The socio-technical system and nuclear safety

International Nuclear Information System (INIS)

Stefanescu, Petre; Mihailescu, Nicolae; Dragusin, Octavian

1999-01-01

In the field of nuclear safety there have been defined notions like 'technical factors' and 'human factors'. The technical factors depend on designing and manufacturing of components/equipment, actually depend on the people's work. The study of human factors consists in analyzing and recommending the terms that allow an individual to be a reliable and safety agent. Accordingly, he/she is placed in working conditions corresponding to human abilities, associating the means of three levels: - designing, i.e. the action upon the technical system and upon work organization; - correction, i.e. the action upon the evolution of the technical system and organizing; - formation/training, i.e. action upon operators. The paper presents a characterization of the socio-technical system and on this basis discusses the issue of individual adjustment to the socio-technical system and reciprocally, the issue of the socio-technical system adjustment to the individual. Concepts as: ergonomics, physical medium, man/machine interface and support of the operator, man/machine task sharing, the work organizing are put in relation with the central subject, the nuclear safety

Applicability of Socio-Technical Model (STM in Working System of Modern Organizations

Directory of Open Access Journals (Sweden)

Rosmaini Tasmin

2011-10-01

Full Text Available Knowledge has been identified as one of the most important resources in organization that contributes to competitive advantages. Organizations around the world realize and put into practice an approach that bases on technological and sociological aspects to fill-up the gaps in their workplaces. The Socio-Technical Model (STM is an established organizational model introduced by Trist since 1960s at Tavistock Institute, London. It relates two most common components exist in all organizations, namely social systems (human and technological systems (information technology, machinery and equipment in organizations over many decades. This paper reviews the socio-technical model from various perspectives of its developmental stages and ideas written by researchers. Therefore, several literature reviews on socio-technical model have been compiled and discussed to justify whether its basic argument matches with required practices in Techno-Social environments. Through a socio-technical perspective on Knowledge Management, this paper highlights the interplay between social systems and technological system. It also suggests that management and leadership play critical roles in establishing the techno-social perspective for the effective assimilation of Knowledge Management practices.

Defining Information Security.

Science.gov (United States)

Lundgren, Björn; Möller, Niklas

2017-11-15

This article proposes a new definition of information security, the 'Appropriate Access' definition. Apart from providing the basic criteria for a definition-correct demarcation and meaning concerning the state of security-it also aims at being a definition suitable for any information security perspective. As such, it bridges the conceptual divide between so-called 'soft issues' of information security (those including, e.g., humans, organizations, culture, ethics, policies, and law) and more technical issues. Because of this it is also suitable for various analytical purposes, such as analysing possible security breaches, or for studying conflicting attitudes on security in an organization. The need for a new definition is demonstrated by pointing to a number of problems for the standard definition type of information security-the so-called CIA definition. Besides being too broad as well as too narrow, it cannot properly handle the soft issues of information security, nor recognize the contextual and normative nature of security.

Technical solutions for mitigating security threats caused by health professionals in clinical settings.

Science.gov (United States)

Fernandez-Aleman, Jose Luis; Belen Sanchez Garcia, Ana; Garcia-Mateos, Gines; Toval, Ambrosio

2015-08-01

The objective of this paper is to present a brief description of technical solutions for health information system security threats caused by inadequate security and privacy practices in healthcare professionals. A literature search was carried out in ScienceDirect, ACM Digital Library and IEEE Digital Library to find papers reporting technical solutions for certain security problems in information systems used in clinical settings. A total of 17 technical solutions were identified: measures for password security, the secure use of e-mail, the Internet, portable storage devices, printers and screens. Although technical safeguards are essential to the security of healthcare organization's information systems, good training, awareness programs and adopting a proper information security policy are particularly important to prevent insiders from causing security incidents.

Revealing the Socio-technical Design of Global e-businesses

DEFF Research Database (Denmark)

Kampf, Constance Elizabeth

2012-01-01

Global e-businesses such as Google, Amazon and E-bay affect both users and society. How can we begin to understand this duality in the socio-technical affordances of e-business? This paper examines a digital art performance as an example of the tensions between capitalist businesses and the public...... of socio-technical design and using dimensions of transparency to understand technology based Internet business, positing global Internet business as having two levels of socio-technical design—1) the micro level, dealing with user interaction, and 2) the macro level, dealing with the social design...

Information security protecting the global enterprise

CERN Document Server

Pipkin, Donald L

2000-01-01

In this book, IT security expert Donald Pipkin addresses every aspect of information security: the business issues, the technical process issues, and the legal issues. Pipkin starts by reviewing the key business issues: estimating the value of information assets, evaluating the cost to the organization if they are lost or disclosed, and determining the appropriate levels of protection and response to security incidents. Next, he walks through the technical processes required to build a consistent, reasonable information security system, with appropriate intrusion detection and reporting features. Finally, Pipkin reviews the legal issues associated with information security, including corporate officers' personal liability for taking care that information is protected. The book's coverage is applicable to businesses of any size, from 50 employees to 50,000 or more, and ideal for everyone who needs at least a basic understanding of information security: network/system administrators, managers, planners, archite...

Improving a health information system for real-time data entries: An action research project using socio-technical systems theory.

Science.gov (United States)

Adaba, Godfried Bakiyem; Kebebew, Yohannes

2018-03-01

This paper presents the findings of an action research (AR) project to improve a health information system (HIS) at the Operating Theater Department (OTD) of a National Health Service (NHS) hospital in South East England, the UK. Informed by socio-technical systems (STS) theory, AR was used to design an intervention to enhance an existing patient administration system (PAS) to enable data entries in real time while contributing to the literature. The study analyzed qualitative data collected through interviews, participant observations, and document reviews. The study found that the design of the PAS was unsuitable to the work of the three units of the OTD. Based on the diagnoses and STS theory, the project developed and implemented a successful intervention to enhance the legacy system for data entries in real time. The study demonstrates the value of AR from a socio-technical perspective for improving existing systems in healthcare settings. The steps adopted in this study could be applied to improve similar systems. A follow-up study will be essential to assess the sustainability of the improved system.

Approaching socio-technical issues in Knowledge Communication

DEFF Research Database (Denmark)

Kampf, Constance; Islas Sedano, Carolina

2008-01-01

This paper looks at the connection between technology, knowledge management and knowledge communication theory from a process perspective. Knowledge management and knowledge communication processes are examined through the iterations in creating project goals and objectives which connect the social...... and objectives with respect to knowledge communication theory, demonstrating the potential of knowledge communication concepts for socio-technical design processes, as well as the implications of socio-technical design processes in extending our understanding of knowledge communication....

Information security management principles

CERN Document Server

Taylor, Andy; Finch, Amanda; Sutton, David; Taylor, Andy

2013-01-01

In today's technology-driven environment, there is an ever-increasing demand for information delivery. A compromise has to be struck between security and availability. This book is a pragmatic guide to information assurance for both business professionals and technical experts. This second edition includes the security of cloud-based resources.

Social engineering attacks: an augmentation of the socio-technical systems framework

CSIR Research Space (South Africa)

Shozi, A

2015-03-01

Full Text Available or organisation’s information. We analyse social engineering attacks as a Socio-technical System because it recognises the interaction between people and technology in a work environment. In the case of social engineering attacks, the social subsystem would...

Information security architecture an integrated approach to security in the organization

CERN Document Server

Killmeyer, Jan

2000-01-01

An information security architecture is made up of several components. Each component in the architecture focuses on establishing acceptable levels of control. These controls are then applied to the operating environment of an organization. Functionally, information security architecture combines technical, practical, and cost-effective solutions to provide an adequate and appropriate level of security.Information Security Architecture: An Integrated Approach to Security in the Organization details the five key components of an information security architecture. It provides C-level executives

Transferring Codified Knowledge: Socio-Technical versus Top-Down Approaches

Science.gov (United States)

Guzman, Gustavo; Trivelato, Luiz F.

2008-01-01

Purpose: This paper aims to analyse and evaluate the transfer process of codified knowledge (CK) performed under two different approaches: the "socio-technical" and the "top-down". It is argued that the socio-technical approach supports the transfer of CK better than the top-down approach. Design/methodology/approach: Case study methodology was…

Catastrophic failure in complex socio-technical systems

International Nuclear Information System (INIS)

Weir, D.

2004-01-01

This paper reviews the sequences leading to catastrophic failures in complex socio-technical systems. It traces some of the elements of an analytic framework to that proposed by Beer in Decision and Control, first published in 1966, and argues that these ideas are centrally relevant to a topic on which research interest has developed subsequently, the study of crises, catastrophes and disasters in complex socio-technical systems in high technology sectors. But while the system perspective is central, it is not by itself entirely adequate. The problems discussed cannot be discussed simply in terms of system parameters like variety, redundancy and complexity. Much empirical research supports the view that these systems typically operate in degraded mode. The degradations may be primarily initiated within the social components of the socio-technical system. Such variables as hierarchical position, actors' motivations and intentions are relevant to explain the ways in which communication systems typically operate to filter out messages from lower participants and to ignore the 'soft signals' issuing from small-scale and intermittent malfunctions. (author)

Designing socio-technical systems : Structures and processes

NARCIS (Netherlands)

Bots, P.W.G.; Van Daalen, C.

2012-01-01

The Systems Engineering, Policy Analysis and Management (SEPAM) MSc curriculum taught at Delft University of Technology focuses on the design of socio-technical systems (STS). We teach our students to structure design activities by considering what we call the TIP aspects: Technical systems,

A socio-technical approach to teaching the social impacts of technological development

DEFF Research Database (Denmark)

Jensen, Per Langå; Broberg, Ole

2001-01-01

This paper describes a socio-technical approach to teach work environment in an en-gineering education as an alternative to a science-based presentation of each potential harmful factor. The socio-technical approach emphasizes that work environment must be understood in a social context and that ......This paper describes a socio-technical approach to teach work environment in an en-gineering education as an alternative to a science-based presentation of each potential harmful factor. The socio-technical approach emphasizes that work environment must be understood in a social context...

Secure Business Process Engineering: a socio-technical approach

OpenAIRE

Salnitri, Mattia

2016-01-01

Dealing with security is a central activity for todays organizations. Security breaches impact on the activities executed in organizations, preventing them to execute their business processes and, therefore, causing millions of dollars of losses. Security by design principles underline the importance of considering security as early as during the design of organizations to avoid expensive fixes during later phases of their lifecycle. However, the design of secure business processes cannot tak...

A Socio-Technical Approach to Preventing, Mitigating, and Recovering from Ransomware Attacks.

Science.gov (United States)

Sittig, Dean F; Singh, Hardeep

2016-01-01

Recently there have been several high-profile ransomware attacks involving hospitals around the world. Ransomware is intended to damage or disable a user's computer unless the user makes a payment. Once the attack has been launched, users have three options: 1) try to restore their data from backup; 2) pay the ransom; or 3) lose their data. In this manuscript, we discuss a socio-technical approach to address ransomware and outline four overarching steps that organizations can undertake to secure an electronic health record (EHR) system and the underlying computing infrastructure. First, health IT professionals need to ensure adequate system protection by correctly installing and configuring computers and networks that connect them. Next, the health care organizations need to ensure more reliable system defense by implementing user-focused strategies, including simulation and training on correct and complete use of computers and network applications. Concomitantly, the organization needs to monitor computer and application use continuously in an effort to detect suspicious activities and identify and address security problems before they cause harm. Finally, organizations need to respond adequately to and recover quickly from ransomware attacks and take actions to prevent them in future. We also elaborate on recommendations from other authoritative sources, including the National Institute of Standards and Technology (NIST). Similar to approaches to address other complex socio-technical health IT challenges, the responsibility of preventing, mitigating, and recovering from these attacks is shared between health IT professionals and end-users.

Developing and Validating the Socio-Technical Model in Ontology Engineering

Science.gov (United States)

Silalahi, Mesnan; Indra Sensuse, Dana; Giri Sucahyo, Yudho; Fadhilah Akmaliah, Izzah; Rahayu, Puji; Cahyaningsih, Elin

2018-03-01

This paper describes results from an attempt to develop a model in ontology engineering methodology and a way to validate the model. The approach to methodology in ontology engineering is from the point view of socio-technical system theory. Qualitative research synthesis is used to build the model using meta-ethnography. In order to ensure the objectivity of the measurement, inter-rater reliability method was applied using a multi-rater Fleiss Kappa. The results show the accordance of the research output with the diamond model in the socio-technical system theory by evidence of the interdependency of the four socio-technical variables namely people, technology, structure and task.

Zen and the art of information security

CERN Document Server

Winkler, Ira

2007-01-01

While security is generally perceived to be a complicated and expensive process, Zen and the Art of Information Security makes security understandable to the average person in a completely non-technical, concise, and entertaining format. Through the use of analogies and just plain common sense, readers see through the hype and become comfortable taking very simple actions to secure themselves. Even highly technical people have misperceptions about security concerns and will also benefit from Ira Winkler's experiences making security understandable to the business world. Mr. Winkler is one of the most popular and highly rated speakers in the field of security, and lectures to tens of thousands of people a year. Zen and the Art of Information Security is based on one of his most well received international presentations.

Formal Analysis of Graphical Security Models

DEFF Research Database (Denmark)

Aslanyan, Zaruhi

, software components and human actors interacting with each other to form so-called socio-technical systems. The importance of socio-technical systems to modern societies requires verifying their security properties formally, while their inherent complexity makes manual analyses impracticable. Graphical...... models for security offer an unrivalled opportunity to describe socio-technical systems, for they allow to represent different aspects like human behaviour, computation and physical phenomena in an abstract yet uniform manner. Moreover, these models can be assigned a formal semantics, thereby allowing...... formal verification of their properties. Finally, their appealing graphical notations enable to communicate security concerns in an understandable way also to non-experts, often in charge of the decision making. This dissertation argues that automated techniques can be developed on graphical security...

Formal Modelling and Analysis of Socio-Technical Systems

NARCIS (Netherlands)

Probst, Christian W.; Kammüller, Florian; Rydhof Hansen, René; Probst, Christian W.; Hankin, Chris; Rydhof Hansen, René

2015-01-01

Attacks on systems and organisations increasingly exploit human actors, for example through social engineering. This non-technical aspect of attacks complicates their formal treatment and automatic identification. Formalisation of human behaviour is difficult at best, and attacks on socio-technical

Modelling and Analysing Socio-Technical Systems

DEFF Research Database (Denmark)

Aslanyan, Zaruhi; Ivanova, Marieta Georgieva; Nielson, Flemming

2015-01-01

Modern organisations are complex, socio-technical systems consisting of a mixture of physical infrastructure, human actors, policies and processes. An in-creasing number of attacks on these organisations exploits vulnerabilities on all different levels, for example combining a malware attack...

Modeling and Analysing Socio-Technical Systems

NARCIS (Netherlands)

Aslanyan, Zaruhi; Ivanova, Marieta G.; Nielson, Flemming; Probst, Christian W.

2015-01-01

Modern organisations are complex, socio-technical systems consisting of a mixture of physical infrastructure, human actors, policies and processes. An in- creasing number of attacks on these organisations exploits vulnerabilities on all different levels, for example combining a malware attack with

The structuration of socio-technical regimes - Conceptual foundations from institutional theory

NARCIS (Netherlands)

Fuenfschilling, Lea; Truffer, Bernhard|info:eu-repo/dai/nl/6603148005

2014-01-01

In recent years, socio-technical transitions literature has gained importance in addressing long-term, transformative change in various industries. In order to account for the inertia and path-dependency experienced in these sectors, the concept of the socio-technical regime has been formulated.

Developing e-banking services for rural India: making use of socio-technical prototypes

OpenAIRE

Dittrich, Yvonne; Vaidyanathan, Lakshmi; Gonsalves, Timothy A; Jhunjhunwala, Ashok

2017-01-01

Information and Communication Technology (ICT) is one of the key enablers for including underserved communities in economic and societal development across the world. Our research analyzes several banking service projects developing technical solutions for rural India. This poster presents an experience report based on systematic debriefing of involved project leaders and initiators, triangulated with additional documentation. The concept of Socio-Technical Prototype is developed and used to ...

Health Information Security in Hospitals: the Application of Security Safeguards.

Science.gov (United States)

Mehraeen, Esmaeil; Ayatollahi, Haleh; Ahmadi, Maryam

2016-02-01

A hospital information system has potentials to improve the accessibility of clinical information and the quality of health care. However, the use of this system has resulted in new challenges, such as concerns over health information security. This paper aims to assess the status of information security in terms of administrative, technical and physical safeguards in the university hospitals. This was a survey study in which the participants were information technology (IT) managers (n=36) who worked in the hospitals affiliated to the top ranked medical universities (university A and university B). Data were collected using a questionnaire. The content validity of the questionnaire was examined by the experts and the reliability of the questionnaire was determined using Cronbach's coefficient alpha (α=0.75). The results showed that the administrative safeguards were arranged at a medium level. In terms of the technical safeguards and the physical safeguards, the IT managers rated them at a strong level. According to the results, among three types of security safeguards, the administrative safeguards were assessed at the medium level. To improve it, developing security policies, implementing access control models and training users are recommended.

SOCIAL CAPITAL AS THE BASIS FOR THE FORMATION OF SOCIO-ECONOMIC SECURITY IN RURAL AREAS

Directory of Open Access Journals (Sweden)

Andrii Sukhostavets

2017-09-01

, material and technical base, natural conditions, etc. A market-oriented regional economy does not always ensure the growth of the well-being of all segments of the population in conditions of social and economic stability. Inevitably generated unemployment, social problems and other consequences of the competition can cause social fallout. Social threats are closely related to each other, while one generates another, forming a vicious circle. But at the same time, the socio-economic security of the society should be considered as the primary one. On the basis of the foregoing, we believe that the social capital of rural areas provides the basic social norms of citizens, which results in the provision of rights to communicate, found organizations, unions, cooperatives; and its high level leads directly to the increase in the socio-economic security of rural areas. Directions of our further research will be focused on the development of proposals concerning state support for activities related to the formation of social capital.

77 FR 64464 - Information Systems Technical Advisory Committee

Science.gov (United States)

2012-10-22

... DEPARTMENT OF COMMERCE Bureau of Industry and Security Information Systems Technical Advisory Committee Notice of Partially Closed Meeting The Information Systems Technical Advisory Committee (ISTAC... of export controls applicable to information systems equipment and technology. Wednesday, November 7...

Norm-Aware Socio-Technical Systems

Science.gov (United States)

Savarimuthu, Bastin Tony Roy; Ghose, Aditya

The following sections are included: * Introduction * The Need for Norm-Aware Systems * Norms in human societies * Why should software systems be norm-aware? * Case Studies of Norm-Aware Socio-Technical Systems * Human-computer interactions * Virtual environments and multi-player online games * Extracting norms from big data and software repositories * Norms and Sustainability * Sustainability and green ICT * Norm awareness through software systems * Where To, From Here? * Conclusions

Designing water demand management schemes using a socio-technical modelling approach.

Science.gov (United States)

Baki, Sotiria; Rozos, Evangelos; Makropoulos, Christos

2018-05-01

Although it is now widely acknowledged that urban water systems (UWSs) are complex socio-technical systems and that a shift towards a socio-technical approach is critical in achieving sustainable urban water management, still, more often than not, UWSs are designed using a segmented modelling approach. As such, either the analysis focuses on the description of the purely technical sub-system, without explicitly taking into account the system's dynamic socio-economic processes, or a more interdisciplinary approach is followed, but delivered through relatively coarse models, which often fail to provide a thorough representation of the urban water cycle and hence cannot deliver accurate estimations of the hydrosystem's responses. In this work we propose an integrated modelling approach for the study of the complete socio-technical UWS that also takes into account socio-economic and climatic variability. We have developed an integrated model, which is used to investigate the diffusion of household water conservation technologies and its effects on the UWS, under different socio-economic and climatic scenarios. The integrated model is formed by coupling a System Dynamics model that simulates the water technology adoption process, and the Urban Water Optioneering Tool (UWOT) for the detailed simulation of the urban water cycle. The model and approach are tested and demonstrated in an urban redevelopment area in Athens, Greece under different socio-economic scenarios and policy interventions. It is suggested that the proposed approach can establish quantifiable links between socio-economic change and UWS responses and therefore assist decision makers in designing more effective and resilient long-term strategies for water conservation. Copyright © 2017 Elsevier B.V. All rights reserved.

Human and Citizen Rights Guarantees While Providing Information Security

Directory of Open Access Journals (Sweden)

Serhii Yesimov

2018-05-01

Full Text Available With the development of information and communication technologies, issues of providing information security are becoming more and more aggravated. These are crimes related to the use of electronic computers, systems and computer networks and telecommunication networks, the propaganda of separatism and extremism, etc. While providing information security in the digital environment, the role of technical and legal human rights guarantees, due to technical means of protection, is increasing. Relying on the developers of technical means of protection determines the difference between the aforesaid concepts and the traditional approach to ensuring the protection of human and citizen rights, in which responsibilities are put on information intermediaries, owners of confidential information. Technical guarantees of human rights are a necessary component of ensuring information security, but the effectiveness of the application is provided in conjunction with the legal guarantees of human rights, as evidenced by the tendency to recognize the principles of inviolability of privacy on the basis of design decisions in the law of the European Union as legal acts. Providing information security is a legitimate goal of establishing constraints of human rights, since it can be correlated with the norms of international law. The establishment of constraints of human rights is permissible in order to attain other objectives–ensuring state security, public order, health, rights and freedoms of the person in the information sphere. The legitimacy of this goal is determined by its compliance with the objectives envisaged by international agreements ratified in an established order. The article examines the impact of the use of technical means in the field of providing information security in the aspect of following the fundamental human and civil rights in Ukraine, taking into account the legislation of the European Union and the decision of the European Court

75 FR 20817 - Information Systems Technical Advisory Committee

Science.gov (United States)

2010-04-21

... equipment and technology. Wednesday, May 5 Public Session 1. Welcome and Introduction. 2. Working Group... DEPARTMENT OF COMMERCE Bureau of Industry and Security Information Systems Technical Advisory Committee Notice of Partially Closed Meeting The Information Systems Technical Advisory Committee (ISTAC...

The Firewall and Security of Information Systems

OpenAIRE

Radut Carmen; Albici Mihaela; Tenovici Cristina Otilia

2010-01-01

Information security is a broader concept which refers to ensuring the integrity, confidentiality and availability of information. The dynamics of information technology to induce new risks to which organizations must implement new measures of control. Technological development has been accompanied by security solutions, equipment manufacturers and applications including technical methods of protection performance. However, while in information technology change is exponential, the human comp...

Culture of socio-economic security of Ukraine: Challenges in XXIst Century

Directory of Open Access Journals (Sweden)

Olesya Ihorivna Datsko

2015-12-01

Full Text Available It is argued, that the culture of social- economic security has impact on the socio-economic development of state. It is formed at several levels of human interaction: with oneself, other people, work, environment, community groups, state, world, God. It is proved that low level of culture of socio-economic security of Ukraine's population, especially state leaders has a destructive effect on the economic development, labour potential, and increasing level of corruption. The necessity to develop a culture of social- economic security in the state economic policy is proved.

The governance of sustainable socio-technical transitions

NARCIS (Netherlands)

Smith, A.G.; Stirling, A.C.; Berkhout, F.G.H.

2005-01-01

A quasi-evolutionary model of socio-technical transitions is described in which regimes face selection pressures continuously. Differentiated transition contexts determine the form and direction of regime change in response to these pressures. The articulation of pressures, and the degree to which

Trust in technology a socio-technical perspective

CERN Document Server

Clarke, Karen; Rouncefield, Mark

2006-01-01

Encapsulates work done in the DIRC project (Interdisciplinary Research Collaboration in Dependability), bringing together a range of disciplinary approaches - computer science, sociology and software engineering - to produce a socio-technical systems perspective on the issues surrounding trust in technology in complex settings.

Opening the Black-Box in Lifelong E-Learning for Employability: A Framework for a Socio-Technical E-Learning Employability System of Measurement (STELEM

Directory of Open Access Journals (Sweden)

Juan-Francisco Martínez-Cerdá

2018-03-01

Full Text Available Human beings must develop many skills to cope with the large amount of challenges that currently exist in the world: media empowerment for an active and democratic citizenship, knowledge acquisition and conversion for lifelong and life-wide learning, 21st century skills for matching demand and supply in labor markets, and dispositional employability for unpredictable future career success. One of the tools for achieving these is online education, in which students have the chance to manage their own time, content, and goals. Thus, this paper analyzes these issues from the perspective of skills gained through e-learning and validates the Socio-Technical E-learning Employability System of Measurement (STELEM framework. The research was carried out with former students of the Universitat Oberta de Catalunya. Exploratory and confirmatory factorial analyses validate several consistent and reliable scales in two areas: (i employability, based on educational social capital, media empowerment, knowledge acquisition, knowledge conversion, literacy, digitalness, collaboration, resilience, proactivity, identity, openness, motivation, organizational culture, and employment security; and (ii socio-technical systems existing in this open online university, based on its information and communications technology (ICT, learning tasks, as well as student-centered and organizational approaches. The research provides two new psychometrical scales that are useful for the evaluation, monitoring, and assessment of relationships and influences between socio-technical e-learning organizations and employability skills development, and proposes a set of indicators related to human and social capital, valid in employability contexts.

Sustainability and deliberate transition of socio-technical systems

DEFF Research Database (Denmark)

Hansen, Ole Erik; Søndergård, Bent; Stærdahl, Jens

or developing socio-technical systems in order to integrate the concept of sustainability as a driver for the deliberate and purposeful shaping and transition. The article discusses the requirements to effective governance networks and governing of governance networks. Research within innovation systems......The article suggests that deliberate planning for sustainability demands a focus on the transition of socio-technical systems in order to establish robust and more sustainable patterns of production and consumption. This implies the necessity of a new perspective for environmental planning......, transition management and technology systems combined with planning and experimental activities provides both a theoretical and empirical body of knowledge of such governance processes. The article discusses how this perspective can be used in relation to the process of developing bio-fuel systems...

Using communication norms in socio-technical systems

NARCIS (Netherlands)

Weigand, H.; Whitworth, B.; de Moor, A.

2009-01-01

Often socio-technical systems are designed simply on the basis of what the user asks, and without considering explicitly whether the required process structure is right and wrong. However, poor communication may cause many problems. Therefore, a design cycle should always include diagnosis, and in

Obstacle of Team Teaching and Collaborative Learning in Information Security

Directory of Open Access Journals (Sweden)

Marn-Ling Shing

2007-10-01

Full Text Available The field of information security includes diverse contents such as network security and computer forensics which are highly technical-oriented topics. In addition, information forensic requires the background of criminology. The information security also includes non-technical content such as information ethics and security laws. Because the diverse nature of information security, Shing et al. has proposed the use of team teaching and collaborative learning for the information security classes. Although team teaching seems to be efficient in information security, practically it needs a few challenges. The Purdue's case mentioned in Shing's paper has funding support of National Security Agency (NSA. However, a vast amount of resources may not be available for an instructor in a normal university. In addition, many obstacles are related to the administration problems. For example, how are the teaching evaluations computed if there are multiple instructors for a single course? How will instructors in a computer forensics class prepare students (criminal justice majors and information technology majors before taking the same class with diverse background? The paper surveyed approximately 25 students in a university in Virginia concerning the satisfaction of team-teaching. Finally, this paper describes ways to meet those challenges.

A Framework for Adaptive Information Security Systems : A Holistic Investigation

OpenAIRE

Mwakalinga, Jeffy

2011-01-01

This research proposes a framework for adaptive information security systems that considers both the technical and social aspects of information systems security. Initial development of information systems security focused on computer technology and communication protocols. Researchers and designers did not consider culture, traditions, ethics, and other social issues of the people using the systems when designing and developing information security systems. They also seemed to ignore environ...

Protecting the Privacy and Security of Your Health Information

Science.gov (United States)

... can be used and shared with others. The Security Rule sets rules for how your health information must be kept secure with administrative, technical, and physical safeguards. You may have additional protections and health information rights under your State's laws. ...

Security Policy Alignment: A Formal Approach

NARCIS (Netherlands)

Pieters, Wolter; Dimkov, T.; Pavlovic, Dusko

2013-01-01

Security policy alignment concerns the matching of security policies specified at different levels in socio-technical systems, and delegated to different agents, technical and human. For example, the policy that sales data should not leave an organization is refined into policies on door locks,

Modeling Interdependent Socio-technical Networks via ABM Smart Grid Case

NARCIS (Netherlands)

Worm, D.T.H.; Langley, D.J.; Becker, J.M.

2013-01-01

The objective of this paper is to improve scientific modeling of interdependent socio-technical networks. In these networks the interplay between technical or infrastructural elements on the one hand and social and behavioral aspects on the other hand, is of importance. Examples include electricity

MODELING OF TECHNICAL CHANNELS OF INFORMATION LEAKAGE AT DISTRIBUTED CONTROL OBJECTS

Directory of Open Access Journals (Sweden)

Aleksander Vladimirovich Karpov

2018-05-01

Full Text Available The significant increase in requirements for distributed control objects’ functioning can’t be realized only at the expense of the widening and strengthening of security control measures. The first step in ensuring the information security at such objects is the analysis of the conditions of their functioning and modeling of technical channels of information leakage. The development of models of such channels is essentially the only method of complete study of their opportunities and it is pointed toward receiving quantitative assessments of the safe operation of compound objects. The evaluation data are necessary to make a decision on the degree of the information security from a leak according to the current criterion. The existing models are developed for the standard concentrated objects and allow to evaluate the level of information security from a leak on each of channels separately, what involves the significant increase in the required protective resource and time of assessment of information security on an object in general. The article deals with a logical-and-probabilistic method of a security assessment of structurally-compound objects. The model of a security leak on the distributed control objects is cited as an example. It is recommended to use a software package of an automated structurally-logistical modeling of compound systems, which allows to evaluate risk of information leakage in the loudspeaker. A possibility of information leakage by technical channels is evaluated and such differential characteristics of the safe operation of the distributed control objects as positive and negative contributions of the initiating events and conditions, which cause a leak are calculated. Purpose. The aim is a quantitative assessment of data risk, which is necessary for justifying the rational composition of organizational and technical protection measures, as well as a variant of the structure of the information security system from a

Information security practices emerging threats and perspectives

CERN Document Server

Awad, Ahmed; Woungang, Isaac

2017-01-01

This book introduces novel research targeting technical aspects of protecting information security and establishing trust in the digital space. New paradigms, and emerging threats and solutions are presented in topics such as application security and threat management; modern authentication paradigms; digital fraud detection; social engineering and insider threats; cyber threat intelligence; intrusion detection; behavioral biometrics recognition; hardware security analysis. The book presents both the important core and the specialized issues in the areas of protection, assurance, and trust in information security practice. It is intended to be a valuable resource and reference for researchers, instructors, students, scientists, engineers, managers, and industry practitioners. .

The Secure Information Exchange (SIX) Project at the OPCW

International Nuclear Information System (INIS)

Gulay, M.; Milenkovic, G.

2015-01-01

The Chemical Weapons Convention (CWC) entered into force in 1997 and the member states of the Organisation for the Prohibition of Chemical Weapons (OPCW) have obligations for making declarations under various articles of the convention. These declarations could contain confidential information and until recently the only mechanism to submit confidential information to the OPCW Technical Secretariat was through physical delivery by the permanent representatives of the member states which introduced delays in the exchange of information in general. In 2012, the Technical Secretariat initiated a strategic project to establish a secure electronic transmission channel that could be used as an alternative option for the exchange of information between the Technical Secretariat and the member states. The Secure Information Exchange (SIX) Project has been given priority by the Director-General and it received support from the member states. A core project team comprising representatives of the main business unit, the office of legal affairs, IT security and implementation teams were established. Following a feasibility study and with continuous communication with the representatives of the member states, the pilot phase of the project was completed successfully in 2013. In the near future, the project will go live and the member states and the Technical Secretariat will benefit from this key initiative. This paper aims to provide an overview of the project: the solution approach, data gathered in order to assess the delays in communication through traditional means, IT security and implementation issues as well as the legal considerations. (author)

Understanding the Modularity of Socio-technical Production Systems

DEFF Research Database (Denmark)

Thuesen, Christian Langhoff

This paper seeks to contribute to the development of Configurational Theory by offering a reinterpretation of the modularity concept from a socio-technical perspective in general and Actor Network Theory (ANT) in particular. By formulating modularity from an ANT perspective covering social...

FRAM Modelling Complex Socio-technical Systems

CERN Document Server

Hollnagel, Erik

2012-01-01

There has not yet been a comprehensive method that goes behind 'human error' and beyond the failure concept, and various complicated accidents have accentuated the need for it. The Functional Resonance Analysis Method (FRAM) fulfils that need. This book presents a detailed and tested method that can be used to model how complex and dynamic socio-technical systems work, and understand both why things sometimes go wrong but also why they normally succeed.

EMuRgency: Socio-technical innovations to save lives

NARCIS (Netherlands)

Kalz, Marco

2013-01-01

Kalz, M. (2013, 18 September). EMuRgency: Socio-technical innovations to save lives. Presentation provided during the workshop on 21st century learning in the health and emergency sectors in conjunction with the 8th European Conference on Technology-Enhanced Learning (ECTEL 2013). Paphos, Cyprus.

Socio-Technical Implementation: Socio-technical Systems in the Context of Ubiquitous Computing, Ambient Intelligence, Embodied Virtuality, and the Internet of Things

NARCIS (Netherlands)

Nijholt, Antinus; Whitworth, B.; de Moor, A.

2009-01-01

In which computer science world do we design and implement our socio-technical systems? About every five or ten years new computer and interaction paradigms are introduced. We had the mainframe computers, the various generations of computers, including the Japanese fifth generation computers, the

Capturing socio-technical systems with agent-based modelling

NARCIS (Netherlands)

Van Dam, K.H.

2009-01-01

What is a suitable modelling approach for socio-technical systems? The answer to this question is of great importance to decision makers in large scale interconnected network systems. The behaviour of these systems is determined by many actors, situated in a dynamic, multi-actor, multi-objective and

Exploring the impact of socio-technical core-periphery structures in open source software development

NARCIS (Netherlands)

Amrit, Chintan Amrit; van Hillegersberg, Jos

2010-01-01

In this paper we apply the social network concept of core-periphery structure to the socio-technical structure of a software development team. We propose a socio-technical pattern that can be used to locate emerging coordination problems in Open Source projects. With the help of our tool and method

A case study evaluation of a Critical Care Information System adoption using the socio-technical and fit approach.

Science.gov (United States)

Yusof, Maryati Mohd

2015-07-01

Clinical information systems have long been used in intensive care units but reports on their adoption and benefits are limited. This study evaluated a Critical Care Information System implementation. A case study summative evaluation was conducted, employing observation, interview, and document analysis in operating theatres and 16-bed adult intensive care units in a 400-bed Malaysian tertiary referral centre from the perspectives of users (nurses and physicians), management, and information technology staff. System implementation, factors influencing adoption, fit between these factors, and the impact of the Critical Care Information System were evaluated after eight months of operation. Positive influences on system adoption were associated with technical factors, including system ease of use, usefulness, and information relevancy; human factors, particularly user attitude; and organisational factors, namely clinical process-technology alignment and champions. Organisational factors such as planning, project management, training, technology support, turnover rate, clinical workload, and communication were barriers to system implementation and use. Recommendations to improve the current system problems were discussed. Most nursing staff positively perceived the system's reduction of documentation and data access time, giving them more time with patients. System acceptance varied among doctors. System use also had positive impacts on timesaving, data quality, and clinical workflow. Critical Care Information Systems is crucial and has great potentials in enhancing and delivering critical care. However, the case study findings showed that the system faced complex challenges and was underutilised despite its potential. The role of socio-technical factors and their fit in realizing the potential of Critical Care Information Systems requires continuous, in-depth evaluation and stakeholder understanding and acknowledgement. The comprehensive and specific evaluation

75 FR 75453 - Proposed Information Collection; Comment Request; Technical Data Letter of Explanation

Science.gov (United States)

2010-12-03

... Request; Technical Data Letter of Explanation AGENCY: Bureau of Industry and Security. ACTION: Notice....gov . SUPPLEMENTARY INFORMATION: I. Abstract These technical data letters of explanation will assure the Bureau of Industry and Security that U.S.-origin technical data will be exported only for...

Worker Characteristics moderate the Impact of Socio - technical Workplace Interventions on Job Satisfaction

OpenAIRE

Mörtl, Peter; Schafler, Marlene; Lacueva-Pérez, Francisco José

2017-01-01

Workers’ job satisfaction is considered a critical indicator for the effectiveness of socio-technical interventions in the work place. However, job satisfaction represents a complex psychological phenomenon with many contributing factors that can be difficult to assess. To facilitate assessments of job satisfaction we review psychological theories and metrics of job satisfaction to investigate implications for socio-technical interventions. The findings suggest that the design and introductio...

Socio-technical Spaces: Guiding Politics, Staging Design

DEFF Research Database (Denmark)

Clausen, Christian; Yoshinaka, Yutaka

2005-01-01

This article addresses how insights from the social shaping tradition and political process theory may contribute to an understanding of the sociotechnical design and implementation of change. This idea is pursued through the notion of 'socio-technical spaces' and its delineation, with respect...... political concerns. The paper tentatively points to some analytical implications and to challenges and possibilities for the 'bridging' between spaces otherwise rendered distinct....

Exploring Socio-Technical Features of Green Interior Design of Residential Buildings: Indicators, Interdependence and Embeddedness

Directory of Open Access Journals (Sweden)

Yan Ning

2016-12-01

Full Text Available This research aims to develop indicators for assessing green interior design of new residential buildings in China, grounded in the socio-technical systems approach. The research was carried out through a critical literature review and two focus group studies. The results show that the boundaries of green interior design were identified with respect to three dimensions, namely performance, methodology and stakeholders. The socio-technical systems approach argues for the recognition of the interdependence between the systems elements and the feature of embeddedness. The interdependence of the systems elements exists within each of these three dimensions and across them. It is also found that the socio-technical systems of green interior design are embedded in the social, regulatory and geographic context. Taking interior design of residential buildings as the empirical setting, this study contributes to the literature of green building assessment by presenting a socio-technical systems approach.

The economics of information security and privacy

CERN Document Server

Böhme, Rainer

2013-01-01

In the late 1990s, researchers began to grasp that the roots of many information security failures can be better explained with the language of economics than by pointing to instances of technical flaws. This led to a thriving new interdisciplinary research field combining economic and engineering insights, measurement approaches and methodologies to ask fundamental questions concerning the viability of a free and open information society. While economics and information security comprise the nucleus of an academic movement that quickly drew the attention of thinktanks, industry, and governmen

Assessing innovation in emerging energy technologies: Socio-technical dynamics of carbon capture and storage (CCS) and enhanced geothermal systems (EGS) in the USA

International Nuclear Information System (INIS)

Stephens, Jennie C.; Jiusto, Scott

2010-01-01

This study applies a socio-technical systems perspective to explore innovation dynamics of two emerging energy technologies with potential to reduce greenhouse gas emissions from electrical power generation in the United States: carbon capture and storage (CCS) and enhanced geothermal systems (EGS). The goal of the study is to inform sustainability science theory and energy policy deliberations by examining how social and political dynamics are shaping the struggle for resources by these two emerging, not-yet-widely commercializable socio-technical systems. This characterization of socio-technical dynamics of CCS and EGS innovation includes examining the perceived technical, environmental, and financial risks and benefits of each system, as well as the discourses and actor networks through which the competition for resources - particularly public resources - is being waged. CCS and EGS were selected for the study because they vary considerably with respect to their social, technical, and environmental implications and risks, are unproven at scale and uncertain with respect to cost, feasibility, and life-cycle environmental impacts. By assessing the two technologies in parallel, the study highlights important social and political dimensions of energy technology innovation in order to inform theory and suggest new approaches to policy analysis.

ABOUT THE SPECIAL INVESTIGATIONS OF THE PROTECTION OF THE TECHNICAL SECURITY SYSTEMS AGAINST INFORMATION LEAKAGE DUE TO THE ACOUSTO-ELECTRICAL TRANSFORMATIONS

Directory of Open Access Journals (Sweden)

A. P. Durakovskiy

2016-12-01

Full Text Available None of the critically important facilities can operate without the engineered safety system. Functionally varied security networks or a fire alarm system can refer to this system as well as safety and reliability which are provided by secured energy, water and heating supply. In the process of attestation according to the requirements of information security of information objects with such technical means, it is necessary to conduct special investigations of protection against leakage of acoustic speech information through the channels of the acousto-electrical transformations (AET. There are major aspects in the data leak via AET, which currently include the following: lack of and /or obtaining legal and safety norms to regulate specified parameters; lack of the automated hardware and software system for some AET variations to carry out measurements; lack of specified safety equipment for some AET variations; lack of shelter security units; high costs of AET measurement and control units; and low measurement repeatability.

Agent-Based Modeling and Analysis of Socio-Technical Systems

NARCIS (Netherlands)

Sharpanskykh, O.

2011-01-01

Socio-technical systems are characterized by high structural and behavioral complexities, which impede understanding and modeling of such systems. In particular, reciprocal relations between diverse local system processes that determine global system dynamics are not well understood. In this article

A Quantitative Socio-hydrological Characterization of Water Security in Large-Scale Irrigation Systems

Science.gov (United States)

Siddiqi, A.; Muhammad, A.; Wescoat, J. L., Jr.

2017-12-01

Large-scale, legacy canal systems, such as the irrigation infrastructure in the Indus Basin in Punjab, Pakistan, have been primarily conceived, constructed, and operated with a techno-centric approach. The emerging socio-hydrological approaches provide a new lens for studying such systems to potentially identify fresh insights for addressing contemporary challenges of water security. In this work, using the partial definition of water security as "the reliable availability of an acceptable quantity and quality of water", supply reliability is construed as a partial measure of water security in irrigation systems. A set of metrics are used to quantitatively study reliability of surface supply in the canal systems of Punjab, Pakistan using an extensive dataset of 10-daily surface water deliveries over a decade (2007-2016) and of high frequency (10-minute) flow measurements over one year. The reliability quantification is based on comparison of actual deliveries and entitlements, which are a combination of hydrological and social constructs. The socio-hydrological lens highlights critical issues of how flows are measured, monitored, perceived, and experienced from the perspective of operators (government officials) and users (famers). The analysis reveals varying levels of reliability (and by extension security) of supply when data is examined across multiple temporal and spatial scales. The results shed new light on evolution of water security (as partially measured by supply reliability) for surface irrigation in the Punjab province of Pakistan and demonstrate that "information security" (defined as reliable availability of sufficiently detailed data) is vital for enabling water security. It is found that forecasting and management (that are social processes) lead to differences between entitlements and actual deliveries, and there is significant potential to positively affect supply reliability through interventions in the social realm.

Socio-technical issues and challenges in implementing safe patient handovers: insights from ethnographic case studies.

Science.gov (United States)

Balka, Ellen; Tolar, Marianne; Coates, Shannon; Whitehouse, Sandra

2013-12-01

Ineffective handovers in patient care, including those where information loss occurs between care providers, have been identified as a risk to patient safety. Computerization of health information is often offered as a solution to improve the quality of care handovers and decrease adverse events related to patient safety. The purpose of this paper is to broaden our understanding of clinical handover as a patient safety issue, and to identify socio-technical issues which may come to bear on the success of computer based handover tools. Three in depth ethnographic case studies were undertaken. Field notes were transcribed and analyzed with the aid of qualitative data analysis software. Within case analysis was performed on each case, and subsequently, cross case analyses were performed. We identified five types of socio-technical issues which must be addressed if electronic handover tools are to succeed. The inter-dependencies of these issues are addressed in relation to arenas in which health care work takes place. We suggest that the contextual nature of information, ethical and medico-legal issues arising in relation to information handover, and issues related to data standards and system interoperability must be addressed if computerized health information systems are to achieve improvements in patient safety related to handovers in care. Copyright © 2012 Elsevier Ireland Ltd. All rights reserved.

International Socio-Technical Challenges for Geological Disposal (InSOTEC): Project Aims and Preliminary Results - 12236

Energy Technology Data Exchange (ETDEWEB)

Bergmans, Anne; Schroeder, Jantine [University of Antwerp, Faculty of Political and Social Sciences, 2000 Antwerp (Belgium); Simmons, Peter [University of East Anglia, School of Environmental Sciences, NR4 7TJ Norwich (United Kingdom); Barthe, Yannick; Meyer, Morgan [CNRS, Ecole des Mines, 75272 Paris (France); Sundqvist, Goeran [Universitetet i Oslo, Centre for Studies of Technology, Innovation and Culture, 0851 Oslo (Norway); Martell, Merixell [MERIENCE Strategic Thinking, 08734 Olerdola (Spain); Kallenbach-Herbert, Beate [Oeko Institut, 64295 Darmstadt (Germany)

2012-07-01

InSOTEC is a social sciences research project which aims to generate a better understanding of the complex interplay between the technical and the social in radioactive waste management and, in particular, in the design and implementation of geological disposal. It currently investigates and analyses the most striking socio-technical challenges to implementing geological disposal of radioactive waste in 14 national programs. A focus is put on situations and issues where the relationship between the technical and social components is still unstable, ambiguous and controversial, and where negotiations are taking place in terms of problem definitions and preferred solutions. Such negotiations can vary from relatively minor contestation, over mild commotion, to strong and open conflicts. Concrete examples of socio-technical challenges are: the question of siting, introducing the notion of reversibility / retrievability into the concept of geological disposal, or monitoring for confidence building. In a second stage the InSOTEC partners aim to develop a fine-grained understanding of how the technical and the social influence, shape, build upon each other in the case of radioactive waste management and the design and implementation of geological disposal. How are socio-technical combinations in this field translated and materialized into the solutions finally adopted? With what kinds of tools and instruments are they being integrated? Complementary to providing better theoretical insight into these socio-technical challenges/combinations, InSOTEC aims to provide concrete suggestions on how to address these within national and international contexts. To this end, InSOTEC will deliver insights into how mechanisms for interaction between the technical community and a broad range of socio-political actors could be developed. (authors)

Primer Control System Cyber Security Framework and Technical Metrics

Energy Technology Data Exchange (ETDEWEB)

Wayne F. Boyer; Miles A. McQueen

2008-05-01

The Department of Homeland Security National Cyber Security Division supported development of a control system cyber security framework and a set of technical metrics to aid owner-operators in tracking control systems security. The framework defines seven relevant cyber security dimensions and provides the foundation for thinking about control system security. Based on the developed security framework, a set of ten technical metrics are recommended that allow control systems owner-operators to track improvements or degradations in their individual control systems security posture.

Inquiries into Malaysia's socio-technical disasters: recommendations and lessons learnt.

Science.gov (United States)

Said, Aini Mat; Ahmadun, Fakhru'l-Razi; Abdul Kadir, Razali; Daud, Mohamed

2009-04-01

Most democratic countries hold inquiries into disasters. One of their key functions is to establish the cause of an event and to learn lessons in order to prevent a recurrence. In addition, they offer an opportunity for communal catharsis, permitting the public to vent anger, distress and frustration and to exert pressure for policy changes. Malaysia has experienced six landmark socio-technical disasters since 1968, which resulted in the proposal or amendment of various safety/emergency acts and regulations. The authors used a grounded theory approach utilising a constant comparative method to analyse the recommendations made by the inquiries into these events. Data indicate that social and technical recommendations comprise 85 and 15 per cent, respectively, of the total recommendations made by the inquiry committees. This paper offers suggestions for improving the management of inquiry tribunals, as they will remain a valuable source of information for society and corporations to learn from past incidents.

Information risk and security modeling

Science.gov (United States)

Zivic, Predrag

2005-03-01

This research paper presentation will feature current frameworks to addressing risk and security modeling and metrics. The paper will analyze technical level risk and security metrics of Common Criteria/ISO15408, Centre for Internet Security guidelines, NSA configuration guidelines and metrics used at this level. Information IT operational standards view on security metrics such as GMITS/ISO13335, ITIL/ITMS and architectural guidelines such as ISO7498-2 will be explained. Business process level standards such as ISO17799, COSO and CobiT will be presented with their control approach to security metrics. Top level, the maturity standards such as SSE-CMM/ISO21827, NSA Infosec Assessment and CobiT will be explored and reviewed. For each defined level of security metrics the research presentation will explore the appropriate usage of these standards. The paper will discuss standards approaches to conducting the risk and security metrics. The research findings will demonstrate the need for common baseline for both risk and security metrics. This paper will show the relation between the attribute based common baseline and corporate assets and controls for risk and security metrics. IT will be shown that such approach spans over all mentioned standards. The proposed approach 3D visual presentation and development of the Information Security Model will be analyzed and postulated. Presentation will clearly demonstrate the benefits of proposed attributes based approach and defined risk and security space for modeling and measuring.

Information Behavior: A Socio-Cognitive Ability

Directory of Open Access Journals (Sweden)

Amanda Spink

2007-04-01

Full Text Available How has human information behavior evolved? Our paper explores this question in the form of notions, models and theories about the relationship between information behavior and human evolution. Alexander's Ecological Dominance and Social Competition/Cooperation (EDSC model currently provides the most comprehensive overview of human traits in the development of a theory of human evolution and sociality. His model provides a basis for explaining the evolution of human socio-cognitive abilities, including ecological dominance, and social competition/cooperation. Our paper examines the human trait of information behavior as a socio-cognitive ability related to ecological dominance, and social competition/cooperation. The paper first outlines what is meant by information behavior from various interdisciplinary perspectives. We propose that information behavior is a socio-cognitive ability that is related to and enables other socio-cognitive abilities such as human ecological dominance, and social competition/cooperation. The paper reviews the current state of evolutionary approaches to information behavior and future directions for this research

Modelling transport energy demand: A socio-technical approach

International Nuclear Information System (INIS)

Anable, Jillian; Brand, Christian; Tran, Martino; Eyre, Nick

2012-01-01

Despite an emerging consensus that societal energy consumption and related emissions are not only influenced by technical efficiency but also by lifestyles and socio-cultural factors, few attempts have been made to operationalise these insights in models of energy demand. This paper addresses that gap by presenting a scenario exercise using an integrated suite of sectoral and whole systems models to explore potential energy pathways in the UK transport sector. Techno-economic driven scenarios are contrasted with one in which social change is strongly influenced by concerns about energy use, the environment and well-being. The ‘what if’ Lifestyle scenario reveals a future in which distance travelled by car is reduced by 74% by 2050 and final energy demand from transport is halved compared to the reference case. Despite the more rapid uptake of electric vehicles and the larger share of electricity in final energy demand, it shows a future where electricity decarbonisation could be delayed. The paper illustrates the key trade-off between the more aggressive pursuit of purely technological fixes and demand reduction in the transport sector and concludes there are strong arguments for pursuing both demand and supply side solutions in the pursuit of emissions reduction and energy security.

Developing e-banking services for rural India: making use of socio-technical prototypes

DEFF Research Database (Denmark)

Dittrich, Yvonne; Vaidyanathan, Lakshmi; Gonsalves, Timothy A

2017-01-01

an experience report based on systematic debriefing of involved project leaders and initiators, triangulated with additional documentation. The concept of Socio-Technical Prototype is developed and used to show how to mitigate the challenges of ICT based banking service provision for socially constrained...... communities. The concept of Socio-Technical Prototype extends the notion of prototypes, as it implies a full functioning implementation of the service including all relevant stakeholders. In order to not only prototype end-user functionality but also the interaction of the solution with the specific social......, technical and physical environment. The implications for software engineering in the development of such large-scale prototypes and pilots are outlined....

Dynamic Socio-technical System Design based on Stakeholder Interaction

Directory of Open Access Journals (Sweden)

Albert Fleischmann

2015-07-01

Full Text Available In order to directly involve stakeholders in socio-technical system design, we argue for streamlining executable process specifications with business process modeling. Due to current agility requirements of organizations, socio-technical system development is considered one of the key activities of members of the organizations. Dynamic process adaptation enable handling the volatility of business operation and IT infrastructure. Subject-oriented process representations are key enablers to dynamic adaptation due to their capability for stakeholders to create directly executable models. In this way stakeholder can be involved in change management pro-actively. Subject-oriented models (i represent all relevant features required for system control and decision making, and (ii are executable on demand. This effectiveness enables organizational change in a creative and efficient way, while establishing innovative design and change management tools. Subject-oriented Business Process Management capabilities are reflected in this realm revealing benefits and potential for further research.

75 FR 39919 - Information Systems, Technical Advisory Committee; Notice of Partially Closed Meeting

Science.gov (United States)

2010-07-13

... DEPARTMENT OF COMMERCE Bureau of Industry and Security Information Systems, Technical Advisory Committee; Notice of Partially Closed Meeting The Information Systems Technical Advisory Committee (ISTAC... export controls applicable to information systems equipment and technology. Wednesday, July 28 Public...

75 FR 64258 - Information Systems Technical Advisory Committee; Notice of Partially Closed Meeting

Science.gov (United States)

2010-10-19

... DEPARTMENT OF COMMERCE Bureau of Industry and Security Information Systems Technical Advisory Committee; Notice of Partially Closed Meeting The Information Systems Technical Advisory Committee (ISTAC... export controls applicable to information systems equipment and technology. Wednesday, November 3 Public...

78 FR 63162 - Information Systems Technical Advisory Committee; Notice of Partially Closed Meeting

Science.gov (United States)

2013-10-23

... DEPARTMENT OF COMMERCE Bureau of Industry and Security Information Systems Technical Advisory Committee; Notice of Partially Closed Meeting The Information Systems Technical Advisory Committee (ISTAC... of export controls applicable to information systems equipment and technology. Wednesday, November 6...

78 FR 42753 - Information Systems Technical Advisory Committee; Notice of Partially Closed Meeting

Science.gov (United States)

2013-07-17

... DEPARTMENT OF COMMERCE Bureau of Industry and Security Information Systems Technical Advisory Committee; Notice of Partially Closed Meeting The Information Systems Technical Advisory Committee (ISTAC... of export controls applicable to information systems equipment and technology. Wednesday, July 31...

76 FR 64895 - Information Systems Technical Advisory Committee; Notice of Partially Closed Meeting

Science.gov (United States)

2011-10-19

... DEPARTMENT OF COMMERCE Bureau of Industry and Security Information Systems Technical Advisory Committee; Notice of Partially Closed Meeting The Information Systems Technical Advisory Committee (ISTAC... export controls applicable to information systems equipment and technology. Wednesday, November 2 Public...

76 FR 39845 - Information Systems Technical Advisory Committee; Notice of Partially Closed Meeting

Science.gov (United States)

2011-07-07

... DEPARTMENT OF COMMERCE Bureau of Industry and Security Information Systems Technical Advisory Committee; Notice of Partially Closed Meeting The Information Systems Technical Advisory Committee (ISTAC... export controls applicable to information systems equipment and technology. Wednesday, July 27 Public...

A mechanism to assess the relationship between socio-technical ...

African Journals Online (AJOL)

A mechanism to assess the relationship between socio-technical congruence and project performance in incremental model. W.A.W.M. Sobri, S.S.M. Fauzi, M.H.N.M. Nasir, R Ahmad, A.J. Suali. Abstract. No Abstract. Keywords: coordination; software development; software project; software engineering project; ...

78 FR 1198 - Information Systems Technical Advisory Committee; Notice of Partially Closed Meeting

Science.gov (United States)

2013-01-08

... DEPARTMENT OF COMMERCE Bureau of Industry and Security Information Systems Technical Advisory Committee; Notice of Partially Closed Meeting The Information Systems Technical Advisory Committee (ISTAC... to information systems equipment and technology. Wednesday, January 23 Open Session 1. Welcome and...

77 FR 37652 - Information Systems Technical Advisory Committee; Notice of Partially Closed Meeting

Science.gov (United States)

2012-06-22

... DEPARTMENT OF COMMERCE Bureau of Industry and Security Information Systems Technical Advisory Committee; Notice of Partially Closed Meeting The Information Systems Technical Advisory Committee (ISTAC... that affect the level of export controls applicable to information systems equipment and technology...

77 FR 1666 - Information Systems, Technical Advisory Committee; Notice of Partially Closed Meeting

Science.gov (United States)

2012-01-11

... DEPARTMENT OF COMMERCE Bureau of Industry and Security Information Systems, Technical Advisory Committee; Notice of Partially Closed Meeting The Information Systems Technical Advisory Committee (ISTAC... information systems equipment and technology. Wednesday, January 25 Open Session 1. Welcome and Introductions...

Composite Socio-Technical Systems: A Method for Social Energy Systems

Energy Technology Data Exchange (ETDEWEB)

Zhang, Yingchen [National Renewable Energy Laboratory (NREL), Golden, CO (United States); He, Fulin [Huazhong University of Science & Technology; Hao, Jun [University of Denver; Dai, Xiaoxiao [University of Denver; Zhang, Jun Jason [University of Denver; Wei, Jiaolong [Huazhong University of Science & Technology

2017-12-01

In order to model and study the interactions between social on technical systems, a systemic method, namely the composite socio-technical systems (CSTS), is proposed to incorporate social systems, technical systems and the interaction mechanism between them. A case study on University of Denver (DU) campus grid is presented in paper to demonstrate the application of the proposed method. In the case study, the social system, technical system, and the interaction mechanism are defined and modelled within the framework of CSTS. Distributed and centralized control and management schemes are investigated, respectively, and numerical results verifies the feasibility and performance of the proposed composite system method.

Information Security Risk Assessment in Hospitals.

Science.gov (United States)

Ayatollahi, Haleh; Shagerdi, Ghazal

2017-01-01

To date, many efforts have been made to classify information security threats, especially in the healthcare area. However, there are still many unknown risks which may threat the security of health information and their resources especially in the hospitals. The aim of this study was to assess the risks threatening information security in the hospitals located in one of the northwest cities of Iran. This study was completed in 2014. The participants were information technology managers who worked in the hospitals (n=27). The research instrument was a questionnaire composed of a number of open and closed questions. The content validity of the questionnaire was confirmed, and the reliability of the closed questions was measured by using the test-retest method (r =0.78). The results showed that among the information security risks, fire found to be a high probability/high impact risk factor. Human and physical/environmental threats were among the low probability risk factors. Regarding the information security safeguards used in the hospitals, the results showed that the use of the technical safeguards was the most frequent one (n =22, 91.7%) compared to the administrative (n =21, 87.5%) and the physical safeguards (n =16, 66.7%). The high probability risk factors require quick corrective actions to be taken. Therefore, the underlying causes of such threats should be identified and controlled before experiencing adverse effects. It is also important to note that information security in health care systems needs to be considered at a macro level with respect to the national interests and policies.

Strategic information security

CERN Document Server

Wylder, John

2003-01-01

Introduction to Strategic Information SecurityWhat Does It Mean to Be Strategic? Information Security Defined The Security Professional's View of Information Security The Business View of Information SecurityChanges Affecting Business and Risk Management Strategic Security Strategic Security or Security Strategy?Monitoring and MeasurementMoving Forward ORGANIZATIONAL ISSUESThe Life Cycles of Security ManagersIntroductionThe Information Security Manager's Responsibilities The Evolution of Data Security to Information SecurityThe Repository Concept Changing Job Requirements Business Life Cycles

78 FR 24160 - Information Systems Technical Advisory Committee; Notice of Partially Closed Meeting

Science.gov (United States)

2013-04-24

... DEPARTMENT OF COMMERCE Bureau of Industry and Security Information Systems Technical Advisory Committee; Notice of Partially Closed Meeting The Information Systems Technical Advisory Committee (ISTAC... controls applicable to information systems equipment and technology. Tuesday, May 7 Open Session 1. Welcome...

77 FR 24178 - Information Systems Technical Advisory Committee; Notice of Partially Closed Meeting

Science.gov (United States)

2012-04-23

... DEPARTMENT OF COMMERCE Bureau of Industry and Security Information Systems Technical Advisory Committee; Notice of Partially Closed Meeting The Information Systems Technical Advisory Committee (ISTAC... controls applicable to information systems equipment and technology. Tuesday, May 8 Open Session 1. Welcome...

A Socio-Technical Analysis of Patient Accessible Electronic Health Records.

Science.gov (United States)

Hägglund, Maria; Scandurra, Isabella

2017-01-01

In Sweden, and internationally, there is a movement towards increased transparency in healthcare including giving patients online access to their electronic health records (EHR). The purpose of this paper is to analyze the Swedish patient accessible EHR (PAEHR) service using a socio-technical framework, to increase the understanding of factors that influence the design, implementation, adoption and use of the service. Using the Sitting and Singh socio-technical framework as a basis for analyzing the Swedish PAEHR system and its context indicated that there are many stakeholders engaged in these types of services, with different driving forces and incentives that may influence the adoption and usefulness of PAEHR services. The analysis was useful in highlighting important areas that need to be further explored in evaluations of PAEHR services, and can act as a guide when planning evaluations of any PAEHR service.

78 FR 57839 - Request for Information on Computer Security Incident Coordination (CSIC)

Science.gov (United States)

2013-09-20

...-02] Request for Information on Computer Security Incident Coordination (CSIC) AGENCY: National... Computer Security Incident Coordination. NIST experienced technical difficulties with receiving email... Technology (NIST) announced that it was soliciting comments relating to Computer Security Incident...

Reflecting socio-technical combinations in radioactive waste management. Results from the InSOTEC European research project

International Nuclear Information System (INIS)

Kallenbach-Herbert, Beate; Bergmans, Anne; Martell, Meritxell; Schroeder, Jantine

2015-01-01

InSOTEC is a three-year collaborative social sciences research project funded under the European Atomic Energy Community's 7th Framework Programme FP7. The project aims to generate a better understanding of the complex interplay between the technical and the social in the context of geological disposal of radioactive waste. In doing so, InSOTEC has moved beyond the social and technical division that is frequently being found in this context by - investigating the consideration of social sciences and the recognition of socio-technical combinations in research programs on geological disposal, - analyzing the socio-technical entanglement in selected contexts like siting, reversibility and retrievability, demonstrating safety and technology transfer on the basis of case studies, and - exploring the integration of diverse stakeholders in technology oriented networks. The analyses reveal that activities in the context of geological disposal, whether related to research, planning, siting etc., rather support the divide of social and technical aspects than fostering the consideration of their entanglement. Reasons identified for this are manifold. The wish to reduce complexity by focusing stakeholder involvement on social questions and fixing the technical part ''when acceptance is reached'' is only one of them. However, the analyses also show that over the long timescales of repository planning and implementation, robust management strategies must provide the flexibility to adapt to both technical and social developments and demands. Understanding the socio-technical interplay and creating structures for its consideration provides the basis for dealing with this challenge. This presentation will focus on the main findings of the InSOTEC project with regard to the consideration of socio-technical combinations in practice. These insights are currently under development and will be finalized at the end of the project in June 2014. We will reflect on

Reflecting socio-technical combinations in radioactive waste management. Results from the InSOTEC European research project

Energy Technology Data Exchange (ETDEWEB)

Kallenbach-Herbert, Beate [Oeko-Institut e.V., Darmstadt (Germany); Bergmans, Anne [Antwerp Univ. (Belgium); Martell, Meritxell [Merience Strategic Thinking, Olerdola (Spain); Schroeder, Jantine [Antwerp Univ. (Belgium); SCK - CEN, Mol (Belgium)

2015-07-01

InSOTEC is a three-year collaborative social sciences research project funded under the European Atomic Energy Community's 7th Framework Programme FP7. The project aims to generate a better understanding of the complex interplay between the technical and the social in the context of geological disposal of radioactive waste. In doing so, InSOTEC has moved beyond the social and technical division that is frequently being found in this context by - investigating the consideration of social sciences and the recognition of socio-technical combinations in research programs on geological disposal, - analyzing the socio-technical entanglement in selected contexts like siting, reversibility and retrievability, demonstrating safety and technology transfer on the basis of case studies, and - exploring the integration of diverse stakeholders in technology oriented networks. The analyses reveal that activities in the context of geological disposal, whether related to research, planning, siting etc., rather support the divide of social and technical aspects than fostering the consideration of their entanglement. Reasons identified for this are manifold. The wish to reduce complexity by focusing stakeholder involvement on social questions and fixing the technical part ''when acceptance is reached'' is only one of them. However, the analyses also show that over the long timescales of repository planning and implementation, robust management strategies must provide the flexibility to adapt to both technical and social developments and demands. Understanding the socio-technical interplay and creating structures for its consideration provides the basis for dealing with this challenge. This presentation will focus on the main findings of the InSOTEC project with regard to the consideration of socio-technical combinations in practice. These insights are currently under development and will be finalized at the end of the project in June 2014. We will reflect on

Measurable Control System Security through Ideal Driven Technical Metrics

Energy Technology Data Exchange (ETDEWEB)

Miles McQueen; Wayne Boyer; Sean McBride; Marie Farrar; Zachary Tudor

2008-01-01

The Department of Homeland Security National Cyber Security Division supported development of a small set of security ideals as a framework to establish measurable control systems security. Based on these ideals, a draft set of proposed technical metrics was developed to allow control systems owner-operators to track improvements or degradations in their individual control systems security posture. The technical metrics development effort included review and evaluation of over thirty metrics-related documents. On the bases of complexity, ambiguity, or misleading and distorting effects the metrics identified during the reviews were determined to be weaker than necessary to aid defense against the myriad threats posed by cyber-terrorism to human safety, as well as to economic prosperity. Using the results of our metrics review and the set of security ideals as a starting point for metrics development, we identified thirteen potential technical metrics - with at least one metric supporting each ideal. Two case study applications of the ideals and thirteen metrics to control systems were then performed to establish potential difficulties in applying both the ideals and the metrics. The case studies resulted in no changes to the ideals, and only a few deletions and refinements to the thirteen potential metrics. This led to a final proposed set of ten core technical metrics. To further validate the security ideals, the modifications made to the original thirteen potential metrics, and the final proposed set of ten core metrics, seven separate control systems security assessments performed over the past three years were reviewed for findings and recommended mitigations. These findings and mitigations were then mapped to the security ideals and metrics to assess gaps in their coverage. The mappings indicated that there are no gaps in the security ideals and that the ten core technical metrics provide significant coverage of standard security issues with 87% coverage. Based

Understanding critical barriers to implementing a clinical information system in a nursing home through the lens of a socio-technical perspective.

Science.gov (United States)

Or, Calvin; Dohan, Michael; Tan, Joseph

2014-09-01

This paper addresses key barriers to implementing a clinical information system (CIS) in a Hong Kong nursing home setting, from a healthcare specific socio-technical perspective. Data was collected through field observations (n = 12) and semi-structured individual interviews (n = 18) of CIS stakeholders in a Hong Kong nursing home, and analyzed using the immersion/crystallization approach. Complex interactions relevant to our case were contextualized and interpreted within the perspective of the Sittig-Singh Healthcare Socio-Technical Framework (HSTF). Three broad clusters of implementation barriers from the eight HSTF dimensions were identified: (a) Infrastructure-based barriers, which relate to conflict between government regulations and system functional needs of users; lack of financial support; inconsistency between workflow, work policy, and procedures; and inadequacy of hardware-software infrastructural and technical support; (b) Process-based barriers, which relate to mismatch between the technology, existing work practice and workflow, and communication; low system speed, accessibility, and stability; deficient computer literacy; more experience in health care profession; clinical content inadequacy and unavailability; as well as poor system usefulness and user interface design; and (c) Outcome-based barriers, which relate to the lack of measurement and monitoring of system effectiveness. Two additional dimensions underlining the importance of the ability of a CIS to change are proposed to extend the Sittig-Singh HSTF. First, advocacy would promote the articulation and influence of changes in the system and subsequent outcomes by CIS stakeholders, and second, adaptability would ensure the ability of the system to adjust to emerging needs. The broad set of discovered implementation shortcomings expands prior research on why CIS can fail in nursing home settings. Moreover, our investigation offers a knowledge base and recommendations that can serve

Liability and automation : issues and challenges for socio-technical systems

NARCIS (Netherlands)

Contissa, G.; Laukyte, M.; Sartor, G.; Schebesta, H.; Masutti, A.; Lanzi, P.; Marti, P.; Tomasello, P.

2013-01-01

Who is responsible for accidents in highly automated systems? How do we apportion liability among the various participants in complex socio-technical organisations? How can different liability regulations at different levels (supranational, national, local) be harmonized? How do we provide for

Modelling Socio-Technical Aspects of Organisational Security

DEFF Research Database (Denmark)

Ivanova, Marieta Georgieva

Identification of threats to organisations and risk assessment often take into consideration the pure technical aspects, overlooking the vulnerabilities originating from attacks on a social level, for example social engineering, and abstracting away the physical infrastructure. However, attacks...... would close this gap, however, it would also result in complicating the formal treatment and automatic identification of attacks. This dissertation shows that applying a system modelling approach to sociotechnical systems can be used for identifying attacks on organisations, which exploit various levels...... process calculus, we develop a formal analytical approach that generates attack trees from the model. The overall goal of the framework is to predict, prioritise and minimise the vulnerabilities in organisations by prohibiting the overall attack or at least increasing the difficulty and cost of fulfilling...

Bridging the Gap Between the Social and the Technical: The Enrolment of Socio-Technical Information Architects to Cope with the Two-Level Model of EPR Systems.

Science.gov (United States)

Pedersen, Rune

2017-01-01

This is a project proposal derived from an urge to re-define the governance of ICT in healthcare towards regional and national standardization of the patient pathways. The focus is on a two-levelled approach for governing EPR systems where the clinicians' model structured variables and patient pathways. The overall goal is a patient centric EPR portfolio. This paper define and enlighten the need for establishing the socio- technical architect role necessary to obtain the capabilities of a modern structured EPR system. Clinicians are not capable to moderate between the technical and the clinical.

[Application of classified protection of information security in the information system of air pollution and health impact monitoring].

Science.gov (United States)

Hao, Shuxin; Lü, Yiran; Liu, Jie; Liu, Yue; Xu, Dongqun

2018-01-01

To study the application of classified protection of information security in the information system of air pollution and health impact monitoring, so as to solve the possible safety risk of the information system. According to the relevant national standards and requirements for the information system security classified protection, and the professional characteristics of the information system, to design and implement the security architecture of information system, also to determine the protection level of information system. Basic security measures for the information system were developed in the technical safety and management safety aspects according to the protection levels, which effectively prevented the security risk of the information system. The information system established relatively complete information security protection measures, to enhanced the security of professional information and system service, and to ensure the safety of air pollution and health impact monitoring project carried out smoothly.

Liability and automation : issues and challenges for socio-technical systems

NARCIS (Netherlands)

Contissa, Giuseppe; Laukyte, Migle; Sartor, Giovanni; Schebesta, H.; Masutti, Anna; Lanzi, Paola; Marti, Patrizia; Paola, Tomasello

2013-01-01

Who is responsible for accidents in highly automated systems? How do we apportion liability among the various participants in complex socio-technical organisations? How can different liability regulations at different levels (supranational, national, local) be harmonized? How do we provide for

Developing a secured social networking site using information security awareness techniques

Directory of Open Access Journals (Sweden)

Julius O. Okesola

2014-11-01

Full Text Available Background: Ever since social network sites (SNS became a global phenomenon in almost every industry, security has become a major concern to many SNS stakeholders. Several security techniques have been invented towards addressing SNS security, but information security awareness (ISA remains a critical point. Whilst very few users have used social circles and applications because of a lack of users’ awareness, the majority have found it difficult to determine the basis of categorising friends in a meaningful way for privacy and security policies settings. This has confirmed that technical control is just part of the security solutions and not necessarily a total solution. Changing human behaviour on SNSs is essential; hence the need for a privately enhanced ISA SNS. Objective: This article presented sOcialistOnline – a newly developed SNS, duly secured and platform independent with various ISA techniques fully implemented. Method: Following a detailed literature review of the related works, the SNS was developed on the basis of Object Oriented Programming (OOP approach, using PhP as the coding language with the MySQL database engine at the back end. Result: This study addressed the SNS requirements of privacy, security and services, and attributed them as the basis of architectural design for sOcialistOnline. SNS users are more aware of potential risk and the possible consequences of unsecured behaviours. Conclusion: ISA is focussed on the users who are often the greatest security risk on SNSs, regardless of technical securities implemented. Therefore SNSs are required to incorporate effective ISA into their platform and ensure users are motivated to embrace it.

Socio-technical considerations in epilepsy electronic patient record implementation.

LENUS (Irish Health Repository)

Mc Quaid, Louise

2010-05-01

Examination of electronic patient record (EPR) implementation at the socio-technical interface. This study was based on the introduction of an anti-epileptic drug (AED) management module of an EPR in an epilepsy out-patient clinic. The objective was to introduce the module to a live clinical setting within strictly controlled conditions to evaluate its usability and usefulness.

Information Security Service Branding – beyond information security awareness

Directory of Open Access Journals (Sweden)

Rahul Rastogi

2012-12-01

Full Text Available End-users play a critical role in the effective implementation and running of an information security program in any organization. The success of such a program depends primarily on the effective implementation and execution of associated information security policies and controls and the resultant behavior and actions of end-users. However, end-users often have negative perception of information security in the organization and exhibit non-compliance. In order to improve compliance levels, it is vital to improve the image of information security in the minds of end-users. This paper borrows the concepts of brands and branding from the domain of marketing to achieve this objective and applies these concepts to information security. The paper also describes a process for creating the information security service brand in the organization.

Modeling interdependent socio-technical networks: The smart grid—an agent-based modeling approach

NARCIS (Netherlands)

Worm, D.; Langley, D.J.; Becker, J.

2014-01-01

The aim of this paper is to improve scientific modeling of interdependent socio-technical networks. In these networks the interplay between technical or infrastructural elements on the one hand and social and behavioral aspects on the other hand, plays an important role. Examples include electricity

Ideal Based Cyber Security Technical Metrics for Control Systems

Energy Technology Data Exchange (ETDEWEB)

W. F. Boyer; M. A. McQueen

2007-10-01

Much of the world's critical infrastructure is at risk from attack through electronic networks connected to control systems. Security metrics are important because they provide the basis for management decisions that affect the protection of the infrastructure. A cyber security technical metric is the security relevant output from an explicit mathematical model that makes use of objective measurements of a technical object. A specific set of technical security metrics are proposed for use by the operators of control systems. Our proposed metrics are based on seven security ideals associated with seven corresponding abstract dimensions of security. We have defined at least one metric for each of the seven ideals. Each metric is a measure of how nearly the associated ideal has been achieved. These seven ideals provide a useful structure for further metrics development. A case study shows how the proposed metrics can be applied to an operational control system.

CERN Technical Training: new courses on computer security

CERN Multimedia

HR Department

2009-01-01

Two new trainings are available at CERN concerning computer security. • How to create secure software? The "Developing secure software" course (3.5 hours) is designed for software programmers, both for regular software and Web applications. It covers main aspects of security in different phases of the software development lifecycle. The last, optional hour discusses security issues of Web application developers. This course, although not hands-on, is interactive and full of real-life examples. The first session of this course will take place, in English, on 21 April in the CERN Technical Training Centre. More sessions will be scheduled in 2009. • How to safely navigate and send mails? The "Secure e-mail and Web browsing" course is an entry-level 1.5-hour course designed to show how to detect and avoid typical security pitfalls encountered when e-mailing and browsing the Web. It is designed for non-technical users of Internet Explorer and Outlook. The first sessions ...

CERN Technical Training: new courses on computer security

CERN Multimedia

HR Department

2009-01-01

Two new trainings are available at CERN concerning computer security. • How to create secure software? The "Developing secure software" course (3.5 hours) is designed for software programmers, both for regular software and Web applications. It covers main aspects of security in different phases of the software development lifecycle. The last, optional hour discusses security issues of Web application developers. This course, although not hands-on, is interactive and full of real-life examples. The first session of this course will take place, in English, on 21 April in the CERN Technical Training Centre. More sessions will be scheduled in 2009. • How to safely navigate and send mails? The "Secure e-mail and Web browsing" course is an entry-level 1.5-hour course designed to show how to detect and avoid typical security pitfalls encountered when e-mailing and browsing the Web. It is designed for non-technical users of Internet Explorer and Outlook. The first sessions o...

CERN Technical Training: new courses on computer security

CERN Multimedia

HR Department

2009-01-01

Two new trainings are available at CERN concerning computer security. • How to create secure software? The "Developing secure software" course (3.5 hours) is designed for software programmers, both for regular software and Web applications. It covers main aspects of security in different phases of the software development lifecycle. The last, optional hour discusses security issues of Web application developers. This course, although not hands-on, is interactive and full of real-life examples. The first session of this course will take place, in English, on 21 April in the CERN Technical Training Center. More sessions will be scheduled in 2009. • How to safely navigate and send mails? The "Secure e-mail and Web browsing" course is an entry-level 1.5-hour training aimed to show how to detect and avoid typical security pitfalls encountered when e-mailing and browsing the Web. It is designed for non-technical users of Internet Explorer and Outlook. The first sessions o...

Research on information security system of waste terminal disposal process

Science.gov (United States)

Zhou, Chao; Wang, Ziying; Guo, Jing; Guo, Yajuan; Huang, Wei

2017-05-01

Informatization has penetrated the whole process of production and operation of electric power enterprises. It not only improves the level of lean management and quality service, but also faces severe security risks. The internal network terminal is the outermost layer and the most vulnerable node of the inner network boundary. It has the characteristics of wide distribution, long depth and large quantity. The user and operation and maintenance personnel technical level and security awareness is uneven, which led to the internal network terminal is the weakest link in information security. Through the implementation of security of management, technology and physics, we should establish an internal network terminal security protection system, so as to fully protect the internal network terminal information security.

A systematic literature review on security and privacy of electronic health record systems: technical perspectives.

Science.gov (United States)

Rezaeibagha, Fatemeh; Win, Khin Than; Susilo, Willy

Even though many safeguards and policies for electronic health record (EHR) security have been implemented, barriers to the privacy and security protection of EHR systems persist. This article presents the results of a systematic literature review regarding frequently adopted security and privacy technical features of EHR systems. Our inclusion criteria were full articles that dealt with the security and privacy of technical implementations of EHR systems published in English in peer-reviewed journals and conference proceedings between 1998 and 2013; 55 selected studies were reviewed in detail. We analysed the review results using two International Organization for Standardization (ISO) standards (29100 and 27002) in order to consolidate the study findings. Using this process, we identified 13 features that are essential to security and privacy in EHRs. These included system and application access control, compliance with security requirements, interoperability, integration and sharing, consent and choice mechanism, policies and regulation, applicability and scalability and cryptography techniques. This review highlights the importance of technical features, including mandated access control policies and consent mechanisms, to provide patients' consent, scalability through proper architecture and frameworks, and interoperability of health information systems, to EHR security and privacy requirements.

Do You Ignore Information Security in Your Journal Website?

Science.gov (United States)

Dadkhah, Mehdi; Borchardt, Glenn; Lagzian, Mohammad

2017-08-01

Nowadays, web-based applications extend to all businesses due to their advantages and easy usability. The most important issue in web-based applications is security. Due to their advantages, most academic journals are now using these applications, with papers being submitted and published through their websites. As these websites are resources for knowledge, information security is primary for maintaining their integrity. In this opinion piece, we point out vulnerabilities in certain websites and introduce the potential for future threats. We intend to present how some journals are vulnerable and what will happen if a journal can be infected by attackers. This opinion is not a technical manual in information security, it is a short inspection that we did to improve the security of academic journals.

Geological Disposal of Radioactive Waste: A Long-Term Socio-Technical Experiment.

Science.gov (United States)

Schröder, Jantine

2016-06-01

In this article we investigate whether long-term radioactive waste management by means of geological disposal can be understood as a social experiment. Geological disposal is a rather particular technology in the way it deals with the analytical and ethical complexities implied by the idea of technological innovation as social experimentation, because it is presented as a technology that ultimately functions without human involvement. We argue that, even when the long term function of the 'social' is foreseen to be restricted to safeguarding the functioning of the 'technical', geological disposal is still a social experiment. In order to better understand this argument and explore how it could be addressed, we elaborate the idea of social experimentation with the notion of co-production and the analytical tools of delegation, prescription and network as developed by actor-network theory. In doing so we emphasize that geological disposal inherently involves relations between surface and subsurface, between humans and nonhumans, between the social, material and natural realm, and that these relations require recognition and further elaboration. In other words, we argue that geological disposal concurrently is a social and a technical experiment, or better, a long-term socio-technical experiment. We end with proposing the idea of 'actor-networking' as a sensitizing concept for future research into what geological disposal as a socio-technical experiment could look like.

The cloud security ecosystem technical, legal, business and management issues

CERN Document Server

Ko, Ryan

2015-01-01

Drawing upon the expertise of world-renowned researchers and experts, The Cloud Security Ecosystem comprehensively discusses a range of cloud security topics from multi-disciplinary and international perspectives, aligning technical security implementations with the most recent developments in business, legal, and international environments. The book holistically discusses key research and policy advances in cloud security - putting technical and management issues together with an in-depth treaties on a multi-disciplinary and international subject. The book features contributions from key tho

Analysis of Information Security Management Systems at 5 Domestic Hospitals with More than 500 Beds

OpenAIRE

Park, Woo-Sung; Seo, Sun-Won; Son, Seung-Sik; Lee, Mee-Jeong; Kim, Shin-Hyo; Choi, Eun-Mi; Bang, Ji-Eon; Kim, Yea-Eun; Kim, Ok-Nam

2010-01-01

Objectives The information security management systems (ISMS) of 5 hospitals with more than 500 beds were evaluated with regards to the level of information security, management, and physical and technical aspects so that we might make recommendations on information security and security countermeasures which meet both international standards and the needs of individual hospitals. Methods The ISMS check-list derived from international/domestic standards was distributed to each hospital to com...

Information security fundamentals

CERN Document Server

Peltier, Thomas R

2013-01-01

Developing an information security program that adheres to the principle of security as a business enabler must be the first step in an enterprise's effort to build an effective security program. Following in the footsteps of its bestselling predecessor, Information Security Fundamentals, Second Edition provides information security professionals with a clear understanding of the fundamentals of security required to address the range of issues they will experience in the field.The book examines the elements of computer security, employee roles and r

Protecting safeguards information / Division of technical support

International Nuclear Information System (INIS)

2002-01-01

This DVD contains two films representing the key aspects of the IAEA Department of Safeguards. 'Protecting Safeguards Information' is a narrative/fiction film which presents the Agency's information handling and protection measures. A security representative from a fictional nation receives a briefing on the procedures and methods used by the Department. These techniques will assure member states that the information they provide to the Agency is kept safe and confidential. 'Division of Technical Support' is a non-fiction documentary which presents a detailed look at the technical capabilities and management techniques used by the Agency in nuclear material accountancy. The film covers many aspects of safeguards equipment and techniques including: NDA and DA instruments, seals, surveillance, training, development and maintenance. Taken together, these films provide an introduction and overview to many important aspects of the IAEA Department of Safeguards. (IAEA)

Socio-Technical Deliberation about Free and Open Source Software: Accounting for the Status of Artifacts in Public Life

Science.gov (United States)

Benoit-Barne, Chantal

2007-01-01

This essay investigates the rhetorical practices of socio-technical deliberation about free and open source (F/OS) software, providing support for the idea that a public sphere is a socio-technical ensemble that is discursive and fluid, yet tangible and organized because it is enacted by both humans and non-humans. In keeping with the empirical…

A socio-technical analysis of work with ideas in NPD: an industrial case study

DEFF Research Database (Denmark)

Gish, Liv; Hansen, Claus Thorp

2013-01-01

on piecing together a number of ideas that were developed and disseminated in a large industrial company. We do this through an in-depth case study of the development of the energy-labeled circulation pump Alpha Pro, developed by one of the world’s leading pump manufacturers, Grundfos. Using a socio-technical...... approach, we focus especially on the actors involved and the contextual factors, and less on the detailed development of technical ideas. In our study, we observe that (1) ideas are pieced together from previous ideas and results; (2) ideas are implemented through continuous mobilization of support...... and development of legitimate arguments; and (3) idea work is also a socio-technical process, because contextual factors matter. We observe that idea work is an ongoing process undertaken across different projects, actors, departments, strategies, and visions within Grundfos, while also involving external actors...

Assessing socio-technical mindsets: Public deliberations on carbon capture and storage in the context of energy sources and climate change

International Nuclear Information System (INIS)

Einsiedel, Edna F.; Boyd, Amanda D.; Medlock, Jennifer; Ashworth, Peta

2013-01-01

The adaptation and transition to new configurations of energy systems brought on by challenges of climate change, energy security, and sustainability have encouraged more integrative approaches that bring together the social and technical dimensions of technology. The perspectives of energy systems and climate change play an important role in the development and implementation of emerging energy technologies and attendant policies on greenhouse gas reduction. This research examines citizens’ views on climate change and a number of energy systems, with a specific focus on the use of carbon capture and storage (CCS) as a technology to address greenhouse gas emissions. An all-day workshop with 82 local participants was held in the city of Calgary in Alberta, Canada to explore the views of climate change, energy and CCS. Participants were provided the opportunity to ask experts questions and discuss in small groups their views of climate change policy and energy systems. Results demonstrate that participants’ assessments of energy systems are influenced by social–political–institutional–economic contexts such as trust in industry and government, perception of parties benefiting from the technology, and tradeoffs between energy systems. We discuss our findings in the context of understanding social learning processes as part of socio-technical systems change. - Highlight: ► Energy systems are judged in the context of wider socio-technical system dimensions. ► Skepticism about climate change may affect support for CCS. ► Concerns about CCS include: CO 2 leaks, accuracy of monitoring and costs.

Information security: where computer science, economics and psychology meet.

Science.gov (United States)

Anderson, Ross; Moore, Tyler

2009-07-13

Until ca. 2000, information security was seen as a technological discipline, based on computer science but with mathematics helping in the design of ciphers and protocols. That perspective started to change as researchers and practitioners realized the importance of economics. As distributed systems are increasingly composed of machines that belong to principals with divergent interests, incentives are becoming as important to dependability as technical design. A thriving new field of information security economics provides valuable insights not just into 'security' topics such as privacy, bugs, spam and phishing, but into more general areas of system dependability and policy. This research programme has recently started to interact with psychology. One thread is in response to phishing, the most rapidly growing form of online crime, in which fraudsters trick people into giving their credentials to bogus websites; a second is through the increasing importance of security usability; and a third comes through the psychology-and-economics tradition. The promise of this multidisciplinary research programme is a novel framework for analysing information security problems-one that is both principled and effective.

To The Question Of The Concepts "National Security", "Information Security", "National Information Security" Meanings

OpenAIRE

Alexander A. Galushkin

2015-01-01

In the present article author analyzes value of the concepts "national security", "information security", "national information security". Author gives opinions of scientists-jurists, definitions given by legislators and normotvorets in various regulations.

Socio-technical systems and interaction design - 21st century relevance.

Science.gov (United States)

Maguire, Martin

2014-03-01

This paper focuses on the relationship between the socio-technical system and the user-technology interface. It looks at specific aspects of the organisational context such as multiple user roles, job change, work processes and workflows, technical infrastructure, and the challenges they present for the interaction designer. The implications of trends such as more mobile and flexible working, the use of social media, and the growth of the virtual organisation, are also considered. The paper also reviews rapidly evolving technologies such as pervasive systems and artificial intelligence, and the skills that workers will need to engage with them. Copyright © 2013 Elsevier Ltd and The Ergonomics Society. All rights reserved.

76 FR 323 - Information Systems Technical Advisory Committee; Notice of Partially Closed Meeting

Science.gov (United States)

2011-01-04

... Computing, Technology and Security Issues Thursday, January 27 Closed Session 8. Discussion of matters... DEPARTMENT OF COMMERCE Bureau of Industry and Security Information Systems Technical Advisory...), Building 33, Cloud Room, 53560 Hull Street, San Diego, California 92152. The Committee advises the Office...

Information Systems Security Audit

OpenAIRE

Gheorghe Popescu; Veronica Adriana Popescu; Cristina Raluca Popescu

2007-01-01

The article covers:Defining an information system; benefits obtained by introducing new information technologies; IT management;Defining prerequisites, analysis, design, implementation of IS; Information security management system; aspects regarding IS security policy; Conceptual model of a security system; Auditing information security systems and network infrastructure security.

The role of socio-technical principles in leveraging meaningful benefits from IT investments.

Science.gov (United States)

Doherty, Neil F

2014-03-01

In recent years there has been a great deal of academic and practitioner interest in the role of 'benefits realisation management' [BRM] approaches, as a means of proactively leveraging value from IT investments. This growing body of work owes a very considerable, but as yet unacknowledged, debt to the work of Ken Eason, and other early socio-technical theorists. Consequently, the aim of this paper is to demonstrate, using the literature, how many of the principles, practices and techniques of BRM have evolved either directly or indirectly from socio-technical approaches to systems design. In so doing, this article makes a further important contribution to the literature by explicitly identifying the underlying principles and key practices of benefits realisation management. Copyright © 2012 Elsevier Ltd and The Ergonomics Society. All rights reserved.

AN ANALYSIS OF TECHNICAL SECURITY CONTROL REQUIREMENTS FOR DIGITAL I&C SYSTEMS IN NUCLEAR POWER PLANTS

Directory of Open Access Journals (Sweden)

JAE-GU SONG

2013-10-01

Full Text Available Instrumentation and control systems in nuclear power plants have been digitalized for the purpose of maintenance and precise operation. This digitalization, however, brings out issues related to cyber security. In the most recent past, international standard organizations, regulatory institutes, and research institutes have performed a number of studies addressing these systems cyber security. In order to provide information helpful to the system designers in their application of cyber security for the systems, this paper presents methods and considerations to define attack vectors in a target system, to review and select the requirements in the Regulatory Guide 5.71, and to integrate the results to identify applicable technical security control requirements. In this study, attack vectors are analyzed through the vulnerability analyses and penetration tests with a simplified safety system, and the elements of critical digital assets acting as attack vectors are identified. Among the security control requirements listed in Appendices B and C to Regulatory Guide 5.71, those that should be implemented into the systems are selected and classified in groups of technical security control requirements using the results of the attack vector analysis. For the attack vector elements of critical digital assets, all the technical security control requirements are evaluated to determine whether they are applicable and effective, and considerations in this evaluation are also discussed. The technical security control requirements in three important categories of access control, monitoring and logging, and encryption are derived and grouped according to the elements of attack vectors as results for the sample safety system.

Medical Information Security

OpenAIRE

William C. Figg, Ph.D.; Hwee Joo Kam, M.S.

2011-01-01

Modern medicine is facing a complex environment, not from medical technology but rather government regulations and information vulnerability. HIPPA is the government’s attempt to protect patient’s information yet this only addresses traditional record handling. The main threat is from the evolving security issues. Many medical offices and facilities have multiple areas of information security concerns. Physical security is often weak, office personnel are not always aware of security needs an...

The basics of information security understanding the fundamentals of InfoSec in theory and practice

CERN Document Server

Andress, Jason

2014-01-01

As part of the Syngress Basics series, The Basics of Information Security provides you with fundamental knowledge of information security in both theoretical and practical aspects. Author Jason Andress gives you the basic knowledge needed to understand the key concepts of confidentiality, integrity, and availability, and then dives into practical applications of these ideas in the areas of operational, physical, network, application, and operating system security. The Basics of Information Security gives you clear-non-technical explanations of how infosec works and how to apply these princi

The Shaping of the Scandinavian Socio-technical IS Research Tradition

DEFF Research Database (Denmark)

Bjørn-Andersen, Niels; Clemmensen, Torkil

2017-01-01

voice of the autoethnographer and the questioning voice of a younger researcher, the second author, who wants to bridge S/T into the future. The main contributions of this paper are to provide: 1) insights into career development in IS in general and in one of the Scandinavian IS pioneers in particular......This paper relates stories instrumental in shaping the career of an individual and which have also contributed to shaping of the IS field in general and the ‘Scandinavian Socio-Technical (S/T) Information Systems Research Tradition’ in particular. The method in this paper is an autoethnography......; 2) a historic account of some of the key events in the early days of S/T IS in Scandinavia; 3) an account of the experiences and the challenges in creating a new research field such as IS; and 4) a summary of Niels’s key learnings hopefully relevant to young and mid-career IS researchers....

A socio-organizational approach to information systems security management in the context of internet banking

OpenAIRE

Koskosas, loannis Vasileios

2004-01-01

This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University. This thesis takes a social and organizational point of view for studying information systems security in the context of internet banking. While the internet provides opportunities for businesses to extend their public network infrastructure, reduce transaction costs, and sell a wide range of products and services worldwide, security threats impede the business. Although, a number ...

Information Security Risks on a University Campus

Directory of Open Access Journals (Sweden)

Amer A. Al-Rawas

2002-06-01

Full Text Available This paper is concerned with issues relating to security in the provision of information systems (IS services within a campus environment. It is based on experiences with a specific known environment; namely Sultan Qaboos University. In considering the risks and challenges that face us in the provision of IS services we need to consider a number of interwoven subject areas.  These are: the importance of information to campus communities, the types of information utilised, and the risk factors that relate to the provision of IS services. Based on our discussion of the risk factors identified within this paper, we make a number of recommendations for improving security within any environment that wishes to take the matter seriously. These recommendations are classified into three main groups: general, which are applicable to the entire institution; social, aimed at the work attitudes of staff and students; and technical, addressing the skills and technologies required.

The interplay of institutions, actors and technologies in socio-technical systems - An analysis of transformations in the Australian urban water sector

NARCIS (Netherlands)

Fuenfschilling, Lea; Truffer, Bernhard

2016-01-01

Literature on socio-technical transitions has primarily emphasized the co-determination of institutions and technologies. In this paper, we want to focus on how actors play a mediating role between these two pillars of a socio-technical system. By introducing the theoretical concept of institutional

Technical obstacles to nuclear security - Russian perspective

International Nuclear Information System (INIS)

Pshakin, G.

2005-01-01

Full text: Present political, economical and social development the world - wide and in particular countries and regions facilitate number of serious and dangerous challenges for people responsible for security of materials and facilities, which could be used as a threat to the humankind in case of unauthorized approach. A number of factors have impact on the security including political, social, financial and technical nature. The security of nuclear materials and facilities where nuclear materials located and under processing is facing a number of problems such as control of the personnel who is handling the materials, access to the materials and the facilities, accounting and control of the materials storage, transportation, transactions, processing, physical protection of the materials. Each aspect of those problems must be taken into account for establishing most efficient way to keep the nuclear materials out of hands of the terrorists. Technical aspects which require serious and intent relation from political and technical communities in Russia (as example) are the following: legal base for nuclear materials protection, control and accounting and export control; personnel for nuclear materials control and accounting - skill, reliability, responsibility, training and new generation education; personnel for physical protection - skill, reliability, responsibility, training; structure of the system and equipment for materials control, verification, accountability; structure of the system and equipment for physical protection; regulatory supervision of the MPC+A system effectiveness. (author)

Personal health records in the South African healthcare landscape: a socio-technical analysis

CSIR Research Space (South Africa)

Mxoli, A

2014-11-01

Full Text Available and control non-communicable lifestyle diseases. Despite numerous benefits adoption rates are low, and little is known regarding the factors that affect adoption in the South African context. This exploratory paper highlights socio-technical factors that can...

Facilitating computer supported cooperative work with socio-technical self-descriptions

OpenAIRE

Kunau, Gabriele

2006-01-01

How can the concept of self-description from newer systems theory be used for improving the co-evolvement of software engineering and organizational change in CSCW-projects? This thesis suggests transferring the concept of self-description into a concept of socio-technical self-description allowing an organization to describe its own computer supported work processes. The presentation of results is organized in four steps: First, a theoretical foundation is elaborated; second, an initial meth...

Internet - Technical Developments and Applications 2

CERN Document Server

Tkacz, Ewaryst; Rostanski, Maciej

2012-01-01

The unusual direct progress of civilization in many fields concerning technical sciences is being observed in the period of last two decades. Experiencing extraordinary dynamics of the development of technological processes, particularly in ways of communicating, makes us believe that  the information society is coming into existence. Having the information in today’s world of changing attitudes and socio-economic conditions can be perceived as one of the most important advantages. The content of this book is divided into four parts: ·         Mathematical and technical fundamentals, ·         Information management systems and project management ·         Information security and business continuity management ·         Interdisciplinary problems This monograph has been prepared to contribute in a significant way to the success of implementing consequences of human imagination  into social life. The authors believe that this monograph will influence the further technol...

An analysis of Technical Security Control Requirements For Digital I and C Systems in Nuclear Power Plants

International Nuclear Information System (INIS)

Song, Jaegu; Lee, Jungwoon; Park, Geeyong; Kwon, Keechoon; Lee, Dongyoung; Lee, Cheolkwon

2013-01-01

Instrumentation and control systems in nuclear power plants have been digitalized for the purpose of maintenance and precise operation. This digitalization, however, brings out issues related to cyber security. In the most recent past, international standard organizations, regulatory institutes, and research institutes have performed a number of studies addressing these systems cyber security. In order to provide information helpful to the system designers in their application of cyber security for the systems, this paper presents methods and considerations to define attack vectors in a target system, to review and select the requirements in the Regulatory Guide 5.71, and to integrate the results to identify applicable technical security control requirements. In this study, attack vectors are analyzed through the vulnerability analyses and penetration tests with a simplified safety system, and the elements of critical digital assets acting as attack vectors are identified. Among the security control requirements listed in Appendices B and C to Regulatory Guide 5.71, those that should be implemented into the systems are selected and classified in groups of technical security control requirements using the results of the attack vector analysis. For the attack vector elements of critical digital assets, all the technical security control requirements are evaluated to determine whether they are applicable and effective, and considerations in this evaluation are also discussed. The technical security control requirements in three important categories of access control, monitoring and logging, and encryption are derived and grouped according to the elements of attack vectors as results for the sample safety system

An analysis of Technical Security Control Requirements For Digital I and C Systems in Nuclear Power Plants

Energy Technology Data Exchange (ETDEWEB)

Song, Jaegu; Lee, Jungwoon; Park, Geeyong; Kwon, Keechoon; Lee, Dongyoung; Lee, Cheolkwon [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of)

2013-10-15

Instrumentation and control systems in nuclear power plants have been digitalized for the purpose of maintenance and precise operation. This digitalization, however, brings out issues related to cyber security. In the most recent past, international standard organizations, regulatory institutes, and research institutes have performed a number of studies addressing these systems cyber security. In order to provide information helpful to the system designers in their application of cyber security for the systems, this paper presents methods and considerations to define attack vectors in a target system, to review and select the requirements in the Regulatory Guide 5.71, and to integrate the results to identify applicable technical security control requirements. In this study, attack vectors are analyzed through the vulnerability analyses and penetration tests with a simplified safety system, and the elements of critical digital assets acting as attack vectors are identified. Among the security control requirements listed in Appendices B and C to Regulatory Guide 5.71, those that should be implemented into the systems are selected and classified in groups of technical security control requirements using the results of the attack vector analysis. For the attack vector elements of critical digital assets, all the technical security control requirements are evaluated to determine whether they are applicable and effective, and considerations in this evaluation are also discussed. The technical security control requirements in three important categories of access control, monitoring and logging, and encryption are derived and grouped according to the elements of attack vectors as results for the sample safety system.

Tool-based Risk Assessment of Cloud Infrastructures as Socio-Technical Systems

DEFF Research Database (Denmark)

Nidd, Michael; Ivanova, Marieta Georgieva; Probst, Christian W.

2015-01-01

Assessing risk in cloud infrastructures is difficult. Typical cloud infrastructures contain potentially thousands of nodes that are highly interconnected and dynamic. Another important component is the set of human actors who get access to data and computing infrastructure. The cloud infrastructure...... exercise for cloud infrastructures using the socio-technical model developed in the TRESPASS project; after showing how to model typical components of a cloud infrastructure, we show how attacks are identified on this model and discuss their connection to risk assessment. The technical part of the model...... is extracted automatically from the configuration of the cloud infrastructure, which is especially important for systems so dynamic and complex....

Electronic healthcare information security

CERN Document Server

Dube, Kudakwashe; Shoniregun, Charles A

2010-01-01

The ever-increasing healthcare expenditure and pressing demand for improved quality and efficiency of patient care services are driving innovation in healthcare information management. The domain of healthcare has become a challenging testing ground for information security due to the complex nature of healthcare information and individual privacy. ""Electronic Healthcare Information Security"" explores the challenges of e-healthcare information and security policy technologies. It evaluates the effectiveness of security and privacy implementation systems for anonymization methods and techniqu

Pragmatic security metrics applying metametrics to information security

CERN Document Server

Brotby, W Krag

2013-01-01

Other books on information security metrics discuss number theory and statistics in academic terms. Light on mathematics and heavy on utility, PRAGMATIC Security Metrics: Applying Metametrics to Information Security breaks the mold. This is the ultimate how-to-do-it guide for security metrics.Packed with time-saving tips, the book offers easy-to-follow guidance for those struggling with security metrics. Step by step, it clearly explains how to specify, develop, use, and maintain an information security measurement system (a comprehensive suite of metrics) to

Information technology - Security techniques - Information security management systems - Requirements

CERN Document Server

International Organization for Standardization. Geneva

2005-01-01

ISO/IEC 27001:2005 covers all types of organizations (e.g. commercial enterprises, government agencies, not-for profit organizations). ISO/IEC 27001:2005 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization's overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof. ISO/IEC 27001:2005 is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties. ISO/IEC 27001:2005 is intended to be suitable for several different types of use, including the following: use within organizations to formulate security requirements and objectives; use within organizations as a way to ensure that security risks are cost effectively managed; use within organizations to ensure comp...

AUDITING THE SECURITY OF INFORMATION SYSTEMS WITHIN AN ORGANIZATION

Directory of Open Access Journals (Sweden)

STEGĂROIU CARINA-ELENA

2013-02-01

Full Text Available The safety provided by a well configured firewall is no excuse for neglecting the standard security procedures;setting up and installing a firewall is the first line of defense and not a full proof solution, auditing being only onecomponent of the system, whilst the other is protecting the resources and when we consider auditing as being theprocess of recording certain events that take place on a computer or within a network, we must come to the conclusionthat this is the only technique that allows us to identify the source of a possible issue within the network.Information security is used as a means to protect the intellectual property rights, whilst the main objective insetting up an information security system is to enlist the confidence of prospective business partners. In accordancewith the legal requisites and the principle of maximizing one’s investment, regardless of the many forms it could take,or the means through which it is stored, transmitted or distributed, information must be protected.Information security is not only a technical problem, but mainly a managerial issue, as the security standard,ISO/IEC 17799 meets the needs of any type of organization, be it public or private, through a series of practices relatedto the management of information security.This paper aims to present the process of taking entry data from a plethora of programs and storing it in acentral location. Due to its flexibility, this process can be a useful auditing instrument, as long as we are familiar withthe way it works and how the events are recorded.

Information Security: USDA Needs to Implement Its Departmentwide Information Security Plan

National Research Council Canada - National Science Library

2000-01-01

USDA has taken positive steps to begin improving its information security by developing its August 1999 Action Plan with recommendations to strengthen department-wide information security and hiring...

Socio-philosophical preconditions of formation of the concept of security in protosociology

Directory of Open Access Journals (Sweden)

L. V. Kalashnikova

2016-08-01

The development of the theory of security is impossible without taking into account the foundations of social and philosophical heritage in this area, which is often out of sight of researchers. Socio-philosophical prerequisites of security concept creates the necessary conditions for the formation of general ideas about it as an objective reality, the study of which with the use of scientific and special methods of knowledge allows us to formulate the basic laws, scientific system of safety management principles that will ensure the safe existence of the person, the effective functioning of society and the state.

Analysis of Russian Federation Foreign Policy in the Field of International Information Security

Directory of Open Access Journals (Sweden)

Elena S. Zinovieva

2014-01-01

Full Text Available Information and communication technologies (ICT play an essential role in the improvement of the quality of life, economic and socio-political of individual countries and humanity in general. However, ICT development is fraught with new challenges and threats to international and national security. Interstate rivalry in the information sphere generates conflicts, an extreme form of which is an information war. Since 1998, the Russian initiative supports the international cooperation on information security at the global and regional level as well as within the framework of the bilateral relations. The article analyzes the characteristics of the global information society, which has a decisive influence on the international security in the information age, as well as international cooperation in this field. The analysis of Russian foreign policy initiatives in the field of international information security is also presented. Today more than 130 countries develop cyber capabilities, both defensive and offensive, that pose serious threats to the international stability. It's difficult to trace the source of information attacks and its consequences can be devastating and cause retaliation, including the use of conventional weapons. In this situation Russian approach, advocating for the development of the rules of conduct of States and demilitarization of information space in order to ensure its safety, seems urgent and relevant with the international situation.

Conceptualising Digital Materiality and its Socio-Technical Implications through the Phenomenon of Crowdsourcing

Directory of Open Access Journals (Sweden)

Patricia Morizio

2014-10-01

Full Text Available Digital materiality is a relatively new concept in the information systems literature that attempts to give “substance” to, or explain the material properties of, digital artefacts. These artefacts, such as software programs, are challenging our traditional assumptions of what is “materiality”. Crowdsourcing or the aggregation of publicly-reported data for a variety of purposes – from tracking instances of violence within a geographic area, to coordinating information for aid agencies working in humanitarian emergency situations – is an example technology that transcends the line of a purely physical or digital object. This paper will briefly touch on the definition of digital materiality within IS thought, followed by a discussion of how crowdsourcing fits into its conceptualisation, namely in terms of its characteristics and organisational consequences. The purpose is to instantiate the more theoretical notion of digital materiality through a tangible technology with far-reaching socio-technical implications.

Towards Information Security Awareness

OpenAIRE

Marius Petrescu; Delia Mioara Popescu; Nicoleta Sirbu

2010-01-01

Information security has come to be recognized as increasingly important because global communication and information systems allow a potentially large number of unauthorized users to access and possibly alter information from around the world. As the dependence on information systems grows, so the security of information networks becomes ever more critical to any entity, no matter if it is a company or a public institution. Information security involves both technology and people. Any securi...

A socio-technical perspective on the electrification of the automobile: Niche and regime interaction

NARCIS (Netherlands)

Dijk, Marc

2014-01-01

This paper offers a socio-technical perspective on how the introduction of various alternatives to the internal combustion engine, especially the full-electric vehicle, influences the established propulsion technology (ICE). This perspective helps to move beyond the well-known incremental vs.

Implementing an Information Security Program

Energy Technology Data Exchange (ETDEWEB)

Glantz, Clifford S.; Lenaeus, Joseph D.; Landine, Guy P.; O' Neil, Lori Ross; Leitch, Rosalyn; Johnson, Christopher; Lewis, John G.; Rodger, Robert M.

2017-11-01

The threats to information security have dramatically increased with the proliferation of information systems and the internet. Chemical, biological, radiological, nuclear, and explosives (CBRNe) facilities need to address these threats in order to protect themselves from the loss of intellectual property, theft of valuable or hazardous materials, and sabotage. Project 19 of the European Union CBRN Risk Mitigation Centres of Excellence Initiative is designed to help CBRN security managers, information technology/cybersecurity managers, and other decision-makers deal with these threats through the application of cost-effective information security programs. Project 19 has developed three guidance documents that are publically available to cover information security best practices, planning for an information security management system, and implementing security controls for information security.

Information Assurance Security in the Information Environment

CERN Document Server

Blyth, Andrew

2006-01-01

Intended for IT managers and assets protection professionals, this work aims to bridge the gap between information security, information systems security and information warfare. It covers topics such as the role of the corporate security officer; Corporate cybercrime; Electronic commerce and the global marketplace; Cryptography; and, more.

STRUCTURAL AND FUNCTIONAL MODEL OF FORMING INFORMATIONAL COMPETENCE OF TECHNICAL UNIVERSITY STUDENTS

Directory of Open Access Journals (Sweden)

Taras Ostapchuk

2016-11-01

Full Text Available The article elaborates and analyses the structural and functional model of formation of information competence of technical university students. The system and mutual relationships between its elements are revealed. It is found out that the presence of the target structure of the proposed model, process and result-evaluative blocks ensure its functioning and the opportunity to optimize the learning process for technical school students’ information training. It is established that the formation of technical university students’ information competence based on components such as motivational value, as well as operational activity, cognitive, and reflexive one. These criteria (motivation, operational and activity, cognitive, reflective, indexes and levels (reproductive, technologized, constructive forming technical university students’ information competence are disclosed. Expediency of complex organizational and educational conditions in the stages of information competence is justified. The complex organizational and pedagogical conditions include: orientation in the organization and implementation of class work for technical university students’ positive value treatment; the issue of forming professionalism; informatization of educational and socio-cultural environment of higher technical educational institutions; orientation of technical university students’ training to the demands of European and international standards on information competence as a factor in the formation of competitiveness at the labor market; introducing a special course curriculum that will provide competence formation due to the use of information technology in professional activities. Forms (lecture, visualization, problem lecture, combined lecture, scientific online conference, recitals, excursions, etc., tools (computer lab, multimedia projector, interactive whiteboard, multimedia technology (audio, video, the Internet technologies; social networks, etc

Information security management handbook

CERN Document Server

2002-01-01

The Information Security Management Handbook continues its tradition of consistently communicating the fundamental concepts of security needed to be a true CISSP. In response to new developments, Volume 4 supplements the previous volumes with new information covering topics such as wireless, HIPAA, the latest hacker attacks and defenses, intrusion detection, and provides expanded coverage on security management issues and applications security. Even those that don't plan on sitting for the CISSP exam will find that this handbook is a great information security reference.The changes in the tech

Information security cost management

CERN Document Server

Bazavan, Ioana V

2006-01-01

While information security is an ever-present challenge for all types of organizations today, most focus on providing security without addressing the necessities of staff, time, or budget in a practical manner.Information Security Cost Management offers a pragmatic approach to implementing information security, taking budgetary and real-world constraints into consideration. By providing frameworks, step-by-step processes, and project management breakdowns, this book demonstrates how to design the best security strategy with the resources you have available. Organized into five sections, the book-Focuses on setting the right road map so that you can be most effective in your information security implementationsDiscusses cost-effective staffing, the single biggest expense to the security organizationPresents practical ways to build and manage the documentation that details strategy, provides resources for operating annual audits, and illustrates how to advertise accomplishments to senior management effectivelyI...

Information security management handbook

CERN Document Server

Tipton, Harold F

2003-01-01

Since 1993, the Information Security Management Handbook has served not only as an everyday reference for information security practitioners but also as an important document for conducting the intense review necessary to prepare for the Certified Information System Security Professional (CISSP) examination. Now completely revised and updated and in its fifth edition, the handbook maps the ten domains of the Information Security Common Body of Knowledge and provides a complete understanding of all the items in it. This is a ...must have... book, both for preparing for the CISSP exam and as a c

Information security principles and practice

CERN Document Server

Stamp, Mark

2011-01-01

Now updated-your expert guide to twenty-first century information security Information security is a rapidly evolving field. As businesses and consumers become increasingly dependent on complex multinational information systems, it is more imperative than ever to protect the confidentiality and integrity of data. Featuring a wide array of new information on the most current security issues, this fully updated and revised edition of Information Security: Principles and Practice provides the skills and knowledge readers need to tackle any information security challenge. Taking a pract

Overcoming the socio-technical divide: A long-term source of hope in feminist studies of computer science

Directory of Open Access Journals (Sweden)

Corinna Bath

2008-07-01

Full Text Available The dichotomy of the technical and the social is strongly gendered in western thought. Therefore, potential dissolutions of the socio-technical divide have always been a source of hope from a feminist point of view. The starting point of this contribution are recent trends in the computer science discipline, such as the new interaction paradigm and the concept of ‘social machines’, which seem to challenge the borderline of the technical as opposed to the social and, thereby, refresh promises for changes in the gender-technology relationship. The paper primarily explores the entanglement between the socio-technical divide and the structural-symbolic gender order on the basis of historical academic discourses in German computer science. Thereby, traditions of critical thinking in the German computer science discipline and related feminist voices are introduced. A reflection of these historical discourses indicates that ‘interaction’ and ‘social machines’ are contested zones, which call for feminist intervention.

How a submarine returns to periscope depth: analysing complex socio-technical systems using Cognitive Work Analysis.

Science.gov (United States)

Stanton, Neville A; Bessell, Kevin

2014-01-01

This paper presents the application of Cognitive Work Analysis to the description of the functions, situations, activities, decisions, strategies, and competencies of a Trafalgar class submarine when performing the function of returning to periscope depth. All five phases of Cognitive Work Analysis are presented, namely: Work Domain Analysis, Control Task Analysis, Strategies Analysis, Social Organisation and Cooperation Analysis, and Worker Competencies Analysis. Complex socio-technical systems are difficult to analyse but Cognitive Work Analysis offers an integrated way of analysing complex systems with the core of functional means-ends analysis underlying all of the other representations. The joined-up analysis offers a coherent framework for understanding how socio-technical systems work. Data were collected through observation and interviews at different sites across the UK. The resultant representations present a statement of how the work domain and current activities are configured in this complex socio-technical system. This is intended to provide a baseline, from which all future conceptions of the domain may be compared. The strength of the analysis is in the multiple representations from which the constraints acting on the work may be analysed. Future research needs to challenge the assumptions behind these constraints in order to develop new ways of working. Copyright © 2013 Elsevier Ltd and The Ergonomics Society. All rights reserved.

Information-Psychological Security and Near-Scientific Activity

Directory of Open Access Journals (Sweden)

A. I. Afonin

2017-01-01

Full Text Available In accordance with the new version of the “Information Security Doctrine of the Russian Federation (adopted in December 2016, in information security agenda its information-psychological component was selected for further study. Attention is drawn to the need to ensure the information-psychological security of certain categories of citizens, social groups and society in general, taking into account a differentiated approach to assessing threats that arise in the course of their life. The article briefly considers the science rank among the forms of the human activities and notes that when involving in science-based and science-applied activities the near-scientific activity, which is often briefly referred to as pseudoscience, shows up as one of the threats.The article presents main forms to show of the near-scientific (pseudoscientific activity, namely parascience, quasi-science, pseudoscience, and monetary scientism.Drawing on the example of one of the near-scientific activity products, called "psychotronic weapon", the article clearly shows the emergence and evolution of this pseudoscientific product, the attempts of its implementation in practice, and the subsequent negative consequences of these attempts for society.Taking into account the survivability of the near-scientific activity, it is proposed to include lectures in the curricula of technical universities to introduce threats from pseudoscience to graduates of higher educational institutions who may face them both in their employment activity and in everyday life.

Designing and constructing/installing technical security countermeasures (TSCM) into supersensitive facilities

International Nuclear Information System (INIS)

Davis, D.L.

1988-01-01

The design and construction of supersensitive facilities and the installation of systems secure from technical surveillance and sabotage penetration involve ''TSCM'' in the broad sense of technical ''security'' countermeasures. When the technical threat was at a lower level of intensity and sophistication, it was common practice to defer TSCM to the future facility occupant. However, the New Moscow Embassy experience has proven this course of action subject to peril. Although primary concern with the embassy was audio surveillance, elsewhere there are other threats of equal or greater concern, e.g., technical implants may be used to monitor readiness status or interfere with the operation of C3I and weapons systems. Present and future technical penetration threats stretch the imagination. The Soviets have committed substantial hard scientific resources to a broad range of technical intelligence, even including applications or parapsychology. Countering these threats involves continuous TSCM precautions from initial planning to completion. Designs and construction/installation techniques must facilitate technical inspections and preclude the broadest range of known and suspected technical penetration efforts

Designing and constructing/installing technical security countermeasures (TSCM) into supersensitive facilities

Energy Technology Data Exchange (ETDEWEB)

Davis, D.L.

1988-01-01

The design and construction of supersensitive facilities and the installation of systems secure from technical surveillance and sabotage penetration involve ''TSCM'' in the broad sense of technical ''security'' countermeasures. When the technical threat was at a lower level of intensity and sophistication, it was common practice to defer TSCM to the future facility occupant. However, the New Moscow Embassy experience has proven this course of action subject to peril. Although primary concern with the embassy was audio surveillance, elsewhere there are other threats of equal or greater concern, e.g., technical implants may be used to monitor readiness status or interfere with the operation of C3I and weapons systems. Present and future technical penetration threats stretch the imagination. The Soviets have committed substantial hard scientific resources to a broad range of technical intelligence, even including applications or parapsychology. Countering these threats involves continuous TSCM precautions from initial planning to completion. Designs and construction/installation techniques must facilitate technical inspections and preclude the broadest range of known and suspected technical penetration efforts.

Socio-technical barriers to the use of energy-efficient timber drying technology in New Zealand

International Nuclear Information System (INIS)

Bell, Martha; Carrington, Gerry; Lawson, Rob; Stephenson, Janet

2014-01-01

This study of industrial energy behaviours identifies barriers to the use of energy-efficient drying technology in the New Zealand timber industry, and explores these barriers through the “energy cultures” lens. Vented kiln dryers were preferred by larger firms and heat pump kiln dryers were used by smaller firms. Although few firms could specify all their costs, we found no significant differences in the average operating costs, drying costs or commercial success of the larger and smaller firms. We found that socio-technical barriers create “energy cultures” at the level of both the firm and the sector, supporting the dominance of vented kiln dryers. The prevailing technologies, practices and norms at the sector level strongly support vented kilns, the status quo being embedded in the socio-technical context, hindering technological learning, improved energy efficiency and innovation. Influential stakeholders in the industry were thus part of, and locked into, the industry-wide energy culture, and were not in a position to effect change. We conclude that actors external to the prevailing industry energy culture need to leverage change in the industry norms, practices and/or technologies in order to reap the advantages of energy-efficient drying technology, assist its continued evolution and avoid the risks of path-dependency. - Highlights: • Firms processing timber in New Zealand use two main drying technologies. • Relatively inefficient vented dryers dominate over energy-efficient heat pumps. • Operating costs are similar but the socio-technical regime supports vented dryers. • Stasis is created by fixed energy cultures both within firms and across the sector. • Stasis hampers technical development in heat pump drying and business innovation

Technical and socio-political issues in radioactive waste disposal 1986. Vol. 1

International Nuclear Information System (INIS)

Parker, F.L.; Kasperson, R.E.; Andersson, T.L.; Parker, S.A.

1987-11-01

The purpose of the study was to provide an integrated technical and socio-political analysis of how six countries (Federal Republic of Germany, France, Sweden, Switzerland, United Kingdom and the United States of America) have responded to four key issues in radioactive waste management: a) What constitutes 'safe' or 'absolutely safe' disposal, b) site selection processes, c) timing and type of interim storage. (orig./HP)

INFORMATION SYSTEM SECURITY (CYBER SECURITY

Directory of Open Access Journals (Sweden)

Muhammad Siddique Ansari

2016-03-01

Full Text Available Abstract - Business Organizations and Government unequivocally relies on upon data to deal with their business operations. The most unfavorable impact on association is disappointment of friendship, goodness, trustworthiness, legitimacy and probability of data and administrations. There is an approach to ensure data and to deal with the IT framework's Security inside association. Each time the new innovation is made, it presents some new difficulties for the insurance of information and data. To secure the information and data in association is imperative on the grounds that association nowadays inside and remotely joined with systems of IT frameworks. IT structures are inclined to dissatisfaction and security infringement because of slips and vulnerabilities. These slips and vulnerabilities can be brought on by different variables, for example, quickly creating headway, human slip, poor key particulars, poor movement schedules or censuring the threat. Likewise, framework changes, new deserts and new strikes are a huge piece of the time displayed, which helpers augmented vulnerabilities, disappointments and security infringement all through the IT structure life cycle. The business went to the confirmation that it is essentially difficult to ensure a slip free, risk free and secure IT structure in perspective of the disfigurement of the disavowing security parts, human pass or oversight, and part or supplies frustration. Totally secure IT frameworks don't exist; just those in which the holders may have changing degrees of certainty that security needs of a framework are fulfilled do. The key viewpoints identified with security of data outlining are examined in this paper. From the start, the paper recommends pertinent legitimate structure and their duties including open association obligation, and afterward it returns to present and future time, system limits, structure security in business division. At long last, two key inadequacy markers

A Risk Management Process for Consumers: The Next Step in Information Security

NARCIS (Netherlands)

van Cleeff, A.

2010-01-01

Simply by using information technology, consumers expose themselves to considerable security risks. Because no technical or legal solutions are readily available, and awareness programs have limited impact, the only remedy is to develop a risk management process for consumers. Consumers need to

Information Security: Past, Present and Future - Impact of Developments in Information Technology on Security

NARCIS (Netherlands)

Overbeek, P.L.

1991-01-01

The development of information security is addressed in relation to the development of information technology. The leading question is: how has information security developed itself so far, and how should it progress to address tomorrow's security needs. An overwiew is given of the use of

Security Information System Digital Simulation

OpenAIRE

Tao Kuang; Shanhong Zhu

2015-01-01

The study built a simulation model for the study of food security information system relay protection. MATLAB-based simulation technology can support the analysis and design of food security information systems. As an example, the food security information system fault simulation, zero-sequence current protection simulation and transformer differential protection simulation are presented in this study. The case studies show that the simulation of food security information system relay protect...

Audit for Information Systems Security

Directory of Open Access Journals (Sweden)

Ana-Maria SUDUC

2010-01-01

Full Text Available The information and communication technologies advances made available enormous and vast amounts of information. This availability generates also significant risks to computer systems, information and to the critical operations and infrastructures they support. In spite of significant advances in the information security area many information systems are still vulnerable to inside or outside attacks. The existence of an internal audit for information system security increases the probability of adopting adequate security measures and preventing these attacks or lowering the negative consequences. The paper presents an exploratory study on informatics audit for information systems security.

A socio-technical approach to improving retail energy efficiency behaviours.

Science.gov (United States)

Christina, Sian; Waterson, Patrick; Dainty, Andrew; Daniels, Kevin

2015-03-01

In recent years, the UK retail sector has made a significant contribution to societal responses on carbon reduction. We provide a novel and timely examination of environmental sustainability from a systems perspective, exploring how energy-related technologies and strategies are incorporated into organisational life. We use a longitudinal case study approach, looking at behavioural energy efficiency from within one of the UK's leading retailers. Our data covers a two-year period, with qualitative data from a total of 131 participants gathered using phased interviews and focus groups. We introduce an adapted socio-technical framework approach in order to describe an existing organisational behavioural strategy to support retail energy efficiency. Our findings point to crucial socio-technical and goal-setting factors which both impede and/or enable energy efficient behaviours, these include: tensions linked to store level perception of energy management goals; an emphasis on the importance of technology for underpinning change processes; and, the need for feedback and incentives to support the completion of energy-related tasks. We also describe the evolution of a practical operational intervention designed to address issues raised in our findings. Our study provides fresh insights into how sustainable workplace behaviours can be achieved and sustained over time. Secondly, we discuss in detail a set of issues arising from goal conflict in the workplace; these include the development of a practical energy management strategy to facilitate secondary organisational goals through job redesign. Copyright © 2014 Elsevier Ltd and The Ergonomics Society. All rights reserved.

Reaching a 1.5°C target: socio-technical challenges for a rapid transition to low-carbon electricity systems.

Science.gov (United States)

Eyre, Nick; Darby, Sarah J; Grünewald, Philipp; McKenna, Eoghan; Ford, Rebecca

2018-05-13

A 1.5°C global average target implies that we should no longer focus on merely incremental emissions reductions from the electricity system, but rather on fundamentally re-envisaging a system that, sooner rather than later, becomes carbon free. Many low-carbon technologies are surpassing mainstream predictions for both uptake and cost reduction. Their deployment is beginning to be disruptive within established systems. 'Smart technologies' are being developed to address emerging challenges of system integration, but their rates of future deployment remain uncertain. We argue that transition towards a system that can fully displace carbon generation sources will require expanding the focus of our efforts beyond technical solutions. Recognizing that change has social and technical dimensions, and that these interact strongly, we set out a socio-technical review that covers electricity infrastructure, citizens, business models and governance. It describes some of the socio-technical challenges that need to be addressed for the successful transition of the existing electricity systems. We conclude that a socio-technical understanding of electricity system transitions offers new and better insights into the potential and challenges for rapid decarbonization.This article is part of the theme issue 'The Paris Agreement: understanding the physical and social challenges for a warming world of 1.5°C above pre-industrial levels'. © 2018 The Author(s).

Security and confidentiality of health information systems: implications for physicians.

Science.gov (United States)

Dorodny, V S

1998-01-01

Adopting and developing the new generation of information systems will be essential to remain competitive in a quality conscious health care environment. These systems enable physicians to document patient encounters and aggregate the information from the population they treat, while capturing detailed data on chronic medical conditions, medications, treatment plans, risk factors, severity of conditions, and health care resource utilization and management. Today, the knowledge-based information systems should offer instant, around-the-clock access for the provider, support simple order entry, facilitate data capture and retrieval, and provide eligibility verification, electronic authentication, prescription writing, security, and reporting that benchmarks outcomes management based upon clinical/financial decisions and treatment plans. It is an integral part of any information system to incorporate and integrate transactional (financial/administrative) information, as well as analytical (clinical/medical) data in a user-friendly, readily accessible, and secure form. This article explores the technical, financial, logistical, and behavioral obstacles on the way to the Promised Land.

Security of electronic medical information and patient privacy: what you need to know.

Science.gov (United States)

Andriole, Katherine P

2014-12-01

The responsibility that physicians have to protect their patients from harm extends to protecting the privacy and confidentiality of patient health information including that contained within radiological images. The intent of HIPAA and subsequent HIPAA Privacy and Security Rules is to keep patients' private information confidential while allowing providers access to and maintaining the integrity of relevant information needed to provide care. Failure to comply with electronic protected health information (ePHI) regulations could result in financial or criminal penalties or both. Protected health information refers to anything that can reasonably be used to identify a patient (eg, name, age, date of birth, social security number, radiology examination accession number). The basic tools and techniques used to maintain medical information security and patient privacy described in this article include physical safeguards such as computer device isolation and data backup, technical safeguards such as firewalls and secure transmission modes, and administrative safeguards including documentation of security policies, training of staff, and audit tracking through system logs. Other important concepts related to privacy and security are explained, including user authentication, authorization, availability, confidentiality, data integrity, and nonrepudiation. Patient privacy and security of medical information are critical elements in today's electronic health care environment. Radiology has led the way in adopting digital systems to make possible the availability of medical information anywhere anytime, and in identifying and working to eliminate any risks to patients. Copyright © 2014 American College of Radiology. Published by Elsevier Inc. All rights reserved.

A Security Audit Framework to Manage Information System Security

Science.gov (United States)

Pereira, Teresa; Santos, Henrique

The widespread adoption of information and communication technology have promoted an increase dependency of organizations in the performance of their Information Systems. As a result, adequate security procedures to properly manage information security must be established by the organizations, in order to protect their valued or critical resources from accidental or intentional attacks, and ensure their normal activity. A conceptual security framework to manage and audit Information System Security is proposed and discussed. The proposed framework intends to assist organizations firstly to understand what they precisely need to protect assets and what are their weaknesses (vulnerabilities), enabling to perform an adequate security management. Secondly, enabling a security audit framework to support the organization to assess the efficiency of the controls and policy adopted to prevent or mitigate attacks, threats and vulnerabilities, promoted by the advances of new technologies and new Internet-enabled services, that the organizations are subject of. The presented framework is based on a conceptual model approach, which contains the semantic description of the concepts defined in information security domain, based on the ISO/IEC_JCT1 standards.

A Layered Trust Information Security Architecture

Science.gov (United States)

de Oliveira Albuquerque, Robson; García Villalba, Luis Javier; Sandoval Orozco, Ana Lucila; Buiati, Fábio; Kim, Tai-Hoon

2014-01-01

Information can be considered the most important asset of any modern organization. Securing this information involves preserving confidentially, integrity and availability, the well-known CIA triad. In addition, information security is a risk management job; the task is to manage the inherent risks of information disclosure. Current information security platforms do not deal with the different facets of information technology. This paper presents a layered trust information security architecture (TISA) and its creation was motivated by the need to consider information and security from different points of view in order to protect it. This paper also extends and discusses security information extensions as a way of helping the CIA triad. Furthermore, this paper suggests information representation and treatment elements, operations and support components that can be integrated to show the various risk sources when dealing with both information and security. An overview of how information is represented and treated nowadays in the technological environment is shown, and the reason why it is so difficult to guarantee security in all aspects of the information pathway is discussed. PMID:25470490

A layered trust information security architecture.

Science.gov (United States)

de Oliveira Albuquerque, Robson; Villalba, Luis Javier García; Orozco, Ana Lucila Sandoval; Buiati, Fábio; Kim, Tai-Hoon

2014-12-01

Information can be considered the most important asset of any modern organization. Securing this information involves preserving confidentially, integrity and availability, the well-known CIA triad. In addition, information security is a risk management job; the task is to manage the inherent risks of information disclosure. Current information security platforms do not deal with the different facets of information technology. This paper presents a layered trust information security architecture (TISA) and its creation was motivated by the need to consider information and security from different points of view in order to protect it. This paper also extends and discusses security information extensions as a way of helping the CIA triad. Furthermore, this paper suggests information representation and treatment elements, operations and support components that can be integrated to show the various risk sources when dealing with both information and security. An overview of how information is represented and treated nowadays in the technological environment is shown, and the reason why it is so difficult to guarantee security in all aspects of the information pathway is discussed.

A Layered Trust Information Security Architecture

Directory of Open Access Journals (Sweden)

Robson de Oliveira Albuquerque

2014-12-01

Full Text Available Information can be considered the most important asset of any modern organization. Securing this information involves preserving confidentially, integrity and availability, the well-known CIA triad. In addition, information security is a risk management job; the task is to manage the inherent risks of information disclosure. Current information security platforms do not deal with the different facets of information technology. This paper presents a layered trust information security architecture (TISA and its creation was motivated by the need to consider information and security from different points of view in order to protect it. This paper also extends and discusses security information extensions as a way of helping the CIA triad. Furthermore, this paper suggests information representation and treatment elements, operations and support components that can be integrated to show the various risk sources when dealing with both information and security. An overview of how information is represented and treated nowadays in the technological environment is shown, and the reason why it is so difficult to guarantee security in all aspects of the information pathway is discussed.

High enrichment to low enrichment core's conversion. Technical securities

International Nuclear Information System (INIS)

Abbate, P.; Madariaga, M.R.

1990-01-01

This work presents the fulfillment of the technical securities subscribed by INVAP S.E. for the conversion of a high enriched uranium core. The reactor (of 5 thermal Mw), built in the 50's and 60's, is of the 'swimming pool' type, with light water and fuel elements of the curve plates MTR type, enriched at 93.15 %. These are neutronic and thermohydraulic securities. (Author) [es

Measuring Information Security Performance with 10 by 10 Model for Holistic State Evaluation.

Directory of Open Access Journals (Sweden)

Igor Bernik

Full Text Available Organizations should measure their information security performance if they wish to take the right decisions and develop it in line with their security needs. Since the measurement of information security is generally underdeveloped in practice and many organizations find the existing recommendations too complex, the paper presents a solution in the form of a 10 by 10 information security performance measurement model. The model-ISP 10×10M is composed of ten critical success factors, 100 key performance indicators and 6 performance levels. Its content was devised on the basis of findings presented in the current research studies and standards, while its structure results from an empirical research conducted among information security professionals from Slovenia. Results of the study show that a high level of information security performance is mostly dependent on measures aimed at managing information risks, employees and information sources, while formal and environmental factors have a lesser impact. Experts believe that information security should evolve systematically, where it's recommended that beginning steps include technical, logical and physical security controls, while advanced activities should relate predominantly strategic management activities. By applying the proposed model, organizations are able to determine the actual level of information security performance based on the weighted indexing technique. In this manner they identify the measures they ought to develop in order to improve the current situation. The ISP 10×10M is a useful tool for conducting internal system evaluations and decision-making. It may also be applied to a larger sample of organizations in order to determine the general state-of-play for research purposes.

Measuring Information Security Performance with 10 by 10 Model for Holistic State Evaluation.

Science.gov (United States)

Bernik, Igor; Prislan, Kaja

Organizations should measure their information security performance if they wish to take the right decisions and develop it in line with their security needs. Since the measurement of information security is generally underdeveloped in practice and many organizations find the existing recommendations too complex, the paper presents a solution in the form of a 10 by 10 information security performance measurement model. The model-ISP 10×10M is composed of ten critical success factors, 100 key performance indicators and 6 performance levels. Its content was devised on the basis of findings presented in the current research studies and standards, while its structure results from an empirical research conducted among information security professionals from Slovenia. Results of the study show that a high level of information security performance is mostly dependent on measures aimed at managing information risks, employees and information sources, while formal and environmental factors have a lesser impact. Experts believe that information security should evolve systematically, where it's recommended that beginning steps include technical, logical and physical security controls, while advanced activities should relate predominantly strategic management activities. By applying the proposed model, organizations are able to determine the actual level of information security performance based on the weighted indexing technique. In this manner they identify the measures they ought to develop in order to improve the current situation. The ISP 10×10M is a useful tool for conducting internal system evaluations and decision-making. It may also be applied to a larger sample of organizations in order to determine the general state-of-play for research purposes.

Breaching the security of the Kaiser Permanente Internet patient portal: the organizational foundations of information security.

Science.gov (United States)

Collmann, Jeff; Cooper, Ted

2007-01-01

This case study describes and analyzes a breach of the confidentiality and integrity of personally identified health information (e.g. appointment details, answers to patients' questions, medical advice) for over 800 Kaiser Permanente (KP) members through KP Online, a web-enabled health care portal. The authors obtained and analyzed multiple types of qualitative data about this incident including interviews with KP staff, incident reports, root cause analyses, and media reports. Reasons at multiple levels account for the breach, including the architecture of the information system, the motivations of individual staff members, and differences among the subcultures of individual groups within as well as technical and social relations across the Kaiser IT program. None of these reasons could be classified, strictly speaking, as "security violations." This case study, thus, suggests that, to protect sensitive patient information, health care organizations should build safe organizational contexts for complex health information systems in addition to complying with good information security practice and regulations such as the Health Insurance Portability and Accountability Act (HIPAA) of 1996.

Materials for the information security education

International Nuclear Information System (INIS)

Yashiro, Shigeo; Aoki, Kazuhisa; Sato, Tomohiko; Tanji, Kazuhiro

2014-01-01

With the rapid progress of the utilization of Information Technology (IT), IT infrastructure (network environment and information system) became crucial as a lifeline for promoting business. At the same time, changes in the circumstances surrounding the IT infrastructure globalize the threat of cyber attacks and increase the risk of the information security such as unlawful access to an information system, viral infection, an alteration of a website, disclosure of subtlety information, destruction of an information system and so on. Information security measure is an important issue in Japan Atomic Energy Agency (JAEA). In order to protect the information property of JAEA from the threat, Center for Computational Science and e-Systems (CCSE) has been taking triadic measures for information security: (1) to lay down a set of information security rules, (2) to introduce security equipments to backbone network and (3) to provide information security education. This report is a summary of the contents of the information security education by e-learning. (author)

The Personal Information Security Assistant

NARCIS (Netherlands)

Kegel, Roeland Hendrik,Pieter

The human element is often found to be the weakest link in the information security chain. The Personal Information Security Assistant project aims to address this by improving the privacy and security awareness of end-users and by aligning the user's personal IT environment to the user's security

Rejecting renewables: The socio-technical impediments to renewable electricity in the United States

International Nuclear Information System (INIS)

Sovacool, Benjamin K.

2009-01-01

If renewable power systems deliver such impressive benefits, why do they still provide only 3 percent of national electricity generation in the United States? As an answer, this article demonstrates that the impediments to renewable power are socio-technical, a term that encompasses the technological, social, political, regulatory, and cultural aspects of electricity supply and use. Extensive interviews of public utility commissioners, utility managers, system operators, manufacturers, researchers, business owners, and ordinary consumers reveal that it is these socio-technical barriers that often explain why wind, solar, biomass, geothermal, and hydroelectric power sources are not embraced. Utility operators reject renewable resources because they are trained to think only in terms of big, conventional power plants. Consumers practically ignore renewable power systems because they are not given accurate price signals about electricity consumption. Intentional market distortions (such as subsidies), and unintentional market distortions (such as split incentives) prevent consumers from becoming fully invested in their electricity choices. As a result, newer and cleaner technologies that may offer social and environmental benefits but are not consistent with the dominant paradigm of the electricity industry continue to face comparative rejection.

Rejecting renewables. The socio-technical impediments to renewable electricity in the United States

Energy Technology Data Exchange (ETDEWEB)

Sovacool, Benjamin K. [Energy Governance Program, Centre on Asia and Globalisation, Lee Kuan Yew School of Public Policy, National University of Singapore (Singapore)

2009-11-15

If renewable power systems deliver such impressive benefits, why do they still provide only 3 percent of national electricity generation in the United States? As an answer, this article demonstrates that the impediments to renewable power are socio-technical, a term that encompasses the technological, social, political, regulatory, and cultural aspects of electricity supply and use. Extensive interviews of public utility commissioners, utility managers, system operators, manufacturers, researchers, business owners, and ordinary consumers reveal that it is these socio-technical barriers that often explain why wind, solar, biomass, geothermal, and hydroelectric power sources are not embraced. Utility operators reject renewable resources because they are trained to think only in terms of big, conventional power plants. Consumers practically ignore renewable power systems because they are not given accurate price signals about electricity consumption. Intentional market distortions (such as subsidies), and unintentional market distortions (such as split incentives) prevent consumers from becoming fully invested in their electricity choices. As a result, newer and cleaner technologies that may offer social and environmental benefits but are not consistent with the dominant paradigm of the electricity industry continue to face comparative rejection. (author)

Rejecting renewables: The socio-technical impediments to renewable electricity in the United States

Energy Technology Data Exchange (ETDEWEB)

Sovacool, Benjamin K., E-mail: bsovacool@nus.edu.s [Energy Governance Program, Centre on Asia and Globalisation, Lee Kuan Yew School of Public Policy, National University of Singapore (Singapore)

2009-11-15

If renewable power systems deliver such impressive benefits, why do they still provide only 3 percent of national electricity generation in the United States? As an answer, this article demonstrates that the impediments to renewable power are socio-technical, a term that encompasses the technological, social, political, regulatory, and cultural aspects of electricity supply and use. Extensive interviews of public utility commissioners, utility managers, system operators, manufacturers, researchers, business owners, and ordinary consumers reveal that it is these socio-technical barriers that often explain why wind, solar, biomass, geothermal, and hydroelectric power sources are not embraced. Utility operators reject renewable resources because they are trained to think only in terms of big, conventional power plants. Consumers practically ignore renewable power systems because they are not given accurate price signals about electricity consumption. Intentional market distortions (such as subsidies), and unintentional market distortions (such as split incentives) prevent consumers from becoming fully invested in their electricity choices. As a result, newer and cleaner technologies that may offer social and environmental benefits but are not consistent with the dominant paradigm of the electricity industry continue to face comparative rejection.

Defining "The Weakest Link" Comparative Security in Complex Systems of Systems

NARCIS (Netherlands)

Pieters, Wolter

2013-01-01

Cloud architectures are complex socio-technical systems of systems, consisting not only of technological components and their connections, but also of physical premises and employees. When analysing security of such systems and considering countermeasures, the notion of "weakest link" often appears.

A Policy-Based Framework for Preserving Confidentiality in BYOD Environments: A Review of Information Security Perspectives

Directory of Open Access Journals (Sweden)

Chalee Vorakulpipat

2017-01-01

Full Text Available Today, many organizations allow their employees to bring their own smartphones or tablets to work and to access the corporate network, which is known as a bring your own device (BYOD. However, many such companies overlook potential security risks concerning privacy and confidentiality. This paper provides a review of existing literature concerning the preservation of privacy and confidentiality, with a focus on recent trends in the use of BYOD. This review spans a large spectrum of information security research, ranging from management (risk and policy to technical aspects of privacy and confidentiality in BYOD. Furthermore, this study proposes a policy-based framework for preserving data confidentiality in BYOD. This framework considers a number of aspects of information security and corresponding techniques, such as policy, location privacy, centralized control, cryptography, and operating system level security, which have been omitted in previous studies. The main contribution is to investigate recent trends concerning the preservation of confidentiality in BYOD from the perspective of information security and to analyze the critical and comprehensive factors needed to strengthen data privacy in BYOD. Finally, this paper provides a foundation for developing the concept of preserving confidentiality in BYOD and describes the key technical and organizational challenges faced by BYOD-friendly organizations.

Characterizing complexity in socio-technical systems: a case study of a SAMU Medical Regulation Center.

Science.gov (United States)

Righi, Angela Weber; Wachs, Priscila; Saurin, Tarcísio Abreu

2012-01-01

Complexity theory has been adopted by a number of studies as a benchmark to investigate the performance of socio-technical systems, especially those that are characterized by relevant cognitive work. However, there is little guidance on how to assess, systematically, the extent to which a system is complex. The main objective of this study is to carry out a systematic analysis of a SAMU (Mobile Emergency Medical Service) Medical Regulation Center in Brazil, based on the core characteristics of complex systems presented by previous studies. The assessment was based on direct observations and nine interviews: three of them with regulator of emergencies medical doctor, three with radio operators and three with telephone attendants. The results indicated that, to a great extent, the core characteristics of complexity are magnified) due to basic shortcomings in the design of the work system. Thus, some recommendations are put forward with a view to reducing unnecessary complexity that hinders the performance of the socio-technical system.

ITIL® and information security

International Nuclear Information System (INIS)

Jašek, Roman; Králík, Lukáš; Popelka, Miroslav

2015-01-01

This paper discusses the context of ITIL framework and management of information security. It is therefore a summary study, where the first part is focused on the safety objectives in connection with the ITIL framework. First of all, there is a focus on ITIL process ISM (Information Security Management), its principle and system management. The conclusion is about link between standards, which are related to security, and ITIL framework

Audit Characteristics for Information System Security

OpenAIRE

Marius POPA; Mihai DOINEA

2007-01-01

The paper presents the main aspects regarding the development of the information security and assurance of their security. The information systems, standards and audit processes definitions are offered. There are presented the most important security standards used in information system security assessment

Methods of Organizational Information Security

Science.gov (United States)

Martins, José; Dos Santos, Henrique

The principle objective of this article is to present a literature review for the methods used in the security of information at the level of organizations. Some of the principle problems are identified and a first group of relevant dimensions is presented for an efficient management of information security. The study is based on the literature review made, using some of the more relevant certified articles of this theme, in international reports and in the principle norms of management of information security. From the readings that were done, we identified some of the methods oriented for risk management, norms of certification and good practice of security of information. Some of the norms are oriented for the certification of the product or system and others oriented to the processes of the business. There are also studies with the proposal of Frameworks that suggest the integration of different approaches with the foundation of norms focused on technologies, in processes and taking into consideration the organizational and human environment of the organizations. In our perspective, the biggest contribute to the security of information is the development of a method of security of information for an organization in a conflicting environment. This should make available the security of information, against the possible dimensions of attack that the threats could exploit, through the vulnerability of the organizational actives. This method should support the new concepts of "Network centric warfare", "Information superiority" and "Information warfare" especially developed in this last decade, where information is seen simultaneously as a weapon and as a target.

Information Warfare, Threats and Information Security

Directory of Open Access Journals (Sweden)

Dmitriy Nikolaevich Bespalov

2014-01-01

Full Text Available The article presents the opposite, but dependent on each other's reality - Revolutionary War information,information security goals and objectives of their study within the scheme "challenge-response", methodological and analytical support, the role of elites and the information society in promoting information security. One of the features of contemporaneityis the global spread of ICT, combined with poor governance and other difficulties in the construction of innovation infrastructures that are based on them in some countries. This leads to the reproduction of threats, primarily related to the ability to use ICT for purposes that are inconsistent with the objectives of maintaining international peace and security, compliance with the principles of non-use of force, non-interference in the internal affairs of states, etc. In this regard, include such terms as "a threat of information warfare", "information terrorism" and so forth. Information warfare, which stay in the policy declared the struggle for existence, and relationships are defined in terms of "friend-enemy", "ours-foreign". Superiority over the opponent or "capture of its territory" is the aim of political activity. And information security, serving activities similar process of political control, including a set of components, is a technology until their humanitarian. From the context and the decision itself is the ratio of the achieved results of information and political influence to the target - a positive image of Russia. Bringing its policy in line with the demands of a healthy public opinion provides conductivity of theauthorities initiatives in the country and increases the legitimacy of the Russian Federation actions in the world.

Analysis of information security management systems at 5 domestic hospitals with more than 500 beds.

Science.gov (United States)

Park, Woo-Sung; Seo, Sun-Won; Son, Seung-Sik; Lee, Mee-Jeong; Kim, Shin-Hyo; Choi, Eun-Mi; Bang, Ji-Eon; Kim, Yea-Eun; Kim, Ok-Nam

2010-06-01

The information security management systems (ISMS) of 5 hospitals with more than 500 beds were evaluated with regards to the level of information security, management, and physical and technical aspects so that we might make recommendations on information security and security countermeasures which meet both international standards and the needs of individual hospitals. The ISMS check-list derived from international/domestic standards was distributed to each hospital to complete and the staff of each hospital was interviewed. Information Security Indicator and Information Security Values were used to estimate the present security levels and evaluate the application of each hospital's current system. With regard to the moderate clause of the ISMS, the hospitals were determined to be in compliance. The most vulnerable clause was asset management, in particular, information asset classification guidelines. The clauses of information security incident management and business continuity management were deemed necessary for the establishment of successful ISMS. The level of current ISMS in the hospitals evaluated was determined to be insufficient. Establishment of adequate ISMS is necessary to ensure patient privacy and the safe use of medical records for various purposes. Implementation of ISMS which meet international standards with a long-term and comprehensive perspective is of prime importance. To reflect the requirements of the varied interests of medical staff, consumers, and institutions, the establishment of political support is essential to create suitable hospital ISMS.

75 FR 28777 - Information Collection; Financial Information Security Request Form

Science.gov (United States)

2010-05-24

... Collection; Financial Information Security Request Form AGENCY: Forest Service, USDA. ACTION: Notice; Request... currently approved information collection; Financial Information Security Request Form. DATES: Comments must... Standard Time, Monday through Friday. SUPPLEMENTARY INFORMATION: Title: Financial Information Security...

Why are you satisfied with an online game?:exploring game attractiveness and gaming climate from a socio-technical perspective

OpenAIRE

Zuo, W. (Wangjing)

2016-01-01

Abstract Some online games are prosperous and have attracted a large number of players, while others cannot sustain. Both technical and social factors likely affect a player’s satisfaction with an online game. However, there is a clear dearth of studies in which have investigated online games from a socio-technical perspective. This article seeks to address this gap through an empirical study on technical factors (manifesti...

The Role of Socio-technical Devices in Framing the Current Strategic Issues and Future States of the Service Market

DEFF Research Database (Denmark)

Tryggestad, Kjell

2004-01-01

The aim of this paper is to inquire into the role of socio-technical devices like value metrics and accounting in organizing the service market. The authors provide a case on how such devices participates in framing the market for transportation during the introduction of large-scale bridges....... In addition to the traditional role of accounting as a representation device, the authors also show how these devices participate in performing the service economy - undermining and redrawing organizational boundaries in unexpected ways. The presence of multiple connections with socio-technical devices...... are then brought into an explanation of the overflowing and reconfiguration of the transportation market....

Safety Requirements and Modern Technical Requirements in Human Information Systems in Amman Hotels

OpenAIRE

Farouq Ahmad Alazzam; Sattam Rakan Allahawiah; Mohammad Nayef Alsarayreh; Kafa Hmoud Abdallah al Nawaiseh

2015-01-01

This study aimed to demonstrate the availability of Safety requirements and modern technical requirements in human information systems in Amman hotels. an the most important results of this study is the availability of security and safety requirements in human information systems In Amman hotels and The adequacy of the information that it provided .and show that all departments are not connected by appropriate and effective communication networks in adequate form . Also sophisticated operatin...

Repositioning Technical and Vocational Education and Training (TVET) for Youths Employment and National Security in Nigeria

Science.gov (United States)

Ogbunaya, T. C.; Udoudo, Ekereobong S.

2015-01-01

The paper focused on repositioning Technical and Vocational Education and Training (TVET) for youth's employment and national security in Nigeria. It examined briefly the concepts of technical vocational education and training (TVET), youths, unemployment and national security as well as the effects of unemployment on national security in Nigeria.…

Security and emergency management technical assistance for the top 50 transit agencies

Science.gov (United States)

2007-04-01

Between May 2002 and July 2006, the Federal Transit Administration (FTA) provided technical assistance to the top 50 transit agencies through the Security and Emergency Management Technical Assistance Program (SEMTAP). The scope and purpose of the pr...

PROBLEMS OF HARMONIZATION OF THE GOALS AND VITAL INTERESTS IN ENSURING SOCIO-ECONOMIC SECURITY

Directory of Open Access Journals (Sweden)

D. N. Shvayba1

2017-01-01

Full Text Available Formation of an independent democratic Belarusian state is inextricably linked with transformations in all aspects of public life and, first of all, in economy. Economic reforms in Belarus are directed on creation of socially oriented market economic system, which will ensure the most efficient usage of resources at minimum social cost. In the social economy concepts of “equality” and “poverty” are considered as basic ones. Social security services are based on these concepts and role of the social security in any country is to reduce poverty and increase equality. In modern world poverty is uniquely associated with a low level of economic development and its eradication is the first step on the path to economic growth. As for inequality, such clear connection of this concept with economic development can not be traced. There are various theories explaining the impact of inequality on economic growth. However, they cannot be considered satisfactory because they predict opposite results. Several studies have universally postulated a security as protection of vital interests of a human being, society and State from internal and external threats. Vital interests comprise a set of needs and satisfaction of these needs reliably ensures existence and possibility of progressive development of a human being, society and State which are the main objects of the security. Presence of a hierarchical structure for organization of the system or its subsystems is an essential feature for any socio-economic system. The economy is a poly-hierarchical system. When considering the hierarchical structure of production management it is important to consider one property of the economic system that is incompleteness of information.

The Influence of Security Statement, Technical Protection, and Privacy on Satisfaction and Loyalty; A Structural Equation Modeling

Science.gov (United States)

Peikari, Hamid Reza

Customer satisfaction and loyalty have been cited as the e-commerce critical success factors and various studies have been conducted to find the antecedent determinants of these concepts in the online transactions. One of the variables suggested by some studies is perceived security. However, these studies have referred to security from a broad general perspective and no attempts have been made to study the specific security related variables. This paper intends to study the influence on security statement and technical protection on satisfaction, loyalty and privacy. The data was collected from 337 respondents and after the reliability and validity tests, path analysis was applied to examine the hypotheses. The results suggest that loyalty is influenced by satisfaction and security statement and no empirical support was found for the influence on technical protection and privacy on loyalty. Moreover, it was found that security statement and technical protection have a positive significant influence on satisfaction while no significant effect was found for privacy. Furthermore, the analysis indicated that security statement have a positive significant influence on technical protection while technical protection was found to have a significant negative impact on perceived privacy.

76 FR 62630 - Information Security Regulations

Science.gov (United States)

2011-10-11

... CENTRAL INTELLIGENCE AGENCY 32 CFR Part 1902 Information Security Regulations AGENCY: Central... information security regulations which have become outdated. The Executive Order upon which the regulations... CFR Part 1902 Information security regulations. PART 1902 [REMOVED AND RESERVED] Sec. 1902.13 [Removed...

78 FR 73819 - Information Collection; Financial Information Security Request Form

Science.gov (United States)

2013-12-09

... DEPARTMENT OF AGRICULTURE Forest Service Information Collection; Financial Information Security..., Financial Information Security Request Form. DATES: Comments must be received in writing on or before... Information Security Request Form. OMB Number: 0596-0204. Expiration Date of Approval: 02/28/2014. Type of...

Conducting an information security audit

Directory of Open Access Journals (Sweden)

Prof. Ph.D . Gheorghe Popescu

2008-05-01

Full Text Available The rapid and dramatic advances in information technology (IT in recent years have withoutquestion generated tremendous benefits. At the same time, information technology has created significant,nunprecedented risks to government and to entities operations. So, computer security has become muchmore important as all levels of government and entities utilize information systems security measures toavoid data tampering, fraud, disruptions in critical operations, and inappropriate disclosure of sensitiveinformation. Obviously, uses of computer security become essential in minimizing the risk of malicious attacksfrom individuals and groups, considering that there are many current computer systems with onlylimited security precautions in place.As we already know financial audits are the most common examinations that a business manager en-counters.This is a familiar area for most executives: they know that financial auditors are going to examine the financial records and how those records are used. They may even be familiar with physical securityaudits. However, they are unlikely to be acquainted with information security audits; that is an audit ofhow the confidentiality, availability and integrity of an organization’s information are assured. Any way,if not, they should be, especially that an information security audit is one of the best ways to determine thesecurity of an organization’s information without incurring the cost and other associated damages of a securityincident.

Information Security Assessment of SMEs as Coursework -- Learning Information Security Management by Doing

Science.gov (United States)

Ilvonen, Ilona

2013-01-01

Information security management is an area with a lot of theoretical models. The models are designed to guide practitioners in prioritizing management resources in companies. Information security management education should address the gap between the academic ideals and practice. This paper introduces a teaching method that has been in use as…

A Novel Interdisciplinary Approach to Socio-Technical Complexity

Science.gov (United States)

Bassetti, Chiara

The chapter presents a novel interdisciplinary approach that integrates micro-sociological analysis into computer-vision and pattern-recognition modeling and algorithms, the purpose being to tackle socio-technical complexity at a systemic yet micro-grounded level. The approach is empirically-grounded and both theoretically- and analytically-driven, yet systemic and multidimensional, semi-supervised and computable, and oriented towards large scale applications. The chapter describes the proposed approach especially as for its sociological foundations, and as applied to the analysis of a particular setting --i.e. sport-spectator crowds. Crowds, better defined as large gatherings, are almost ever-present in our societies, and capturing their dynamics is crucial. From social sciences to public safety management and emergency response, modeling and predicting large gatherings' presence and dynamics, thus possibly preventing critical situations and being able to properly react to them, is fundamental. This is where semi/automated technologies can make the difference. The work presented in this chapter is intended as a scientific step towards such an objective.

76 FR 10262 - Information Security Program

Science.gov (United States)

2011-02-24

... FEDERAL MARITIME COMMISSION 46 CFR Part 503 [Docket No. 11-01] RIN 3072-AC40 Information Security... (FMC or Commission) amends its regulations relating to its Information Security Program to reflect the changes implemented by Executive Order 13526--Classified National Security Information--that took effect...

14 CFR 1203.201 - Information security objectives.

Science.gov (United States)

2010-01-01

... 14 Aeronautics and Space 5 2010-01-01 2010-01-01 false Information security objectives. 1203.201 Section 1203.201 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION INFORMATION SECURITY PROGRAM NASA Information Security Program § 1203.201 Information security objectives. The objectives of...

The implementation of the situational control concept of information security in automated training systems

Directory of Open Access Journals (Sweden)

A. M. Chernih

2016-01-01

Full Text Available The main approaches to ensuring security of information in the automated training systems are considered, need of application of situational management of security of information for the automated training systems is proved, the mathematical model and a problem definition of situational control is offered, the technique of situational control of security of information is developed.The purpose of the study. The aim of the study is to base the application of situational control of information security by subsystem of the control and protection of information in automated learning systems and to develop implementation methods of the situational control concept.Materials and methods. It is assumed that the automated learning system is a fragment of a larger information system that contains several information paths, each of them treats different information in the protection degree from information, containing constituting state secrets, to open access information.It is considered that the technical methods, measures and means of information protection in automated learning systems implement less than half (30% functions of subsystems of control and protection information. The main part of the functions of this subsystem are organizational measures to protect information. It is obvious that the task of ensuring the security of information in automated learning systems associated with the adoption of decisions on rational selection and proper combination of technical methods and institutional arrangements. Conditions of practical application of automated learning systems change over time and transform the situation of such a decision, and this leads to the use of situational control methods.When situational control is implementing, task of the protection of information in automated learning system is solved by the subsystem control and protection of information by distributing the processes ensuring the security of information and resources of

Socio-technical systems analysis of waste to energy from municipal solid waste in developing economies: a case for Nigeria

Directory of Open Access Journals (Sweden)

Iyamu Hope O.

2017-01-01

Full Text Available Waste generation is an inevitable by-product of human activity, and it is on the rise due to rapid urbanisation, industrialisation, increased wealth and population. The composition of municipal solid waste (MSW in developed and developing economies differ, especially with the organic fraction. Research shows that the food waste stream of MSW in developing countries is over 50%. The case study for this investigation, Nigeria, has minimal formal recycling or resource recovery programs. The average composition of waste from previous research in the country is between 50–70% putrescible and 30–50% non-putrescible, presenting significant resource recovery potential in composting and biogas production. Waste-to-energy (WtE is an important waste management solution that has been successfully implemented and operated in most developed economies. This contribution reports the conditions that would be of interest before WtE potentials of MSW is harnessed, in an efficient waste management process in a developing economy like Nigeria. The investigation presents a set of socio-technical parameters and transition strategy model that would inform a productive MSW management and resource recovery, in which WtE can be part of the solution. This model will find application in the understanding of the interactions between the socio-economic, technical and environmental system, to promote sustainable resource recovery programs in developing economies, among which is WtE.

Understanding the socio-institutional context to support adaptation for future water security in forest landscapes

Directory of Open Access Journals (Sweden)

Tahia Devisscher

2016-12-01

Full Text Available During the first half of the 21st century, socioeconomic development is expected to contribute faster and to a greater extent to global water stress than climate change. Consequently, we aimed to identify conditions that can facilitate local adaptation planning for future water security, accounting for the socio-institutional context, developmental needs, and interests affecting water use and management. Our study focused on three forest landscapes in Latin America where water stress was identified as a current concern potentially leading to future social conflict if not addressed. In the three sites, we adopted a participatory approach to implement a systematic diagnostic framework for the analysis of socio-institutional barriers and opportunities influencing local adaptation decision making. This novel application enabled science-society engagement in which civil society organizations were coleading the research. The field methods we used involved participatory social network mapping, semistructured interviews, and validation workshops. Our study generated insights into several interventions that could help overcome barriers affecting the adaptation decision-making process, particularly in the diagnosis and early planning phases. Points of intervention included fostering local participation and dialogue to facilitate coproduction of knowledge, and strengthening the role of key central actors in the water governance networks. These key actors are currently bridging multiple interests, information sources, and governance levels, and thus, they could become agents of change that facilitate local adaptation processes. Working jointly with civil society to frame the research proved effective to increase awareness about water issues, which related not only to the technological, economic, and political aspects of water, but also to organizational processes. The involvement of civil society created genuine interest in building further capacity for

Information security management with ITIL V3

CERN Document Server

Cazemier, Jacques A; Peters, Louk

2010-01-01

This groundbreaking new title looks at Information Security from defining what security measures positively support the business, to implementation to maintaining the required level and anticipating required changes. It covers:Fundamentals of information security ? providing readers insight and give background about what is going to be managed. Topics covered include: types of security controls, business benefits and the perspectives of business, customers, partners, service providers, and auditors.Fundamentals of management of information security - explains what information security manageme

SECURITY AWARENESS – MAJOR PIECE IN THE PUZZLE OF INFORMATION SECURITY

OpenAIRE

MARIUS PETRESCU; NICOLETA SÎRBU; ANCA-GABRIELA PETRESCU; MIOARA BRABOVEANU

2011-01-01

Information security has come to be recognized as increasingly important because global communication and information systems allow a potentially large number of unauthorized users to access and possibly alter information from around the world. As the dependence on information systems grows, so the security of information networks becomes ever more critical to any entity, no matter if it is a company or a public institution. Information security involves both technology and people. Any securi...

12 CFR 605.501 - Information Security Officer.

Science.gov (United States)

2010-01-01

... 12 Banks and Banking 6 2010-01-01 2010-01-01 false Information Security Officer. 605.501 Section... Information Security Officer. (a) The Information Security Officer of the Farm Credit Administration shall be responsible for implementation and oversight of the information security program and procedures adopted by the...

Computer Security Systems Enable Access.

Science.gov (United States)

Riggen, Gary

1989-01-01

A good security system enables access and protects information from damage or tampering, but the most important aspects of a security system aren't technical. A security procedures manual addresses the human element of computer security. (MLW)

76 FR 78009 - Information Collection; Implementation of Information Technology Security Provision

Science.gov (United States)

2011-12-15

...] Information Collection; Implementation of Information Technology Security Provision AGENCY: General Services... collection requirement regarding Implementation of Information Technology Security Provision. Public comments... Information Collection 3090- 0294, Implementation of Information Technology Security Provision, by any of the...

Security Price Informativeness with Delegated Traders

OpenAIRE

Gary Gorton; Ping He; Lixin Huang

2010-01-01

Trade in securities markets is conducted by agents acting for principals, using "mark-to-market" contracts whereby performance is assessed using security market prices. We endogenize contract choices, information production, informed trading, and security price informativeness. But there is a contract externality. Prices are informative only because other principals induce their agents to trade based on privately produced information. The agent-traders then have an incentive to coordinate and...

Training Students to Steal: A Practical Assignment in Computer Security Education

NARCIS (Netherlands)

Dimkov, T.; Pieters, Wolter; Hartel, Pieter H.

Practical courses in information security provide students with first-hand knowledge of technical security mechanisms and their weaknesses. However, teaching students only the technical side of information security leads to a generation of students that emphasize digital solutions, but ignore the

Security of Nuclear Information. Implementing Guide

International Nuclear Information System (INIS)

2015-01-01

This publication provides guidance on implementing the principle of confidentiality and on the broader aspects of information security (i.e. integrity and availability). It assists States in bridging the gap between existing government and industry standards on information security, the particular concepts and considerations that apply to nuclear security and the special provisions and conditions that exist when dealing with nuclear material and other radioactive material. Specifically it seeks to assist states in the identification, classification, and assignment of appropriate security controls to information that could adversely impact nuclear security if compromised

A Quantitative Study on the Relationship of Information Security Policy Awareness, Enforcement, and Maintenance to Information Security Program Effectiveness

Science.gov (United States)

Francois, Michael T.

2016-01-01

Today's organizations rely heavily on information technology to conduct their daily activities. Therefore, their information security systems are an area of heightened security concern. As a result, organizations implement information security programs to address and mitigate that concern. However, even with the emphasis on information security,…

Information security knowledge sharing in organizations : Investigating the effect of behavioral information security governance and national culture

OpenAIRE

Rocha Flores, Waldo; Antonsen, Egil; Ekstedt, Mathias

2014-01-01

This paper presents an empirical investigation on what behavioral information security governance factors drives the establishment of information security knowledge sharing in organizations. Data was collected from organizations located in different geographic regions of the world, and the amount of data collected from two countries – namely, USA and Sweden – allowed us to investigate if the effect of behavioral information security governance factors on the establishment of security knowledg...

Alpine Windharvest: development of information base regarding potentials and the necessary technical, legal and socio-economic conditions for expanding wind energy in the Alpine Space - Digital relief analysis - Abstract of work package 7; Alpine Windharvest: development of information base regarding potentials and the necessary technical, legal and socio-economic conditions for expanding wind energy in the Alpine Space - Digitale Relief-Analyse - Zusammenfassung von Arbeitspaket 7

Energy Technology Data Exchange (ETDEWEB)

Schaffner, B.; Cattin, R. [Meteotest, Berne (Switzerland)

2005-07-01

This report describes the development work carried out by the Swiss meteorology specialists METEOTEST as part of a project carried out together with the Swiss wind-energy organisation 'Suisse Eole'. The framework for the project is the EU Interreg IIIB Alpine Space Programme, a European Community Initiative Programme funded by the European Regional Development Fund. The project investigated the use of digital relief-analysis. The series of reports describes the development and use of a basic information system to aid the investigation of the technical, legal and socio-economical conditions for the use of wind energy in the alpine area. This report presents a summary of work done on the digital relief analysis used in various stages of the project, its validation and use.

Information security management: a proposal to improve the effectiveness of information security in the scientific research environment

International Nuclear Information System (INIS)

Alexandria, Joao Carlos Soares de

2009-01-01

The increase of the connectivity in the business environment, combined with the growing dependency of information systems, has become the information security management an important governance tool. Information security has as main goal to protect the business transactions in order to work normally. In this way, It will be safeguarding the business continuity. The threats of information come from hackers' attacks, electronic frauds and spying, as well as fire, electrical energy interruption and humans fault. Information security is made by implementation of a set of controls, including of the others politics, processes, procedures, organizational structures, software and hardware, which require a continuous management and a well established structure to be able to face such challenges. This work tried to search the reasons why the organizations have difficulties to make a practice of information security management. Many of them just limit to adopt points measures, sometimes they are not consistent with their realities. The market counts on enough quantity of standards and regulations related to information security issues, for example, ISO/IEC 27002, American Sarbanes-Oxley act, Basel capital accord, regulations from regulatory agency (such as the Brazilians ones ANATEL, ANVISA and CVM). The market researches have showed that the information security implementation is concentrated on a well-defined group of organization mainly formed by large companies and from specifics sectors of economy, for example, financial and telecommunication. However, information security must be done by all organizations that use information systems to carry out their activities, independently of its size or economic area that it belongs. The situation of information security in the governmental sector of Brazil, and inside its research institutions, is considered worrying by the Brazilian Court of Accounts (TCU). This research work presents an assessment and diagnostic proposal of

Internet security information system implement method

International Nuclear Information System (INIS)

Liu Baoxu; Mei Jie; Xu Rongsheng; An Dehai; Yu Mingjian; Chen Xiangyang; Zheng Peng

1999-01-01

On the basis of analysis of the key elements that will affect the Internet Security Information System, the author takes UNIX Operating System as an example, and provides the important stages that must be considered when implementing the Internet Security Information System. An implemental model of the Internet Security Information System is given

Microsoft Security Bible A Collection of Practical Security Techniques

CERN Document Server

Mullen, Timothy "Thor"

2011-01-01

Thor's Microsoft® Security Bible provides a "one-stop-shop" for Microsoft-related security techniques and procedures as applied to the typical deployment of a Microsoft-based infrastructure. The book contains detailed security concepts and methodologies described at every level: Server, Client, Organizational Structure, Platform-specific security options, application specific security (IIS, SQL, Active Directory, etc.) and also includes new, never-before-published security tools complete with source code. Detailed technical information on security processes for all major Microsoft applications

On technical security issues in cloud computing

DEFF Research Database (Denmark)

Jensen, Meiko; Schwenk, Jörg; Gruschka, Nils

2009-01-01

, however, there are still some challenges to be solved. Amongst these are security and trust issues, since the user's data has to be released to the Cloud and thus leaves the protection sphere of the data owner. Most of the discussions on this topics are mainly driven by arguments related to organisational......The Cloud Computing concept offers dynamically scalable resources provisioned as a service over the Internet. Economic benefits are the main driver for the Cloud, since it promises the reduction of capital expenditure (CapEx) and operational expenditure (OpEx). In order for this to become reality...... means. This paper focusses on technical security issues arising from the usage of Cloud services and especially by the underlying technologies used to build these cross-domain Internet-connected collaborations....

Secure information release in timed automata

DEFF Research Database (Denmark)

Vasilikos, Panagiotis; Nielson, Flemming; Nielson, Hanne Riis

2018-01-01

. In this paper, we develop a formal approach of information flow for timed automata that allows intentional information leaks. The security of a timed automaton is then defined using a bisimulation relation that takes account of the non-determinism and the clocks of timed automata. Finally, we define...... of security goals for confidentiality and integrity. Notions of security based on Information flow control, such as non-interference, provide strong guarantees that no information is leaked; however, many cyberphysical systems leak intentionally some information in order to achieve their purposes...... an algorithm that traverses a timed automaton and imposes information flow constraints on it and we prove that our algorithm is sound with respect to our security notion....

A Study of the Effect of Information Security Policies on Information Security Breaches in Higher Education Institutions

Science.gov (United States)

Waddell, Stanie Adolphus

2013-01-01

Many articles within the literature point to the information security policy as one of the most important elements of an effective information security program. Even though this belief is continually referred to in many information security scholarly articles, very few research studies have been performed to corroborate this sentiment. Doherty and…

A Socio-technical Mapping and Analysis of Dominant Design Materialization

DEFF Research Database (Denmark)

Christiansen, John K.; Varnes, Claus

the importance of high market shares for defining a wining dominating design, but despite the electric vehicle’s higher market share in the years 1899-1900 it was surpassed by the internal combustion vehicle. The socio-technical analysis departs from a narrative based on historical accounts on the competition...... between the electric vehicle and the internal combustion vehicle from late 1890 - until 1909. The analysis shows that the electric vehicle did not successfully attract new allies or overcome resistance from anti-programs to the same degree as the internal combustion vehicle. Findings suggest that some...... of the issues with few allies and anti-programs that emerged already during the late 1890'ties is still active in today's market and haunts the electric vehicle....

THE SECURITY AUDIT WITHIN INFORMATION SYSTEMS

OpenAIRE

Dan Constantin TOFAN

2011-01-01

The information security audit is definitely a tool for determining, achieving, and maintaining a proper level of security in an organization. This article offers a comprehensive review of the world's most popular standards related to information systems security audit.

Open-Source tools: Incidence in the wireless security of the Technical University of Babahoyo

Directory of Open Access Journals (Sweden)

Joffre León-Acurio

2018-02-01

Full Text Available Computer security is a fundamental part of an organization, especially in Higher Education institutions, where there is very sensitive information, capable of being vulnerable by diffeerent methods of intrusion, the most common being free access through wireless points. The main objective of this research is to analyze the impact of the open source tools in charge of managing the security information of the wireless network, such as OSSIM, a set of active and passive components used to manage events that generate tra c within the network. net. This research exposes the use of free software as a viable option of low cost to solve the problems that a ict student sta , such as lack of access to academic services, problems of wireless interconnectivity, with the purpose to restore confidence in students in the Use of the services offered by the institution for research-related development, guaranteeing free and free access to the internet. The level of dissatisfaction on the part of the students con rms the problem presented at the Technical University of Babahoyo, thus confirming the positive influence of the Open-Source tools for the institution’s wireless security.

76 FR 34761 - Classified National Security Information

Science.gov (United States)

2011-06-14

... MARINE MAMMAL COMMISSION Classified National Security Information [Directive 11-01] AGENCY: Marine... Commission's (MMC) policy on classified information, as directed by Information Security Oversight Office... of Executive Order 13526, ``Classified National Security Information,'' and 32 CFR part 2001...

Information Security Management System toolkit

OpenAIRE

Καραμανλής, Μάνος; Karamanlis, Manos

2016-01-01

Secure management of information is becoming critical for any organization because information is one of the most valuable assets in organization’s business operations. An Information security management system (ISMS) consists of the policies, procedures, guidelines, and associated resources and activities, collectively managed by an organization, in the pursuit of protecting its information assets. An ISMS is a systematic approach for establishing, implementing, operating, mon...

INFORMATION SECURITY MANAGEMENT IN ORGANIZATIONS

OpenAIRE

Ndungu , Maryanne; Kandel, Sushila

2015-01-01

In today's globally interconnected economy, information security has become one of the most complex issues of concern at the world's leading organizations. The capital value of information is significantly increasing and forming a large part of the shareholder value due to increased dependence on information. Organizations that want to achieve competitive advantage amongst other goals have information security at the centre of their concerns. It is now evident that information is a busin...

Concepts for a standard based cross-organisational information security management system in the context of a nationwide EHR.

Science.gov (United States)

Mense, Alexander; Hoheiser-Pförtner, Franz; Schmid, Martin; Wahl, Harald

2013-01-01

Working with health related data necessitates appropriate levels of security and privacy. Information security, meaning ensuring confidentiality, integrity, and availability, is more organizational, than technical in nature. It includes many organizational and management measures, is based on well-defined security roles, processes, and documents, and needs permanent adaption of security policies, continuously monitoring, and measures assessment. This big challenge for any organization leads to implementation of an information security management system (ISMS). In the context of establishing a regional or national electronic health record for integrated care (ICEHR), the situation is worse. Changing the medical information exchange from on-demand peer-to-peer connections to health information networks requires all organizations participating in the EHR system to have consistent security levels and to follow the same security guidelines and rules. Also, the implementation must be monitored and audited, establishing cross-organizational information security management systems (ISMS) based on international standards. This paper evaluates requirements and defines basic concepts for an ISO 27000 series-based cross-organizational ISMS in the healthcare domain and especially for the implementation of the nationwide electronic health record in Austria (ELGA).

39 CFR 267.4 - Information security standards.

Science.gov (United States)

2010-07-01

... 39 Postal Service 1 2010-07-01 2010-07-01 false Information security standards. 267.4 Section 267... INFORMATION § 267.4 Information security standards. (a) The Postal Service will operate under a uniform set of information security standards which address the following functional aspects of information flow and...

48 CFR 1339.107-70 - Information security.

Science.gov (United States)

2010-10-01

... 48 Federal Acquisition Regulations System 5 2010-10-01 2010-10-01 false Information security. 1339... CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 1339.107-70 Information security. (a... coordinate with the designated Contracting Officer Representative (COR) to complete the Information Security...

The UK homeowner-retrofitter as an innovator in a socio-technical system

International Nuclear Information System (INIS)

Galvin, Ray; Sunikka-Blank, Minna

2014-01-01

Policy on domestic thermal retrofits is usually designed as a top-down enterprise, setting standards and inducing homeowners to retrofit accordingly. Its underlying assumption is that correct retrofit technology is developed by experts and comes down through supply chains to households, who apply it as designed to their properties. However, this model is challenged by the insight from socio-technical systems studies (STST) that technology and society mutually form and influence each other at every level of society. Using this conceptual framework, this study investigated whether innovations are happening among retrofitting households, and what support these have for diffusion upwards into supply chains and outwards to other households. Qualitative data was gathered through semi-structured interviews among homeowner-retrofitters plus building professionals and citizens' initiatives which support these, in Cambridge, UK. Local innovation was found in the development of new retrofit technology and novel reconfiguring of existing solutions. Much of this was triggered by clashes between standard retrofit solutions and heritage or aesthetic values, economic necessity, or building professionals' lack of knowledge or experience. The findings suggest that instead of treating homeowners as passive recipients, UK thermal retrofit policy should broaden to identify useful innovations developed by homeowners and support them where appropriate. - Highlights: • Technology and innovations for thermal retrofitting are usually seen as top-down. • A socio-technical systems approach reveals a more active role of homeowners. • Interviews show them as innovators, inventors and teachers of retrofit technique. • Policy needs to identify, assess and disseminate appropriate innovations

Optical and digital techniques for information security

CERN Document Server

2005-01-01

Optical and Digital Techniques for Information Security is the first book in a series focusing on Advanced Sciences and Technologies for Security Applications. This book encompases the results of research investigation and technologies used to secure, verify, recognize, track, and authenticate objects and information from theft, counterfeiting, and manipulation by unauthorized persons and agencies. This Information Security book will draw on the diverse expertise in optical sciences and engineering, digital image processing, imaging systems, information processing, computer based information systems, sensors, detectors, and biometrics to report innovative technologies that can be applied to information security issues. The Advanced Sciences and Technologies for Security Applications series focuses on research monographs in the areas of: -Recognition and identification (including optical imaging, biometrics, authentication, verification, and smart surveillance systems) -Biological and chemical threat detection...

Information security management handbook, v.7

CERN Document Server

O'Hanley, Richard

2013-01-01

Updated annually, the Information Security Management Handbook, Sixth Edition, Volume 7 is the most comprehensive and up-to-date reference available on information security and assurance. Bringing together the knowledge, skills, techniques, and tools required of IT security professionals, it facilitates the up-to-date understanding required to stay one step ahead of evolving threats, standards, and regulations. Reporting on the latest developments in information security and recent changes to the (ISC)2(R) CISSP Common Body of Knowledge (CBK(R)), this volume features 27 new chapters on topics

Renewable energies in transition: from their social acceptability to their socio-technical feasibility

International Nuclear Information System (INIS)

Zelem, M.C.

2012-01-01

The increasing recourse to renewable energies presents an opportunity to guarantee the smooth passage from an energy guzzling and carbon emitting system to one with more reasonable characteristics, allowing our societal structures to aspire for longer durability. This process entails putting aside the notion of social acceptability, which tends to place the weight of responsibility for our energy devouring life styles on consumers, replacing it by the notion of socio-technical feasibility which forces questioning the meaning of technology and political choices in energy matters. (author)

MedlinePlus Connect: Technical Information

Science.gov (United States)

... MedlinePlus Connect → Technical Information URL of this page: https://medlineplus.gov/connect/technical.html MedlinePlus Connect: Technical ... will change.) Old URLs New URLs Web Application https://apps.nlm.nih.gov/medlineplus/services/mpconnect.cfm? ...

Information Security Management in Context of Globalization

OpenAIRE

Wawak, Slawomir

2012-01-01

Modern information technologies are the engine of globalization. At the same time, the global market influences the way of looking at information security. Information security thus becomes an increasingly important field. The article discuses the results of research on information security management systems in public administration in Poland.

reputation Risks through Information Security Incidents

Directory of Open Access Journals (Sweden)

Vitaly Eduardovich Dorokhov

2014-05-01

Full Text Available The article deals with accounting reputational risks arising through information security breaches in the management of a business entity. Security breach incidents which results to the loss of reputation are identified. Based on this analysis the definition of reputational risk in information security is given.

Alpine Windharvest: development of information base regarding potentials and the necessary technical, legal and socio-economic conditions for expanding wind energy in the Alpine Space - Alpine Space wind map - Modeling approach

Energy Technology Data Exchange (ETDEWEB)

Schaffner, B.; Remund, J. [Meteotest, Berne (Switzerland)

2005-07-01

This report presents describes the development work carried out by the Swiss meteorology specialists of the company METEOTEST as part of a project carried out together with the Swiss wind-energy organisation 'Suisse Eole'. The framework for the project is the EU Interreg IIIB Alpine Space Programme, a European Community Initiative Programme funded by the European Regional Development Fund. The project investigated the use of digital relief-analysis. The series of reports describes the development and use of a basic information system to aid the investigation of the technical, legal and socio-economical conditions for the use of wind energy in the alpine area. This report discusses two modelling approaches investigated for use in the definition of a wind map for the alpine area. The method chosen and its application are discussed. The various sources of information for input to the model are listed and discussed.

A Method for Evaluating Information Security Governance (ISG) Components in Banking Environment

Science.gov (United States)

Ula, M.; Ula, M.; Fuadi, W.

2017-02-01

As modern banking increasingly relies on the internet and computer technologies to operate their businesses and market interactions, the threats and security breaches have highly increased in recent years. Insider and outsider attacks have caused global businesses lost trillions of Dollars a year. Therefore, that is a need for a proper framework to govern the information security in the banking system. The aim of this research is to propose and design an enhanced method to evaluate information security governance (ISG) implementation in banking environment. This research examines and compares the elements from the commonly used information security governance frameworks, standards and best practices. Their strength and weakness are considered in its approaches. The initial framework for governing the information security in banking system was constructed from document review. The framework was categorized into three levels which are Governance level, Managerial level, and technical level. The study further conducts an online survey for banking security professionals to get their professional judgment about the ISG most critical components and the importance for each ISG component that should be implemented in banking environment. Data from the survey was used to construct a mathematical model for ISG evaluation, component importance data used as weighting coefficient for the related component in the mathematical model. The research further develops a method for evaluating ISG implementation in banking based on the mathematical model. The proposed method was tested through real bank case study in an Indonesian local bank. The study evidently proves that the proposed method has sufficient coverage of ISG in banking environment and effectively evaluates the ISG implementation in banking environment.

32 CFR 2700.51 - Information Security Oversight Committee.

Science.gov (United States)

2010-07-01

... 32 National Defense 6 2010-07-01 2010-07-01 false Information Security Oversight Committee. 2700... MICRONESIAN STATUS NEGOTIATIONS SECURITY INFORMATION REGULATIONS Implementation and Review § 2700.51 Information Security Oversight Committee. The OMSN Information Security Oversight Committee shall be chaired...

Information security foundations, technologies and applications

CERN Document Server

Awad, Ali Ismail; Fairhurst, Michael

2018-01-01

This book outlines key emerging trends in information security from the foundations and technologies in biometrics, cybersecurity, and big data security to applications in hardware and embedded systems security, computer forensics, the Internet of Things security, and network security.

Information security architecture an integrated approach to security in the organization

CERN Document Server

Killmeyer, Jan

2006-01-01

Information Security Architecture, Second Edition incorporates the knowledge developed during the past decade that has pushed the information security life cycle from infancy to a more mature, understandable, and manageable state. It simplifies security by providing clear and organized methods and by guiding you to the most effective resources available.

Information Security Management: The Study of Lithuanian State Institutions

OpenAIRE

Jastiuginas, Saulius

2012-01-01

Growing information security cases and scope illustrate that the relevance of information security issues becomes critical and present information security means are not sufficient enough to manage information security. Narrow comprehension of information security merely as technological problem is broadened by the research results of economic, managerial, psychological, legal and other related aspects’ influence to information security. Information is named as the object of information s...

Management of technical information department

International Nuclear Information System (INIS)

Kim, T. H.; Han, D. H.; Moon, H. W.

1997-03-01

This report introduces technical information activities in 1996. They are composed of basic tasks and applied tasks. 1. Basic activities - acquisition, cataloging, and Information services 2. Management of KAERI-TIPS (Technical Information Processing System) 3. Construction of the database for nuclear-related Information 4. Role of Specialized Nuclear Information Center in the field of nuclear energy and cooperation with INIS section of IAEA 5. Beside above activities, in 1996 TID homepage was opened and online document delivery service was provided. (author). 25 tabs., 17 figs

Management of technical information department

Energy Technology Data Exchange (ETDEWEB)

Kim, T H; Han, D H; Moon, H W [and others

1997-03-01

This report introduces technical information activities in 1996. They are composed of basic tasks and applied tasks. 1. Basic activities - acquisition, cataloging, and Information services 2. Management of KAERI-TIPS (Technical Information Processing System) 3. Construction of the database for nuclear-related Information 4. Role of Specialized Nuclear Information Center in the field of nuclear energy and cooperation with INIS section of IAEA 5. Beside above activities, in 1996 TID homepage was opened and online document delivery service was provided. (author). 25 tabs., 17 figs.

Communications and information infrastructure security

CERN Document Server

Voeller, John G

2014-01-01

Communication and Information Systems Security features articles from the Wiley Handbook of Science and Technology for Homeland Security covering strategies for protecting the telecommunications sector, wireless security, advanced web based technology for emergency situations. Science and technology for critical infrastructure consequence mitigation are also discussed.

Relationship between stakeholders' information value perception and information security behaviour

Science.gov (United States)

Tajuddin, Sharul; Olphert, Wendy; Doherty, Neil

2015-02-01

The study, reported in this paper, aims to explore the relationship between the stakeholders' perceptions about the value of information and their resultant information security behaviours. Moreover, this study seeks to explore the role of national and organisational culture in facilitating information value assignment. Information Security is a concept that formed from the recognition that information is valuable and that there is a need to protect it. The ISO 27002 defines information as an asset, which, like other important business assets, is essential to an organisation's business and consequently needs to be appropriately protected. By definition, an asset has a value to the organisation hence it requires protection. Information protection is typically accomplished through the implementation of countermeasures against the threats and vulnerabilities of information security, for example, implementation of technological processes and mechanisms such as firewall and authorization and authentication systems, set-up of deterrence procedures such as password control and enforcement of organisational policy on information handling procedures. However, evidence routinely shows that despite such measures, information security breaches and incidents are on the rise. These breaches lead to loss of information, personal records, or other data, with consequent implications for the value of the information asset. A number of studies have suggested that such problems are not related primarily to technology problems or procedural deficiencies, but rather to stakeholders' poor compliance with the security measures that are in place. Research indicates that compliance behaviour is affected by many variables including perceived costs and benefits, national and organisational culture and norms. However, there has been little research to understand the concept of information value from the perspective of those who interact with the data, and the consequences for information

Implementing healthcare information security: standards can help.

Science.gov (United States)

Orel, Andrej; Bernik, Igor

2013-01-01

Using widely spread common approaches to systems security in health dedicated controlled environments, a level of awareness, confidence and acceptance of relevant standardisation is evaluated. Patients' information is sensitive, so putting appropriate organisational techniques as well as modern technology in place to secure health information is of paramount importance. Mobile devices are becoming the top priorities in advanced information security planning with healthcare environments being no exception. There are less and less application areas in healthcare without having a need for a mobile functionality which represents an even greater information security challenge. This is also true in emergency treatments, rehabilitation and homecare just to mention a few areas outside hospital controlled environments. Unfortunately quite often traditional unsecured communications principles are still in routine use for communicating sensitive health related information. The security awareness level with users, patients and care professionals is not high enough so potential threats and risks may not be addressed and the respective information security management is therefore weak. Standards like ISO/IEC 27000 ISMS family, the ISO/IEC 27799 information security guidelines in health are often not well known, but together with legislation principles such as HIPAA, they can help.

Ageing management technical information investigations

Energy Technology Data Exchange (ETDEWEB)

NONE

2013-08-15

In February 2013, there are 50 units of commercial nuclear power plants (NPPs) in Japan. We enter into a period that 20 units of them are operating for more than 30 years. Currently, regulation imposes utilities to conduct ageing technical evaluations of each unit before operation of 30 years from the commissioning, to develop the long term maintenance management policy for next 10 years and to submit to the regulatory authority the policy with the report on ageing management technical evaluation (AMTE) for each NPP. It is necessary for regulatory side to develop technical information bases incorporating latest technical knowledge as operating experiences in domestic and abroad on ageing of the plants necessary to conduct reviews of AMTE for each unit. Based on these standpoints, technical information bases investigations have been conducted from the viewpoints of material degradation of ageing NPPs. In order to develop scientific regulator judgment bases related to ageing management (AM) and long-term operation (LTO), investigations on latest information on ageing management in domestic and abroad are conducted and a set of documents including technical evaluation review manuals necessary to conduct AMTE are prepared. To utilize the results of the investigations for ageing technical evaluation, database including latest information related to AM and LTO are developed, ran and operated. In addition, investigations related to Fugen nuclear plant, under decommissioning plants, investigations on mechanism of stress corrosion cracking (SCC), thermal ageing and preventive technologies for SCC, detection and diagnosis technology for ageing degradation and condition monitoring technology are performed to validate and confirm effectiveness of the technologies. (author)

The use of geographical information systems in socio-economic studies

OpenAIRE

Daplyn, P.; Cropley, J.; Treagust, S.; Gordon, A.

1994-01-01

Geographical information systems (GIS) have found wide and growing applications, as digital remote-sensing data and computer technology have become more sophisticated, more easily available and less expensive. NRI recently undertook preliminary research into potential socio-economic applications of GIS. The feasibility of utilizing spatial data, available in GIS, to model socio-economic relationships was examined. It included the following steps: (a) identification of hypothetical relationshi...

SecurityCom: A Multi-Player Game for Researching and Teaching Information Security Teams

Directory of Open Access Journals (Sweden)

Douglas P. Twitchell

2007-12-01

Full Text Available A major portion of government and business organizations’ attempts to counteract information security threats is teams of security personnel.  These teams often consist of personnel of diverse backgrounds in specific specialties such as network administration, application development, and business administration, resulting in possible conflicts between security, functionality, and availability.  This paper discusses the use of games to teach and research information security teams and outlines research to design and build a simple, team-oriented, configurable, information security game. It will be used to study how information security teams work together to defend against attacks using a multi-player game, and to study the use of games in training security teams.  Studying how information security teams work, especially considering the topic of shared-situational awareness, could lead to better ways of forming, managing, and training teams.  Studying the effectiveness of the game as a training tool could lead to better training for security teams. 

Information technology security system engineering methodology

Science.gov (United States)

Childs, D.

2003-01-01

A methodology is described for system engineering security into large information technology systems under development. The methodology is an integration of a risk management process and a generic system development life cycle process. The methodology is to be used by Security System Engineers to effectively engineer and integrate information technology security into a target system as it progresses through the development life cycle. The methodology can also be used to re-engineer security into a legacy system.

Hash functions and information theoretic security

DEFF Research Database (Denmark)

Bagheri, Nasoor; Knudsen, Lars Ramkilde; Naderi, Majid

2009-01-01

Information theoretic security is an important security notion in cryptography as it provides a true lower bound for attack complexities. However, in practice attacks often have a higher cost than the information theoretic bound. In this paper we study the relationship between information theoretic...

Information security employee handbook: November 2010

OpenAIRE

2013-01-01

This handbook is a quick reference guide to some of the most important points of the London 2012 information security policy. This information security handbook outlines the policies that all staff, secondees, volunteers and certain third parties who process LOCOG information must comply with.

Information security and business continuity in Tecnatom

International Nuclear Information System (INIS)

Fernandez de Miguel, C.

2013-01-01

Information security is a key issue for companies that manage and process nuclear business related data. Availability of information systems as well as new data exchange facilities through simple and broad communication networks are the pillars of cooperation between different organizations, generating significant savings in costs and expanding the capacity to minimeze them. In this regard, information security is one of the major challenges for IT departments. This articles presents Tecnatoms experience in the Information Security Management Implementation project. Over several years, since 2004, the information security management has been developed and consolidated as an ongoing and horizontal process. (Author)

NPP physical protection and information security as necessary conditions for reducing nuclear and radiation accident risks

International Nuclear Information System (INIS)

Pogosov, O.Yu.; Derevyanko, O.V.

2017-01-01

The paper focuses on the fact that nuclear failures and incidents can lead to radioactive contamination of NPP premises. Nuclear and radiation hazard may be caused by malefactors in technological processes when applying computers or inadequate control in case of insufficient level of information security.The researchers performed analysis of factors for reducing risks of nuclear and radiation accidents at NPPs considering specific conditions related to information security of NPP physical protection systems. The paper considers connection of heterogeneous factors that may increase the risk of NPP accidents, possibilities and ways to improve adequate modelling of security of information with limited access directly related to the functioning of automated set of engineering and technical means for NPP physical protection. Within the overall Hutchinson formalization, it is proposed to include additional functional dependencies on indicators specific for NPPs into analysis algorithms.

Database and applications security integrating information security and data management

CERN Document Server

Thuraisingham, Bhavani

2005-01-01

This is the first book to provide an in-depth coverage of all the developments, issues and challenges in secure databases and applications. It provides directions for data and application security, including securing emerging applications such as bioinformatics, stream information processing and peer-to-peer computing. Divided into eight sections, each of which focuses on a key concept of secure databases and applications, this book deals with all aspects of technology, including secure relational databases, inference problems, secure object databases, secure distributed databases and emerging

Information Systems Security: Whose Responsibility? | Senzige ...

African Journals Online (AJOL)

... compounded by the increasingly international nature of information systems, this responsibility still rests with managers only. This paper looks at security concerns related to information systems, identifies the threats and suggests how the security of information systems should be handled. African Journal of Finance and ...

Security classification of information

Energy Technology Data Exchange (ETDEWEB)

Quist, A.S.

1993-04-01

This document is the second of a planned four-volume work that comprehensively discusses the security classification of information. The main focus of Volume 2 is on the principles for classification of information. Included herein are descriptions of the two major types of information that governments classify for national security reasons (subjective and objective information), guidance to use when determining whether information under consideration for classification is controlled by the government (a necessary requirement for classification to be effective), information disclosure risks and benefits (the benefits and costs of classification), standards to use when balancing information disclosure risks and benefits, guidance for assigning classification levels (Top Secret, Secret, or Confidential) to classified information, guidance for determining how long information should be classified (classification duration), classification of associations of information, classification of compilations of information, and principles for declassifying and downgrading information. Rules or principles of certain areas of our legal system (e.g., trade secret law) are sometimes mentioned to .provide added support to some of those classification principles.

39 CFR 267.5 - National Security Information.

Science.gov (United States)

2010-07-01

... 39 Postal Service 1 2010-07-01 2010-07-01 false National Security Information. 267.5 Section 267.5... § 267.5 National Security Information. (a) Purpose and scope. The purpose of this section is to provide regulations implementing Executive Order 12356 National Security Information (hereinafter referred to as the...

Security practices and regulatory compliance in the healthcare industry.

Science.gov (United States)

Kwon, Juhee; Johnson, M Eric

2013-01-01

Securing protected health information is a critical responsibility of every healthcare organization. We explore information security practices and identify practice patterns that are associated with improved regulatory compliance. We employed Ward's cluster analysis using minimum variance based on the adoption of security practices. Variance between organizations was measured using dichotomous data indicating the presence or absence of each security practice. Using t tests, we identified the relationships between the clusters of security practices and their regulatory compliance. We utilized the results from the Kroll/Healthcare Information and Management Systems Society telephone-based survey of 250 US healthcare organizations including adoption status of security practices, breach incidents, and perceived compliance levels on Health Information Technology for Economic and Clinical Health, Health Insurance Portability and Accountability Act, Red Flags rules, Centers for Medicare and Medicaid Services, and state laws governing patient information security. Our analysis identified three clusters (which we call leaders, followers, and laggers) based on the variance of security practice patterns. The clusters have significant differences among non-technical practices rather than technical practices, and the highest level of compliance was associated with hospitals that employed a balanced approach between technical and non-technical practices (or between one-off and cultural practices). Hospitals in the highest level of compliance were significantly managing third parties' breaches and training. Audit practices were important to those who scored in the middle of the pack on compliance. Our results provide security practice benchmarks for healthcare administrators and can help policy makers in developing strategic and practical guidelines for practice adoption.

The SocioEconomic Analysis of Repository Siting (SEARS): Technical description: Final draft

International Nuclear Information System (INIS)

1984-11-01

Socioeconomic impacts must be assessed both for the near term and for the future. One means of addressing the need for the assessment of such impacts has been through the development of the computerized socioeconomic assessment model called the SocioEconomic Analysis of Repository Siting (SEARS) model. The SEARS model was developed for the Battelle Project Management Division. It was refined and adapted from state-of-the-art computerized projection models and thoroughly validated and is now available for use in projecting the likely socioeconomic impacts of a repository facility. This Technical Description is one of six major products that describe the SEARS modeling system. 61 refs., 11 figs., 9 tabs

E-learning stakeholders information security vulnerability model

OpenAIRE

Mohd Alwi, Najwa Hayaati

2012-01-01

The motivation to conduct this research has come from awareness that the Internet exposes the e-learning environment to information security threats and vulnerabilities. Information security management as practised as a top down approach in many organisations tend to detach of people’s responsibility in ensuring the security of e-learning. Literature has pointed out that people’s behaviour required to be addressed to control the information security threats. This research proposes an ISM huma...

EMuRgency: Addressing cardiac arrest with socio-technical innovation in a smart learning region

Directory of Open Access Journals (Sweden)

Sabina Jeschke

2013-08-01

Full Text Available This paper introduces the EMuRgency project. The project has the goal to increase awareness and competences regarding the problem of cardiac arrest in the Euregio Meuse-Rhine (EMR and to use socio-technical innovations to transfer it into a smart learning region. Based on the conscious competence framework solutions for stakeholders on different levels of the framework are introduced, namely a public display network, mobile learning apps and a volunteer notification system. Finally, a future research outlook is given.

Information Security

NARCIS (Netherlands)

Hartel, Pieter H.; Suryana Herman, Nanna; Leukfeldt, E.R.; Stol, W.Ph.

2012-01-01

Information security is all about the protection of digital assets, such as digital content, personal health records, state secrets etc. These assets can be handled by a party who is authorised to access and control the asset or a party who is not authorised to do so. Authorisation determines who is

Teaching RFID Information Systems Security

Science.gov (United States)

Thompson, Dale R.; Di, Jia; Daugherty, Michael K.

2014-01-01

The future cyber security workforce needs radio frequency identification (RFID) information systems security (INFOSEC) and threat modeling educational materials. A complete RFID security course with new learning materials and teaching strategies is presented here. A new RFID Reference Model is used in the course to organize discussion of RFID,…

Alpine Windharvest: development of information base regarding potentials and the necessary technical, legal and socio-economic conditions for expanding wind energy in the Alpine Space - GIS analysis methodology - Workbook and results

Energy Technology Data Exchange (ETDEWEB)

Daellenbach, F.; Schaffner, B. [Meteotest, Berne (Switzerland)

2005-07-01

This report presents the development work carried out by the Swiss meteorology specialists of the company METEOTEST as part of a project carried out together with the Swiss wind-energy organisation 'Suisse Eole'. The framework for the project is the EU Interreg IIIB Alpine Space Programme, a European Community Initiative Programme funded by the European Regional Development Fund. The project investigated the use of digital relief-analysis. The report describes the development of basic information system to aid the investigation of the technical, legal and socio-economical conditions for the use of wind energy in the alpine area. The report deals with the use of Geographic Information Systems (GIS) methodology, which includes three steps: the identification of limiting factors for wind power production, the compilation of a GIS layer for each of these factors and, thirdly, their aggregation into a result layer. The methodology was implemented for four case studies in Austria, Italy, Slovenia and Switzerland.

Optimal Aide Security Information Search (OASIS)

National Research Council Canada - National Science Library

Kapadia, Chetna

2005-01-01

The purpose of the Optimal AIDE Security Information Search (OASIS) effort was to investigate and prototype a tool that can assist the network security analyst in collecting useful information to defend the networks they manage...

32 CFR 2103.51 - Information Security Oversight Committee.

Science.gov (United States)

2010-07-01

... 32 National Defense 6 2010-07-01 2010-07-01 false Information Security Oversight Committee. 2103... BE DECLASSIFIED Implementation and Review § 2103.51 Information Security Oversight Committee. The NCS Information Security Oversight Committee shall be chaired by the Staff Counsel of the National Security...

A socio-technical approach for improving a Brazilian shoe manufacturing system.

Science.gov (United States)

Renner, J S; de M Guimarães, L B; de Oliveira, P A B

2012-01-01

This article presents a macroergonomic intervention in a footwear company in Rio Grande do Sul, Brazil, to improve both the quality of life of the employees and productivity by optimizing the traditional Taylor/Ford work organization. Multi-functionality and team working were implemented as means of making tasks more flexible and richer and the working hours were changed. The results showed a reduction in human and material resource costs and a consequent improvement in health and workers quality of life. Although middle managerial staff displayed strong resistance to the project and to breaking traditional production paradigms, the socio-technical system has been implemented throughout the plant and is expected to end up becoming the benchmark for other companies in the sector. Macro-ergonomics, footwear industry, organization work.

Incorporating Security Quality Requirements Engineering (SQUARE) into Standard Life-Cycle Models

National Research Council Canada - National Science Library

Mead, Nancy R; Viswanathan, Venkatesh; Padmanabhan, Deepa; Raveendran, Anusha

2008-01-01

...). This report is for information technology managers and security professionals, management personnel with technical and information security knowledge, and any personnel who manage security-critical...

Engineering Principles for Information Technology Security (A Baseline for Achieving Security)

National Research Council Canada - National Science Library

Stoneburner, Gary

2001-01-01

The purpose of the Engineering Principles for Information Technology (IT) Security (HP-ITS) is to present a list of system-level security principles to he considered in the design, development, and operation of an information system...

Operations Security (OPSEC) Guide

Science.gov (United States)

2011-04-01

Request for Proposal TAC Threat Analysis Center TECHINT Technical Intelligence TMAP Telecommunications Monitoring and Assessment Program TTP...communications security, use of secure telephones, and a robust Telecommunications Monitoring and Assessment Program ( TMAP ) prevents undetermined...and AFI 33-219, Telecommunications Monitoring and Assessment Program ( TMAP ), or Information Assurance (IA) or Communications Security (COMSEC

Information Security and Integrity Systems

Science.gov (United States)

1990-01-01

Viewgraphs from the Information Security and Integrity Systems seminar held at the University of Houston-Clear Lake on May 15-16, 1990 are presented. A tutorial on computer security is presented. The goals of this tutorial are the following: to review security requirements imposed by government and by common sense; to examine risk analysis methods to help keep sight of forest while in trees; to discuss the current hot topic of viruses (which will stay hot); to examine network security, now and in the next year to 30 years; to give a brief overview of encryption; to review protection methods in operating systems; to review database security problems; to review the Trusted Computer System Evaluation Criteria (Orange Book); to comment on formal verification methods; to consider new approaches (like intrusion detection and biometrics); to review the old, low tech, and still good solutions; and to give pointers to the literature and to where to get help. Other topics covered include security in software applications and development; risk management; trust: formal methods and associated techniques; secure distributed operating system and verification; trusted Ada; a conceptual model for supporting a B3+ dynamic multilevel security and integrity in the Ada runtime environment; and information intelligence sciences.

Complex socio-technical systems: Characterization and management guidelines.

Science.gov (United States)

Righi, Angela Weber; Saurin, Tarcisio Abreu

2015-09-01

Although ergonomics has paid increasing attention to the perspective of complexity, methods for its operationalization are scarce. This study introduces a framework for the operationalization of the "attribute view" of complexity, which involves: (i) the delimitation of the socio-technical system (STS); (ii) the description of four complexity attributes, namely a large number of elements in dynamic interactions, a wide diversity of elements, unexpected variability, and resilience; (iii) the assessment of six management guidelines, namely design slack, give visibility to processes and outcomes, anticipate and monitor the impacts of small changes, monitor the gap between prescription and practice, encourage diversity of perspectives when making decisions, and create an environment that supports resilience; and (iv) the identification of leverage points for improving the STS design, based on both the analysis of relationships among the attributes and their classification as irreducible/manageable complexity, and liability/asset. The use of the framework is illustrated by the study of an emergency department of a University hospital. Data collection involved analysis of documents, observations of work at the front-line, interviews with employees, and the application of questionnaires. Copyright © 2015 Elsevier Ltd and The Ergonomics Society. All rights reserved.

32 CFR 2400.45 - Information Security Program Review.

Science.gov (United States)

2010-07-01

... 32 National Defense 6 2010-07-01 2010-07-01 false Information Security Program Review. 2400.45... SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.45 Information Security Program Review. (a) The Director, OSTP, shall require an annual formal review of the OSTP...

Cyber-crime Science = Crime Science + Information Security

NARCIS (Netherlands)

Hartel, Pieter H.; Junger, Marianne; Wieringa, Roelf J.

2010-01-01

Cyber-crime Science is an emerging area of study aiming to prevent cyber-crime by combining security protection techniques from Information Security with empirical research methods used in Crime Science. Information security research has developed techniques for protecting the confidentiality,

78 FR 5116 - NASA Information Security Protection

Science.gov (United States)

2013-01-24

... 2700-AD61 NASA Information Security Protection AGENCY: National Aeronautics and Space Administration..., projects, plans, or protection services relating to the national security; or (h) The development... implement the provisions of Executive Order (E.O.) 13526, Classified National Security Information, and...

Information security becoming a priority for utilities

Energy Technology Data Exchange (ETDEWEB)

Nicolaides, S. [Numerex, Atlanta, GA (United States)

2009-10-15

As part of North America's national critical infrastructure, utilities are finding themselves at the forefront of a security issue. In October 2007, a leading security service provider reported a 90 per cent increase in the number of hackers attempting to attack its utility clients in just one year. Utilities are vulnerable to cyber attacks that could disrupt power production and the transmission system. This article discussed the need for intelligent technologies in securely enabling resource management and operational efficiency of the utilities market. It discussed the unique security challenges that utilities face at a time of greater regulatory activity, heightened environmental concerns, tighter data security requirements and an increasing need for remote monitoring and control. A new tool has emerged for cyber security in the form of an international standard that may offer a strong guideline to work toward 11 security domains. These include security policy; organization of information security; asset management; human resources security; physical and environmental security; communications and operations management; access control; information systems acquisition; development and maintenance; information security incident management; business continuity management; and compliance. 2 figs.

INFORMATION SECURITY IN LOGISTICS COOPERATION

Directory of Open Access Journals (Sweden)

Tomasz Małkus

2015-03-01

Full Text Available Cooperation of suppliers of raw materials, semi-finished products, finished products, wholesalers, retailers in the form of the supply chain, as well as outsourcing of specialized logistics service require ensuring adequate support of information. It concerns the use of appropriate computer tools. The security of information in such conditions of collaboration becomes the important problem for parties of contract. The objective of the paper is to characterize main issues relating to security of information in logistics cooperation.

Co-evolution of intelligent socio-technical systems modelling and applications in large scale emergency and transport domains

CERN Document Server

2013-01-01

As the interconnectivity between humans through technical devices is becoming ubiquitous, the next step is already in the making: ambient intelligence, i.e. smart (technical) environments, which will eventually play the same active role in communication as the human players, leading to a co-evolution in all domains where real-time communication is essential. This topical volume, based on the findings of the Socionical European research project, gives equal attention to two highly relevant domains of applications: transport, specifically traffic, dynamics from the viewpoint of a socio-technical interaction and evacuation scenarios for large-scale emergency situations. Care was taken to investigate as much as possible the limits of scalability and to combine the modeling using complex systems science approaches with relevant data analysis.

Methodology for Management of Information Security in Industrial Control Systems: A Proof of Concept aligned with Enterprise Objectives.

Directory of Open Access Journals (Sweden)

Fabian Bustamante

2017-04-01

Full Text Available This article is an extended version of the study presented at the IEEE Ecuador Technical Chapters Meeting (ETCM-2016. At that time, a methodological proposal was designed, implemented, and applied in a group of industrial plants for the management of the information security of the Industrial control systems (ICS. The present study displays an adaptation and improvement of such methodology with the purpose of aligning the proposal for the effective management of information security with the strategic objectives. The development of this study has been divided into three distinctive phases. Firstly, we induced the articulation of PMI-PMBOK v5 and ITIL v3 both for the management of the project and for the verification of risks in the IT services. Second, we applied a set of risk mitigation strategies based on international standards as NIST 800-82 and 800-30. Thirdly, we assembled the two mentioned phases in a Guide for standards-based instructions and security policies, which previously have been encouraged on NIST 800-82, 800-53 and 800-12. Hereby, we observed the reduction of incidents of information security, the correct delimitation of the functions of the direct responsible of the ICS and the improvement of the communication between the operative and technical areas of the involved companies. The results demonstrate the functionality of these improvements, especially in the context of the availability and integrity of information, which generates an added value to the enterprise.

Essence and evolution of the economic security notion

Directory of Open Access Journals (Sweden)

Holikov Ivan V.

2014-01-01

Full Text Available The article shows the essence and evolution of the economic security notion. It shows that the “economic security” notion is based on a number of definitions and principles of “security”. It establishes that in the result of development of the post-industrial society and complication of social and state relations, this notion was used with economic orientation. It shows that nowadays economic security is understood as the state, in which such components as financial, information, socio-economic, institutional and legal, technical and technological, intellectual and personnel, power and ecological activity are in the states of “absence of threat”, “safety”, “protection from threats”, “protection”, “reliability”, “stability”, “rest”, “independence” and “within acceptable bounds”. Moreover, there is a system of prevention or reduction of impact of threats under controlled conditions. The article shows that economic security is a dynamic component of the economy, which adapts to the needs of the time. The current stage of the state development requires taking into account specific and address specific features of the object of study (for example, branch for ensuring economic security under conditions of appearance of negative phenomena of uncertainty and risk. The prospect of further studies is developing new systems of economic security with consideration of historical grounds and modern tendencies of development of economic relations.

49 CFR 8.9 - Information Security Review Committee.

Science.gov (United States)

2010-10-01

... 49 Transportation 1 2010-10-01 2010-10-01 false Information Security Review Committee. 8.9 Section.../DECLASSIFICATION/ACCESS Classification/Declassification of Information § 8.9 Information Security Review Committee. (a) There is hereby established a Department of Transportation Information Security Review Committee...

Security leader insights for information protection lessons and strategies from leading security professionals

CERN Document Server

Fahy, Bob

2014-01-01

How do you, as a busy security executive or manager, stay current with evolving issues, familiarize yourself with the successful practices of your peers, and transfer this information to build a knowledgeable, skilled workforce the times now demand? With Security Leader Insights for Information Protection, a collection of timeless leadership best practices featuring insights from some of the nation's most successful security practitioners, you can. This book can be used as a quick and effective resource to bring your security staff up to speed on security's role in information protection. I

Ethical Hacking in Information Security Curricula

Science.gov (United States)

Trabelsi, Zouheir; McCoey, Margaret

2016-01-01

Teaching offensive security (ethical hacking) is becoming a necessary component of information security curricula with a goal of developing better security professionals. The offensive security components extend curricula beyond system defense strategies. This paper identifies and discusses the learning outcomes achieved as a result of hands-on…

Ethical aspects of information security and privacy

NARCIS (Netherlands)

Brey, Philip A.E.; Petkovic, Milan; Jonker, Willem

2007-01-01

This chapter reviews ethical aspects of computer and information security and privacy. After an introduction to ethical approaches to information technology, the focus is first on ethical aspects of computer security. These include the moral importance of computer security, the relation between

ITIL{sup ®} and information security

Energy Technology Data Exchange (ETDEWEB)

Jašek, Roman; Králík, Lukáš; Popelka, Miroslav [Tomas Bata University in Zlin, Faculty of Applied Informatics NadStranemi 4511, 760 05 Zlin (Czech Republic)

2015-03-10

This paper discusses the context of ITIL framework and management of information security. It is therefore a summary study, where the first part is focused on the safety objectives in connection with the ITIL framework. First of all, there is a focus on ITIL process ISM (Information Security Management), its principle and system management. The conclusion is about link between standards, which are related to security, and ITIL framework.

Unification of Information Security Policies for Network Security Solutions

Directory of Open Access Journals (Sweden)

D.S. Chernyavskiy

2012-03-01

Full Text Available Diversity of command languages on network security solutions’ (NSS interfaces causes problems in a process of information security policy (ISP deployment. Unified model for security policy representation and implementation in NSS could aid to avoid such problems and consequently enhance efficiency of the process. The proposed solution is Unified language for network security policy (ULNSP. The language is based on formal languages theory, and being coupled with its translator, ULNSP makes it possible to formalize and implement ISP independently of particular NSS.

When Information Improves Information Security

Science.gov (United States)

Grossklags, Jens; Johnson, Benjamin; Christin, Nicolas

This paper presents a formal, quantitative evaluation of the impact of bounded-rational security decision-making subject to limited information and externalities. We investigate a mixed economy of an individual rational expert and several naïve near-sighted agents. We further model three canonical types of negative externalities (weakest-link, best shot and total effort), and study the impact of two information regimes on the threat level agents are facing.

Network Paradigm of Information Security

Directory of Open Access Journals (Sweden)

Alexandr Diomidovich Afanasyev

2016-03-01

Full Text Available An issue of topological analysis has been claimed as a key one while creating robust and secure network systems. Some examples of complex network applications in information security domain have been cited.

76 FR 4079 - Information Technology (IT) Security

Science.gov (United States)

2011-01-24

... Security, consistent with Federal policies for the security of unclassified information and information... Certification Program, and provide a Web site link within a contract clause to a library where contractors can... Security should be addressed through government-wide policies, standards, and requirements. NASA response...

The (social) construction of information security

NARCIS (Netherlands)

Pieters, Wolter

While the philosophical foundations of information security have been unexamined, there is an implicit philosophy of what protection of information is. This philosophy is based on the notion of containment, taken from analogies with things that offer physical security (e.g., buildings, safes,

Detailed Information Security in Cloud Computing

OpenAIRE

Pavel Valerievich Ivonin

2013-01-01

The object of research in this article is technology of public clouds, structure and security system of clouds. Problems of information security in clouds are considered, elements of security system in public clouds are described.

The Systemic and Global Dimension of Business Resilience in a Socio-Technical Perspective

Directory of Open Access Journals (Sweden)

Paulo Garrido

2016-02-01

Full Text Available This paper proposes to augment the concept of a business resilience improving process by enlarging such a process with a dimension of external action that addresses the vaster frame of systemic resilience of our societies. To this aim, I propose to widen the concept of socio-technical system (STS to human societies, based on the idea that the development and survival of human societies has necessary social and technical factors. I also propose a concept of resilience in terms of dealing with failures of STS. Two particular cases of very large failure avoidance are considered: nuclear war and civilizational collapse, and I propose that such cases should be present in the referred dimension of external action of any business resilience program. Because the action of public governments and their cooperation is crucial for advancing global systemic resilience, I suggest that businesses should analyze and model the decisions of governments in a wider context of naturally occurring cooperating and conflicting human groups.

EFFICIENCY INDICATORS INFORMATION MANAGEMENT IN INTEGRATED SECURITY SYSTEMS

Directory of Open Access Journals (Sweden)

N. S. Rodionova

2014-01-01

Full Text Available Summary. Introduction of information technology to improve the efficiency of security activity leads to the need to consider a number of negative factors associated with in consequence of the use of these technologies as a key element of modern security systems. One of the most notable factor is the exposure to information processes in protection systems security threats. This largely relates to integrated security systems (ISS is the system of protection with the highest level of informatization security functions. Significant damage to protected objects that they could potentially incur as a result of abnormal operation ISS, puts a very actual problem of assessing factors that reduce the efficiency of the ISS to justify the ways and methods to improve it. Because of the nature of threats and blocking distortion of information in the ISS of interest are: the volume undistorted ISF working environment, as a characteristic of data integrity; time access to information as a feature of its availability. This in turn leads to the need to use these parameters as the performance characteristics of information processes in the ISS - the completeness and timeliness of information processing. The article proposes performance indicators of information processes in integrated security systems in terms of optimal control procedures to protect information from unauthorized access. Set the considered parameters allows to conduct comprehensive security analysis of integrated security systems, and to provide recommendations to improve the management of information security procedures in them.

Incentive Issues in Information Security Management

Science.gov (United States)

Lee, Chul Ho

2012-01-01

This dissertation studies three incentive issues in information security management. The first essay studies contract issues between a firm that outsources security functions and a managed security service provider (MSSP) that provides security functions to the firm. Since MSSP and firms cannot observe each other's actions, both can suffer…

76 FR 40296 - Declassification of National Security Information

Science.gov (United States)

2011-07-08

... Declassification of National Security Information AGENCY: National Archives and Records Administration. ACTION... classified national security information in records transferred to NARA's legal custody. The rule incorporates changes resulting from issuance of Executive Order 13526, Classified National Security Information...

75 FR 10507 - Information Security Oversight Office; National Industrial Security Program Policy Advisory...

Science.gov (United States)

2010-03-08

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office; National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: National Archives and Records... individuals planning to attend must be submitted to the Information Security Oversight Office (ISOO) no later...

The information systems security officer's guide establishing and managing an information protection program

CERN Document Server

Kovacich, Gerald L

2003-01-01

Information systems security continues to grow and change based on new technology and Internet usage trends. In order to protect your organization's confidential information, you need information on the latest trends and practical advice from an authority you can trust. The new ISSO Guide is just what you need. Information Systems Security Officer's Guide, Second Edition, from Gerald Kovacich has been updated with the latest information and guidance for information security officers. It includes more information on global changes and threats, managing an international information secur

Information Security Intelligence as a Basis for Modern Information Security Management

OpenAIRE

Natalia Georgievna Miloslavskaya; Aleksandr Ivanovich Tolstoy

2013-01-01

There is a transfer from the simple Log Management Systems and SIEM systems to those supporting Information Security Intelligence (ISI). ISIe as Business Intelligence enables companies to make more informed business decisions through more effective processing of great volumes of available information concerning their IT infrastructure. The relevance of such a transition is defined. The main goal and advantage of ISI are highlighted. The basic functionality of computer-based systems for ISI ar...

Problem of Information Security Traffic on Internet

Directory of Open Access Journals (Sweden)

Slavko Šarić

2012-10-01

Full Text Available Internet information traffic becomes greater and moreimportant. With increasing growth of information importancerequirement for its security becomes indispensable. Theinformation security problem especially affect large and smallcompanies whose prosperity is depending on Internet presence.This affecting the three areas of Internet commerce: credit cardtransactions, virtual private networks and digital certification.To ensure information traffic it is necessary to find a solution,in a proper way, for three major problems: frontier problem,market problem and government problem. While the eventualemergence of security standards for Internet transactions isexpected, it will not automatically result in secure Internettransactions. In future, there is a wealth of security issues thatwill continue to require attention: internal security, continuedhacking, social engineering, malicious code, reliability andperformance, skills shortages and denial of se1vice attacks.

Convergence of Corporate and Information Security

OpenAIRE

Syed; Rahman, M.; Donahue, Shannon E.

2010-01-01

As physical and information security boundaries have become increasingly blurry many organizations are experiencing challenges with how to effectively and efficiently manage security within the corporate. There is no current standard or best practice offered by the security community regarding convergence; however many organizations such as the Alliance for Enterprise Security Risk Management (AESRM) offer some excellent suggestions for integrating a converged security program. This paper rep...

Information fusion for cyber-security analytics

CERN Document Server

Karabatis, George; Aleroud, Ahmed

2017-01-01

This book highlights several gaps that have not been addressed in existing cyber security research. It first discusses the recent attack prediction techniques that utilize one or more aspects of information to create attack prediction models. The second part is dedicated to new trends on information fusion and their applicability to cyber security; in particular, graph data analytics for cyber security, unwanted traffic detection and control based on trust management software defined networks, security in wireless sensor networks & their applications, and emerging trends in security system design using the concept of social behavioral biometric. The book guides the design of new commercialized tools that can be introduced to improve the accuracy of existing attack prediction models. Furthermore, the book advances the use of Knowledge-based Intrusion Detection Systems (IDS) to complement existing IDS technologies. It is aimed towards cyber security researchers. .

Alpine Windharvest: development of information base regarding potentials and the necessary technical, legal and socio-economic conditions for expanding wind energy in the Alpine Space - Digital relief analysis - Abstract of work package 7

Energy Technology Data Exchange (ETDEWEB)

Schaffner, B.; Cattin, R. [Meteotest, Berne (Switzerland)

2005-07-01

This report presents an abstract of the development work carried out by the Swiss meteorology specialists METEOTEST as part of a project carried out together with the Swiss wind-energy organisation 'Suisse Eole'. The framework for the project is the EU Interreg IIIB Alpine Space Programme, a European Community Initiative Programme funded by the European Regional Development Fund. The project investigated the use of digital relief-analysis. The series of reports describes the development and use of a basic information system to aid the investigation of the technical, legal and socio-economical conditions for the use of wind energy in the alpine area. This report presents an abstract of the work done as part of the Work Package 7 of the Alpine Windharvest project.

Report: Information Security Series: Security Practices Safe Drinking Water Information System

Science.gov (United States)

Report #2006-P-00021, March 30, 2006. We found that the Office of Water (OW) substantially complied with many of the information security controls reviewed and had implemented practices to ensure production servers are monitored.

78 FR 48076 - Facility Security Clearance and Safeguarding of National Security Information and Restricted Data

Science.gov (United States)

2013-08-07

...-2011-0268] RIN 3150-AJ07 Facility Security Clearance and Safeguarding of National Security Information..., Classified National Security Information. The rule would allow licensees flexibility in determining the means... licensee security education and training programs and enhances the protection of classified information...

Survey of network and information security technology

International Nuclear Information System (INIS)

Liu Baoxu; Wang Xiaozhen

2007-01-01

With the rapidly development of the computer network technology and informationize working of our Country, Network and Information Security issues becomes the focal point problem that people shows solicitude for. On the basis analysing security threat and challenge of network information and their developing trend. This paper briefly analyses and discusses the main relatively study direction and content about the theory, technology and practice of Network and Information Security. (authors)

INFORMATION SECURITY IN MOBILE MODULAR MEASURING SYSTEMS

Directory of Open Access Journals (Sweden)

A. N. Tkhishev

2017-01-01

Full Text Available A special aspect of aircraft test is carrying out both flight evaluation and ground operation evaluation in a structure of flying aids and special tools equipment. The specific of flight and sea tests involve metering in offshore zone, which excludes the possibility of fixed geodetically related measuring tools. In this regard, the specific role is acquired by shipbased measurement systems, in particular the mobile modular measuring systems. Information processed in the mobile modular measurement systems is a critical resource having a high level of confidentiality. When carrying out their functions, it should be implemented a proper information control of the mobile modular measurement systems to ensure their protection from the risk of data leakage, modification or loss, i.e. to ensure a certain level of information security. Due to the specific of their application it is difficult to solve the problems of information security in such complexes. The intruder model, the threat model, the security requirements generated for fixed informatization objects are not applicable to mobile systems. It was concluded that the advanced mobile modular measuring systems designed for flight experiments monitoring and control should be created due to necessary information protection measures and means. The article contains a diagram of security requirements formation, starting with the data envelopment analysis and ending with the practical implementation. The information security probabilistic model applied to mobile modular measurement systems is developed. The list of current security threats based on the environment and specific of the mobile measurement system functioning is examined. The probabilistic model of the information security evaluation is given. The problems of vulnerabilities transformation of designed information system into the security targets with the subsequent formation of the functional and trust requirements list are examined.

Information Security for Compliance with Select Agent Regulations

Science.gov (United States)

Lewis, Nick; Campbell, Mark J.

2015-01-01

The past decade has seen a significant rise in research on high-consequence human and animal pathogens, many now known as “select agents.” While physical security around these agents is tightly regulated, information security standards are still lagging. The understanding of the threats unique to the academic and research environment is still evolving, in part due to poor communication between the various stakeholders. Perhaps as a result, information security guidelines published by select agent regulators lack the critical details and directives needed to achieve even the lowest security level of the Federal Information Security Management Act (FISMA). While only government agencies are currently required to abide by the provisions of FISMA (unless specified as preconditions for obtaining government grants or contracts—still a relatively rare or narrowly scoped occurrence), the same strategies were recently recommended by executive order for others. We propose that information security guidelines for select agent research be updated to promulgate and detail FISMA standards and processes and that the latter be ultimately incorporated into select agent regulations. We also suggest that information security in academic and research institutions would greatly benefit from active efforts to improve communication among the biosecurity, security, and information technology communities, and from a secure venue for exchange of timely information on emerging threats and solutions in the research environment. PMID:26042864

Information security for compliance with select agent regulations.

Science.gov (United States)

Lewis, Nick; Campbell, Mark J; Baskin, Carole R

2015-01-01

The past decade has seen a significant rise in research on high-consequence human and animal pathogens, many now known as "select agents." While physical security around these agents is tightly regulated, information security standards are still lagging. The understanding of the threats unique to the academic and research environment is still evolving, in part due to poor communication between the various stakeholders. Perhaps as a result, information security guidelines published by select agent regulators lack the critical details and directives needed to achieve even the lowest security level of the Federal Information Security Management Act (FISMA). While only government agencies are currently required to abide by the provisions of FISMA (unless specified as preconditions for obtaining government grants or contracts--still a relatively rare or narrowly scoped occurrence), the same strategies were recently recommended by executive order for others. We propose that information security guidelines for select agent research be updated to promulgate and detail FISMA standards and processes and that the latter be ultimately incorporated into select agent regulations. We also suggest that information security in academic and research institutions would greatly benefit from active efforts to improve communication among the biosecurity, security, and information technology communities, and from a secure venue for exchange of timely information on emerging threats and solutions in the research environment.

Developing an Undergraduate Information Systems Security Track

Science.gov (United States)

Sharma, Aditya; Murphy, Marianne C.; Rosso, Mark A.; Grant, Donna

2013-01-01

Information Systems Security as a specialized area of study has mostly been taught at the graduate level. This paper highlights the efforts of establishing an Information Systems (IS) Security track at the undergraduate level. As there were many unanswered questions and concerns regarding the Security curriculum, focus areas, the benefit of…

Network Security: What Non-Technical Administrators Must Know

Science.gov (United States)

Council, Chip

2005-01-01

Now it is increasingly critical that community college leaders become involved in network security and partner with their directors of information technology (IT). Network security involves more than just virus protection software and firewalls. It involves vigilance and requires top executive support. Leaders can help their IT directors to…

Information Security Intelligence as a Basis for Modern Information Security Management

Directory of Open Access Journals (Sweden)

Natalia Georgievna Miloslavskaya

2013-12-01

Full Text Available There is a transfer from the simple Log Management Systems and SIEM systems to those supporting Information Security Intelligence (ISI. ISIe as Business Intelligence enables companies to make more informed business decisions through more effective processing of great volumes of available information concerning their IT infrastructure. The relevance of such a transition is defined. The main goal and advantage of ISI are highlighted. The basic functionality of computer-based systems for ISI are determined.

MOBILE DEVICES AND EFFECTIVE INFORMATION SECURITY

Directory of Open Access Journals (Sweden)

Igor Bernik

2013-05-01

Full Text Available Rapidly increasing numbers of sophisticated mobile devices (smart phones, tab computers, etc. all over the world mean that ensuring information security will only become a more pronounced problem for individuals and organizations. It’s important to effectively protect data stored on or accessed by mobile devices, and also during transmission of data between devices and between device and information system. Technological and other trends show, that the cyber threats are also rapidly developing and spreading. It's crucial to educate users about safe usage and to increase their awareness of security issues. Ideally, users should keep-up with technological trends and be well equipped with knowledge otherwise mobile technology will significantly increase security risks. Most important is that we start educating youth so that our next generations of employees will be part of a culture of data and information security awareness.

The Impact of Information Richness on Information Security Awareness Training Effectiveness

Science.gov (United States)

Shaw, R. S.; Chen, Charlie C.; Harris, Albert L.; Huang, Hui-Jou

2009-01-01

In recent years, rapid progress in the use of the internet has resulted in huge losses in many organizations due to lax security. As a result, information security awareness is becoming an important issue to anyone using the Internet. To reduce losses, organizations have made information security awareness a top priority. The three main barriers…

Validity of information security policy models

Directory of Open Access Journals (Sweden)

Joshua Onome Imoniana

Full Text Available Validity is concerned with establishing evidence for the use of a method to be used with a particular set of population. Thus, when we address the issue of application of security policy models, we are concerned with the implementation of a certain policy, taking into consideration the standards required, through attribution of scores to every item in the research instrument. En today's globalized economic scenarios, the implementation of information security policy, in an information technology environment, is a condition sine qua non for the strategic management process of any organization. Regarding this topic, various studies present evidences that, the responsibility for maintaining a policy rests primarily with the Chief Security Officer. The Chief Security Officer, in doing so, strives to enhance the updating of technologies, in order to meet all-inclusive business continuity planning policies. Therefore, for such policy to be effective, it has to be entirely embraced by the Chief Executive Officer. This study was developed with the purpose of validating specific theoretical models, whose designs were based on literature review, by sampling 10 of the Automobile Industries located in the ABC region of Metropolitan São Paulo City. This sampling was based on the representativeness of such industries, particularly with regards to each one's implementation of information technology in the region. The current study concludes, presenting evidence of the discriminating validity of four key dimensions of the security policy, being such: the Physical Security, the Logical Access Security, the Administrative Security, and the Legal & Environmental Security. On analyzing the Alpha of Crombach structure of these security items, results not only attest that the capacity of those industries to implement security policies is indisputable, but also, the items involved, homogeneously correlate to each other.

Computer and information security handbook

CERN Document Server

Vacca, John R

2012-01-01

The second edition of this comprehensive handbook of computer and information security provides the most complete view of computer security and privacy available. It offers in-depth coverage of security theory, technology, and practice as they relate to established technologies as well as recent advances. It explores practical solutions to many security issues. Individual chapters are authored by leading experts in the field and address the immediate and long-term challenges in the authors' respective areas of expertise. The book is organized into 10 parts comprised of 70 contributed

Information Security Role Model for Staff of Banking Structures

Directory of Open Access Journals (Sweden)

A. O. Vybornov

2012-12-01

Full Text Available Categories roles of information security employees of the banking organization are defined. Functional roles are described. The relationship between functional roles, employees, functions and authority are defined. The role of information security employees of the banking organization for information security system and information security management system are described. Recommendations for the implementation phases of the selection and appointment of the functional roles and to control the selection and role assignment information security employees of the banking organization are stated.

Encyclopedia of Information Ethics and Security

Directory of Open Access Journals (Sweden)

Reviewed by Yavuz AKBULUT

2008-01-01

Full Text Available 233Rapid developments in information andcommunication technologies have created newsecurity threats along with ethical dilemmas. Thesedevelopments have been so fast that appropriatesecurity precautions and ethical codes fail to keeppace with the technological developments. In thisrespect, education of both professionals andordinary citizens regarding information technologyethics carries utmost importance. Encyclopedia ofInformation Ethics and Security serves as anauthentic and comprehensive reference source onsecurity and ethical issues related to informationand communication technologies. The encyclopediais consisted of 661 pages (+xvii covering a total of95 alphabetically ordered chapters on informationethics and security, which are followed by twocomprehensive sets of indexes. Each entry is anauthoritative contribution followed by in-depthdefinitions of relevant terminology and acronyms.The total number of key terms included in the encyclopedia is approximately 700. Thesource also includes more than 2000 references to existing literature on ethical andsecurity issues related to information and communication technologies. A total of 148respected scholars and leading experts all around the world contributed to the source.As indicated in the preface of the encyclopedia by editor, all entries were subjected toan initial double-blind peer review and an additional review prior to acceptance forpublication. Chapters mostly have parallel layouts beginning with a clear introductionfollowed by the theoretical background and the contribution. Each chapter concludeswith invaluable ethical implications for the field along with suggestions for furtherThe editor, Marian Quigley (PhD – Monash University, Australia; BA – ChisholmInstitute of Technology, Australia; Higher Diploma of Teaching Secondary [Art andCraft] is a former senior lecturer in the Faculty of Information Technology, MonashUniversity, Australia. She primarily works on the social effects

Airport Managers' Perspectives on Security and Safety Management Systems in Aviation Operations: A Multiple Case Study

Science.gov (United States)

Brown, Willie L., Jr.

Global terrorism continues to persist despite the great efforts of various countries to protect and safely secure their citizens. As airports form the entry and exit ports of a country, they are one of the most vulnerable locations to terror attacks. Managers of international airports constantly face similar challenges in developing and implementing airport security protocols. Consequently, the technological advances of today have brought both positive and negative impacts on security and terrorism of airports, which are mostly managed by the airport managers. The roles of the managers have greatly increased over the years due to technological advances. The developments in technology have had different roles in security, both in countering terrorism and, at the same time, increasing the communication methods of the terrorists. The purpose of this qualitative multiple case study was to investigate the perspectives of airport managers with regard to societal security and social interactions in the socio-technical systems of the National Terrorism Advisory System (NTAS). Through the data gained regarding managers' perception and experiences, the researcher hoped to enable the development of security measures and policies that are appropriate for airports as socio-technical systems. The researcher conducted interviews with airport managers to gather relevant data to fulfill the rationale of the study. Ten to twelve airport managers based in three commercial aviation airports in Maryland, United States participated in the study. The researcher used a qualitative thematic analysis procedure to analyze the data responses of participants in the interview sessions.

76 FR 67750 - Homeland Security Information Network Advisory Committee

Science.gov (United States)

2011-11-02

... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2011-0107] Homeland Security Information Network... Information Network Advisory Committee. SUMMARY: The Secretary of Homeland Security has determined that the renewal of the Homeland Security Information Network Advisory Committee (HSINAC) is necessary and in the...

Contraceptive security, information flow, and local adaptations: family planning Morocco.

Science.gov (United States)

Chandani, Y; Breton, G

2001-12-01

Many developing countries increasingly recognize and acknowledge family planning as a critical part of socio-economic development. However, with few health dollars to go around, countries tend to provide essential drugs for curative care, rather than for family planning products. Donors have historically provided free contraceptives for family planning services. Whether products are donated or purchased by the country, a successful family planning program depends on an uninterrupted supply of products, beginning with the manufacturer and ending with the customer. Any break in the supply chain may cause a family planning program to fail. A well-functioning logistics system can manage the supply chain and ensure that the customers have the products they need, when they need them. Morocco was selected for the case study. The researchers had ready access to key informants and information about the Logistics Management Information System. Because the study had time and resource constraints, research included desktop reviews and interview, rather than data collection in the field. The case study showed that even in a challenging environment an LMIS can be successfully deployed and fully supported by the users. It is critical to customize the system to a country-specific situation to ensure buy-in for the implementation. Significant external support funding and technical expertise are critical components to ensure the initial success of the system. Nonetheless, evidence from the case study shows that, after a system has been implemented, the benefits may not ensure its institutionalization. Other support, including local funding and technical expertise, is required.

Department of Energy security program needs effective information systems

International Nuclear Information System (INIS)

1991-10-01

Although security is an important, nearly billion-dollar-a-year function in the Department of Energy (DOE), key information systems that hold important data about security weaknesses and incidents have limited analytical capabilities and contain unreliable information. The resultant difficulty in identifying patterns and trends reduces managers' ability to ensure the effectiveness of the security program. Resources are also wasted because DOE has deployed incompatible systems that are unable to electronically share or transfer data, often forcing employees to manually re-enter data that are already stored in computers elsewhere. Finally, continuing data problems with other important security information systems, such as those used to track security clearances and classified documents, indicate that information system deficiencies are extensive. A major reason for these problems is that DOE has not done a comprehensive, strategic assessment of its information and information technology needs of the security program. DOE's efforts are fragmented because it has not assigned to any organization the leadership responsibility to determine security information needs and to plan and manage security information resources Department-wide. This paper reports that a number of changes are needed to correct these problems and take advantage of information technology to help strengthen the security program

A socio-technical system framework for risk-informed performance-based building regulation

NARCIS (Netherlands)

Meacham, B.J.; Straalen, IJ.J. van

2017-01-01

Building regulatory systems have been evolving in recent decades, first with a transition to a functional or performance basis, and more recently with the introduction of new societal objectives, including those related to sustainability and climate change resiliency. Various policy and technical

Agents Based e-Commerce and Securing Exchanged Information

Science.gov (United States)

Al-Jaljouli, Raja; Abawajy, Jemal

Mobile agents have been implemented in e-Commerce to search and filter information of interest from electronic markets. When the information is very sensitive and critical, it is important to develop a novel security protocol that can efficiently protect the information from malicious tampering as well as unauthorized disclosure or at least detect any malicious act of intruders. In this chapter, we describe robust security techniques that ensure a sound security of information gathered throughout agent’s itinerary against various security attacks, as well as truncation attacks. A sound security protocol is described, which implements the various security techniques that would jointly prevent or at least detect any malicious act of intruders. We reason about the soundness of the protocol usingSymbolic Trace Analyzer (STA), a formal verification tool that is based on symbolic techniques. We analyze the protocol in key configurations and show that it is free of flaws. We also show that the protocol fulfils the various security requirements of exchanged information in MAS, including data-integrity, data-confidentiality, data-authenticity, origin confidentiality and data non-repudiability.

Information Governance: A Model for Security in Medical Practice

Directory of Open Access Journals (Sweden)

Patricia A.H. Williams

2007-03-01

Full Text Available Information governance is becoming an important aspect of organisational accountability. In consideration that information is an integral asset of most organisations, the protection of this asset will increasingly rely on organisational capabilities in security.  In the medical arena this information is primarily sensitive patient-based information. Previous research has shown that application of security measures is a low priority for primary care medical practice and that awareness of the risks are seriously underestimated. Consequently, information security governance will be a key issue for medical practice in the future. Information security governance is a relatively new term and there is little existing research into how to meet governance requirements. The limited research that exists describes information security governance frameworks at a strategic level. However, since medical practice is already lagging in the implementation of appropriate security, such definition may not be practical although it is obviously desirable. This paper describes an on-going action research project undertaken in the area of medical information security, and presents a tactical approach model aimed at addressing information security governance and the protection of medical data. 

Forecasting of Information Security Related Incidents: Amount of Spam Messages as a Case Study

Science.gov (United States)

Romanov, Anton; Okamoto, Eiji

With the increasing demand for services provided by communication networks, quality and reliability of such services as well as confidentiality of data transfer are becoming ones of the highest concerns. At the same time, because of growing hacker's activities, quality of provided content and reliability of its continuous delivery strongly depend on integrity of data transmission and availability of communication infrastructure, thus on information security of a given IT landscape. But, the amount of resources allocated to provide information security (like security staff, technical countermeasures and etc.) must be reasonable from the economic point of view. This fact, in turn, leads to the need to employ a forecasting technique in order to make planning of IT budget and short-term planning of potential bottlenecks. In this paper we present an approach to make such a forecasting for a wide class of information security related incidents (ISRI) — unambiguously detectable ISRI. This approach is based on different auto regression models which are widely used in financial time series analysis but can not be directly applied to ISRI time series due to specifics related to information security. We investigate and address this specifics by proposing rules (special conditions) of collection and storage of ISRI time series, adherence to which improves forecasting in this subject field. We present an application of our approach to one type of unambiguously detectable ISRI — amount of spam messages which, if not mitigated properly, could create additional load on communication infrastructure and consume significant amounts of network capacity. Finally we evaluate our approach by simulation and actual measurement.

Security Clearances and the Protection of National Security Information: Law and Procedures

National Research Council Canada - National Science Library

Cohen, Sheldon

2000-01-01

... designed to protect National Security information. The report provides an authoritative compendium for lawyers, security officers and for managers of corporations who must deal with the legal and procedural aspects of security clearances...

Informed consent: a socio-legal study.

Science.gov (United States)

Rathor, M Y; Rani, Mohammad Fauzi Abdul; Shah, Azarisman Mohammad; Akter, Sheikh Fariuddin

2011-12-01

Informed consent [IC] is a recognized socio-legal obligation for the medical profession. The doctrine of IC involves the law, which aims to ensure the lawfulness of health assistance and tends to reflect the concept of autonomy of the person requiring and requesting medical and/or surgical treatment. Recent changes in the health care delivery system and the complex sociological settings, in which it is practiced, have resulted in an increase in judicial activity and medical negligence lawsuits for physicians. While IC is a well-established practice, it often fails to meet its stated purpose. In the common law, the standard of medical care to disclose risks has been laid down by the Bolam test- a familiar concept to most physicians, but it has been challenged recently in many jurisdictions. This paper aims to discuss some important judgments in cases of alleged medical negligence so as to familiarize doctors regarding their socio-legal obligations. We also propose to discuss some factors that influence the quality of IC in clinical practice. Literature review. The law of medical consent has been undergoing changes in recent years. Case law appears to be evolving towards a more patient centered standard of disclosure. Patient's expectations are higher and they are aware of the power of exercising their rights. Failure to obtain IC is one of the common allegations in medical malpractice suits. The medical professionals need to change their mindset and avoid claims of negligence by providing information that is "reasonable" in the eyes of the court.

Information Security: Comments on the Proposed Federal Information Security Management Act of 2002

National Research Council Canada - National Science Library

Dacey, Robert

2002-01-01

... 2001.1 Concerned with reports that continuing, pervasive information security weaknesses place federal operations at significant risk of disruption, tampering, fraud, and inappropriate disclosures...

Social Networks and Corporate Information Security

Directory of Open Access Journals (Sweden)

Ekaterina Gennadievna Kondratova

2013-06-01

Full Text Available It is defined in the article social networks as a tool in the hands of cyber-criminals to compromise the organization’s data. The author focuses on a list of threats to information security caused by social networks usage, which should be considered in the set up of information security management system of the company.

Using Financial Instruments to Transfer the Information Security Risks

Directory of Open Access Journals (Sweden)

Pankaj Pandey

2016-05-01

Full Text Available For many individuals and organizations, cyber-insurance is the most practical and only way of handling a major financial impact of an information security event. However, the cyber-insurance market suffers from the problem of information asymmetry, lack of product diversity, illiquidity, high transaction cost, and so on. On the other hand, in theory, capital market-based financial instruments can provide a risk transfer mechanism with the ability to absorb the adverse impact of an information security event. Thus, this article addresses the limitations in the cyber-(reinsurance markets with a set of capital market-based financial instruments. This article presents a set of information security derivatives, namely options, vanilla options, swap, and futures that can be traded at an information security prediction market. Furthermore, this article demonstrates the usefulness of information security derivatives in a given scenario and presents an evaluation of the same in comparison with cyber-insurance. In our analysis, we found that the information security derivatives can at least be a partial solution to the problems in the cyber-insurance markets. The information security derivatives can be used as an effective tool for information elicitation and aggregation, cyber risk pricing, risk hedging, and strategic decision making for information security risk management.

Socio-Hydrological Observatory for Water Security (SHOWS): Examples of Adaptation Strategies With Next Challenges from Brazilian Risk Areas

Science.gov (United States)

Souza, F. A. A. D.; Mendiondo, E. M.; Taffarello, D.; Guzmán-Arias, D.; Fava, M. C.; Abreu, F.; Freitas, C. C.; de Macedo, M. B.; Estrada, C. R.; do Lago, C. A.

2017-12-01

In Brazil, more than 40,000 hot-spot areas, with vulnerable human settlements with ca. 120 million inhabitants and responsible of 60% of Brazilian Gross Net Product, are threatened by hydrological-driven disaster risks. In these areas, local resilient actions and adaptation strategies do integrate the current Brazilian Act and Regulation of Laws of urban waters, climate change and civil protection. However, these initiatives are still under slow progress, especially to cope with floods, landslides, droughts, progressive biodiversity losses and energy burnouts. Here we address these hot-spots through the concept of Socio-Hydrological Observatory for Water Security (SHOWS), with a mix of adaptation strategies, open-source, big data analysis and societal feedbacks. On the one hand, SHOWS merges strategies like the dynamic framework of water security (Srinivasan et al, 2017), drought risk mapping (Rossato et al, 2017) and water securitization under varying water demand and climate change until year 2100 (Mohor & Mendiondo, 2017; Guzmán-Arias et al, 2017). SHOWS acknowledges different perspectives of water insecurity, several spatiotemporal scales and regime shifts in socio-hydrologic systems. On the one hand, SHOWS links field monitoring during water insecurity hazards (Taffarello et al, 2016), ecosystem-based adaptation networks, and decision-making and big data sources to disaster management (Horita et al, 2017). By using selected examples from two Brazilian running interdisciplinary research aliances, i.e. CAPES-ProAlertas CEMADEN-CEPED/USP and the CNPq/FAPESP National Institute of Science & Technology on Climate Change-II Water Security, we also face the limits, the pros and cons of SHOWS' assumptions. Through real-cases paradoxes, (i.e. 2013/2014 drought), water dashboards and coevolution trends (i.e. impacts on river basin committees from scenarios until 2050, 2100 in NE & SE Brazil), SHOWS helps on guiding decisionmaking for next societal steps of water

Information Security and the Internet.

Science.gov (United States)

Doddrell, Gregory R.

1996-01-01

As business relies less on "fortress" style central computers and more on distributed systems, the risk of disruption increases because of inadequate physical security, support services, and site monitoring. This article discusses information security and why protection is required on the Internet, presents a best practice firewall, and…

78 FR 48037 - Facility Security Clearance and Safeguarding of National Security Information and Restricted Data

Science.gov (United States)

2013-08-07

... Clearance and Safeguarding of National Security Information and Restricted Data AGENCY: Nuclear Regulatory... the objectives of Executive Order 13526, Classified National Security Information. The rule allows... signed Executive Order 13526, Classified National Security Information, which was published in the...

Assessing Information Security Strategies, Tactics, Logic and Framework

CERN Document Server

Vladimirov, Andrew; Michajlowski, Andriej

2010-01-01

This book deals with the philosophy, strategy and tactics of soliciting, managing and conducting information security audits of all flavours. It will give readers the founding principles around information security assessments and why they are important, whilst providing a fluid framework for developing an astute 'information security mind' capable of rapid adaptation to evolving technologies, markets, regulations, and laws.

The application of artificial intelligence within information security.

OpenAIRE

2012-01-01

D.Phil. Computer-based information systems will probably always have to contend with security issues. Much research have already gone into the field of information security. These research results have yielded some very sophisticated and effective security mechanisms and procedures. However, due to the ever increasing sophistication of criminals, combined with the ever changing and evolving information technology environment, some limitations still exist within the field of information sec...

10 CFR 2.905 - Access to restricted data and national security information for parties; security clearances.

Science.gov (United States)

2010-01-01

... information for parties; security clearances. 2.905 Section 2.905 Energy NUCLEAR REGULATORY COMMISSION RULES... to Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.905 Access to restricted data and national security information for parties; security clearances. (a) Access...

Information Security – Guidance for Manually Completing the Information Security Awareness Training

Science.gov (United States)

The purpose of this guidance is to provide an alternative manual process for disseminating EPA Information Security Awareness Training (ISAT) materials and collecting results from EPA users who elect to complete the ISAT manually.

Novel approach to information security management of confidential ...

African Journals Online (AJOL)

Novel approach to information security management of confidential and propriety information ... Journal of Fundamental and Applied Sciences ... valuable information by using steganography it can have a major impact security management.

Three Essays on Information Security Policies

Science.gov (United States)

Yang, Yubao

2011-01-01

Information security breaches pose a significant and increasing threat to national security and economic well-being. In the Symantec Internet Security Threat Report (2003), companies surveyed experienced an average of about 30 attacks per week. Anecdotal evidence suggests that losses from cyber-attacks can run into millions of dollars. The CSI-FBI…

Information security of power enterprises of North-Arctic region

Science.gov (United States)

Sushko, O. P.

2018-05-01

The role of information technologies in providing technological security for energy enterprises is a component of the economic security for the northern Arctic region in general. Applying instruments and methods of information protection modelling of the energy enterprises' business process in the northern Arctic region (such as Arkhenergo and Komienergo), the authors analysed and identified most frequent risks of information security. With the analytic hierarchy process based on weighting factor estimations, information risks of energy enterprises' technological processes were ranked. The economic estimation of the information security within an energy enterprise considers weighting factor-adjusted variables (risks). Investments in information security systems of energy enterprises in the northern Arctic region are related to necessary security elements installation; current operating expenses on business process protection systems become materialized economic damage.

Technical Network

CERN Multimedia

2007-01-01

In order to optimize the management of the Technical Network (TN), to ease the understanding and purpose of devices connected to the TN, and to improve security incident handling, the Technical Network Administrators and the CNIC WG have asked IT/CS to verify the "description" and "tag" fields of devices connected to the TN. Therefore, persons responsible for systems connected to the TN will receive email notifications from IT/CS asking them to add the corresponding information in the network database. Thank you very much for your cooperation. The Technical Network Administrators & the CNIC WG

SOCIO-ENVIRONMENTAL FOOD SECURITY OBSERVATORY: ANALYSIS OF FOOD PRODUCTION INDICATORS AT THE MUNICIPAL LEVEL IN RIO GRANDE DO SUL

Directory of Open Access Journals (Sweden)

Angélica Cristina da Siqueira

2016-09-01

Full Text Available Since the 1990, the theme of Human Rights and Food Security (FS has been developed in Brazil, culminating in the construction of the National Policy and Plan of Food Security (PNSAN Observatório Socioambiental em Segurança Alimentar e Nutricional: análise dos indicadores... Redes (St. Cruz Sul, Online, v. 21, nº 2, p. 49 - 62, maio/ago. 2016 50 and PLANSAN 2012/2015. The PLANSAN proposes sixty indicators divided into seven dimensions, which are clearly related to the Millennium Development Goals. In order to operationalize these indicators in the State of Rio Grande do Sul (RS, the Socio-Environmental Food Security Observatory of Rio Grande do Sul (OBSSAN-RS was created in partnership with the State Council for Nutrition and Food Security (CONSEA-RS and the Informatics Department of UFRGS. In this context, the aim of this paper is to present the analysis of indicators of Dimension I (Food Production of the OBSSAN-RS at municipal level, discussing the importance of this tool for monitoring the establishment of the Human Right to Adequate Food (DHAA. The data available to the municipal level were compared with the indicators suggested by PLANSAN. It was observed that although contemplate important information for understanding the context of food production in the municipalities of the state, the proposed indicators have not reached entirely the requirements to monitoring the SAN in this territorial level, so adapting it is necessary to rating the state of SAN in municipalities of the RS.

49 CFR 1548.19 - Security Directives and Information Circulars.

Science.gov (United States)

2010-10-01

... CARRIER SECURITY § 1548.19 Security Directives and Information Circulars. (a) TSA may issue an Information... aviation, TSA issues a Security Directive setting forth mandatory measures. (1) Each indirect air carrier... Security Directive that TSA issues to it, within the time prescribed in the Security Directive for...

Security system signal supervision

International Nuclear Information System (INIS)

Chritton, M.R.; Matter, J.C.

1991-09-01

This purpose of this NUREG is to present technical information that should be useful to NRC licensees for understanding and applying line supervision techniques to security communication links. A review of security communication links is followed by detailed discussions of link physical protection and DC/AC static supervision and dynamic supervision techniques. Material is also presented on security for atmospheric transmission and video line supervision. A glossary of security communication line supervision terms is appended. 16 figs

Best practices show the way to information security maturity

CSIR Research Space (South Africa)

Lessing, MM

2008-09-01

Full Text Available A Security Maturity Model (SMM) provides an organisation with a distinct Information Security framework. Organisations that conform to these models are likely to pursue satisfactory Information Security. Additionally, the use of Security Maturity...

Research on information security in big data era

Science.gov (United States)

Zhou, Linqi; Gu, Weihong; Huang, Cheng; Huang, Aijun; Bai, Yongbin

2018-05-01

Big data is becoming another hotspot in the field of information technology after the cloud computing and the Internet of Things. However, the existing information security methods can no longer meet the information security requirements in the era of big data. This paper analyzes the challenges and a cause of data security brought by big data, discusses the development trend of network attacks under the background of big data, and puts forward my own opinions on the development of security defense in technology, strategy and product.

Review of physical and socio-economic characteristics and intervention approaches of informal settlements

CSIR Research Space (South Africa)

Wekesa, BW

2011-04-01

Full Text Available -1 Habitat International Volume 35, Issue 2, April 2011, Pages 238-245 A review of physical and socio-economic characteristics and intervention approaches of informal settlements B.W. Wekesaa, b, , , G.S. Steyna, 1, , F.A.O. (Fred) Otienoc, 2, , a... a literature survey, this paper reviews physical and socio-economic characteristics and the factors attributed to proliferation of the informal settlements and intervention approaches. The main objective was to establish how such settlements could...

Managing information technology security risk

Science.gov (United States)

Gilliam, David

2003-01-01

Information Technology (IT) Security Risk Management is a critical task for the organization to protect against the loss of confidentiality, integrity and availability of IT resources. As systems bgecome more complex and diverse and and attacks from intrusions and malicious content increase, it is becoming increasingly difficult to manage IT security risk. This paper describes a two-pronged approach in addressing IT security risk and risk management in the organization: 1) an institutional enterprise appraoch, and 2) a project life cycle approach.

Research on network information security model and system construction

OpenAIRE

Wang Haijun

2016-01-01

It briefly describes the impact of large data era on China’s network policy, but also brings more opportunities and challenges to the network information security. This paper reviews for the internationally accepted basic model and characteristics of network information security, and analyses the characteristics of network information security and their relationship. On the basis of the NIST security model, this paper describes three security control schemes in safety management model and the...

Specifying Information Security Needs for the Delivery of High Quality Security Services

NARCIS (Netherlands)

Su, X.; Bolzoni, D.; van Eck, Pascal

In this paper we present an approach for specifying and prioritizing information security requirements in organizations. We propose to explicitly link security requirements with the organizations' business vision, i.e. to provide business rationale for security requirements. The rationale is then

Effect of Organizational Factors on Information Security Implementations

Science.gov (United States)

Perez, Rafael G.

2013-01-01

The purpose of this quantitative inferential study is to determine the level of correlation between the organizational factors of information security awareness, balanced security processes, and organizational structure with the size of the estimation gap of information security implementations mediated by the end user intentionality. The study…

The use of information technology security assessment criteria to protect specialized computer systems

International Nuclear Information System (INIS)

Lykov, V.A.; Shein, A.V.; Piskarev, A.S.; Devaney, D.M.; Melton, R.B.; Hunteman, W.J.; Prommel, J.M.; Rothfuss, J.S.

1997-01-01

The purpose of this paper is to discuss the information security assessment criteria used in Russia and compare it with that used in the United States. The computer system security assessment criteria utilized by the State Technical Commission of Russia and similar criteria utilized by the US Department of Defense (TCSEC) are intended for the development and implementation of proven methods for achieving a required level of information security. These criteria are utilized, first and foremost, when conducting certification assessments of general purpose systems. The Russian Federation is creating specialized systems for nuclear material control and accountancy (MC and A) within the framework of the international laboratory-to-laboratory collaboration. Depending on the conditions in which the MC and A system is intended to operate, some of the criteria and the attendant certification requirements may exceed those established or may overlap the requirements established for attestation of such systems. In this regard it is possible to modify the certification and attestation requirements depending on the conditions in which a system will operate in order to achieve the ultimate goal--implementation of the systems in the industry

Hybrid causal methodology and software platform for probabilistic risk assessment and safety monitoring of socio-technical systems

Energy Technology Data Exchange (ETDEWEB)

Groth, Katrina, E-mail: kgroth@umd.ed [Center for Risk and Reliability, 0151 Glenn L. Martin Hall, University of Maryland, College Park, MD 20742 (United States); Wang Chengdong; Mosleh, Ali [Center for Risk and Reliability, 0151 Glenn L. Martin Hall, University of Maryland, College Park, MD 20742 (United States)

2010-12-15

This paper introduces an integrated framework and software platform for probabilistic risk assessment (PRA) and safety monitoring of complex socio-technical systems. An overview of the three-layer hybrid causal logic (HCL) modeling approach and corresponding algorithms, implemented in the Trilith software platform, are provided. The HCL approach enhances typical PRA methods by quantitatively including the influence of soft causal factors introduced by human and organizational aspects of a system. The framework allows different modeling techniques to be used for different aspects of the socio-technical system. The HCL approach combines the power of traditional event sequence diagram (ESD)event tree (ET) and fault tree (FT) techniques for modeling deterministic causal paths, with the flexibility of Bayesian belief networks for modeling non-deterministic cause-effect relationships among system elements (suitable for modeling human and organizational influences). Trilith enables analysts to construct HCL models and perform quantitative risk assessment and management of complex systems. The risk management capabilities included are HCL-based risk importance measures, hazard identification and ranking, precursor analysis, safety indicator monitoring, and root cause analysis. This paper describes the capabilities of the Trilith platform and power of the HCL algorithm by use of example risk models for a type of aviation accident (aircraft taking off from the wrong runway).

BizWatts: A modular socio-technical energy management system for empowering commercial building occupants to conserve energy

International Nuclear Information System (INIS)

Gulbinas, R.; Jain, R.K.; Taylor, J.E.

2014-01-01

Highlights: • We developed a socio-technical commercial building energy management system. • It was designed for directly engaging and connecting building occupants via feedback. • We collected an array of clickstream data for internal design validation. • A pilot study validated its ability to drive energy savings in commercial buildings. - Abstract: Commercial buildings represent a significant portion of energy consumption and environmental emissions worldwide. To help mitigate the environmental impact of building operations, building energy management systems and behavior-based campaigns designed to reduce energy consumption are becoming increasingly popular. In this paper, we describe the development of a modular socio-technical energy management system, BizWatts, which combines the two approaches by providing real-time, appliance-level power management and socially contextualized energy consumption feedback. We describe in detail the physical and virtual architecture of the system, which simultaneously engages building occupants and facility managers, as well as the main principles behind the interface design and component functionalities. A discussion about how the data collection capabilities of the system enable insightful commercial building energy efficiency studies and quantitative network analysis is also included. We conclude by commenting on the validation of the system, identifying current system limitations and introducing new research avenues that the development and deployment of BizWatts enables

Hybrid causal methodology and software platform for probabilistic risk assessment and safety monitoring of socio-technical systems

International Nuclear Information System (INIS)

Groth, Katrina; Wang Chengdong; Mosleh, Ali

2010-01-01

This paper introduces an integrated framework and software platform for probabilistic risk assessment (PRA) and safety monitoring of complex socio-technical systems. An overview of the three-layer hybrid causal logic (HCL) modeling approach and corresponding algorithms, implemented in the Trilith software platform, are provided. The HCL approach enhances typical PRA methods by quantitatively including the influence of soft causal factors introduced by human and organizational aspects of a system. The framework allows different modeling techniques to be used for different aspects of the socio-technical system. The HCL approach combines the power of traditional event sequence diagram (ESD)event tree (ET) and fault tree (FT) techniques for modeling deterministic causal paths, with the flexibility of Bayesian belief networks for modeling non-deterministic cause-effect relationships among system elements (suitable for modeling human and organizational influences). Trilith enables analysts to construct HCL models and perform quantitative risk assessment and management of complex systems. The risk management capabilities included are HCL-based risk importance measures, hazard identification and ranking, precursor analysis, safety indicator monitoring, and root cause analysis. This paper describes the capabilities of the Trilith platform and power of the HCL algorithm by use of example risk models for a type of aviation accident (aircraft taking off from the wrong runway).

Engineering Information Security The Application of Systems Engineering Concepts to Achieve Information Assurance

CERN Document Server

Jacobs, Stuart

2011-01-01

Information security is the act of protecting information from unauthorized access, use, disclosure, disruption, modification, or destruction. This book discusses why information security is needed and how security problems can have widespread impacts. It covers the complete security lifecycle of products and services, starting with requirements and policy development and progressing through development, deployment, and operations, and concluding with decommissioning. Professionals in the sciences, engineering, and communications fields will turn to this resource to understand the many legal,

Technical cooperation on nuclear security between the United States and China : review of the past and opportunities for the future.

Energy Technology Data Exchange (ETDEWEB)

Pregenzer, Arian Leigh

2011-12-01

The United States and China are committed to cooperation to address the challenges of the next century. Technical cooperation, building on a long tradition of technical exchange between the two countries, can play an important role. This paper focuses on technical cooperation between the United States and China in the areas of nonproliferation, arms control and other nuclear security topics. It reviews cooperation during the 1990s on nonproliferation and arms control under the U.S.-China Arms Control Exchange, discusses examples of ongoing activities under the Peaceful Uses of Technology Agreement to enhance security of nuclear and radiological material, and suggests opportunities for expanding technical cooperation between the defense nuclear laboratories of both countries to address a broader range of nuclear security topics.

The Historical, Environmental and Socio-Economic Context of Forests and Tree-Based Systems for Food Security and Nutrition (Chapter 3)

Science.gov (United States)

John A. Parrotta; Jennie Dey de Pryck; Beatrice Darko Obiri; Christine Padoch; Bronwen Powell; Chris Sandbrook

2015-01-01

Forests and tree-based systems are an important component of rural landscapes, sustaining livelihoods and contributing to the food security and nutritional needs of hundreds of millions of people worldwide. Historically, these systems developed under a wide variety of ecological conditions, and cultural and socio-economic contexts, as integrated approaches that...

Danglers in Patient Information Leaflets and Technical Manuals

DEFF Research Database (Denmark)

Køhler Simonsen, Henrik

2014-01-01

in fact been proved. The analysis and the discussion showed that dangling participles are not very frequent in PILs, but much more common in technical manuals. The data showed that there were no “ludicrous” danglers,(see Matthews and Matthews 2008:146), in PILcorp. However, the analysis showed that both......Dangling participles and other types of ambiguous or unclear sentence constructions in directive and informative medical and technical texts, such as patient information leaflets (PILs) and technical manuals, render instructions unclear and potentially dangerous for the layman reader, i......, and readability on the basis of two corpora: a corpus of PILs (PILcorp) and a corpus of technical manuals (TECHcorp). The hypothesis is that patient information leaflets will contain fewer dangling constructions than technical manuals because of the strict regulations on product information texts including PILs...

Methods for communicating technical information as public information

International Nuclear Information System (INIS)

Zara, S.A.

1987-01-01

Many challenges face the nuclear industry, especially in the waste management area. One of the biggest challenges is effective communication with the general public. Technical complexity, combined with the public's lack of knowledge and negative emotional response, complicate clear communication of radioactive waste management issues. The purpose of this session is to present and discuss methods for overcoming these obstacles and effectively transmitting technical information as public information. The methods presented encompass audio, visual, and print approaches to message transmission. To support these methods, the author also discusses techniques, based on current research, for improving the communication process

Marketing information: The technical report as product

Science.gov (United States)

Stoher, F. F.; Pinelli, T. E.

1981-01-01

Technical reports constitute a product, the primary means for communicating the results of research to the user. The Langley scientific and technical information (STI) review and evaluation project undertook a review of the technical report as an effective product for information communication. Style manuals describing theory and practice in technical report preparation; publication manuals covering such factors as design, layout, and type style; and copies of technical reports were obtained from industrial, academic, governmental, and research organizations. Based on an analysis of this material, criteria will be established for the report components, for the relationship of the components within the report context, and for the overall report organization. The criteria will be used as bench marks and compared with the publication standards currently used to prepare NASA technical reports.

Issues with Access to Acquisition Data and Information in the Department of Defense: A Closer Look at the Origins and Implementation of Controlled Unclassified Information Labels and Security Policy

Science.gov (United States)

2016-12-19

directly affect the access and utility of acquisition databases. The current information security environment does not establish a consistent... information ” without a nondisclosure agreement • proposing a legislative amendment to 10 U.S.C. 2320, which allows access to technical data for providing...ISSUES WITH Access to Acquisition Data and Information IN THE DEPARTMENT OF DEFENSE A Closer Look at the Origins and Implementation of

76 FR 5232 - Small Business Information Security Task Force

Science.gov (United States)

2011-01-28

... SMALL BUSINESS ADMINISTRATION Small Business Information Security Task Force AGENCY: U.S. Small... publish meeting minutes for the Small Business Information Security Task Force Meeting. DATES: 1 p.m... 2009, SBA submits the meeting minutes for the third meeting of the Small Business Information Security...

75 FR 77934 - Small Business Information Security Task Force

Science.gov (United States)

2010-12-14

... SMALL BUSINESS ADMINISTRATION Small Business Information Security Task Force AGENCY: U.S. Small... publish meeting minutes for the Small Business Information Security Task Force Meeting. DATES: 1 p.m... 2009, SBA submits the meeting minutes for the second meeting of the Small Business Information Security...

75 FR 70764 - Small Business Information Security Task Force

Science.gov (United States)

2010-11-18

... SMALL BUSINESS ADMINISTRATION Small Business Information Security Task Force AGENCY: U.S. Small... publish meeting minutes for the Small Business Information Security Task Force Meeting. DATES: 1 p.m... 2009, SBA submits the meeting minutes for the first meeting of the Small Business Information Security...

76 FR 11307 - Small Business Information Security Task Force

Science.gov (United States)

2011-03-01

... SMALL BUSINESS ADMINISTRATION Small Business Information Security Task Force AGENCY: U.S. Small... publish meeting minutes for the Small Business Information Security Task Force Meeting. DATES: 1 p.m... 2009, SBA submits the meeting minutes for the third meeting of the Small Business Information Security...

32 CFR 154.42 - Evaluation of personnel security information.

Science.gov (United States)

2010-07-01

... 32 National Defense 1 2010-07-01 2010-07-01 false Evaluation of personnel security information... SECURITY DEPARTMENT OF DEFENSE PERSONNEL SECURITY PROGRAM REGULATION Adjudication § 154.42 Evaluation of personnel security information. (a) The criteria and adjudicative policy to be used in applying the...

Information security value in e-entrepreneurship

OpenAIRE

Nunes, Sérgio

2012-01-01

This paper researches the information security value in e-entrepreneurship by revising the literature that establishes the entrepreneurial domain and by relating it with the development of technological resources that create value for the customer in an online business. It details multiple paradigms regarding consumer’s values of information security, while relating them with common practices and previous researches in technological entrepreneurship. This research presents and discusses the b...

Information security risk assessment, aggregation, and mitigation

NARCIS (Netherlands)

Lenstra, A.K.; Voss, T.; Wang, H.; Pieprzyk, J.; Varadharajan, V.

2004-01-01

As part of their compliance process with the Basel 2 operational risk management requirements, banks must define how they deal with information security risk management. In this paper we describe work in progress on a new quantitative model to assess and aggregate information security risks that is

78 FR 7797 - Homeland Security Information Network Advisory Committee (HSINAC)

Science.gov (United States)

2013-02-04

... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2013-0005] Homeland Security Information Network... Committee Meeting. SUMMARY: The Homeland Security Information Network Advisory Committee (HSIN AC) will meet... received by the (Homeland Security Information Network Advisory Committee), go to http://www.regulations...

Human errors and violations in computer and information security: the viewpoint of network administrators and security specialists.

Science.gov (United States)

Kraemer, Sara; Carayon, Pascale

2007-03-01

This paper describes human errors and violations of end users and network administration in computer and information security. This information is summarized in a conceptual framework for examining the human and organizational factors contributing to computer and information security. This framework includes human error taxonomies to describe the work conditions that contribute adversely to computer and information security, i.e. to security vulnerabilities and breaches. The issue of human error and violation in computer and information security was explored through a series of 16 interviews with network administrators and security specialists. The interviews were audio taped, transcribed, and analyzed by coding specific themes in a node structure. The result is an expanded framework that classifies types of human error and identifies specific human and organizational factors that contribute to computer and information security. Network administrators tended to view errors created by end users as more intentional than unintentional, while errors created by network administrators as more unintentional than intentional. Organizational factors, such as communication, security culture, policy, and organizational structure, were the most frequently cited factors associated with computer and information security.

41 CFR 105-53.133 - Information Security Oversight Office.

Science.gov (United States)

2010-07-01

... 41 Public Contracts and Property Management 3 2010-07-01 2010-07-01 false Information Security... FUNCTIONS Central Offices § 105-53.133 Information Security Oversight Office. (a) Creation and authority. The Information Security Oversight Office (ISOO), headed by the Director of ISOO, who is appointed by...

Measuring Information Security: Guidelines to Build Metrics

Science.gov (United States)

von Faber, Eberhard

Measuring information security is a genuine interest of security managers. With metrics they can develop their security organization's visibility and standing within the enterprise or public authority as a whole. Organizations using information technology need to use security metrics. Despite the clear demands and advantages, security metrics are often poorly developed or ineffective parameters are collected and analysed. This paper describes best practices for the development of security metrics. First attention is drawn to motivation showing both requirements and benefits. The main body of this paper lists things which need to be observed (characteristic of metrics), things which can be measured (how measurements can be conducted) and steps for the development and implementation of metrics (procedures and planning). Analysis and communication is also key when using security metrics. Examples are also given in order to develop a better understanding. The author wants to resume, continue and develop the discussion about a topic which is or increasingly will be a critical factor of success for any security managers in larger organizations.

Communication of technical information to lay audiences

International Nuclear Information System (INIS)

Bowes, J.E.; Stamm, K.R.; Jackson, K.M.; Moore, J.

1978-05-01

One of the objectives of the National Waste Terminal Storage (NWTS) Program is to provide terminal storage facilities for commercial radioactive wastes in various geologic formations at multiple locations in the United States. The activities performed under the NWTS Program will affect regional, state, and local areas, and widespread public interest in this program is expected. Since a large part of the NWTS Program deals with technical information it was considered desirable to initiate a study dealing with possible methods of effectively transmitting this technical information to the general public. This study has the objective of preparing a state-of-the-art report on the communication of technical information to lay audiences. The particular task of communicating information about the NWTS Program to the public is discussed where appropriate. The results of this study will aid the NWTS Program in presenting to the public the quite diverse technical information generated within the program so that a widespread, thorough public understanding of the NWTS Program might be achieved. An annotated bibliography is included

Improving Information Security Risk Management

Science.gov (United States)

Singh, Anand

2009-01-01

manaOptimizing risk to information to protect the enterprise as well as to satisfy government and industry mandates is a core function of most information security departments. Risk management is the discipline that is focused on assessing, mitigating, monitoring and optimizing risks to information. Risk assessments and analyses are critical…

An Information Security Control Assessment Methodology for Organizations

Science.gov (United States)

Otero, Angel R.

2014-01-01

In an era where use and dependence of information systems is significantly high, the threat of incidents related to information security that could jeopardize the information held by organizations is more and more serious. Alarming facts within the literature point to inadequacies in information security practices, particularly the evaluation of…

Information Security

OpenAIRE

2005-01-01

Information security is all about the protection of digital assets, such as digital content, personal health records, state secrets etc. These assets can be handled by a party who is authorised to access and control the asset or a party who is not authorised to do so. Authorisation determines who is trusted to actually handle an asset. Two concepts complement authorisation. Authentication deter-mines who makes a request to handle an asset. To decide who is authorised, a system needs to au-the...

Cyber-Security Issues in Healthcare Information Technology.

Science.gov (United States)

Langer, Steve G

2017-02-01

In 1999-2003, SIIM (then SCAR) sponsored the creation of several special topic Primers, one of which was concerned with computer security. About the same time, a multi-society collaboration authored an ACR Guideline with a similar plot; the latter has recently been updated. The motivation for these efforts was the launch of Health Information Portability and Accountability Act (HIPAA). That legislation directed care providers to enable the portability of patient medical records across authorized medical centers, while simultaneously protecting patient confidentiality among unauthorized agents. These policy requirements resulted in the creation of numerous technical solutions which the above documents described. While the mathematical concepts and algorithms in those papers are as valid today as they were then, recent increases in the complexity of computer criminal applications (and defensive countermeasures) and the pervasiveness of Internet connected devices have raised the bar. This work examines how a medical center can adapt to these evolving threats.

Network security vulnerabilities and personal privacy issues in Healthcare Information Systems: a case study in a private hospital in Turkey.

Science.gov (United States)

Namoğlu, Nihan; Ulgen, Yekta

2013-01-01

Healthcare industry has become widely dependent on information technology and internet as it moves from paper to electronic records. Healthcare Information System has to provide a high quality service to patients and a productive knowledge share between healthcare staff by means of patient data. With the internet being commonly used across hospitals, healthcare industry got its own share from cyber threats like other industries in the world. The challenge is allowing knowledge transfer to hospital staff while still ensuring compliance with security mandates. Working in collaboration with a private hospital in Turkey; this study aims to reveal the essential elements of a 21st century business continuity plan for hospitals while presenting the security vulnerabilities in the current hospital information systems and personal privacy auditing standards proposed by regulations and laws. We will survey the accreditation criteria in Turkey and counterparts in US and EU. We will also interview with medical staff in the hospital to understand the needs for personal privacy and the technical staff to perceive the technical requirements in terms of network security configuration and deployment. As hospitals are adopting electronic transactions, it should be considered a must to protect these electronic health records in terms of personal privacy aspects.

Technical Network

CERN Multimedia

2007-01-01

In order to optimise the management of the Technical Network (TN), to facilitate understanding of the purpose of devices connected to the TN and to improve security incident handling, the Technical Network Administrators and the CNIC WG have asked IT/CS to verify the "description" and "tag" fields of devices connected to the TN. Therefore, persons responsible for systems connected to the TN will receive e-mails from IT/CS asking them to add the corresponding information in the network database at "network-cern-ch". Thank you very much for your cooperation. The Technical Network Administrators & the CNIC WG