Salas, A.; Melgar Perez, J.; Arrocha Aceveda, J. F.

2011-07-01

Systems of work within the field of health are complex. Even the most routine activities involving chain and coordinate a number of actions to be developed by different professionals of different specialties. These systems often fail due to a combination of small errors along the process, each insufficient to cause an accident. We must ensure safe systems of work for each process we are involved, so it is essential to implement security systems to evaluate and find the vulnerabilities in all phases of the process. In the Service of Radio Physics and Radiation Protection of Punta de Europa Hospital has implemented a security system for radiotherapy process after the analysis and evaluation of the safety culture of the Service.

Management of information security risks in a federal public institution: a case study

Directory of Open Access Journals (Sweden)

Jackson Gomes Soares Souza

2016-11-01

Full Text Available Public institutions bound to the Brazilian federal public sector must apply security measures, policies, procedures and guidelines as information assets protection measures. This case study sought to determine whether the management of information security risks is applied in a federal public institution according to Information Technology (I.T. managers perceptions and the results expose the importance of the roles played by people, responsibilities, policies, standards, procedures and their implementation aiming greater control of information security risks and opportunities related to information technology security.

Impacts of security dimensions on awareness measurement in ...

African Journals Online (AJOL)

A big challenge facing Social Networks (SNs) and other organisations has been what to measure when determining the adequacy and effectiveness of awareness programmes. This study defines security dimension as Knowledge, Attitude and Behaviour, and identifies them as the main influencing factors to consider in ...

Secure Execution of Distributed Session Programs

Directory of Open Access Journals (Sweden)

Nuno Alves

2011-10-01

Full Text Available The development of the SJ Framework for session-based distributed programming is part of recent and ongoing research into integrating session types and practical, real-world programming languages. SJ programs featuring session types (protocols are statically checked by the SJ compiler to verify the key property of communication safety, meaning that parties engaged in a session only communicate messages, including higher-order communications via session delegation, that are compatible with the message types expected by the recipient. This paper presents current work on security aspects of the SJ Framework. Firstly, we discuss our implementation experience from improving the SJ Runtime platform with security measures to protect and augment communication safety at runtime. We implement a transport component for secure session execution that uses a modified TLS connection with authentication based on the Secure Remote Password (SRP protocol. The key technical point is the delicate treatment of secure session delegation to counter a previous vulnerability. We find that the modular design of the SJ Runtime, based on the notion of an Abstract Transport for session communication, supports rapid extension to utilise additional transports whilst separating this concern from the application-level session programming task. In the second part of this abstract, we formally prove the target security properties by modelling the extended SJ delegation protocols in the pi-calculus.

Development of quantitative security optimization approach for the picture archives and carrying system between a clinic and a rehabilitation center

Science.gov (United States)

Haneda, Kiyofumi; Kajima, Toshio; Koyama, Tadashi; Muranaka, Hiroyuki; Dojo, Hirofumi; Aratani, Yasuhiko

2002-05-01

The target of our study is to analyze the level of necessary security requirements, to search for suitable security measures and to optimize security distribution to every portion of the medical practice. Quantitative expression must be introduced to our study, if possible, to enable simplified follow-up security procedures and easy evaluation of security outcomes or results. Using fault tree analysis (FTA), system analysis showed that system elements subdivided into groups by details result in a much more accurate analysis. Such subdivided composition factors greatly depend on behavior of staff, interactive terminal devices, kinds of services provided, and network routes. Security measures were then implemented based on the analysis results. In conclusion, we identified the methods needed to determine the required level of security and proposed security measures for each medical information system, and the basic events and combinations of events that comprise the threat composition factors. Methods for identifying suitable security measures were found and implemented. Risk factors for each basic event, a number of elements for each composition factor, and potential security measures were found. Methods to optimize the security measures for each medical information system were proposed, developing the most efficient distribution of risk factors for basic events.

Secure Data Transfer Guidance for Industrial Control and SCADA Systems

Energy Technology Data Exchange (ETDEWEB)

Mahan, Robert E.; Fluckiger, Jerry D.; Clements, Samuel L.; Tews, Cody W.; Burnette, John R.; Goranson, Craig A.; Kirkham, Harold

2011-09-01

This document was developed to provide guidance for the implementation of secure data transfer in a complex computational infrastructure representative of the electric power and oil and natural gas enterprises and the control systems they implement. For the past 20 years the cyber security community has focused on preventative measures intended to keep systems secure by providing a hard outer shell that is difficult to penetrate. Over time, the hard exterior, soft interior focus changed to focus on defense-in-depth adding multiple layers of protection, introducing intrusion detection systems, more effective incident response and cleanup, and many other security measures. Despite much larger expenditures and more layers of defense, successful attacks have only increased in number and severity. Consequently, it is time to re-focus the conventional approach to cyber security. While it is still important to implement measures to keep intruders out, a new protection paradigm is warranted that is aimed at discovering attempted or real compromises as early as possible. Put simply, organizations should take as fact that they have been, are now, or will be compromised. These compromises may be intended to steal information for financial gain as in the theft of intellectual property or credentials that lead to the theft of financial resources, or to lie silent until instructed to cause physical or electronic damage and/or denial of services. This change in outlook has been recently confirmed by the National Security Agency [19]. The discovery of attempted and actual compromises requires an increased focus on monitoring events by manual and/or automated log monitoring, detecting unauthorized changes to a system's hardware and/or software, detecting intrusions, and/or discovering the exfiltration of sensitive information and/or attempts to send inappropriate commands to ICS/SCADA (Industrial Control System/Supervisory Control And Data Acquisition) systems.

Nuclear security measures at the XV Pan American Games: Rio de Janeiro 2007

International Nuclear Information System (INIS)

2009-03-01

The objective of this report is to describe the nuclear security arrangements established and implemented for the Rio 2007 Games. (Nuclear security is taken to mean the prevention, detection and interdiction of malicious acts involving nuclear or other radioactive material and the response to such acts should they occur.) These arrangements may serve as an example of the arrangements that need to be made for Member States hosting major public events in the future. The information is intended for use by national authorities such as counter terrorism agencies, national radiation measurement and assessment institutions, bomb squad, police and other relevant law enforcement agencies. Section 1 comprises an introduction about the report's background, objective, scope and structure. Section 2 provides a description of the arrangements made during the preparatory phase: the overall security concept; the evaluation of the threat; the policy decisions taken; the organizational arrangements; the nuclear security plan; and the cooperation with the IAEA. Section 3 describes the concept of operations: the strategy for choosing the targets to be protected; the different lines of defence; the coordination and management of activities; and the actions to be taken to prevent, detect, interdict and respond to malicious acts and other unauthorized acts involving nuclear or other radioactive material. Section 4 covers the logistics including the radiation detection instruments used, their deployment, testing and maintenance and training in their use. Section 5 presents the results of the surveys undertaken prior to the Rio 2007 Games and of the access controls of the venues during the Rio 2007 Games. Section 6 provides the conclusions that may be drawn from the work undertaken. Section 7 gives recommendations to other national authorities facing similar challenge in the future

A Practice of Secure Development and Operational Environment Plan

International Nuclear Information System (INIS)

Park, Jaekwan; Seo, Sangmun; Suh, Yongsukl; Park, Cheol

2017-01-01

This paper suggests a practice of plan for SDOE establishment in a nuclear I and C. First, it is necessary to perform a requirements analysis to define key regulatory issues and determine the target systems. The analysis includes a survey to find out the applicable measures credited internationally. Based on the analysis results, this paper proposes an implementation plan including a process harmonizing security activities with legacy software activities and applicable technical, operational, and management measures for target systems. Recently, nuclear I and C has been faced with two security issues, cyber security (CS) and secure development and operational environment (SDOE). Unlike cyber security, few studies on planning SDOE have been presented. This paper suggests a plan for establishing an SDOE in a nuclear I and C. This paper defines three key considerations to comply with the regulatory position of RG. 1.152(R3) and proposes a process harmonizing the security activities with legacy software activities. In addition, this paper proposes technical, operational, and management measures applicable for SDOE.

U.S. spent fuel transportation security in the post 9/11 world

International Nuclear Information System (INIS)

Anne, Catherine; Patterson, John; Williams, Blake

2002-01-01

On September 11, 2002 the terrible tragedies in New York, Pennsylvania and Washington, DC changed the world forever. Security issues not only impact our daily lives, but are also in a state flux concerning the shipment of spent nuclear fuel in the United States. The formation of the Homeland Security Advisory System and Interim Compensatory Measures from the NRC, along with other security measures, have affected the way we transport spent nuclear fuel. This paper describes the challenging and demanding way that security is planned, implemented and maintained in support of spent fuel shipments in the United States. (author)

The economic security of power plants

Directory of Open Access Journals (Sweden)

Niedziółka Dorota

2017-01-01

Full Text Available Currently, power plants in Poland have to work in a very uncomfortable situation. Unstable market conditions and frequent changes in the law may have serious adverse consequences for their economic security. Power plants play a very important role in the economy. The effectiveness of their performance affects the activity of all other businesses. Therefore, it is very important to provide a definition of economic security for the power plants’ sector and the factors determining its level. Maintaining economic security will allow energy generation companies to grow in a sustainable way as well as limit operational risk. A precise definition can also be used to create analytical tools for economic security measurement and monitoring. Proper usage of such tools can help energy generation companies sustain their economic security and properly plan their capital expenditures. The article focuses on the definition of economic security in the “micro” context of a separate business unit (enterprise. We also present an analytical model that measures economic security of a company engaged in the production of energy - a company of strategic importance for the national economy. The model uses macroeconomic variables, variables describing prices of raw material and legal / political stability in the country, as well as selected financial indicators. The appliance of conclusions resulting from the model’s implementation will help provide economic security for companies generating energy.

Sustainable Phosphorus Measures: Strategies and Technologies for Achieving Phosphorus Security

Directory of Open Access Journals (Sweden)

Stuart White

2013-01-01

Full Text Available Phosphorus underpins the world’s food systems by ensuring soil fertility, maximising crop yields, supporting farmer livelihoods and ultimately food security. Yet increasing concerns around long-term availability and accessibility of the world’s main source of phosphorus—phosphate rock, means there is a need to investigate sustainable measures to buffer the world’s food systems against the long and short-term impacts of global phosphorus scarcity. While the timeline of phosphorus scarcity is contested, there is consensus that more efficient use and recycling of phosphorus is required. While the agricultural sector will be crucial in achieving this, sustainable phosphorus measures in sectors upstream and downstream of agriculture from mine to fork will also need to be addressed. This paper presents a comprehensive classification of all potential phosphorus supply- and demand-side measures to meet long-term phosphorus needs for food production. Examples range from increasing efficiency in the agricultural and mining sector, to technologies for recovering phosphorus from urine and food waste. Such measures are often undertaken in isolation from one another rather than linked in an integrated strategy. This integrated approach will enable scientists and policy-makers to take a systematic approach when identifying potential sustainable phosphorus measures. If a systematic approach is not taken, there is a risk of inappropriate investment in research and implementation of technologies and that will not ultimately ensure sufficient access to phosphorus to produce food in the future. The paper concludes by introducing a framework to assess and compare sustainable phosphorus measures and to determine the least cost options in a given context.

Untangle network security

CERN Document Server

El-Bawab, Abd El-Monem A

2014-01-01

If you are a security engineer or a system administrator and want to secure your server infrastructure with the feature-rich Untangle, this book is for you. For individuals who want to start their career in the network security field, this book would serve as a perfect companion to learn the basics of network security and how to implement it using Untangle NGFW.

International Nuclear Security Education Network (INSEN): Promoting nuclear security education

International Nuclear Information System (INIS)

Muhamad Samudi Yasir

2013-01-01

Full-text: The need for human resource development programmes in nuclear security was underlined at several International Atomic Energy Agency (IAEA) General Conferences and Board of Governors Meetings. Successive IAEA Nuclear Security Plans, the most recent of which was agreed by the Board of Governors in September 2009, give high priority to assisting States in establishing educational programmes in nuclear security in order to ensure the sustainability of nuclear security improvements. The current Nuclear Security Plan 1 covering 2010-2013 emphasizes on the importance of considering existing capacities at international, regional and national levels while designing nuclear security academic programmes. In the course of implementing the Plan, the IAEA developed a guide entitled Educational Programme in Nuclear Security (IAEA Nuclear Security Series No. 12) that consists of a model of a MAster of Science (M.Sc.) and a Certificate Programme in Nuclear Security. This guide was aims at assisting universities or other educational institutes to developed academic programmes in nuclear security. Independently, some universities already offered academic programmes covering some areas of nuclear security, while other universities have asked the IAEA to support the implementation of these programmes. In order to better address current and future request for assistance in this area, the IAEA establish a collaboration network-International Nuclear Security Education Network (INSEN), among universities who are providing nuclear security education or who are interested in starting an academic programme/ course(s) in nuclear security. Universiti Kebangsaan Malaysia (UKM) is a first local university became a member of INSEN since the beginning of the establishment. (author)

Design and Implementation of a Secure Modbus Protocol

Science.gov (United States)

Fovino, Igor Nai; Carcano, Andrea; Masera, Marcelo; Trombetta, Alberto

The interconnectivity of modern and legacy supervisory control and data acquisition (SCADA) systems with corporate networks and the Internet has significantly increased the threats to critical infrastructure assets. Meanwhile, traditional IT security solutions such as firewalls, intrusion detection systems and antivirus software are relatively ineffective against attacks that specifically target vulnerabilities in SCADA protocols. This paper describes a secure version of the Modbus SCADA protocol that incorporates integrity, authentication, non-repudiation and anti-replay mechanisms. Experimental results using a power plant testbed indicate that the augmented protocol provides good security functionality without significant overhead.

Measures for regional security and arms control in the South-East Asian area

International Nuclear Information System (INIS)

Uren, R.T.

1992-01-01

The subject of regional security and arms control in the South-East Asia raises some new and difficult issues. No approach to ensuring regional security could be complete without military dimension including the following categories: regional arms control; global arms control measure; confidence building measures that are designed to enhance the transparency of defense policies; confidence building measures that encourage cooperation among the military forces in the region

The meaning and measurement of implementation climate

Science.gov (United States)

2011-01-01

Background Climate has a long history in organizational studies, but few theoretical models integrate the complex effects of climate during innovation implementation. In 1996, a theoretical model was proposed that organizations could develop a positive climate for implementation by making use of various policies and practices that promote organizational members' means, motives, and opportunities for innovation use. The model proposes that implementation climate--or the extent to which organizational members perceive that innovation use is expected, supported, and rewarded--is positively associated with implementation effectiveness. The implementation climate construct holds significant promise for advancing scientific knowledge about the organizational determinants of innovation implementation. However, the construct has not received sufficient scholarly attention, despite numerous citations in the scientific literature. In this article, we clarify the meaning of implementation climate, discuss several measurement issues, and propose guidelines for empirical study. Discussion Implementation climate differs from constructs such as organizational climate, culture, or context in two important respects: first, it has a strategic focus (implementation), and second, it is innovation-specific. Measuring implementation climate is challenging because the construct operates at the organizational level, but requires the collection of multi-dimensional perceptual data from many expected innovation users within an organization. In order to avoid problems with construct validity, assessments of within-group agreement of implementation climate measures must be carefully considered. Implementation climate implies a high degree of within-group agreement in climate perceptions. However, researchers might find it useful to distinguish implementation climate level (the average of implementation climate perceptions) from implementation climate strength (the variability of

The meaning and measurement of implementation climate

Directory of Open Access Journals (Sweden)

Bergmire Dawn M

2011-07-01

Full Text Available Abstract Background Climate has a long history in organizational studies, but few theoretical models integrate the complex effects of climate during innovation implementation. In 1996, a theoretical model was proposed that organizations could develop a positive climate for implementation by making use of various policies and practices that promote organizational members' means, motives, and opportunities for innovation use. The model proposes that implementation climate--or the extent to which organizational members perceive that innovation use is expected, supported, and rewarded--is positively associated with implementation effectiveness. The implementation climate construct holds significant promise for advancing scientific knowledge about the organizational determinants of innovation implementation. However, the construct has not received sufficient scholarly attention, despite numerous citations in the scientific literature. In this article, we clarify the meaning of implementation climate, discuss several measurement issues, and propose guidelines for empirical study. Discussion Implementation climate differs from constructs such as organizational climate, culture, or context in two important respects: first, it has a strategic focus (implementation, and second, it is innovation-specific. Measuring implementation climate is challenging because the construct operates at the organizational level, but requires the collection of multi-dimensional perceptual data from many expected innovation users within an organization. In order to avoid problems with construct validity, assessments of within-group agreement of implementation climate measures must be carefully considered. Implementation climate implies a high degree of within-group agreement in climate perceptions. However, researchers might find it useful to distinguish implementation climate level (the average of implementation climate perceptions from implementation climate strength (the

Towards improving security measures in Nigeria University Libraries ...

African Journals Online (AJOL)

A questionnaire designed by the researchers titled “Towards Improving Security Measures in Nigerian University Libraries (TISMINUL)” was used to collect the needed data. The questionnaire was designed in two parts. Part one was to gather information on the size of collection, frequency of stock taking and book loss.

Balanced Scorecard: A Strategic Tool in Implementing Homeland Security Strategies

OpenAIRE

Caudle, Sharon

2008-01-01

This article appeared in Homeland Security Affairs (October 2008), v.4 no.3 Starting in the early 1990s, Robert S. Kaplan and David P. Norton advocated a 'balanced scorecard' translating an organization's mission and existing business strategy into specific strategic objectives that could be linked in cause and effect relationships and measured operationally. The balanced scorecard stressed drivers of future organizational performance -- capabilities, resources, and business processes -- a...

Perceptions of randomized security schedules.

Science.gov (United States)

Scurich, Nicholas; John, Richard S

2014-04-01

Security of infrastructure is a major concern. Traditional security schedules are unable to provide omnipresent coverage; consequently, adversaries can exploit predictable vulnerabilities to their advantage. Randomized security schedules, which randomly deploy security measures, overcome these limitations, but public perceptions of such schedules have not been examined. In this experiment, participants were asked to make a choice between attending a venue that employed a traditional (i.e., search everyone) or a random (i.e., a probability of being searched) security schedule. The absolute probability of detecting contraband was manipulated (i.e., 1/10, 1/4, 1/2) but equivalent between the two schedule types. In general, participants were indifferent to either security schedule, regardless of the probability of detection. The randomized schedule was deemed more convenient, but the traditional schedule was considered fairer and safer. There were no differences between traditional and random schedule in terms of perceived effectiveness or deterrence. Policy implications for the implementation and utilization of randomized schedules are discussed. © 2013 Society for Risk Analysis.

Risk-informed, performance-based safety-security interface

International Nuclear Information System (INIS)

Mrowca, B.; Eltawila, F.

2012-01-01

Safety-security interface is a term that is used as part of the commercial nuclear power security framework to promote coordination of the many potentially adverse interactions between plant security and plant safety. Its object is to prevent the compromise of either. It is also used to describe the concept of building security into a plant's design similar to the long standing practices used for safety therefore reducing the complexity of the operational security while maintaining or enhancing overall security. With this in mind, the concept of safety-security interface, when fully implemented, can influence a plant's design, operation and maintenance. It brings the approach use for plant security to one that is similar to that used for safety. Also, as with safety, the application of risk-informed techniques to fully implement and integrate safety and security is important. Just as designers and operators have applied these techniques to enhance and focus safety, these same techniques can be applied to security to not only enhance and focus the security but also to aid in the implementation of effective techniques to address the safety-security interfaces. Implementing this safety-security concept early within the design process can prevent or reduce security vulnerabilities through low cost solutions that often become difficult and expensive to retrofit later in the design and/or post construction period. These security considerations address many of the same issues as safety in ensuring that the response of equipment and plant personnel are adequate. That is, both safety and security are focused on reaching safe shutdown and preventing radiological release. However, the initiation of challenges and the progression of actions in response these challenges and even the definitions of safe shutdown can be considerably different. This paper explores the techniques and limitations that are employed to fully implement a risk-informed, safety-security interface

Improving computer security by health smart card.

Science.gov (United States)

Nisand, Gabriel; Allaert, François-André; Brézillon, Régine; Isphording, Wilhem; Roeslin, Norbert

2003-01-01

The University hospitals of Strasbourg have worked for several years on the computer security of the medical data and have of this fact be the first to use the Health Care Professional Smart Card (CPS). This new tool must provide security to the information processing systems and especially to the medical data exchanges between the partners who collaborate to the care of the Beyond the purely data-processing aspects of the functions of safety offered by the CPS, safety depends above all on the practices on the users, their knowledge concerning the legislation, the risks and the stakes, of their adhesion to the procedures and protections installations. The aim of this study is to evaluate this level of knowledge, the practices and the feelings of the users concerning the computer security of the medical data, to check the relevance of the step taken, and if required, to try to improve it. The survey by questionnaires involved 648 users. The practices of users in terms of data security are clearly improved by the implementation of the security server and the use of the CPS system, but security breaches due to bad practices are not however completely eliminated. That confirms that is illusory to believe that data security is first and foremost a technical issue. Technical measures are of course indispensable, but the greatest efforts are required after their implementation and consist in making the key players [2], i.e. users, aware and responsible. However, it must be stressed that the user-friendliness of the security interface has a major effect on the results observed. For instance, it is highly probable that the bad practices continued or introduced upon the implementation of the security server and CPS scheme are due to the complicated nature or functional defects of the proposed solution, which must therefore be improved. Besides, this is only the pilot phase and card holders can be expected to become more responsible as time goes by, along with the gradual

Concepts for a standard based cross-organisational information security management system in the context of a nationwide EHR.

Science.gov (United States)

Mense, Alexander; Hoheiser-Pförtner, Franz; Schmid, Martin; Wahl, Harald

2013-01-01

Working with health related data necessitates appropriate levels of security and privacy. Information security, meaning ensuring confidentiality, integrity, and availability, is more organizational, than technical in nature. It includes many organizational and management measures, is based on well-defined security roles, processes, and documents, and needs permanent adaption of security policies, continuously monitoring, and measures assessment. This big challenge for any organization leads to implementation of an information security management system (ISMS). In the context of establishing a regional or national electronic health record for integrated care (ICEHR), the situation is worse. Changing the medical information exchange from on-demand peer-to-peer connections to health information networks requires all organizations participating in the EHR system to have consistent security levels and to follow the same security guidelines and rules. Also, the implementation must be monitored and audited, establishing cross-organizational information security management systems (ISMS) based on international standards. This paper evaluates requirements and defines basic concepts for an ISO 27000 series-based cross-organizational ISMS in the healthcare domain and especially for the implementation of the nationwide electronic health record in Austria (ELGA).

PeerFlow: Secure Load Balancing in Tor

Directory of Open Access Journals (Sweden)

Johnson Aaron

2017-04-01

Full Text Available We present PeerFlow, a system to securely load balance client traffic in Tor. Security in Tor requires that no adversary handle too much traffic. However, Tor relays are run by volunteers who cannot be trusted to report the relay bandwidths, which Tor clients use for load balancing. We show that existing methods to determine the bandwidths of Tor relays allow an adversary with little bandwidth to attack large amounts of client traffic. These methods include Tor’s current bandwidth-scanning system, TorFlow, and the peer-measurement system EigenSpeed. We present an improved design called PeerFlow that uses a peer-measurement process both to limit an adversary’s ability to increase his measured bandwidth and to improve accuracy. We show our system to be secure, fast, and efficient. We implement PeerFlow in Tor and demonstrate its speed and accuracy in large-scale network simulations.

Information security cost management

CERN Document Server

Bazavan, Ioana V

2006-01-01

While information security is an ever-present challenge for all types of organizations today, most focus on providing security without addressing the necessities of staff, time, or budget in a practical manner.Information Security Cost Management offers a pragmatic approach to implementing information security, taking budgetary and real-world constraints into consideration. By providing frameworks, step-by-step processes, and project management breakdowns, this book demonstrates how to design the best security strategy with the resources you have available. Organized into five sections, the book-Focuses on setting the right road map so that you can be most effective in your information security implementationsDiscusses cost-effective staffing, the single biggest expense to the security organizationPresents practical ways to build and manage the documentation that details strategy, provides resources for operating annual audits, and illustrates how to advertise accomplishments to senior management effectivelyI...

75 FR 39184 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/ALL-029 Civil...

Science.gov (United States)

2010-07-08

... questions and privacy issues please contact: Mary Ellen Callahan (703-235-0780), Chief Privacy Officer... Secretary 6 CFR Part 5 [Docket No. DHS-2010-0034] Privacy Act of 1974: Implementation of Exemptions...: Privacy Office, DHS. ACTION: Notice of proposed rulemaking. SUMMARY: The Department of Homeland Security...

Information security in SCADA systems in nuclear power plants

International Nuclear Information System (INIS)

Satyamurty, S.A.V.

2013-01-01

Few decades back most of the I and C systems are Hardwired based. With the developments in digital electronics, micro processors and micro controllers, the I and C systems are becoming more and more Computer based. Though it brought convenience to the designer, comfort to the operator in the form of better GUI, it also brought many challenges in the form of information security. The talk covers the typical I and C design using SCADA systems, the challenges, typical problems faced and the need for information security. The talk illustrates various security measures to be implemented in the design, development and testing stages. These security measures have to be taken both in the development environment and deployment environment. Verification and validation of computer based system is very important. Configuration change management is very essential for smooth running of the plant. The talk illustrates the various measures need to be taken. (author)

Study of Security Attributes of Smart Grid Systems- Current Cyber Security Issues

Energy Technology Data Exchange (ETDEWEB)

Wayne F. Boyer; Scott A. McBride

2009-04-01

This document provides information for a report to congress on Smart Grid security as required by Section 1309 of Title XIII of the Energy Independence and Security Act of 2007. The security of any future Smart Grid is dependent on successfully addressing the cyber security issues associated with the nation’s current power grid. Smart Grid will utilize numerous legacy systems and technologies that are currently installed. Therefore, known vulnerabilities in these legacy systems must be remediated and associated risks mitigated in order to increase the security and success of the Smart Grid. The implementation of Smart Grid will include the deployment of many new technologies and multiple communication infrastructures. This report describes the main technologies that support Smart Grid and summarizes the status of implementation into the existing U.S. electrical infrastructure.

Development and initial validation of a measure of attachment security in late adulthood.

Science.gov (United States)

Lopez, Frederick G; Ramos, Katherine; Kim, Mijin

2018-05-10

Attachment theory-guided studies of older adults have generally relied on self-report measures that were validated on young adult samples and that focus on fears of rejection by romantic partners and on experiences of chronic discomfort with romantic intimacy as the key indicators of adult attachment security. These assessment characteristics raise important questions as to whether these measures are appropriate for use with older adults. Unlike their younger adult counterparts, older adults may face distinctive life stage-related threats to their attachment security such as declining health and autonomy, spousal loss, and increased dependence on younger family members for instrumental and emotional support. In response to these concerns, we conducted two independent studies aimed at developing and validating a novel measure of attachment security in older adults-the Late Adulthood Attachment Scale (LAAS). In study one (N = 287), exploratory structural equation modeling (ESEM) methods were used to identify and support a 2-factor structure (Fearful Avoidance, Secure Engagement) underlying LAAS scores. In study two (N = 417), ESEM and regression analyses confirmed the 2-factor structure and demonstrated the ability of LAAS scores to predict participants' well-being over a 3-month interval (n = 93). Findings from both studies support the psychometric adequacy of the LAAS as an alternative measure of attachment security for use with older adult samples. (PsycINFO Database Record (c) 2018 APA, all rights reserved).

The strategic measures for the industrial security of small and medium business.

Science.gov (United States)

Lee, Chang-Moo

2014-01-01

The competitiveness of companies increasingly depends upon whether they possess the cutting-edge or core technology. The technology should be protected from industrial espionage or leakage. A special attention needs to be given to SMB (small and medium business), furthermore, because SMB occupies most of the companies but has serious problems in terms of industrial security. The technology leakages of SMB would account for more than 2/3 of total leakages during last five years. The purpose of this study is, therefore, to analyze the problems of SMB in terms of industrial security and suggest the strategic solutions for SMB in South Korea. The low security awareness and financial difficulties, however, make it difficult for SMB to build the effective security management system which would protect the company from industrial espionage and leakage of its technology. The growing dependence of SMB on network such as internet, in addition, puts the SMB at risk of leaking its technology through hacking or similar ways. It requires new measures to confront and control such a risk. Online security control services and technology deposit system are suggested for such measures.

The Strategic Measures for the Industrial Security of Small and Medium Business

Directory of Open Access Journals (Sweden)

Chang-Moo Lee

2014-01-01

Full Text Available The competitiveness of companies increasingly depends upon whether they possess the cutting-edge or core technology. The technology should be protected from industrial espionage or leakage. A special attention needs to be given to SMB (small and medium business, furthermore, because SMB occupies most of the companies but has serious problems in terms of industrial security. The technology leakages of SMB would account for more than 2/3 of total leakages during last five years. The purpose of this study is, therefore, to analyze the problems of SMB in terms of industrial security and suggest the strategic solutions for SMB in South Korea. The low security awareness and financial difficulties, however, make it difficult for SMB to build the effective security management system which would protect the company from industrial espionage and leakage of its technology. The growing dependence of SMB on network such as internet, in addition, puts the SMB at risk of leaking its technology through hacking or similar ways. It requires new measures to confront and control such a risk. Online security control services and technology deposit system are suggested for such measures.

Food safety security: a new concept for enhancing food safety measures.

Science.gov (United States)

Iyengar, Venkatesh; Elmadfa, Ibrahim

2012-06-01

The food safety security (FSS) concept is perceived as an early warning system for minimizing food safety (FS) breaches, and it functions in conjunction with existing FS measures. Essentially, the function of FS and FSS measures can be visualized in two parts: (i) the FS preventive measures as actions taken at the stem level, and (ii) the FSS interventions as actions taken at the root level, to enhance the impact of the implemented safety steps. In practice, along with FS, FSS also draws its support from (i) legislative directives and regulatory measures for enforcing verifiable, timely, and effective compliance; (ii) measurement systems in place for sustained quality assurance; and (iii) shared responsibility to ensure cohesion among all the stakeholders namely, policy makers, regulators, food producers, processors and distributors, and consumers. However, the functional framework of FSS differs from that of FS by way of: (i) retooling the vulnerable segments of the preventive features of existing FS measures; (ii) fine-tuning response systems to efficiently preempt the FS breaches; (iii) building a long-term nutrient and toxicant surveillance network based on validated measurement systems functioning in real time; (iv) focusing on crisp, clear, and correct communication that resonates among all the stakeholders; and (v) developing inter-disciplinary human resources to meet ever-increasing FS challenges. Important determinants of FSS include: (i) strengthening international dialogue for refining regulatory reforms and addressing emerging risks; (ii) developing innovative and strategic action points for intervention {in addition to Hazard Analysis and Critical Control Points (HACCP) procedures]; and (iii) introducing additional science-based tools such as metrology-based measurement systems.

Computer Security at Nuclear Facilities (French Edition)

International Nuclear Information System (INIS)

2013-01-01

The possibility that nuclear or other radioactive material could be used for malicious purposes cannot be ruled out in the current global situation. States have responded to this risk by engaging in a collective commitment to strengthen the protection and control of such material and to respond effectively to nuclear security events. States have agreed to strengthen existing instruments and have established new international legal instruments to enhance nuclear security worldwide. Nuclear security is fundamental in the management of nuclear technologies and in applications where nuclear or other radioactive material is used or transported. Through its Nuclear Security Programme, the IAEA supports States to establish, maintain and sustain an effective nuclear security regime. The IAEA has adopted a comprehensive approach to nuclear security. This recognizes that an effective national nuclear security regime builds on: the implementation of relevant international legal instruments; information protection; physical protection; material accounting and control; detection of and response to trafficking in such material; national response plans; and contingency measures. With its Nuclear Security Series, the IAEA aims to assist States in implementing and sustaining such a regime in a coherent and integrated manner. The IAEA Nuclear Security Series comprises Nuclear Security Fundamentals, which include objectives and essential elements of a State's nuclear security regime; Recommendations; Implementing Guides; and Technical Guidance. Each State carries the full responsibility for nuclear security, specifically: to provide for the security of nuclear and other radioactive material and associated facilities and activities; to ensure the security of such material in use, storage or in transport; to combat illicit trafficking and the inadvertent movement of such material; and to be prepared to respond to a nuclear security event. This publication is in the Technical Guidance

Computer Security: the security marathon, part 2

CERN Multimedia

Computer Security Team

2014-01-01

Do you recall our latest article on the “Security Marathon” (see here) and why it’s wrong to believe that computer security is a sprint, that a quick hack is invulnerable, that quick bug-fixing is sufficient, that plugging security measures on top of existing structures is a good idea, that once you are secure, your life is cosy?   In fact, security is a marathon for us too. Again and again, we have felt comfortable with the security situation at CERN, with dedicated protections deployed on individual hosts, with the security measures deployed by individual service managers, with the attentiveness and vigilance of our users, and with the responsiveness of the Management. Again and again, however, we subsequently detect or receive reports that this is wrong, that protections are incomplete, that security measures are incomplete, that security awareness has dropped. Thus, unfortunately, we often have to go back to square one and address similar issues over and over...

Ghana's Integrated Nuclear Security Support Plan

International Nuclear Information System (INIS)

Dahlstrom, Danielle

2013-01-01

At the Korle Bu Teaching Hospital outside Accra, Pearl Lovelyn Lawson checks the records of the next patient to undergo radiotherapy and adjusts the dose settings of the teletherapy machine. It is business as usual at the facility that treats over fifty patients each day. But Lawson's routine now includes additional procedures to ensure that the highly radioactive cobalt-60 source located inside the machine remains secure. Nuclear security devices and systems such as double locks, motion sensors, and cameras that transmit images to a central alarm system have been installed to ensure that the source cannot be stolen, the facility sabotaged, or unauthorized access gained. At Korle Bu physical protection measures were upgraded as part of Ghana's Integrated Nuclear Security Support Plan (INSSP). Preventing, detecting and responding to criminal acts like the theft or illegal transfer of a radioactive source, is an international priority that could be addressed through an INSSP. As one of its key nuclear security services, the IAEA assists Member States in drafting such plans. An INSSP is developed jointly with the Member State, using a holistic approach to nuclear security capacity building. It reinforces the primary objective of a State's nuclear security regime to protect people, society, and the environment from the harmful consequences of a nuclear security event. Addressing five components - the legal and regulatory framework, prevention, detection, and sustainability - the jointly developed plan identifies the needs, responsible entities and organizations within the State, as well as the timeframe for the implementation of agreed nuclear security related activities. Ghana's INSSP, tailored to its specific needs, is based on findings and recommendations from advisory service missions carried out in Ghana, including an International Nuclear Security Advisory Service mission and an International Physical Protection Advisory Service mission. Ghana's INSSP was

Implementation guidance for industrial-level security systems using radio frequency alarm links

Energy Technology Data Exchange (ETDEWEB)

Swank, R.G.

1996-07-12

Spread spectrum (SS) RF transmission technologies have properties that make the transmitted signal difficult to intercept, interpret, and jam. The digital code used in the modulation process results in a signal that has high reception reliability and supports multiple use of frequency bands and selective addressing. These attributes and the relatively low installation cost of RF systems make SSRF technologies candidate for communications links in security systems used for industrial sites, remote locations, and where trenching or other disturbances of soil or structures may not be desirable or may be costly. This guide provides a description of such a system and presents implementation methods that may be of engineering benefit.

How to define and build an effective cyber threat intelligence capability how to understand, justify and implement a new approach to security

CERN Document Server

Dalziel, Henry; Carnall, James

2014-01-01

Intelligence-Led Security: How to Understand, Justify and Implement a New Approach to Security is a concise review of the concept of Intelligence-Led Security. Protecting a business, including its information and intellectual property, physical infrastructure, employees, and reputation, has become increasingly difficult. Online threats come from all sides: internal leaks and external adversaries; domestic hacktivists and overseas cybercrime syndicates; targeted threats and mass attacks. And these threats run the gamut from targeted to indiscriminate to entirely accidental. Amo

33 CFR 106.235 - Maritime Security (MARSEC) Level coordination and implementation.

Science.gov (United States)

2010-07-01

... 33 Navigation and Navigable Waters 1 2010-07-01 2010-07-01 false Maritime Security (MARSEC) Level..., DEPARTMENT OF HOMELAND SECURITY MARITIME SECURITY MARINE SECURITY: OUTER CONTINENTAL SHELF (OCS) FACILITIES Outer Continental Shelf (OCS) Facility Security Requirements § 106.235 Maritime Security (MARSEC) Level...

How best to measure implementation of school health curricula: a comparison of three measures.

Science.gov (United States)

Resnicow, K; Davis, M; Smith, M; Lazarus-Yaroch, A; Baranowski, T; Baranowski, J; Doyle, C; Wang, D T

1998-06-01

The impact of school health education programs is often attenuated by inadequate teacher implementation. Using data from a school-based nutrition education program delivered in a sample of fifth graders, this study examines the discriminant and predictive validity of three measures of curriculum implementation: class-room observation of fidelity, and two measures of completeness, teacher self-report questionnaire and post-implementation interview. A fourth measure, obtained during teacher observations, that assessed student and teacher interaction and student receptivity to the curriculum (labeled Rapport) was also obtained. Predictive validity was determined by examining the association of implementation measures with three study outcomes; health knowledge, asking behaviors related to fruit and vegetables, and fruit and vegetable intake, assessed by 7-day diary. Of the 37 teachers observed, 21 were observed for two sessions and 16 were observed once. Implementation measures were moderately correlated, an indication of discriminant validity. Predictive validity analyses indicated that the observed fidelity, Rapport and interview measures were significantly correlated with post-test student knowledge. The association between health knowledge and observed fidelity (based on dual observation only), Rapport and interview measures remained significant after adjustment for pre-test knowledge values. None of the implementation variables were significantly associated with student fruit and vegetable intake or asking behaviors controlling for pre-test values. These results indicate that the teacher self-report questionnaire was not a valid measure of implementation completeness in this study. Post-implementation completeness interviews and dual observations of fidelity and Rapport appear to be more valid, and largely independent methods of implementation assessment.

BIOS Security Analysis and a Kind of Trusted BIOS

Science.gov (United States)

Zhou, Zhenliu; Xu, Rongsheng

The BIOS's security threats to computer system are analyzed and security requirements for firmware BIOS are summarized in this paper. Through discussion about TCG's trust transitivity, a new approach about CRTM implementation based on BIOS is developed. In this paper, we also put forward a new trusted BIOS architecture-UTBIOS which is built on Intel Framework for EFI/UEFI. The trustworthiness of UTBIOS is based on trusted hardware TPM. In UTBIOS, trust encapsulation and trust measurement are used to construct pre-OS trust chain. Performance of trust measurement is also analyzed in the end.

Secure self-calibrating quantum random-bit generator

International Nuclear Information System (INIS)

Fiorentino, M.; Santori, C.; Spillane, S. M.; Beausoleil, R. G.; Munro, W. J.

2007-01-01

Random-bit generators (RBGs) are key components of a variety of information processing applications ranging from simulations to cryptography. In particular, cryptographic systems require 'strong' RBGs that produce high-entropy bit sequences, but traditional software pseudo-RBGs have very low entropy content and therefore are relatively weak for cryptography. Hardware RBGs yield entropy from chaotic or quantum physical systems and therefore are expected to exhibit high entropy, but in current implementations their exact entropy content is unknown. Here we report a quantum random-bit generator (QRBG) that harvests entropy by measuring single-photon and entangled two-photon polarization states. We introduce and implement a quantum tomographic method to measure a lower bound on the 'min-entropy' of the system, and we employ this value to distill a truly random-bit sequence. This approach is secure: even if an attacker takes control of the source of optical states, a secure random sequence can be distilled

VMware vCloud security

CERN Document Server

Sarkar, Prasenjit

2013-01-01

VMware vCloud Security provides the reader with in depth knowledge and practical exercises sufficient to implement a secured private cloud using VMware vCloud Director and vCloud Networking and Security.This book is primarily for technical professionals with system administration and security administration skills with significant VMware vCloud experience who want to learn about advanced concepts of vCloud security and compliance.

Security assessment in harbours: parameters to be considered

Energy Technology Data Exchange (ETDEWEB)

Romero Faz, D.; Camarero Orive, A.

2016-07-01

The ports are the main node in the supply chain and freight transportation. The terrorist attacks of September 11, 2001 marked a turning point in global security. Following this event, and from then on, there is a widespread fear of an attack on commercial ports. The development of the International Ship and Port Facility Security (ISPS) Code of the International Maritime Organization (IMO), and the implementation of the measures derived from it, have significantly improved security at port facilities. However, the experience in recent decades indicates the need for adjustments in the security assessment, in order to improve risk assessment, which is sometimes either underestimated or overestimated. As a first result of the investigation, new parameters for assessing security are proposed considering new aspects on the basis of an analysis of the main methodologies specific to port facilities, the analysis of surveys of the responsible managers for the security of the Spanish port system, and the analysis of the security statistics obtained through security forces. (Author)

Physical Protection of Nuclear Material and Nuclear Facilities (Implementation of INFCIRC/225/Revision 5). Implementing Guide

International Nuclear Information System (INIS)

2018-01-01

This publication is the lead Implementing Guide in a suite of guidance on implementing the Nuclear Security Recommendations on Physical Protection of Nuclear Material and Nuclear Facilities (INFCIRC/225/Revision 5), IAEA Nuclear Security Series No. 13. It provides guidance and suggestions to assist States and their competent authorities in establishing, strengthening and sustaining their national physical protection regime and implementing the associated systems and measures, including operators’ physical protection systems. The structure of this publication is as follows. After this introduction, Section 2 describes the objectives of physical protection and the overall approach to managing the risks of the unauthorized removal of nuclear material and the sabotage of nuclear facilities. Section 3 provides guidance for the State and its competent authorities on the physical protection elements of the nuclear security regime; this guidance is based on the fundamental principles set out in the Recommendations publication. Section 4 provides guidance on the operator’s physical protection system and describes a systematic, integrated approach. Appendix I gives an annotated outline of the typical contents of an operator’s security plan. Appendix II provides similar guidance for the contingency plan. Appendix III provides a description of nuclear material aggregation that can be used to categorize nuclear material and determine the appropriate level of protection against unauthorized removal. Appendix IV presents a table of paragraph cross-references between the Recommendations publication and this Implementing Guide.

78 FR 9768 - Bureau of International Security and Nonproliferation Imposition of Nonproliferation Measures...

Science.gov (United States)

2013-02-11

... DEPARTMENT OF STATE [Public Notice 8184] Bureau of International Security and Nonproliferation Imposition of Nonproliferation Measures Against Foreign Persons, Including a Ban on U.S. Government Procurement AGENCY: Bureau of International Security and Nonproliferation, Department of State. ACTION: Notice...

Information security management: a proposal to improve the effectiveness of information security in the scientific research environment

International Nuclear Information System (INIS)

Alexandria, Joao Carlos Soares de

2009-01-01

The increase of the connectivity in the business environment, combined with the growing dependency of information systems, has become the information security management an important governance tool. Information security has as main goal to protect the business transactions in order to work normally. In this way, It will be safeguarding the business continuity. The threats of information come from hackers' attacks, electronic frauds and spying, as well as fire, electrical energy interruption and humans fault. Information security is made by implementation of a set of controls, including of the others politics, processes, procedures, organizational structures, software and hardware, which require a continuous management and a well established structure to be able to face such challenges. This work tried to search the reasons why the organizations have difficulties to make a practice of information security management. Many of them just limit to adopt points measures, sometimes they are not consistent with their realities. The market counts on enough quantity of standards and regulations related to information security issues, for example, ISO/IEC 27002, American Sarbanes-Oxley act, Basel capital accord, regulations from regulatory agency (such as the Brazilians ones ANATEL, ANVISA and CVM). The market researches have showed that the information security implementation is concentrated on a well-defined group of organization mainly formed by large companies and from specifics sectors of economy, for example, financial and telecommunication. However, information security must be done by all organizations that use information systems to carry out their activities, independently of its size or economic area that it belongs. The situation of information security in the governmental sector of Brazil, and inside its research institutions, is considered worrying by the Brazilian Court of Accounts (TCU). This research work presents an assessment and diagnostic proposal of

Measuring Stability and Security in Iraq

National Research Council Canada - National Science Library

2006-01-01

... of the report, "Stability and Security in Iraq," describes trends and progress towards meeting goals for political stability, strengthening economic activity, and achieving a stable security environment in Iraq...

Privacy and Security Research Group workshop on network and distributed system security: Proceedings

Energy Technology Data Exchange (ETDEWEB)

1993-05-01

This report contains papers on the following topics: NREN Security Issues: Policies and Technologies; Layer Wars: Protect the Internet with Network Layer Security; Electronic Commission Management; Workflow 2000 - Electronic Document Authorization in Practice; Security Issues of a UNIX PEM Implementation; Implementing Privacy Enhanced Mail on VMS; Distributed Public Key Certificate Management; Protecting the Integrity of Privacy-enhanced Electronic Mail; Practical Authorization in Large Heterogeneous Distributed Systems; Security Issues in the Truffles File System; Issues surrounding the use of Cryptographic Algorithms and Smart Card Applications; Smart Card Augmentation of Kerberos; and An Overview of the Advanced Smart Card Access Control System. Selected papers were processed separately for inclusion in the Energy Science and Technology Database.

Building and strengthening confidence and security in Asia

International Nuclear Information System (INIS)

Corden, P.S.

1992-01-01

This paper presents a few thoughts on the question of building and strengthening confidence and security in Asia, in particular in the area centred on the Korean peninsula. This question includes the process of establishing and implementing confidence- and security-building measures, some of which might involve States other than North and South Korea. The development of CSBMs has now been well established in Europe, and there are encouraging signs that such measures are taking hold in other areas of the world, including in Korea. Consequently there is a fairly rich mine of information, precedent and experience from which to draw in focusing on the particular subject at hand. In these remarks the concept of confidence- and security-building is briefly addressed and measures are examined that have proven useful in other circumstances and review some possibilities that appear of interest in the present context

Punishment in School: The Role of School Security Measures

Science.gov (United States)

Mowen, Thomas J.

2014-01-01

Although investigation of school security measures and their relationships to various outcomes including school crime rates (Gottfredson, 2001), perpetuation of social inequality (Ferguson, 2001; Nolan, 2011; Welch & Payne, 2010), and the impact on childhood experiences has seen significant growth within the last 20 years (Newman, 2004;…

Secure integrated circuits and systems

CERN Document Server

Verbauwhede, Ingrid MR

2010-01-01

On any advanced integrated circuit or 'system-on-chip' there is a need for security. In many applications the actual implementation has become the weakest link in security rather than the algorithms or protocols. The purpose of the book is to give the integrated circuits and systems designer an insight into the basics of security and cryptography from the implementation point of view. As a designer of integrated circuits and systems it is important to know both the state-of-the-art attacks as well as the countermeasures. Optimizing for security is different from optimizations for speed, area,

Security culture for nuclear facilities

Science.gov (United States)

Gupta, Deeksha; Bajramovic, Edita

2017-01-01

Natural radioactive elements are part of our environment and radioactivity is a natural phenomenon. There are numerous beneficial applications of radioactive elements (radioisotopes) and radiation, starting from power generation to usages in medical, industrial and agriculture applications. But the risk of radiation exposure is always attached to operational workers, the public and the environment. Hence, this risk has to be assessed and controlled. The main goal of safety and security measures is to protect human life, health, and the environment. Currently, nuclear security considerations became essential along with nuclear safety as nuclear facilities are facing rapidly increase in cybersecurity risks. Therefore, prevention and adequate protection of nuclear facilities from cyberattacks is the major task. Historically, nuclear safety is well defined by IAEA guidelines while nuclear security is just gradually being addressed by some new guidance, especially the IAEA Nuclear Security Series (NSS), IEC 62645 and some national regulations. At the overall level, IAEA NSS 7 describes nuclear security as deterrence and detection of, and response to, theft, sabotage, unauthorized access, illegal transfer or other malicious acts involving nuclear, other radioactive substances and their associated facilities. Nuclear security should be included throughout nuclear facilities. Proper implementation of a nuclear security culture leads to staff vigilance and a high level of security posture. Nuclear security also depends on policy makers, regulators, managers, individual employees and members of public. Therefore, proper education and security awareness are essential in keeping nuclear facilities safe and secure.

Measuring Stability and Security in Iraq

National Research Council Canada - National Science Library

2005-01-01

.... The initial section of the report, "Stability and Security in Iraq," describes trends and progress towards meeting goals for political stability, economic progress, and achieving a stable security environment in Iraq...

Muon Fluence Measurements for Homeland Security Applications

Energy Technology Data Exchange (ETDEWEB)

Ankney, Austin S.; Berguson, Timothy J.; Borgardt, James D.; Kouzes, Richard T.

2010-08-10

This report focuses on work conducted at Pacific Northwest National Laboratory to better characterize aspects of backgrounds in RPMs deployed for homeland security purposes. Two polyvinyl toluene scintillators were utilized with supporting NIM electronics to measure the muon coincidence rate. Muon spallation is one mechanism by which background neutrons are produced. The measurements performed concentrated on a broad investigation of the dependence of the muon flux on a) variations in solid angle subtended by the detector; b) the detector inclination with the horizontal; c) depth underground; and d) diurnal effects. These tests were conducted inside at Building 318/133, outdoors at Building 331G, and underground at Building 3425 at Pacific Northwest National Laboratory.

Quantifying, Measuring, and Strategizing Energy Security: Determining the Most Meaningful Dimensions and Metrics

DEFF Research Database (Denmark)

Ren, Jingzheng; Sovacool, Benjamin

2014-01-01

subjective concepts of energy security into more objective criteria, to investigate the cause-effect relationships among these different metrics, and to provide some recommendations for the stakeholders to draft efficacious measures for enhancing energy security. To accomplish this feat, the study utilizes...

On the security of semi-device-independent QKD protocols

Science.gov (United States)

Chaturvedi, Anubhav; Ray, Maharshi; Veynar, Ryszard; Pawłowski, Marcin

2018-06-01

While fully device-independent security in (BB84-like) prepare-and-measure quantum key distribution (QKD) is impossible, it can be guaranteed against individual attacks in a semi-device-independent (SDI) scenario, wherein no assumptions are made on the characteristics of the hardware used except for an upper bound on the dimension of the communicated system. Studying security under such minimal assumptions is especially relevant in the context of the recent quantum hacking attacks wherein the eavesdroppers can not only construct the devices used by the communicating parties but are also able to remotely alter their behavior. In this work, we study the security of a SDIQKD protocol based on the prepare-and-measure quantum implementation of a well-known cryptographic primitive, the random access code (RAC). We consider imperfect detectors and establish the critical values of the security parameters (the observed success probability of the RAC and the detection efficiency) required for guaranteeing security against eavesdroppers with and without quantum memory. Furthermore, we suggest a minimal characterization of the preparation device in order to lower the requirements for establishing a secure key.

Design and Implementation of Wiki Services in a Multilevel Secure Environment

National Research Council Canada - National Science Library

Ong, Kar L

2007-01-01

The Monterey Security Architecture (MYSEA) provides a distributed multilevel secure networking environment where authenticated users can securely access data and services at different security classification levels...

SYSTEMATIZATION OF INTERNATIONAL EXPERIENCE OF ENSURING ECONOMIC SECURITY OF EXACERBATION OF THE THREATS AND CHALLENGES OF A NEW TYPE FOR NATIONAL AND INTERNATIONAL SECURITY

Directory of Open Access Journals (Sweden)

Tatyana Momot

2016-11-01

Full Text Available The aim of the work is to systematize the international experience of economic security both in terms of individual countries and the global economy as a whole. Setting such a goal it is associated with the growth of globalization and integration processes in the world economy, which are the new threat of economic security. Methods. Theoretical and methodological basis of the study were research and findings on issues of economic security at the level of the world economy as a whole and individual national economies in particular. We used such general scientific and special methods, such as analysis and synthesis, comparison, generalization, adaptation. The findings led to the conclusion that the protection of national interests and the formation of an economic security strategy – the most important functions of the state, the implementation of which is impossible without a system of self-regulation mechanisms and regulation. The government should implement a set of measures to promote economic growth, and that will guarantee the economic security of the country. These measures should cover all sectors of the economy. These measures include the implementation an active structural and social policies, enhancing the activity of the state in investment, financial, monetary and foreign economic sphere, the continuation of institutional reforms. The practical significance is to separate the differences used methodological approaches to ensure the economic security of the EU member countries and the CIS. This is explained by the fact that the first group of countries is focused on standards and borrows the experience of the leading EU countries (Germany, France, and the second group, located in the zone of influence of Russia (Moldova, Ukraine, Belarus, Kazakhstan, – on the Russian developments and standards. In turn, Russia in their design focuses more on standards to ensure economic security, which have been made in the period of the Soviet

National Security Technology Incubator Evaluation Process

Energy Technology Data Exchange (ETDEWEB)

None, None

2007-12-31

This report describes the process by which the National Security Technology Incubator (NSTI) will be evaluated. The technology incubator is being developed as part of the National Security Preparedness Project (NSPP), funded by a Department of Energy (DOE)/National Nuclear Security Administration (NNSA) grant. This report includes a brief description of the components, steps, and measures of the proposed evaluation process. The purpose of the NSPP is to promote national security technologies through business incubation, technology demonstration and validation, and workforce development. The NSTI will focus on serving businesses with national security technology applications by nurturing them through critical stages of early development. An effective evaluation process of the NSTI is an important step as it can provide qualitative and quantitative information on incubator performance over a given period. The vision of the NSTI is to be a successful incubator of technologies and private enterprise that assist the NNSA in meeting new challenges in national safety and security. The mission of the NSTI is to identify, incubate, and accelerate technologies with national security applications at various stages of development by providing hands-on mentoring and business assistance to small businesses and emerging or growing companies. To achieve success for both incubator businesses and the NSTI program, an evaluation process is essential to effectively measure results and implement corrective processes in the incubation design if needed. The evaluation process design will collect and analyze qualitative and quantitative data through performance evaluation system.

Cooperative monitoring of regional security agreements

Energy Technology Data Exchange (ETDEWEB)

Pregenzer, A.L.; Vannoni, M.; Biringer, K.L.

1995-08-01

This paper argues that cooperative monitoring plays a critical role in the implementation of regional security agreements and confidence building measures. A framework for developing cooperative monitoring options is proposed and several possibilities for relating bilateral and regional monitoring systems to international monitoring systems are discussed. Three bilateral or regional agreements are analyzed briefly to illustrate different possibilities: (1) the demilitarization of the Sinai region between Israel and Egypt in the 1970s; (2) the 1991 quadripartite agreement for monitoring nuclear facilities among Brazil, Argentina, The Argentine-Brazilian Agency for Accounting and Control of Nuclear Materials and the International Atomic Energy Agency; and (3) a bilateral Open Skies agreement between Hungary and Romania in 1991. These examples illustrate that the relationship of regional or bilateral arms control or security agreements to international agreements depends on a number of factors: the overlap of provisions between regional and international agreements; the degree of interest in a regional agreement among the international community; efficiency in implementing the agreement; and numerous political considerations.Given the importance of regional security to the international community, regions should be encouraged to develop their own infrastructure for implementing regional arms control and other security agreements. A regional infrastructure need not preclude participation in an international regime. On the contrary, establishing regional institutions for arms control and nonproliferation could result in more proactive participation of regional parties in developing solutions for regional and international problems, thereby strengthening existing and future international regimes. Possible first steps for strengthening regional infrastructures are identified and potential technical requirements are discussed.

Radiological Protection Measurements Implemented during the 16. Pan American and 4. ParaPan American Games: Guadalajara, Mexico, 2011; Medidas de seguridad radiologica implementadas durante los 16. Juegos Panamericanos y 4. Juegos Parapanamericanos: Guadalajara, Mexico, 2011

Energy Technology Data Exchange (ETDEWEB)

NONE

2014-02-15

Terrorism remains a threat to international stability and security. Often national and international high level public events are the subject of much public interest and receive extensive coverage in the media. In this sense, it is well known that there is a real threat of a terrorist attack in important public events, such as major economic summits, high level political meetings or sporting events. In 1955 and 1975, the 2nd and 7th Pan American Games were organized by the City of Mexico. In 2011, the Pan American Games was the third event of its kind held in Guadalajara, Jalisco. At the national level, the implementation of nuclear security measures in the Pan American Games laid the foundations for a sustainable national nuclear security framework that will continue long after the event. The political decision, the existing legal basis and structure, agency coordination facilitated the incorporation of nuclear security measures. It was also a challenge to integrate all the relevant organizations, provide focus to the threat of terrorism linked to weapons of mass destruction for security games, plan resources and execute the project on time, among other details. For this reason, information and lessons learned that are reported in this document, received in Mexico during the 16th edition of the Pan American Games will be useful for the implementation of nuclear security measures in States with similar situations.

Risk Assessment Generated by Usage of ICT and Information Security Measures

Directory of Open Access Journals (Sweden)

Ilie TAMAS

2006-01-01

Full Text Available Information societies involve the usage of information technology and communications (ITC on a large scale. The dependence on ITC is an unquestionable problem in the present, because we assist to a generality of computers usage in all economic and social life activities. That is why organization information systems became accessible at the global level and there are permanently open for a quick exchange of information between different categories of users located by different geographical nods. The ITC usage involves the existing of some risks that should be known, evaluation and based on these, we must have information systems security measure. We consider that the risk is an indicator very important that must be permanently assess in the usage process of the information system based on ITC. Risk management suppose a permanently evaluation of these problems and also restrain by some practical actions who goes to the decrease of its effects. From the expose point of view, in this paper work it is presented the results of research based on specialty literature and current cases from practical activities, regarding the risks of ITC usage and their diminishing measure. There are distinguished the main factors (threat, vulnerability and impact who affect the information risk and on the other way, diminishing measure of the action to these factors for optimum working of an economic and social organism who use ITC. We consider that through proposed measures we assume safety in design process, implement and usage of the informational systems based on ITC.

[The comparative evaluation of level of security culture in medical organizations].

Science.gov (United States)

Roitberg, G E; Kondratova, N V; Galanina, E V

2016-01-01

The study was carried out on the basis of clinic “Medicine” in 2014-2015 concerning security culture. The sampling included 465 filled HSPSC questionnaires. The comparative analysis of received was implemented. The “Zubovskaia district hospital” Having no accreditation according security standards and group of clinics from USA functioning for many years in the system of patient security support were selected as objects for comparison. The evaluation was implemented concerning dynamics of security culture in organization at implementation of strategies of security of patients during 5 years and comparison of obtained results with USA clinics was made. The study results demonstrated that in conditions of absence of implemented standards of security in medical organization total evaluation of security remains extremely low. The study of security culture using HSPSC questionnaire is an effective tool for evaluating implementation of various strategies of security ofpatient. The functioning in the system of international standards of quality, primarily JCI standards, permits during several years to achieve high indices of security culture.

Validity of information security policy models

Directory of Open Access Journals (Sweden)

Joshua Onome Imoniana

Full Text Available Validity is concerned with establishing evidence for the use of a method to be used with a particular set of population. Thus, when we address the issue of application of security policy models, we are concerned with the implementation of a certain policy, taking into consideration the standards required, through attribution of scores to every item in the research instrument. En today's globalized economic scenarios, the implementation of information security policy, in an information technology environment, is a condition sine qua non for the strategic management process of any organization. Regarding this topic, various studies present evidences that, the responsibility for maintaining a policy rests primarily with the Chief Security Officer. The Chief Security Officer, in doing so, strives to enhance the updating of technologies, in order to meet all-inclusive business continuity planning policies. Therefore, for such policy to be effective, it has to be entirely embraced by the Chief Executive Officer. This study was developed with the purpose of validating specific theoretical models, whose designs were based on literature review, by sampling 10 of the Automobile Industries located in the ABC region of Metropolitan São Paulo City. This sampling was based on the representativeness of such industries, particularly with regards to each one's implementation of information technology in the region. The current study concludes, presenting evidence of the discriminating validity of four key dimensions of the security policy, being such: the Physical Security, the Logical Access Security, the Administrative Security, and the Legal & Environmental Security. On analyzing the Alpha of Crombach structure of these security items, results not only attest that the capacity of those industries to implement security policies is indisputable, but also, the items involved, homogeneously correlate to each other.

Implementation and rejection of industrial steam system energy efficiency measures

International Nuclear Information System (INIS)

Therkelsen, Peter; McKane, Aimee

2013-01-01

Steam systems consume approximately one third of energy applied at US industrial facilities. To reduce energy consumption, steam system energy assessments have been conducted on a wide range of industry types over the course of 5 years through the Energy Savings Assessment (ESA) program administered by the US Department of Energy (US DOE). ESA energy assessments result in energy efficiency measure recommendations that are given potential energy and energy cost savings and potential implementation cost values. Saving and cost metrics that measure the impact recommended measures will have at facilities, described as percentages of facility baseline energy and energy cost, are developed from ESA data and used in analyses. Developed savings and cost metrics are examined along with implementation and rejection rates of recommended steam system energy efficiency measures. Based on analyses, implementation of steam system energy efficiency measures is driven primarily by cost metrics: payback period and measure implementation cost as a percentage of facility baseline energy cost (implementation cost percentage). Stated reasons for rejecting recommended measures are primarily based upon economic concerns. Additionally, implementation rates of measures are not only functions of savings and cost metrics, but time as well. - Highlights: ► We examine uptake/rejection of industrial steam system energy efficiency measures. ► We examine metrics that correspond to uptake/rejection of recommended measures. ► We examine barriers hindering steam system energy efficiency measure implementation. ► Uptake/rejection of steam measures is linked to potential cost metrics. ► Increased uptake of measures and uptake of more costly measures increases with time

9 CFR 121.11 - Security.

Science.gov (United States)

2010-01-01

... 9 Animals and Animal Products 1 2010-01-01 2010-01-01 false Security. 121.11 Section 121.11... AGENTS AND TOXINS § 121.11 Security. (a) An individual or entity required to register under this part must develop and implement a written security plan. The security plan must be sufficient to safeguard...

Operating System Security

CERN Document Server

Jaeger, Trent

2008-01-01

Operating systems provide the fundamental mechanisms for securing computer processing. Since the 1960s, operating systems designers have explored how to build "secure" operating systems - operating systems whose mechanisms protect the system against a motivated adversary. Recently, the importance of ensuring such security has become a mainstream issue for all operating systems. In this book, we examine past research that outlines the requirements for a secure operating system and research that implements example systems that aim for such requirements. For system designs that aimed to

Cyber Security Scenarios and Control for Small and Medium Enterprises

Directory of Open Access Journals (Sweden)

Nilaykumar Kiran SANGANI

2012-01-01

Full Text Available As the world advances towards the computing era, security threats keeps on increasing in the form of malware, viruses, internet attack, theft of IS assets / technology and a lot more. This is a major concern for any form of business. Loss in company’s status / liability / reputation is a huge downfall for a running business. We have witnessed the attacks getting carried out; large firm’s data getting breached / government bodies’ sites getting phished / attacked. These huge entities have technology expertise to safeguard their company’s interest against such attacks through investing huge amounts of capital in manpower and secure tools. But what about SMEs? SMEs enrich a huge part of the country’s economy. Big organizations have their own security measures policy which ideally is not applied when it comes to a SME. The aim of this paper is to come out with an Information Security Assurance Cyber Control for SMEs (ISACC against common cyber security threats implemented at a cost effective measure.

Strengthening the safety and security of radioactive sources worldwide: a perspective on Philippine contributions

International Nuclear Information System (INIS)

Murray, Allan

2009-01-01

Radioactive sources have been used for many decades in a wide variety of applications in all countries. The safety of radioactive sources and the associated radiation protection have been implemented by national and international programs during this time with cooperation through the IAEA intended to achieve application of minimum standards and harmonization of approach. The security of radioactive sources is however relatively new consideration. A perspective on the Philippine contributions to the safety and security of radioactive sources will be provided with reference to the following: What is radioactive source security and why it is important?; International cooperation, including the IAEA Code of Conduct; Regulation for radioactive source security; Implementation of radioactive source security measures for licenses, operators and others; Impact of regulatory and operational matters such as professional development and training, emergency preparedness and response, and radiation protection. (author)

42 CFR 73.11 - Security.

Science.gov (United States)

2010-10-01

... 42 Public Health 1 2010-10-01 2010-10-01 false Security. 73.11 Section 73.11 Public Health PUBLIC... AND TOXINS § 73.11 Security. (a) An individual or entity required to register under this part must develop and implement a written security plan. The security plan must be sufficient to safeguard the...

14 CFR 460.53 - Security.

Science.gov (United States)

2010-01-01

... 14 Aeronautics and Space 4 2010-01-01 2010-01-01 false Security. 460.53 Section 460.53 Aeronautics and Space COMMERCIAL SPACE TRANSPORTATION, FEDERAL AVIATION ADMINISTRATION, DEPARTMENT OF....53 Security. An operator must implement security requirements to prevent any space flight participant...

Implementation and Rejection of Industrial Steam System Energy Efficiency Measures

Energy Technology Data Exchange (ETDEWEB)

Therkelesen, Peter [Environmental Energy Technologies Division Lawrence Berkeley National Laboratory (LBNL), Berkeley, CA (United States); McKane, Aimee [Environmental Energy Technologies Division Lawrence Berkeley National Laboratory (LBNL), Berkeley, CA (United States)

2013-05-01

Steam systems consume approximately one third of energy applied at U.S. industrial facilities. To reduce energy consumption, steam system energy assessments have been conducted on a wide range of industry types over the course of five years through the Energy Savings Assessment (ESA) program administered by the U.S. Department of Energy (U.S. DOE). ESA energy assessments result in energy efficiency measure recommendations that are given potential energy and energy cost savings and potential implementation cost values. Saving and cost metrics that measure the impact recommended measures will have at facilities, described as percentages of facility baseline energy and energy cost, are developed from ESA data and used in analyses. Developed savings and cost metrics are examined along with implementation and rejection rates of recommended steam system energy efficiency measures. Based on analyses, implementation of steam system energy efficiency measures is driven primarily by cost metrics: payback period and measure implementation cost as a percentage of facility baseline energy cost (implementation cost percentage). Stated reasons for rejecting recommended measures are primarily based upon economic concerns. Additionally, implementation rates of measures are not only functions of savings and cost metrics, but time as well.

International codes concerning the security of radioisotopes

International Nuclear Information System (INIS)

Kusama, Keiji

2013-01-01

Explained is the title subject with international and Japanese official argument or publications and actions, where the security is defined as protection of sealed and unsealed radioisotopes (RI) from malicious acts. IAEA worked out the Code of Conduct on the Safety and Security of Radioactive Sources in 2004 based on its preceding argument and with the turning point of the terrorism 3.11 (2001), and Nuclear Security Recommendations on radioactive material and associated facilities (2011), for whose prerequisite, Security of radioactive sources: implementing guide (2009) and Security in the transport of radioactive material (2008) had been drawn up. The Code of Conduct indicates the security system to regulate the sealed sources that each nation has to build up through legislation, setup of regulatory agency, registration of the sources, provision of concerned facilities with radiation protection, etc. For attaining this purpose, IAEA defined Guidance on the Import and Export of Radioactive Sources (2005, 2012), Categorization of radioactive sources (2005) and Dangerous quantities of radioactive material (D-VALUES) (2006). For updating the related matters, IAEA holds international conferences somewhere in the world every year. The Nuclear Security Recommendations indicate the nation's responsibility of building up and maintaining the security system above with well-balanced measures between the safe and secure use of RI without the invalid inhibition of their usage. Japan government worked out the concept essential for ensuring the nuclear security in Sep. 2011, in which for RI, defined were the risk and benefit in use and security, and securing role of the present legal systems concerning the safety handling and objective RI involved in their registration system. Securing measures of RI in such usage as medical and industrial aids must be of advanced usefulness and safety in harmony with activities of other countries. (T.T)

Security of pipeline facilities

Energy Technology Data Exchange (ETDEWEB)

Lee, S.C. [Alberta Energy and Utilities Board, Calgary, AB (Canada); Van Egmond, C.; Duquette, L. [National Energy Board, Calgary, AB (Canada); Revie, W. [Canada Centre for Mineral and Energy Technology, Ottawa, ON (Canada)

2005-07-01

This working group provided an update on provincial, federal and industry directions regarding the security of pipeline facilities. The decision to include security issues in the NEB Act was discussed as well as the Pipeline Security Management Assessment Project, which was created to establish a better understanding of existing security management programs as well as to assist the NEB in the development and implementation of security management regulations and initiatives. Amendments to the NEB were also discussed. Areas of pipeline security management assessment include physical safety management; cyber and information security management; and personnel security. Security management regulations were discussed, as well as implementation policies. Details of the Enbridge Liquids Pipelines Security Plan were examined. It was noted that the plan incorporates flexibility for operations and is integrated with Emergency Response and Crisis Management. Asset characterization and vulnerability assessments were discussed, as well as security and terrorist threats. It was noted that corporate security threat assessment and auditing are based on threat information from the United States intelligence community. It was concluded that the oil and gas industry is a leader in security in North America. The Trans Alaska Pipeline Incident was discussed as a reminder of how costly accidents can be. Issues of concern for the future included geographic and climate issues. It was concluded that limited resources are an ongoing concern, and that the regulatory environment is becoming increasingly prescriptive. Other concerns included the threat of not taking international terrorism seriously, and open media reporting of vulnerability of critical assets, including maps. tabs., figs.

The Implementation Leadership Scale (ILS): development of a brief measure of unit level implementation leadership.

Science.gov (United States)

Aarons, Gregory A; Ehrhart, Mark G; Farahnak, Lauren R

2014-04-14

In healthcare and allied healthcare settings, leadership that supports effective implementation of evidenced-based practices (EBPs) is a critical concern. However, there are no empirically validated measures to assess implementation leadership. This paper describes the development, factor structure, and initial reliability and convergent and discriminant validity of a very brief measure of implementation leadership: the Implementation Leadership Scale (ILS). Participants were 459 mental health clinicians working in 93 different outpatient mental health programs in Southern California, USA. Initial item development was supported as part of a two United States National Institutes of Health (NIH) studies focused on developing implementation leadership training and implementation measure development. Clinician work group/team-level data were randomly assigned to be utilized for an exploratory factor analysis (n = 229; k = 46 teams) or for a confirmatory factor analysis (n = 230; k = 47 teams). The confirmatory factor analysis controlled for the multilevel, nested data structure. Reliability and validity analyses were then conducted with the full sample. The exploratory factor analysis resulted in a 12-item scale with four subscales representing proactive leadership, knowledgeable leadership, supportive leadership, and perseverant leadership. Confirmatory factor analysis supported an a priori higher order factor structure with subscales contributing to a single higher order implementation leadership factor. The scale demonstrated excellent internal consistency reliability as well as convergent and discriminant validity. The ILS is a brief and efficient measure of unit level leadership for EBP implementation. The availability of the ILS will allow researchers to assess strategic leadership for implementation in order to advance understanding of leadership as a predictor of organizational context for implementation. The ILS also holds promise as a tool for

The implementation leadership scale (ILS): development of a brief measure of unit level implementation leadership

Science.gov (United States)

2014-01-01

Background In healthcare and allied healthcare settings, leadership that supports effective implementation of evidenced-based practices (EBPs) is a critical concern. However, there are no empirically validated measures to assess implementation leadership. This paper describes the development, factor structure, and initial reliability and convergent and discriminant validity of a very brief measure of implementation leadership: the Implementation Leadership Scale (ILS). Methods Participants were 459 mental health clinicians working in 93 different outpatient mental health programs in Southern California, USA. Initial item development was supported as part of a two United States National Institutes of Health (NIH) studies focused on developing implementation leadership training and implementation measure development. Clinician work group/team-level data were randomly assigned to be utilized for an exploratory factor analysis (n = 229; k = 46 teams) or for a confirmatory factor analysis (n = 230; k = 47 teams). The confirmatory factor analysis controlled for the multilevel, nested data structure. Reliability and validity analyses were then conducted with the full sample. Results The exploratory factor analysis resulted in a 12-item scale with four subscales representing proactive leadership, knowledgeable leadership, supportive leadership, and perseverant leadership. Confirmatory factor analysis supported an a priori higher order factor structure with subscales contributing to a single higher order implementation leadership factor. The scale demonstrated excellent internal consistency reliability as well as convergent and discriminant validity. Conclusions The ILS is a brief and efficient measure of unit level leadership for EBP implementation. The availability of the ILS will allow researchers to assess strategic leadership for implementation in order to advance understanding of leadership as a predictor of organizational context for implementation

78 FR 9769 - Bureau of International Security and Nonproliferation Imposition of Nonproliferation Measures on...

Science.gov (United States)

2013-02-11

... DEPARTMENT OF STATE [Public Notice 8182] Bureau of International Security and Nonproliferation Imposition of Nonproliferation Measures on Chinese and Iranian Foreign Persons AGENCY: Bureau of International Security and Nonproliferation, Department of State. ACTION: Notice. SUMMARY: The U.S. Government...

Security camera resolution measurements: Horizontal TV lines versus modulation transfer function measurements.

Energy Technology Data Exchange (ETDEWEB)

Birch, Gabriel Carisle [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Griffin, John Clark [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)

2015-01-01

The horizontal television lines (HTVL) metric has been the primary quantity used by division 6000 related to camera resolution for high consequence security systems. This document shows HTVL measurements are fundamen- tally insufficient as a metric to determine camera resolution, and propose a quantitative, standards based methodology by measuring the camera system modulation transfer function (MTF), the most common and accepted metric of res- olution in the optical science community. Because HTVL calculations are easily misinterpreted or poorly defined, we present several scenarios in which HTVL is frequently reported, and discuss their problems. The MTF metric is discussed, and scenarios are presented with calculations showing the application of such a metric.

EPICS: Channel Access security design

International Nuclear Information System (INIS)

Kraimer, M.; Hill, J.

1994-05-01

This document presents the design for implementing the requirements specified in: EPICS -- Channel Access Security -- functional requirements, Ned. D. Arnold, 03/09/92. Use of the access security system is described along with a summary of the functional requirements. The programmer's interface is given. Security protocol is described and finally aids for reading the access security code are provided

AES Cardless Automatic Teller Machine (ATM) Biometric Security System Design Using FPGA Implementation

Science.gov (United States)

Ahmad, Nabihah; Rifen, A. Aminurdin M.; Helmy Abd Wahab, Mohd

2016-11-01

Automated Teller Machine (ATM) is an electronic banking outlet that allows bank customers to complete a banking transactions without the aid of any bank official or teller. Several problems are associated with the use of ATM card such card cloning, card damaging, card expiring, cast skimming, cost of issuance and maintenance and accessing customer account by third parties. The aim of this project is to give a freedom to the user by changing the card to biometric security system to access the bank account using Advanced Encryption Standard (AES) algorithm. The project is implemented using Field Programmable Gate Array (FPGA) DE2-115 board with Cyclone IV device, fingerprint scanner, and Multi-Touch Liquid Crystal Display (LCD) Second Edition (MTL2) using Very High Speed Integrated Circuit Hardware (VHSIC) Description Language (VHDL). This project used 128-bits AES for recommend the device with the throughput around 19.016Gbps and utilized around 520 slices. This design offers a secure banking transaction with a low rea and high performance and very suited for restricted space environments for small amounts of RAM or ROM where either encryption or decryption is performed.

DATA WAREHOUSES SECURITY IMPLEMENTATION

Directory of Open Access Journals (Sweden)

Burtescu Emil

2009-05-01

Full Text Available Data warehouses were initially implemented and developed by the big firms and they were used for working out the managerial problems and for making decisions. Later on, because of the economic tendencies and of the technological progress, the data warehou

Secure computing, economy, and trust

DEFF Research Database (Denmark)

Bogetoft, Peter; Damgård, Ivan B.; Jakobsen, Thomas

In this paper we consider the problem of constructing secure auctions based on techniques from modern cryptography. We combine knowledge from economics, cryptography and security engineering and develop and implement secure auctions for practical real-world problems. In essence this paper is an o...

Implementing voice over Internet protocol in mobile ad hoc network – analysing its features regarding efficiency, reliability and security

Directory of Open Access Journals (Sweden)

Naveed Ahmed Sheikh

2014-05-01

Full Text Available Providing secure and efficient real-time voice communication in mobile ad hoc network (MANET environment is a challenging problem. Voice over Internet protocol (VoIP has originally been developed over the past two decades for infrastructure-based networks. There are strict timing constraints for acceptable quality VoIP services, in addition to registration and discovery issues in VoIP end-points. In MANETs, ad hoc nature of networks and multi-hop wireless environment with significant packet loss and delays present formidable challenges to the implementation. Providing a secure real-time VoIP service on MANET is the main design objective of this paper. The authors have successfully developed a prototype system that establishes reliable and efficient VoIP communication and provides an extremely flexible method for voice communication in MANETs. The authors’ cooperative mesh-based MANET implementation can be used for rapidly deployable VoIP communication with survivable and efficient dynamic networking using open source software.

Device independent quantum key distribution secure against coherent attacks with memoryless measurement devices

International Nuclear Information System (INIS)

McKague, Matthew

2009-01-01

Device independent quantum key distribution (QKD) aims to provide a higher degree of security than traditional QKD schemes by reducing the number of assumptions that need to be made about the physical devices used. The previous proof of security by Pironio et al (2009 New J. Phys. 11 045021) applies only to collective attacks where the state is identical and independent and the measurement devices operate identically for each trial in the protocol. We extend this result to a more general class of attacks where the state is arbitrary and the measurement devices have no memory. We accomplish this by a reduction of arbitrary adversary strategies to qubit strategies and a proof of security for qubit strategies based on the previous proof by Pironio et al and techniques adapted from Renner.

Study on Nuclear Facility Cyber Security Awareness and Training Programs

International Nuclear Information System (INIS)

Lee, Jung-Woon; Song, Jae-Gu; Lee, Cheol-Kwon

2016-01-01

Cyber security awareness and training, which is a part of operational security controls, is defined to be implemented later in the CSP implementation schedule. However, cyber security awareness and training is a prerequisite for the appropriate implementation of a cyber security program. When considering the current situation in which it is just started to define cyber security activities and to assign personnel who has responsibilities for performing those activities, a cyber security awareness program is necessary to enhance cyber security culture for the facility personnel to participate positively in cyber security activities. Also before the implementation of stepwise CSP, suitable education and training should be provided to both cyber security teams (CST) and facility personnel who should participate in the implementation. Since such importance and urgency of cyber security awareness and training is underestimated at present, the types, trainees, contents, and development strategies of cyber security awareness and training programs are studied to help Korean nuclear facilities to perform cyber security activities more effectively. Cyber security awareness and training programs should be developed ahead of the implementation of CSP. In this study, through the analysis of requirements in the regulatory standard RS-015, the types and trainees of overall cyber security training programs in nuclear facilities are identified. Contents suitable for a cyber security awareness program and a technical training program are derived. It is suggested to develop stepwise the program contents in accordance with the development of policies, guides, and procedures as parts of the facility cyber security program. Since any training programs are not available for the specialized cyber security training in nuclear facilities, a long-term development plan is necessary. As alternatives for the time being, several cyber security training courses for industrial control systems by

Study on Nuclear Facility Cyber Security Awareness and Training Programs

Energy Technology Data Exchange (ETDEWEB)

Lee, Jung-Woon; Song, Jae-Gu; Lee, Cheol-Kwon [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of)

2016-10-15

Cyber security awareness and training, which is a part of operational security controls, is defined to be implemented later in the CSP implementation schedule. However, cyber security awareness and training is a prerequisite for the appropriate implementation of a cyber security program. When considering the current situation in which it is just started to define cyber security activities and to assign personnel who has responsibilities for performing those activities, a cyber security awareness program is necessary to enhance cyber security culture for the facility personnel to participate positively in cyber security activities. Also before the implementation of stepwise CSP, suitable education and training should be provided to both cyber security teams (CST) and facility personnel who should participate in the implementation. Since such importance and urgency of cyber security awareness and training is underestimated at present, the types, trainees, contents, and development strategies of cyber security awareness and training programs are studied to help Korean nuclear facilities to perform cyber security activities more effectively. Cyber security awareness and training programs should be developed ahead of the implementation of CSP. In this study, through the analysis of requirements in the regulatory standard RS-015, the types and trainees of overall cyber security training programs in nuclear facilities are identified. Contents suitable for a cyber security awareness program and a technical training program are derived. It is suggested to develop stepwise the program contents in accordance with the development of policies, guides, and procedures as parts of the facility cyber security program. Since any training programs are not available for the specialized cyber security training in nuclear facilities, a long-term development plan is necessary. As alternatives for the time being, several cyber security training courses for industrial control systems by

Strengthening the Security of ESA Ground Data Systems

Science.gov (United States)

Flentge, Felix; Eggleston, James; Garcia Mateos, Marc

2013-08-01

A common approach to address information security has been implemented in ESA's Mission Operations (MOI) Infrastructure during the last years. This paper reports on the specific challenges to the Data Systems domain within the MOI and how security can be properly managed with an Information Security Management System (ISMS) according to ISO 27001. Results of an initial security risk assessment are reported and the different types of security controls that are being implemented in order to reduce the risks are briefly described.

ONTOLOGICAL MODEL OF STRATEGIC ECONOMIC SECURITY OF ENTERPRISE

Directory of Open Access Journals (Sweden)

L. A. Zaporozhtseva

2014-01-01

Full Text Available Article explains the necessity the application of the ontological approach to modeling the strategic economic security in the formalization of the basic categories of domain company recognized its benefits. Among the advantages of the model distinguishes its versatility and ability to describe various aspects of strategic security - the system strategies and goals of the organization and business processes; possibility of its use at different levels of detail - from the top-level description of the basic categories of management, to design-level analytic applications; as well as the adaptability of the model, with depth on particular aspects determined by practical necessity and not regulated methodology. The model integrates various aspects of the concept of enterprise architecture and organizes conceptual apparatus. Ontological model easy to understand and adjust as business architects and specialists in designing systems of economic security and offers many categories of verbal representation of the domain of the enterprise. Proved the feasibility of using process-functional approach in providing strategic economic security, according to which the components of such a security company proposed as business processes, finance, staff and contractors. The article presents the author's ontological model of strategic economic security, including endangered sites, the presence of factors that threaten the security of the object and the subject of providing security. Further, it is proved that in the subjects of security impact on the object using the tools, measures and activities within the strategy formed the mechanism is implemented managerial decisions to strengthen the strategic economic security. The process of diagnosis, detection, identification of threats of economic security, and the development of enterprise development strategies, taking into account its level of economic security must be under the constant supervision of the process of

Security in the transport of radioactive material - interim guidance for comment

International Nuclear Information System (INIS)

Legoux, P.; Wangler, M.

2004-01-01

While the IAEA has provided specific guidance for physical protection in the transport of nuclear material, its previous publications have only provided some general guidelines for security of non-nuclear radioactive material in transport. Some basic practical advice has been provided in the requirements of the International Basic Safety Standards for Protection against Ionising Radiation and for the Safety of Radiation Sources (BSS) [1]. These guidelines were primarily directed toward such issues as unintentional exposure to radiation, negligence and inadvertent loss. Recently, the IAEA published a document on the security of sources, which included some general guidance on providing security during transport of the sources. However, it is clear that more guidance is needed for security during the transport of radioactive material in addition to those already existing for nuclear material. Member States have requested guidance on the type and nature of security measures that might be put in place for radioactive material in general during its transport and on the methodology to be used in choosing and implementing such measures. The purpose of the TECDOC on Security in the Transport of Radioactive Material being developed by the IAEA is to provide an initial response to that request. This interim guidance is being developed with a view to harmonizing the security guidance - as much as possible - with existing guidance from the IAEA for the transport of radioactive sources and nuclear material. It is also intended to harmonize with model requirements developed in 2002-2003 by the United Nations Economic and Social Council's Committee of Experts on the Transport of Dangerous Goods and on the Globally Harmonised System of Classification and Labelling of Chemicals which was issued as general security guidelines for all dangerous goods, including radioactive material, and that will shortly be implemented as binding regulations by the international modal authorities

Security in the transport of radioactive material - interim guidance for comment

Energy Technology Data Exchange (ETDEWEB)

Legoux, P.; Wangler, M. [International Atomic Energy Agency, Vienna (Austria)

2004-07-01

While the IAEA has provided specific guidance for physical protection in the transport of nuclear material, its previous publications have only provided some general guidelines for security of non-nuclear radioactive material in transport. Some basic practical advice has been provided in the requirements of the International Basic Safety Standards for Protection against Ionising Radiation and for the Safety of Radiation Sources (BSS) [1]. These guidelines were primarily directed toward such issues as unintentional exposure to radiation, negligence and inadvertent loss. Recently, the IAEA published a document on the security of sources, which included some general guidance on providing security during transport of the sources. However, it is clear that more guidance is needed for security during the transport of radioactive material in addition to those already existing for nuclear material. Member States have requested guidance on the type and nature of security measures that might be put in place for radioactive material in general during its transport and on the methodology to be used in choosing and implementing such measures. The purpose of the TECDOC on Security in the Transport of Radioactive Material being developed by the IAEA is to provide an initial response to that request. This interim guidance is being developed with a view to harmonizing the security guidance - as much as possible - with existing guidance from the IAEA for the transport of radioactive sources and nuclear material. It is also intended to harmonize with model requirements developed in 2002-2003 by the United Nations Economic and Social Council's Committee of Experts on the Transport of Dangerous Goods and on the Globally Harmonised System of Classification and Labelling of Chemicals which was issued as general security guidelines for all dangerous goods, including radioactive material, and that will shortly be implemented as binding regulations by the international modal

Transforming Security Screening With Biometrics

National Research Council Canada - National Science Library

Hearnsberger, Brian J

2003-01-01

... and identity theft to dramatically improve physical security. Today, biometric technology could be implemented to transform physical security by enhancing screening procedures currently in use at U.S...

Influence of Signal Stationarity on Digital Stochastic Measurement Implementation

Directory of Open Access Journals (Sweden)

Ivan Župunski

2013-06-01

Full Text Available The paper presents the influence of signal stationarity on digital stochastic measurement method implementation. The implementation method is based on stochastic voltage generators, analog adders, low resolution A/D converter, and multipliers and accumulators implemented by Field-Programmable Gate Array (FPGA. The characteristic of first implementations of digital stochastic measurement was the measurement of stationary signal harmonics over the constant measurement period. Later, digital stochastic measurement was extended and used also when it was necessary to measure timeseries of non-stationary signal over the variable measurement time. The result of measurement is the set of harmonics, which is, in the case of non-stationary signals, the input for calculating digital values of signal in time domain. A theoretical approach to determine measurement uncertainty is presented and the accuracy trends with varying signal-to-noise ratio (SNR are analyzed. Noisy brain potentials (spontaneous and nonspontaneous are selected as an example of real non-stationary signal and its digital stochastic measurement is tested by simulations and experiments. Tests were performed without noise and with adding noise with SNR values of 10dB, 0dB and - 10dB. The results of simulations and experiments are compared versus theory calculations, and comparasion confirms the theory.

Web security a whitehat perspective

CERN Document Server

Wu, Hanqing

2015-01-01

MY VIEW OF THE SECURITY WORLDView of the IT Security WorldBrief History of Web SecurityBrief History of Chinese HackersDevelopment Process of Hacking TechniquesRise of Web SecurityBlack Hat, White HatBack to Nature: The Essence of Secret SecuritySuperstition: There Is No Silver BulletSecurity Is an Ongoing ProcessSecurity ElementsHow to Implement Safety AssessmentAsset ClassificationThreat AnalysisRisk AnalysisDesign of Security ProgramsArt of War of White HatPrinciples of Secure by DefaultBlacklist, WhitelistPrinciple of Least PrivilegePrinciple of Defense in DepthPrinciples of Data and Code

Developing a secured social networking site using information security awareness techniques

Directory of Open Access Journals (Sweden)

Julius O. Okesola

2014-11-01

Full Text Available Background: Ever since social network sites (SNS became a global phenomenon in almost every industry, security has become a major concern to many SNS stakeholders. Several security techniques have been invented towards addressing SNS security, but information security awareness (ISA remains a critical point. Whilst very few users have used social circles and applications because of a lack of users’ awareness, the majority have found it difficult to determine the basis of categorising friends in a meaningful way for privacy and security policies settings. This has confirmed that technical control is just part of the security solutions and not necessarily a total solution. Changing human behaviour on SNSs is essential; hence the need for a privately enhanced ISA SNS. Objective: This article presented sOcialistOnline – a newly developed SNS, duly secured and platform independent with various ISA techniques fully implemented. Method: Following a detailed literature review of the related works, the SNS was developed on the basis of Object Oriented Programming (OOP approach, using PhP as the coding language with the MySQL database engine at the back end. Result: This study addressed the SNS requirements of privacy, security and services, and attributed them as the basis of architectural design for sOcialistOnline. SNS users are more aware of potential risk and the possible consequences of unsecured behaviours. Conclusion: ISA is focussed on the users who are often the greatest security risk on SNSs, regardless of technical securities implemented. Therefore SNSs are required to incorporate effective ISA into their platform and ensure users are motivated to embrace it.

Measuring Security Effectiveness and Efficiency at U.S. Commercial Airports

Science.gov (United States)

2013-03-01

general management, public administration, and performance measurement principles. The main objective is to discover patterns or trends in the writings ...security programs. Some of the writing is critical of administrative policy before and after 9/11, and takes exception to an apparent lack of unity...measurement tools. The diverse group should not be turned loose to freelance ; but should be held accountable with formal direction, based on stakeholder

Computer Security at Nuclear Facilities. Reference Manual (Arabic Edition)

International Nuclear Information System (INIS)

2011-01-01

The possibility that nuclear or other radioactive material could be used for malicious purposes cannot be ruled out in the current global situation. States have responded to this risk by engaging in a collective commitment to strengthen the protection and control of such material and to respond effectively to nuclear security events. States have agreed to strengthen existing instruments and have established new international legal instruments to enhance nuclear security worldwide. Nuclear security is fundamental in the management of nuclear technologies and in applications where nuclear or other radioactive material is used or transported. Through its Nuclear Security Programme, the IAEA supports States to establish, maintain and sustain an effective nuclear security regime. The IAEA has adopted a comprehensive approach to nuclear security. This recognizes that an effective national nuclear security regime builds on: the implementation of relevant international legal instruments; information protection; physical protection; material accounting and control; detection of and response to trafficking in such material; national response plans; and contingency measures. With its Nuclear Security Series, the IAEA aims to assist States in implementing and sustaining such a regime in a coherent and integrated manner. The IAEA Nuclear Security Series comprises Nuclear Security Fundamentals, which include objectives and essential elements of a State's nuclear security regime; Recommendations; Implementing Guides; and Technical Guidance. Each State carries the full responsibility for nuclear security, specifically: to provide for the security of nuclear and other radioactive material and associated facilities and activities; to ensure the security of such material in use, storage or in transport; to combat illicit trafficking and the inadvertent movement of such material; and to be prepared to respond to a nuclear security event. This publication is in the Technical Guidance

Computer Security at Nuclear Facilities. Reference Manual (Russian Edition)

International Nuclear Information System (INIS)

2012-01-01

The possibility that nuclear or other radioactive material could be used for malicious purposes cannot be ruled out in the current global situation. States have responded to this risk by engaging in a collective commitment to strengthen the protection and control of such material and to respond effectively to nuclear security events. States have agreed to strengthen existing instruments and have established new international legal instruments to enhance nuclear security worldwide. Nuclear security is fundamental in the management of nuclear technologies and in applications where nuclear or other radioactive material is used or transported. Through its Nuclear Security Programme, the IAEA supports States to establish, maintain and sustain an effective nuclear security regime. The IAEA has adopted a comprehensive approach to nuclear security. This recognizes that an effective national nuclear security regime builds on: the implementation of relevant international legal instruments; information protection; physical protection; material accounting and control; detection of and response to trafficking in such material; national response plans; and contingency measures. With its Nuclear Security Series, the IAEA aims to assist States in implementing and sustaining such a regime in a coherent and integrated manner. The IAEA Nuclear Security Series comprises Nuclear Security Fundamentals, which include objectives and essential elements of a State's nuclear security regime; Recommendations; Implementing Guides; and Technical Guidance. Each State carries the full responsibility for nuclear security, specifically: to provide for the security of nuclear and other radioactive material and associated facilities and activities; to ensure the security of such material in use, storage or in transport; to combat illicit trafficking and the inadvertent movement of such material; and to be prepared to respond to a nuclear security event. This publication is in the Technical Guidance

Computer Security at Nuclear Facilities. Reference Manual (Chinese Edition)

International Nuclear Information System (INIS)

2012-01-01

The possibility that nuclear or other radioactive material could be used for malicious purposes cannot be ruled out in the current global situation. States have responded to this risk by engaging in a collective commitment to strengthen the protection and control of such material and to respond effectively to nuclear security events. States have agreed to strengthen existing instruments and have established new international legal instruments to enhance nuclear security worldwide. Nuclear security is fundamental in the management of nuclear technologies and in applications where nuclear or other radioactive material is used or transported. Through its Nuclear Security Programme, the IAEA supports States to establish, maintain and sustain an effective nuclear security regime. The IAEA has adopted a comprehensive approach to nuclear security. This recognizes that an effective national nuclear security regime builds on: the implementation of relevant international legal instruments; information protection; physical protection; material accounting and control; detection of and response to trafficking in such material; national response plans; and contingency measures. With its Nuclear Security Series, the IAEA aims to assist States in implementing and sustaining such a regime in a coherent and integrated manner. The IAEA Nuclear Security Series comprises Nuclear Security Fundamentals, which include objectives and essential elements of a State's nuclear security regime; Recommendations; Implementing Guides; and Technical Guidance. Each State carries the full responsibility for nuclear security, specifically: to provide for the security of nuclear and other radioactive material and associated facilities and activities; to ensure the security of such material in use, storage or in transport; to combat illicit trafficking and the inadvertent movement of such material; and to be prepared to respond to a nuclear security event. This publication is in the Technical Guidance

Modeling, simulation and analysis of a securities settlement system:The case of Central Securities Depository of Mexico

OpenAIRE

Muñoz, David F; Palacios, Arturo; Lascurain, Miguel

2012-01-01

The Instituto para el Depósito de Valores (INDEVAL) is the Central Securities Depository of Mexico. It is the only Mexican institution authorized to perform, in an integrated manner, the activities of safe-keeping, custody, management, clearing, settlement and transfer of securities. In this article, we report the modeling, simulation and analysis of a new Securities Settlement System (SSS) implemented by INDEVAL, as part of a project for the implementation of a safer and more efficient opera...

Modeling, simulation and analysis of a securities settlement system: the case of Central Securities Depository of Mexico

OpenAIRE

Muñoz, David F.; Palacios, Arturo; de Lascurain, Miguel

2012-01-01

The Instituto para el Depósito de Valores (INDEVAL) is the Central Securities Depository of Mexico. It is the only Mexican institution authorized to perform, in an integrated manner, the activities of safe-keeping, custody, management, clearing, settlement and transfer of securities. In this article, we report the modeling, simulation and analysis of a new Securities Settlement System (SSS) implemented by INDEVAL, as part of a project for the implementation of a safer and more efficient opera...

14 CFR 129.28 - Flightdeck security.

Science.gov (United States)

2010-01-01

... 14 Aeronautics and Space 3 2010-01-01 2010-01-01 false Flightdeck security. 129.28 Section 129.28... Flightdeck security. (a) After August 20, 2002, except for a newly manufactured airplane on a non-revenue...; or the operator must implement a security program approved by the Transportation Security...

Electronic healthcare information security

CERN Document Server

Dube, Kudakwashe; Shoniregun, Charles A

2010-01-01

The ever-increasing healthcare expenditure and pressing demand for improved quality and efficiency of patient care services are driving innovation in healthcare information management. The domain of healthcare has become a challenging testing ground for information security due to the complex nature of healthcare information and individual privacy. ""Electronic Healthcare Information Security"" explores the challenges of e-healthcare information and security policy technologies. It evaluates the effectiveness of security and privacy implementation systems for anonymization methods and techniqu

Wolf Attack Probability: A Theoretical Security Measure in Biometric Authentication Systems

Science.gov (United States)

Une, Masashi; Otsuka, Akira; Imai, Hideki

This paper will propose a wolf attack probability (WAP) as a new measure for evaluating security of biometric authentication systems. The wolf attack is an attempt to impersonate a victim by feeding “wolves” into the system to be attacked. The “wolf” means an input value which can be falsely accepted as a match with multiple templates. WAP is defined as a maximum success probability of the wolf attack with one wolf sample. In this paper, we give a rigorous definition of the new security measure which gives strength estimation of an individual biometric authentication system against impersonation attacks. We show that if one reestimates using our WAP measure, a typical fingerprint algorithm turns out to be much weaker than theoretically estimated by Ratha et al. Moreover, we apply the wolf attack to a finger-vein-pattern based algorithm. Surprisingly, we show that there exists an extremely strong wolf which falsely matches all templates for any threshold value.

Security measurements and radiological protection in the source panoramic irradiators and storage in pool

International Nuclear Information System (INIS)

Del Valle O, C.

1996-01-01

The aim of this paper is to investigate and to study the safety and protecting measurements that must be taken into account in the design and the use of panoramic source irradiators with wet storage or pool, concerning to category IV. The generic characteristics in plants of kind, as well as their description, are mentioned in this paper. The devices, that comply the security and control systems based on their redundancy, diversity and independence, are examined. Likewise, it describes the design requirements of the overcast, of the irradiators, of the source frame, of the transporting system of product, of the procedure access, of the security system of the irradiator shelf control, of the irradiation room, of the irradiation storage pool, of the ventilation system, for the protection in case of fire of fire, for electric energy failures, for the warning symbols and signs. It contains scope about the organization and responsibilities that must be taken into account in plants of this type. A detailed plan has been made for its operation and maintenance, enclosing instructions and registers for this reason. The statement of emergency events and their respective answers, the analysis of cases and reasons that causes accidents and its implementation and regular inspection procedures for the improvement of the plant are also studied. (author). 2 refs

[Are the flight security measures good for the patients? The "sickurity" problem].

Science.gov (United States)

Felkai, Péter

2010-10-10

Due to the stiffening requirements of security measures at the airports, prevention of air-travel related illnesses have become more difficult. The backlash effects of restrictions (e.g. fluid and movement restrictions) can trigger or even improve pathophysiological processes. The most advanced security check methods, the full body scan, besides ethical and moral considerations, may induce yet unknown pathological processes. We face the similar problem with the traveller, who becomes ill or injured during the trip. In this case, repatriation is often required, which is usually accomplished by commercial airlines. If patient should be transported by stretcher, it is also available on regular flight, but in this case he/she must be accompanied by a medical professional. This solution raises much more security problem: not only the sick person and the medical team, but even their medical equipments and medicines have to be checked. Due to the lack of standardised regulations the security staff solves the problem by various attempts from emphatic approach till refusal. For these reasons, a clear and exact regulation is needed, which must be based upon medical experts' opinion, and should deal not only with the flight security but with the patient's security, as well. This regulation can cease the patients and their medical accompanied persons' to be defencelessness against local authorities and security services. The same is true for handicapped persons. Author suggests solutions for the problem, balancing between flight security and the patient's "sickurity".

Implementing spatial segregation measures in R.

Directory of Open Access Journals (Sweden)

Seong-Yun Hong

Full Text Available Reliable and accurate estimation of residential segregation between population groups is important for understanding the extent of social cohesion and integration in our society. Although there have been considerable methodological advances in the measurement of segregation over the last several decades, the recently developed measures have not been widely used in the literature, in part due to their complex calculation. To address this problem, we have implemented several newly proposed segregation indices in R, an open source software environment for statistical computing and graphics, as a package called seg. Although there are already a few standalone applications and add-on packages that provide access to similar methods, our implementation has a number of advantages over the existing tools. First, our implementation is flexible in the sense that it provides detailed control over the calculation process with a wide range of input parameters. Most of the parameters have carefully chosen defaults, which perform acceptably in many situations, so less experienced users can also use the implemented functions without too much difficulty. Second, there is no need to export results to other software programs for further analysis. We provide coercion methods that enable the transformation of our output classes into general R classes, so the user can use thousands of standard and modern statistical techniques, which are already available in R, for the post-processing of the results. Third, our implementation does not require commercial software to operate, so it is accessible to a wider group of people.

Report: Information Security Series: Security Practices Comprehensive Environmental Response, Compensation, and Liability Information System

Science.gov (United States)

Report #2006-P-00019, March 28, 2006. OSWER’s implemented practices to ensure production servers were being monitored for known vulnerabilities and personnel with significant security responsibility completed the Agency’s recommended security training.

Food Security Strategy Based on Computer Innovation

OpenAIRE

Ruihui Mu

2015-01-01

Case analysis to identify innovative strategies for food security occurred in the Oriental Hotel, voluntarily implement food safety control. Food security strategy investigation and the reasons for their use of multiple data sources, including accommodation and catering industry to implement and document interviews with key decision makers in the hotel performed to observe the business environment were examined. This finding suggests that addressing food security, not only is the food control...

Maritime security : progress made in implementing Maritime Transportation Security Act, but concerns remain : statement of Margaret Wrightson, Director, Homeland Security and Justice Issues

Science.gov (United States)

2003-09-09

After the events of September 11, 2001, concerns were raised over the security of U.S. ports and waterways. In response to the concerns over port security, Congress passed the Maritime Transportation Security Act in November 2002. The act created a b...

Data Security

OpenAIRE

Lopez, Diego

2013-01-01

Training specialists in the field of data security and security administrators for the information systems represents a significant priority demanded by both governmental environments and the central and local administrations, as well as by the private sector - companies, banks. They are responsible for implementing information services and systems, but they are also their beneficiaries, with applicability in fields such as: e government, e-administration, e-banking, e-commerce, e-payment, wh...

HARDWARE IMPLEMENTATION OF SECURE AODV FOR WIRELESS SENSOR NETWORKS

Directory of Open Access Journals (Sweden)

S. Sharmila

2010-12-01

Full Text Available Wireless Sensor Networks are extremely vulnerable to any kind of routing attacks due to several factors such as wireless transmission and resource-constrained nodes. In this respect, securing the packets is of great importance when designing the infrastructure and protocols of sensor networks. This paper describes the hardware architecture of secure routing for wireless sensor networks. The routing path is selected using Ad-hoc on demand distance vector routing protocol (AODV. The data packets are converted into digest using hash functions. The functionality of the proposed method is modeled using Verilog HDL in MODELSIM simulator and the performance is compared with various target devices. The results show that the data packets are secured and defend against the routing attacks with minimum energy consumption.

DNS security management

CERN Document Server

Dooley, Michael

2017-01-01

An advanced Domain Name System (DNS) security resource that explores the operation of DNS, its vulnerabilities, basic security approaches, and mitigation strategies DNS Security Management offers an overall role-based security approach and discusses the various threats to the Domain Name Systems (DNS). This vital resource is filled with proven strategies for detecting and mitigating these all too frequent threats. The authors—noted experts on the topic—offer an introduction to the role of DNS and explore the operation of DNS. They cover a myriad of DNS vulnerabilities and include preventative strategies that can be implemented. Comprehensive in scope, the text shows how to secure DNS resolution with the Domain Name System Security Extensions (DNSSEC), DNS firewall, server controls, and much more. In addition, the text includes discussions on security applications facilitated by DNS, such as anti-spam, SFP, and DANE.

Considerations on the selection and prioritization of information security solutions

Directory of Open Access Journals (Sweden)

Maria Cristina RĂDULESCU

2016-05-01

Full Text Available This paper provides a set of guidelines that can be used for prescribing a methodology or a detailed process for selecting and prioritizing security projects or solutions. It is based on the idea that costs of security solutions should be justified by their contribution to ensuring adequate protection of information resources in the organization which implements them. The article reviews general issues of security risks and costs, arguing the need for explicit consideration of information resources security requirements in order to validate decisions concerning security projects implementation. In such an approach, security requirements of information resources are used as a reference system to quantify the benefits and limitations of security solutions defined as alternative or complementary responses to certain security risks as their implementation faces budget constraints.

Survey Analysis on Nuclear Security Culture Recognition of Nuclear Facility in 2014

International Nuclear Information System (INIS)

Hong, Yunjeong; Lee, Jeongho; Kim, Jaekwang

2015-01-01

All organizations involved in implementing physical protection should give due priority to the security culture, to its development and maintenance necessary to ensure its effective implementation in the entire organization. In this context, Korea Institute of Non-proliferation and Control(KINAC) confirms recognition about protection of people who work in nuclear field and developed questionnaire for utilizing fundamental data for nuclear security culture enhancement activity and conducted a survey. As a result, systematic education needs to employees. Choosing differentiated topic is required to consider employees because recognition level of age, position and division is different. And a variety of education technology as obligatory education such as filling the course time or the one-off thing has limitation. And taking complementary measures needs since there were many opinions that employees feel difficult to understand papers such as regulation and guidelines and so on related security. Finally, we hope to make fundament available to evaluate nuclear security culture recognition level based on the existing questionnaire would be changed to realistic and enhancement in recognition survey for future nuclear security culture

Survey Analysis on Nuclear Security Culture Recognition of Nuclear Facility in 2014

Energy Technology Data Exchange (ETDEWEB)

Hong, Yunjeong; Lee, Jeongho; Kim, Jaekwang [Korea Institute of Nonproliferation and Control International Nuclear Security Academy, Daejeon (Korea, Republic of)

2015-05-15

All organizations involved in implementing physical protection should give due priority to the security culture, to its development and maintenance necessary to ensure its effective implementation in the entire organization. In this context, Korea Institute of Non-proliferation and Control(KINAC) confirms recognition about protection of people who work in nuclear field and developed questionnaire for utilizing fundamental data for nuclear security culture enhancement activity and conducted a survey. As a result, systematic education needs to employees. Choosing differentiated topic is required to consider employees because recognition level of age, position and division is different. And a variety of education technology as obligatory education such as filling the course time or the one-off thing has limitation. And taking complementary measures needs since there were many opinions that employees feel difficult to understand papers such as regulation and guidelines and so on related security. Finally, we hope to make fundament available to evaluate nuclear security culture recognition level based on the existing questionnaire would be changed to realistic and enhancement in recognition survey for future nuclear security culture.

Information Security and People: A Conundrum for Compliance

Directory of Open Access Journals (Sweden)

Hiep Cong Pham

2017-01-01

Full Text Available This evaluation of end-users and IT experts/managers’ attitudes towards performing IT security tasks indicates important differences between their perspectives on what is and is not necessary to establish a secure corporate IT environment. Through a series of case studies, this research illustrates that making it easier for end-users to comply does not necessarily equate to enhanced implementation of security measures. End-users want to be autonomous, competent, self-motivated and active participants in the development of secure environments. However, managers and experts want to limit autonomy to ensure that procedures are followed closely, rather than permitting flexibility. This results in the creation of environments that are intrinsically de-motivating rather than motivating end-users to become self-determined and self-regulating co-creators of a secure IT environment. The paper also discusses alternative approaches to developing a human system that works for end-users and experts.

How Secure Is Your Radiology Department? Mapping Digital Radiology Adoption and Security Worldwide.

Science.gov (United States)

Stites, Mark; Pianykh, Oleg S

2016-04-01

Despite the long history of digital radiology, one of its most critical aspects--information security--still remains extremely underdeveloped and poorly standardized. To study the current state of radiology security, we explored the worldwide security of medical image archives. Using the DICOM data-transmitting standard, we implemented a highly parallel application to scan the entire World Wide Web of networked computers and devices, locating open and unprotected radiology servers. We used only legal and radiology-compliant tools. Our security-probing application initiated a standard DICOM handshake to remote computer or device addresses, and then assessed their security posture on the basis of handshake replies. The scan discovered a total of 2774 unprotected radiology or DICOM servers worldwide. Of those, 719 were fully open to patient data communications. Geolocation was used to analyze and rank our findings according to country utilization. As a result, we built maps and world ranking of clinical security, suggesting that even the most radiology-advanced countries have hospitals with serious security gaps. Despite more than two decades of active development and implementation, our radiology data still remains insecure. The results provided should be applied to raise awareness and begin an earnest dialogue toward elimination of the problem. The application we designed and the novel scanning approach we developed can be used to identify security breaches and to eliminate them before they are compromised.

Security of radioactive sources. Interim guidance for comment

International Nuclear Information System (INIS)

2003-06-01

In previous IAEA publications, there have been only rather general security requirements for non-nuclear radioactive material. These requirements were primarily directed to such issues as unintentional exposure to radiation, negligence and inadvertent loss. However, it is clear that more guidance is needed to not only try and prevent further events involving orphan sources, but also to prevent the deliberate attempt to acquire radioactive sources for malevolent purposes. Member States have requested guidance on the type and nature of security measures that might be put in place and on the methodology to be used in choosing such measures. These requests were also endorsed in the findings of the international conference on 'Security of Radioactive Sources' held in March 2003. Practical advice on assessing and implementing security measures complements the general commitments in the proposed Revised Code of Conduct on Safety and Security of radioactive Sources. A Safety Guide entitled 'Safety and Security of Radiation Sources' that, amongst other things, discusses these issues is being drafted. However, it is recognized that guidance material is required before this document will be finalized in order to allow Member States opportunity to put in place appropriate actions and planning to address current issues. Hence the purpose of the current document is to provide advice on security approaches and to allow comment on detailed recommendations for levels of security on radioactive sources that may be incorporated within the Safety Guide. This report is primarily addressed to Regulatory Authorities but it is also intended to provide guidance to manufacturers, suppliers and users of sources. Its objective is to assist Member States in deciding which security measures are needed to ensure consistency with the International Basic Safety Standards and the Revised Code of Conduct for the Safety and Security of Radioactive Sources. It is recognized that there must be a

Measuring Library Vendor Cyber Security: Seven Easy Questions Every Librarian Can Ask

Directory of Open Access Journals (Sweden)

Alex Caro

2016-04-01

Full Text Available This article is based on an independent cyber security risk management audit for a public library system completed by the authors in early 2015 and based on a research paper by the same group at Clark University in 2014. We stress that while cyber security must include raising public knowledge in regard to cyber security issues and resources, and libraries are indeed the perfect place to disseminate this knowledge, librarians are also in a unique position as the gatekeepers of information services provided to the public and should conduct internal audits to ensure our content partners and IT vendors take cyber security as seriously as the library and its staff. One way to do this is through periodic reviews of existing vendor relationships. To this end, the authors created a simple grading rubric you can adopt or modify to help take this first step towards securing your library data. It is intended to be used by both technical and non-technical staff as a simple measurement of what vendor agreements currently exist and how they rank, while at the same time providing a roadmap for which security features or policy statements the library can or should require moving forward.

7 CFR 331.11 - Security.

Science.gov (United States)

2010-01-01

... 7 Agriculture 5 2010-01-01 2010-01-01 false Security. 331.11 Section 331.11 Agriculture..., DEPARTMENT OF AGRICULTURE POSSESSION, USE, AND TRANSFER OF SELECT AGENTS AND TOXINS § 331.11 Security. (a) An individual or entity required to register under this part must develop and implement a written security plan...

[Child protection network and the intersector implementation of the circle of security as alternatives to medication].

Science.gov (United States)

Becker, Ana Laura Martins M M; de Souza, Paulo Haddad; de Oliveira, Mônica Martins; Paraguay, Nestor Luiz Bruzzi B

2014-09-01

To describe the clinical history of a child with aggressive behavior and recurring death-theme speech, and report the experience of the team of authors, who proposed an alternative to medication through the establishment of a protection network and the inter-sector implementation of the circle of security concept. A 5-year-old child has a violent and aggressive behavior at the day-care. The child was diagnosed by the healthcare center with depressive disorder and behavioral disorder, and was medicated with sertraline and risperidone. Side effects were observed, and the medications were discontinued. Despite several actions, such as talks, teamwork, psychological and psychiatric follow-up, the child's behavior remained unchanged. A unique therapeutic project was developed by Universidade Estadual de Campinas' Medical School students in order to establish a connection between the entities responsible for the child's care (daycare center, healthcare center, and family). Thus, the team was able to develop a basic care protection network. The implementation of the inter-sector circle of security, as well as the communication and cooperation among the teams, produced very favorable results in this case. This initiative was shown to be a feasible and effective alternative to the use of medication for this child. Copyright © 2014 Sociedade de Pediatria de São Paulo. Publicado por Elsevier Editora Ltda. All rights reserved.

An implementation of super-encryption using RC4A and MDTM cipher algorithms for securing PDF Files on android

Science.gov (United States)

Budiman, M. A.; Rachmawati, D.; Parlindungan, M. R.

2018-03-01

MDTM is a classical symmetric cryptographic algorithm. As with other classical algorithms, the MDTM Cipher algorithm is easy to implement but it is less secure compared to modern symmetric algorithms. In order to make it more secure, a stream cipher RC4A is added and thus the cryptosystem becomes super encryption. In this process, plaintexts derived from PDFs are firstly encrypted with the MDTM Cipher algorithm and are encrypted once more with the RC4A algorithm. The test results show that the value of complexity is Θ(n2) and the running time is linearly directly proportional to the length of plaintext characters and the keys entered.

Security of quantum cryptography with realistic sources

International Nuclear Information System (INIS)

Lutkenhaus, N.

1999-01-01

The interest in practical implementations of quantum key distribution is steadily growing. However, there is still a need to give a precise security statement which adapts to realistic implementation. In this paper I give the effective key rate we can obtain in a practical setting within scenario of security against individual attacks by an eavesdropper. It illustrates previous results that high losses together with detector dark counts can make secure quantum key distribution impossible. (Author)

Security of quantum cryptography with realistic sources

Energy Technology Data Exchange (ETDEWEB)

Lutkenhaus, N [Helsinki Institute of Physics, P.O. Box 9, 00014 Helsingin yliopisto (Finland)

1999-08-01

The interest in practical implementations of quantum key distribution is steadily growing. However, there is still a need to give a precise security statement which adapts to realistic implementation. In this paper I give the effective key rate we can obtain in a practical setting within scenario of security against individual attacks by an eavesdropper. It illustrates previous results that high losses together with detector dark counts can make secure quantum key distribution impossible. (Author)

ALARA issues arising for safety and security of radiation sources and security screening devices - Summary and recommendations of the 12. European ALARA network workshop

International Nuclear Information System (INIS)

Shaw, P.; Crouail, P.; Drouet, F.

2010-01-01

The 12. European ALARA Network (EAN) workshop on 'ALARA issues arising for safety and security of radiation sources and security screening devices' took place in Vienna (Austria) in October 2009. The aim of that workshop was to consider how the implementation of ALARA3, in terms of planned and emergency situations, involving worker and public doses, is affected by the introduction of security-related measures. In the case of new equipment and procedures, there was also the question of whether exposures arising from security screening devices can be justified and optimised. This workshop consisted of invited oral presentations, which highlighted the main issues, and half of the programme was devoted to discussions within working groups on specific topics. During their discussions, the working groups identified recommendations dealing with the following topics: the implementation of the Code of Conduct and HASS4 - ensuring ALARA; balancing security and safety - how to achieve an optimum solution; the management of an emergency exposure situation from an ALARA perspective; the justification and optimisation of the use of security devices. The objective of this paper is to present the main conclusions and recommendations produced during the workshop. Individual presentations (papers and slides) as well as the reports from the working groups are available to download on the EAN web site (http://www.eu-alara.net). (authors)

The IAEA Assistance Training Programme for Transport Security

Energy Technology Data Exchange (ETDEWEB)

Eriksson, Ann-Margret [International Atomic Energy Agency (IAEA); Rawl, Richard R [ORNL; Hawk, Mark B [ORNL; Anderson, Kimberly K [ORNL

2010-01-01

The IAEA Office of Nuclear Security is working cooperatively with the U.S. Department of Energy's Global Threat Reduction Initiative, European Union and Australia to provide transport security assistance to countries throughout the world. Assistance is available to countries in reviewing and upgrading their transport security programs at all levels: (1) National level (regulatory and other government agencies); and (2) Operator level (shippers and carriers). Assistance is directed at implementing a consistent level of security throughout the life cycle of radioactive material (same level of security during transport as when in a fixed facility) Upgrade assistance can include: (1) Expert advisory missions to provide advice and guidance; (2) Training courses for regulatory, governmental and industry personnel; (3) Transport security awareness; (4) Detailed training on designing and implementing transport security programs; (5) Planning to identify and prioritize needs (developing security approaches and plans); (6) Developing model security plans and procedures; and (7) Equipment (vehicles, packages, command and control equipment, etc.). Country visits are now being scheduled to initiate transport security cooperative activities. A training course has been developed to assist countries in developing and implementing transport security programs. The training course has been given as a national training course (three times) and as a Regional training course (three times). The course addresses recommended security provisions for the transport of all radioactive material.

The International Legal Framework for Nuclear Security

International Nuclear Information System (INIS)

2011-01-01

The term 'nuclear security' is generally accepted to mean 'the prevention and detection of, and response to, theft, sabotage, unauthorized access, illegal transfer or other malicious acts involving nuclear material, other radioactive substances or their associated facilities.' While the ultimate responsibility for nuclear security within a State rests entirely with that State, the need for regional and international cooperation has become increasingly evident with the growing recognition that the ability to prevent, detect and respond to the threats to nuclear security within one State is affected by the adequacy and effectiveness of nuclear security measures taken by other States, particularly when nuclear material is transported across national frontiers. Since the early 1970s, the IAEA has been called upon to play an ever increasing role in assisting States, upon request, to strengthen their national legal infrastructures and physical protection systems, as well as to facilitate regional and international efforts to enhance nuclear security, including measures to protect against nuclear terrorism. This publication brings together the legally binding primary international instruments and the internationally accepted non-binding instruments that constitute the international legal framework for nuclear security. It does not discuss the safety and safeguards related instruments, which also form a part of the broader legal framework for nuclear security. By setting out the legislative bases for the mandate of the IAEA in the area of nuclear security, it is hoped that this publication will increase awareness of the IAEA's role in facilitating national, regional and international efforts to enhance nuclear security , including measures to protect against nuclear terrorism. It is also intended to serve as a guide in carrying out the IAEA's nuclear security mandate and functions assigned to it under these instruments, including in the elaboration of nuclear security

Computer Network Security- The Challenges of Securing a Computer Network

Science.gov (United States)

Scotti, Vincent, Jr.

2011-01-01

This article is intended to give the reader an overall perspective on what it takes to design, implement, enforce and secure a computer network in the federal and corporate world to insure the confidentiality, integrity and availability of information. While we will be giving you an overview of network design and security, this article will concentrate on the technology and human factors of securing a network and the challenges faced by those doing so. It will cover the large number of policies and the limits of technology and physical efforts to enforce such policies.

Implementing SSL/TLS using cryptography and PKI

CERN Document Server

Davies, Joshua

2011-01-01

Hands-on, practical guide to implementing SSL and TLS protocols for Internet security If you are a network professional who knows C programming, this practical book is for you.  Focused on how to implement Secure Socket Layer (SSL) and Transport Layer Security (TLS), this book guides you through all necessary steps, whether or not you have a working knowledge of cryptography. The book covers SSLv2, TLS 1.0, and TLS 1.2, including implementations of the relevant cryptographic protocols, secure hashing, certificate parsing, certificate generation, and more.  Coverage includes: Underst

Security of practical quantum key distribution systems

Energy Technology Data Exchange (ETDEWEB)

Jain, Nitin

2015-02-24

This thesis deals with practical security aspects of quantum key distribution (QKD) systems. At the heart of the theoretical model of any QKD system lies a quantum-mechanical security proof that guarantees perfect secrecy of messages - based on certain assumptions. However, in practice, deviations between the theoretical model and the physical implementation could be exploited by an attacker to break the security of the system. These deviations may arise from technical limitations and operational imperfections in the physical implementation and/or unrealistic assumptions and insufficient constraints in the theoretical model. In this thesis, we experimentally investigate in depth several such deviations. We demonstrate the resultant vulnerabilities via proof-of-principle attacks on a commercial QKD system from ID Quantique. We also propose countermeasures against the investigated loopholes to secure both existing and future QKD implementations.

Design and Security Analysis of a Fragment of Internet of Things Telecommunication System

Directory of Open Access Journals (Sweden)

V. A. Alexandrov

2016-01-01

Full Text Available This paper comprises the development and implementation of systems using the concept of Internet of Things. In terms of active development of industries, use the concept of the Internet of Things, the information security problem is urgent. To create a protected module of information-telecommunication system which implements the Internet of Things concept, it is important to take into account all its aspects. To determine relevant threats, it is necessary to use the detailed risk analysis according to existing GOST standards when choosing protection measures, one must rely on identified relevant threats. Actual threats and necessary protective actions are determined in this paper for implementation of Smart House computer appliance module, in order to develop a protected part of Smart House, which is necessary for realization of room access control. We solved the following tasks in the work, namely, a description of the system Smart Home, a description of steps and evaluation system security Smart Home; implementation of hardware assembly and writing a code for the selected fragment of the system; safety evaluation of the selected fragment Smart House and identification of actual threats; make recommendations to counter current threats; software implementation of one of the most urgent threats and software implementation of protective measures for a selected threat. A feature of the work is an integrated approach to the design with the use of the intruder models, analysis of the system’s assets and evaluation of their security.

How to integrate legal requirements into a requirements engineering methodology for the development of security and privacy patterns

NARCIS (Netherlands)

Compagna, L.; El Khoury, P.; Krausová, A.; Massacci, F.; Zannone, N.

2009-01-01

Laws set requirements that force organizations to assess the security and privacy of their IT systems and impose them to implement minimal precautionary security measures. Several IT solutions (e.g., Privacy Enhancing Technologies, Access Control Infrastructure, etc.) have been proposed to address

75 FR 733 - Implementation of the Executive Order, ``Classified National Security Information''

Science.gov (United States)

2010-01-05

... of the Executive Order, ``Classified National Security Information'' Memorandum for the Heads of... Security Information'' (the ``order''), which substantially advances my goals for reforming the security... classified information shall provide the Director of the Information Security Oversight Office (ISOO) a copy...

Deterministic secure communications using two-mode squeezed states

International Nuclear Information System (INIS)

Marino, Alberto M.; Stroud, C. R. Jr.

2006-01-01

We propose a scheme for quantum cryptography that uses the squeezing phase of a two-mode squeezed state to transmit information securely between two parties. The basic principle behind this scheme is the fact that each mode of the squeezed field by itself does not contain any information regarding the squeezing phase. The squeezing phase can only be obtained through a joint measurement of the two modes. This, combined with the fact that it is possible to perform remote squeezing measurements, makes it possible to implement a secure quantum communication scheme in which a deterministic signal can be transmitted directly between two parties while the encryption is done automatically by the quantum correlations present in the two-mode squeezed state

The impact of security and intelligence policy in the era of cyber crimes

Directory of Open Access Journals (Sweden)

MSc. Bahri Gashi

2016-07-01

Full Text Available Creation of National Cyber Defense Strategy, is the only security and the best protection against cyber-crimes. This is the starting point, from where adequate policies and necessary legal measures begin, aiming the creation of a solid ground and responsible users by implementing comprehensive measures and legal restrictions. The methodology used to achieve the recognition of users with applicable legislation and regulations on the use of the Internet, as well as legal obligations; implementation of procedures to use communication systems; signing and approval by users of their responsibilities; knowledge and information on the risks and threats stemming from the use of communication networks; certification of trained and specialized staff; classification and processing of information in a particular system; identifying unauthorized users who use classified information networks in  public systems and private sector; creating barriers in distance entry networks and information systems, etc. Various Security and Intelligence institutions covering and operating in these areas are responsible for the creation and promotion of National Cyber Defense Strategy, analyzing the risk to implement protective measures for preventing attacks on Cybercrime (Cyber Crimes.

Application Security in the ISO27001 Environment

CERN Document Server

Vinod, Vasudevan; Firosh, Ummer

2008-01-01

Application Security in the ISO27001 Environment demonstrates how to secure software applications within a best practice ISO/IEC 27001 environment and supports implementation of the PCI DSS Payment Application Security Standard.

Computer security engineering management

International Nuclear Information System (INIS)

McDonald, G.W.

1988-01-01

For best results, computer security should be engineered into a system during its development rather than being appended later on. This paper addresses the implementation of computer security in eight stages through the life cycle of the system; starting with the definition of security policies and ending with continuing support for the security aspects of the system throughout its operational life cycle. Security policy is addressed relative to successive decomposition of security objectives (through policy, standard, and control stages) into system security requirements. This is followed by a discussion of computer security organization and responsibilities. Next the paper directs itself to analysis and management of security-related risks, followed by discussion of design and development of the system itself. Discussion of security test and evaluation preparations, and approval to operate (certification and accreditation), is followed by discussion of computer security training for users is followed by coverage of life cycle support for the security of the system

From performance to performativity: The legitimization of US security contracting and its consequences.

Science.gov (United States)

Krahmann, Elke

2017-12-01

Discussions about the legitimacy of private security companies (PSCs) in multilateral military interventions abound. This article looks at how the United States has sought to legitimize the outsourcing of security services to PSCs through performance-based contracting and performance assessments. Both mechanisms aim to demonstrate the effective provision of publicly desirable outcomes. However, the immaterial and socially constructed nature of security presents major problems for performance assessments in terms of observable and measurable outcomes. Performance has therefore given way to performativity - that is, the repetitive enactment of particular forms of behaviour and capabilities that are simply equated with security as an outcome. The implications of this development for the ways in which security has been conceptualized, implemented and experienced within US interventions have been profound. Ironically, the concern with performance has not encouraged PSCs to pay increased attention to their impacts on security environments and civilian populations, but has fostered a preoccupation with activities and measurable capabilities that can be easily assessed by government auditors.

Secure and Authenticated Data Communication in Wireless Sensor Networks

Directory of Open Access Journals (Sweden)

Omar Alfandi

2015-08-01

Full Text Available Securing communications in wireless sensor networks is increasingly important as the diversity of applications increases. However, even today, it is equally important for the measures employed to be energy efficient. For this reason, this publication analyzes the suitability of various cryptographic primitives for use in WSNs according to various criteria and, finally, describes a modular, PKI-based framework for confidential, authenticated, secure communications in which most suitable primitives can be employed. Due to the limited capabilities of common WSN motes, criteria for the selection of primitives are security, power efficiency and memory requirements. The implementation of the framework and the singular components have been tested and benchmarked in our testbed of IRISmotes.

Long-term energy services security: What is it and how can it be measured and valued?

International Nuclear Information System (INIS)

Jansen, Jaap C.; Seebregts, Ad J.

2010-01-01

The paper reviews some recent approaches towards measuring the extent of long-term energy security and security externality valuation. It starts out to discuss the contextual connotations of notions of 'energy security' in medium to long-term time frames and reviews some indicators that have been proposed to quantify it. Special attention is paid to two of these approaches, which the authors helped to develop, i.e. diversity-based indices and the Supply/Demand Index. The paper takes issue with conventional welfare economic approaches that neglect: (i) the scope on the demand side for raising security and (ii) negative feedback mechanisms of socio-political impacts of international rent transfers in fossil fuels exporting countries. The concept of energy services security is proposed with a demand-side focus. This enables application of an integrated approach to gauge the resilience of a society to meet the needs of its population for energy services over longer timescales ahead from various interrelated perspectives. Propositions are made on the attribution of security externalities to the use of fossil fuels, policies, and suggestions for further improvements of measures for energy services security.

Security cost analysis in electricity markets based on voltage security criteria and Web-based implementation

International Nuclear Information System (INIS)

Chen, H.

2003-01-01

This paper presents an efficient and transparent method for electricity market operators to analyze transaction security costs and to quantify the correlation between market operation and power system operation. Rescheduling and take-risk strategies were proposed and discussed with reference to transaction impact computations, thermal and voltage limits and voltage stability criteria. The rescheduling method is associated with an iterative generation dispatch or load curtailment approach to minimize the amount of rescheduling. The take-risk method considered operating risks to facilitate transactions. The SATC concept was also proposed to accurately evaluate transmission congestion. The impact of transaction was calculated using a new sensitivity formula to find the most effective rescheduling direction and the most effective cost distribution. A new pricing method called Nodal Congestion Price was also proposed to determine proper price signals. The paper also presents an Artificial Neural Network (ANN) based short term load forecasting method that considers the effect of price on the load. A web-based prototype was implemented to allow all market participants access to the proposed analysis and pricing techniques. Several case studies have validated the effectiveness of the proposed method which would help independent system operators in determining congestion prices, coordinate transactions and make profitable market decisions

THE INFORMATION CONFIDENTIALITY AND CYBER SECURITY IN MEDICAL INSTITUTIONS

Directory of Open Access Journals (Sweden)

SABAU-POPA CLAUDIA DIANA

2015-07-01

Full Text Available The information confidentiality and cyber security risk affects the right to confidentiality and privacy of the patient, as regulated in Romania by the Law 46/2002. The manifestation of the cyber security risk event affects the reputation of the healthcare institution and is becoming more and more complex and often due to the: development of network technology, the medical equipment connected to wifi and the electronic databases. The databases containing medical records were implemented due to automation. Thus, transforming data into medical knowledge contribute to a better understanding of the disease. Due to these factors, the measures taken by the hospital management for this type of risk are adapted to the cyber changes. The hospital objectives aim: the implementation of a robust information system, the early threats identifications and the incident reporting. Neglecting this type of risk can generate financial loss, inability to continue providing health care services for a certain period of time, providing an erroneous diagnosis, medical equipment errors etc. Thus, in a digital age the appropriate risk management for the information security and cyber risk represent a necessity. The main concern of hospitals worldwide is to align with international requirements and obtain credentials in terms of data security from the International Organisation for Standardization, which regulates the management of this type of risk. Romania is at the beginning in terms of concerns regarding the management, avoidance and mitigation of information security, the health system being most highly exposed to its manifestation. The present paper examines the concerns of the health system to the confidentiality of information and cyber security risk and its management arrangements. Thus, a set of key risk indicators is implemented and monitored for 2011-2013, using a user interface, a Dashboard, which acts as an early warning system of the manifestation of the

76 FR 10262 - Information Security Program

Science.gov (United States)

2011-02-24

... FEDERAL MARITIME COMMISSION 46 CFR Part 503 [Docket No. 11-01] RIN 3072-AC40 Information Security... (FMC or Commission) amends its regulations relating to its Information Security Program to reflect the changes implemented by Executive Order 13526--Classified National Security Information--that took effect...

International Nuclear Security

Energy Technology Data Exchange (ETDEWEB)

Doyle, James E. [Los Alamos National Laboratory

2012-08-14

This presentation discusses: (1) Definitions of international nuclear security; (2) What degree of security do we have now; (3) Limitations of a nuclear security strategy focused on national lock-downs of fissile materials and weapons; (4) What do current trends say about the future; and (5) How can nuclear security be strengthened? Nuclear security can be strengthened by: (1) More accurate baseline inventories; (2) Better physical protection, control and accounting; (3) Effective personnel reliability programs; (4) Minimize weapons-usable materials and consolidate to fewer locations; (5) Consider local threat environment when siting facilities; (6) Implement pledges made in the NSS process; and (7) More robust interdiction, emergency response and special operations capabilities. International cooperation is desirable, but not always possible.

Act of 4 August 1955 concerning State Security in the Nuclear Field

International Nuclear Information System (INIS)

1955-01-01

This Act governing State security in the nuclear field lays down that the King may determine the security measures to be complied with concerning nuclear research, materials, methods of production used by establishments and legal or physical persons having in their possession information, documents or material obtained either directly from the Government or with its consent. The Act was supplemented by Royal Order of 14 March 1956 which amplified its provisions by laying down specific requirements regarding the classification of information and material, the security measures to be applied thereto, and to establishments involved in related research work. It also provides for the security clearance to be applied to persons who shall be authorised to obtain such information and classified material. A Royal Order of 18 October 1974 amends this Order in respect of the authorities responsible for its implementation. (NEA) [fr

The Security Plan for the Joint Euratom/IAEA Remote Monitoring Network

International Nuclear Information System (INIS)

Stronkhorst, J.; Schoop, K.; Ruuska, K.; Kurek, S.; Levert, J.F.

2015-01-01

The European Commission and the IAEA have installed surveillance systems in all larger civil European nuclear facilities. The monitoring data is gathered by optical surveillance systems, electronic sealing systems and numerous measuring devices. The on-site joint Euratom/IAEA monitoring networks operate in general completely isolated from the operator's IT systems. To largely improve data security and reliability, remote data transmission (RDT) is installed on a growing number of sites, and the inspection data is daily transferred to the Data Collect Servers in Luxembourg and Vienna. A growing number of RDT connections and a growing number of security threats require an IT security policy that is pro-active as well as reactive in an efficient way. The risk based approach used in setting up the security plans assesses all elements of the monitoring network, from the implemented technical solution and the assessment of the security needs and threats, up to the incident handling and lessons learned. The results of the assessments are, for each individual RDT connection, described in the technical paragraphs and annexes, including system descriptions, network plans and contact information. The principles of secure data handling as implemented in the shared Euratom /IAEA monitoring network can apply to a broad range of industrial monitoring systems, where human interaction is in general the largest security risk. (author)

Bundle Security Protocol for ION

Science.gov (United States)

Burleigh, Scott C.; Birrane, Edward J.; Krupiarz, Christopher

2011-01-01

This software implements bundle authentication, conforming to the Delay-Tolerant Networking (DTN) Internet Draft on Bundle Security Protocol (BSP), for the Interplanetary Overlay Network (ION) implementation of DTN. This is the only implementation of BSP that is integrated with ION.

Challenges to regional security and disarmament measures

International Nuclear Information System (INIS)

Clements, K.P.

1993-01-01

The new agenda for peace is providing an extremely useful road map for current international and regional discussions about new ways and means of securing and maintaining peace and security. It underlines the central role of the United nations Security Council in relation to international conflicts and the maintenance of the peace, but it underlines an increasingly important role of the regional organisations as well. In all, there is a recognition that the end of the cold war has generated possibilities for peace-building that have not existed before. To take advantage of these opportunities requires an enhancement of consultation and dialogue at national, regional and global levels so that all nations and all peoples feel and know that they have a stake in the new peace and security architecture that will govern international relations into the twenty first century

Implementation of Moderator Circulation Test Temperature Measurement System

Energy Technology Data Exchange (ETDEWEB)

Lim, Yeong Muk; Hong, Seok Boong; Kim, Min Seok; Choi, Hwa Rim [KAERI, Daejeon (Korea, Republic of); Kim, Hyung Shin [Chungnam University, Daejeon (Korea, Republic of)

2016-05-15

Moderator Circulation Test(MCT) facility is 1/4 scale facility designed to reproduce the important characteristics of moderator circulation in a CANDU6 calandria under a range of operating conditions. MCT is an equipment with 380 acrylic pipes instead of the heater rods and a preliminary measurement of velocity field using PIV(Particle Image Velocimetry) is performed under the iso-thermal test conditions. The Korea Atomic Energy Research Institute (KAERI) started implementation of MCT Temperature Measurement System (TMS) using multiple infrared sensors. To control multiple infrared sensors, MCT TMS is implemented using National Instruments (NI) LabVIEW programming language. The MCT TMS is implemented to measure sensor data of multiple infrared sensors using the LabVIEW. The 35 sensor pipes of MCT TMS are divided into 2 ports to meet the minimum measurement time of 0.2 seconds. The software of MCT TMS is designed using collection function and processing function. The MCT TMS has the function of monitoring the states of multiple infrared sensors. The GUI screen of MCT TMS is composed of sensor pipe categories for user.

Implementation of Moderator Circulation Test Temperature Measurement System

International Nuclear Information System (INIS)

Lim, Yeong Muk; Hong, Seok Boong; Kim, Min Seok; Choi, Hwa Rim; Kim, Hyung Shin

2016-01-01

Moderator Circulation Test(MCT) facility is 1/4 scale facility designed to reproduce the important characteristics of moderator circulation in a CANDU6 calandria under a range of operating conditions. MCT is an equipment with 380 acrylic pipes instead of the heater rods and a preliminary measurement of velocity field using PIV(Particle Image Velocimetry) is performed under the iso-thermal test conditions. The Korea Atomic Energy Research Institute (KAERI) started implementation of MCT Temperature Measurement System (TMS) using multiple infrared sensors. To control multiple infrared sensors, MCT TMS is implemented using National Instruments (NI) LabVIEW programming language. The MCT TMS is implemented to measure sensor data of multiple infrared sensors using the LabVIEW. The 35 sensor pipes of MCT TMS are divided into 2 ports to meet the minimum measurement time of 0.2 seconds. The software of MCT TMS is designed using collection function and processing function. The MCT TMS has the function of monitoring the states of multiple infrared sensors. The GUI screen of MCT TMS is composed of sensor pipe categories for user

Fast and maliciously secure two-party computation using the GPU

DEFF Research Database (Denmark)

Frederiksen, Tore Kasper; Nielsen, Jesper Buus

2013-01-01

We describe, and implement, a maliciously secure protocol for two-party computation in a parallel computational model. Our protocol is based on Yao’s garbled circuit and an efficient OT extension. The implementation is done using CUDA and yields fast results for maliciously secure two-party compu......-party computation in a financially feasible and practical setting by using a consumer grade CPU and GPU. Our protocol further uses some novel constructions in order to combine garbled circuits and an OT extension in a parallel and maliciously secure setting.......We describe, and implement, a maliciously secure protocol for two-party computation in a parallel computational model. Our protocol is based on Yao’s garbled circuit and an efficient OT extension. The implementation is done using CUDA and yields fast results for maliciously secure two...

How to capture, model, and verify the knowledge of legal, security, and privacy experts: A pattern-based approach

NARCIS (Netherlands)

Compagna, L.; El Khoury, P.; Massacci, F.; Thomas, R.; Zannone, N.

2007-01-01

Laws set requirements that force organizations to assess the security and privacy of their IT systems and impose the adoption of the implementation of minimal precautionary security measures. Several frameworks have been proposed to deal with thii issue. For instance, purpose-based access control is

Australian Experience in Implementing Transport Safety Regulations and Transport Security Recommendations

International Nuclear Information System (INIS)

Sarkar, S.

2016-01-01

Australian transport safety and security regulatory framework is governed by Commonwealth, State and Territory legislations. There are eleven competent authorities in Australia that includes three Commonwealth authorities, six states and two territory authorities. IAEA Regulations for Safe Transport of Radioactive Material (TS-R-1, 2005 edition) is applied through Australian Radiation Protection and Nuclear Safety Agency (ARPANSA) Code of Practice for Transport of Radioactive Material 2008 by road, rail and waterways not covered by marine legislations. All states and territories apply this Transport Code through their regulatory system. For air transport, the Civil Aviation Act 1988 adopts the requirements of the ICAO Technical Instructions for the Safe Transport of Dangerous Goods by Air DOC 9284, which also adopts TS-R-1. The security of radioactive material in air transport is achieved via the Aviation Transport Security Act 2004. For sea transport Australian Marine Order 41 applies the requirements of IMDG (International Maritime Dangerous Goods) Code which also adopts TS-R-1. The security of radioactive material (nuclear material) is governed by two Commonwealth Agencies namely, ARPANSA and ASNO (Australian Safeguards and Non-proliferation Office) . ARPANSA regulates the security of radioactive sources through ARPANSA Code of Practice for the Security of Radioactive Sources 2007 which is based on the IAEA Draft Security Series. ASNO regulates security of nuclear material including U, Th and Pu through the Nuclear Non-Proliferation (Safeguards) Act, and the object of which is to give effect to certain obligations that Australia has as a party to the NPT, Australia’s safeguards agreement with the IAEA, and other bilateral safeguards agreements and certain obligations that Australia has as a party to the Convention for the Physical Protection of Nuclear Materials (CPPNM). This paper presents the effectiveness of regulatory approaches for safe and secure

Implementation of emergency department transfer communication measures in Minnesota critical access hospitals.

Science.gov (United States)

Klingner, Jill; Moscovice, Ira; Casey, Michelle; McEllistrem Evenson, Alex

2015-01-01

Previously published findings based on field tests indicated that emergency department patient transfer communication measures are feasible and worthwhile to implement in rural hospitals. This study aims to expand those findings by focusing on the wide-scale implementation of these measures in the 79 Critical Access Hospitals (CAHs) in Minnesota from 2011 to 2013. Information was obtained from interviews with key informants involved in implementing the emergency department patient transfer communication measures in Minnesota as part of required statewide quality reporting. The first set of interviews targeted state-level organizations regarding their experiences working with providers. A second set of interviews targeted quality and administrative staff from CAHs regarding their experiences implementing measures. Implementing the measures in Minnesota CAHs proved to be successful in a number of respects, but informants also faced new challenges. Our recommendations, addressed to those seeking to successfully implement these measures in other states, take these challenges into account. Field-testing new quality measure implementations with volunteers may not be indicative of a full-scale implementation that requires facilities to participate. The implementation team's composition, communication efforts, prior relationships with facilities and providers, and experience with data collection and abstraction tools are critical factors in successfully implementing required reporting of quality measures on a wide scale. © 2014 National Rural Health Association.