WorldWideScience

Sample records for socio-technical information security

  1. Socio-technical security metrics

    NARCIS (Netherlands)

    Gollmann, D.; Herley, C.; Koenig, V.; Pieters, W.; Sasse, M.A.

    2015-01-01

    Report from Dagstuhl seminar 14491. This report documents the program and the outcomes of Dagstuhl Seminar 14491 “Socio-Technical Security Metrics”. In the domain of safety, metrics inform many decisions, from the height of new dikes to the design of nuclear plants. We can state, for example, that

  2. Model-Driven Information Security Risk Assessment of Socio-Technical Systems

    NARCIS (Netherlands)

    Ionita, Dan

    2018-01-01

    As more aspects of life transition to the digital domain, computer systems become increasingly complex but also more social. But assessing a socio-technical system is no trivial task: it often requires intimate knowledge of the system, awareness of the social dynamics and trust relationships of its

  3. Socio-Technical Security Metrics (Dagstuhl Seminar 14491)

    NARCIS (Netherlands)

    Gollmann, Dieter; Herley, Cormac; Koenig, Vincent; Pieters, Wolter; Sasse, Martina Angela

    2015-01-01

    This report documents the program and the outcomes of Dagstuhl Seminar 14491 "Socio-Technical Security Metrics". In the domain of safety, metrics inform many decisions, from the height of new dikes to the design of nuclear plants. We can state, for example, that the dikes should be high enough to

  4. Security analysis of socio-technical physical systems

    NARCIS (Netherlands)

    Lenzini, Gabriele; Mauw, Sjouke; Ouchani, Samir

    2015-01-01

    Recent initiatives that evaluate the security of physical systems with objects as assets and people as agents – here called socio-technical physical systems – have limitations: their agent behavior is too simple, they just estimate feasibility and not the likelihood of attacks, or they do estimate

  5. Analysing the Efficacy of Security Policies in Cyber-Physical Socio-Technical Systems

    NARCIS (Netherlands)

    Lenzini, Gabriele; Mauw, Sjouke; Ouchani, Samir; Barthe, Gilles; Markatos, Evangelos; Samarati, Pierangela

    2016-01-01

    A crucial question for an ICT organization wishing to improve its security is whether a security policy together with physical access controls protects from socio-technical threats. We study this question formally. We model the information flow defined by what the organization’s employees do (copy,

  6. Socio-technical Issues for Ubiquitous Information Society in 2010

    Science.gov (United States)

    Funabashi, Motohisa; Homma, Koichi; Sasaki, Toshiro; Sato, Yoshinori; Kido, Kunihiko; Fukumoto, Takashi; Yano, Koujin

    Impact of the ubiquitous information technology on our society is so significant that directing technological development and preparing institutional apparatus are quite important and urgent. The present paper elaborates, with the efforts by both humanity and engineering disciplines, to find out the socio-technical issues of ubiquitous information society in 2010 by inspecting social implications of emerging technology as well as social expectations. In order to deliberate the issues, scenarios are developed that describes possible life in ubiquitous information society. The derived issues cover integrating information technology and human body, producing smart sharable environment, protecting individual rights, fostering new service business, and forming community.

  7. How to Generate Security Cameras: Towards Defence Generation for Socio-Technical Systems

    NARCIS (Netherlands)

    Gadyatskaya, Olga

    2016-01-01

    Recently security researchers have started to look into automated generation of attack trees from socio-technical system models. The obvious next step in this trend of automated risk analysis is automating the selection of security controls to treat the detected threats. However, the existing

  8. Secure Business Process Engineering: a socio-technical approach

    OpenAIRE

    Salnitri, Mattia

    2016-01-01

    Dealing with security is a central activity for todays organizations. Security breaches impact on the activities executed in organizations, preventing them to execute their business processes and, therefore, causing millions of dollars of losses. Security by design principles underline the importance of considering security as early as during the design of organizations to avoid expensive fixes during later phases of their lifecycle. However, the design of secure business processes cannot tak...

  9. The Socio-Technical Design of a Library and Information Science Collaboratory

    Science.gov (United States)

    Lassi, Monica; Sonnenwald, Diane H.

    2013-01-01

    Introduction: We present a prototype collaboratory, a socio-technical platform to support sharing research data collection instruments in library and information science. No previous collaboratory has attempted to facilitate sharing digital research data collection instruments among library and information science researchers. Method: We have…

  10. The socio-technical design of a library and information science collaboratory

    DEFF Research Database (Denmark)

    Lassi, Monica; Sonnenwald, Diane H.

    2013-01-01

    Introduction. We present a prototype collaboratory, a socio-technical platform to support sharing research data collection instruments in library and information science. No previous collaboratory has attempted to facilitate sharing digital research data collection instruments among library...... and information science researchers.  Method. We have taken a socio-technical approach to design, which includes a review of previous research on collaboratories; an empirical study of specific needs of library and information science researchers; and a use case design method to design the prototype collaboratory....... Scenarios of future interactions, use cases, were developed using an analytically-driven approach to scenario design. The use cases guided the implementation of the prototype collaboratory in the MediaWiki software package.  Results. The prototype collaboratory design is presented as seven use cases, which...

  11. Modelling and Reasoning about Security Requirements in Socio-Technical Systems

    NARCIS (Netherlands)

    Paja, Elda; Dalpiaz, Fabiano; Giorgini, Paolo

    2015-01-01

    Modern software systems operate within the context of larger socio-technical systems, wherein they interact—by exchanging data and outsourcing tasks—with other technical components, humans, and organisations. When interacting, these components (actors) operate autonomously; as such, they may

  12. Socio-technical Betwixtness

    DEFF Research Database (Denmark)

    Bossen, Claus

    2017-01-01

    the intrinsically social and technical interwovenness of design, and the necessity of including affected people and stakeholders in the design process. This betwixtness of socio-technical design is demonstrated by the analysis of two IT systems for healthcare: a foundational model for electronic healthcare records......This chapter focusses on two challenges for socio-technical design: Having to choose between different rationales for design, and the adequate understanding and depiction of the work to be redesigned. These two challenges betwixt the otherwise strong tenets of socio-technical design of pointing out......, and an IT system organizing hospital porters’ work. The conceptual background for the analysis of the cases is provided by a short introduction to different rationales for organizational design, and by pointing to the differences between a linear, rationalistic versus an interactional depiction of work....

  13. A case study evaluation of a Critical Care Information System adoption using the socio-technical and fit approach.

    Science.gov (United States)

    Yusof, Maryati Mohd

    2015-07-01

    Clinical information systems have long been used in intensive care units but reports on their adoption and benefits are limited. This study evaluated a Critical Care Information System implementation. A case study summative evaluation was conducted, employing observation, interview, and document analysis in operating theatres and 16-bed adult intensive care units in a 400-bed Malaysian tertiary referral centre from the perspectives of users (nurses and physicians), management, and information technology staff. System implementation, factors influencing adoption, fit between these factors, and the impact of the Critical Care Information System were evaluated after eight months of operation. Positive influences on system adoption were associated with technical factors, including system ease of use, usefulness, and information relevancy; human factors, particularly user attitude; and organisational factors, namely clinical process-technology alignment and champions. Organisational factors such as planning, project management, training, technology support, turnover rate, clinical workload, and communication were barriers to system implementation and use. Recommendations to improve the current system problems were discussed. Most nursing staff positively perceived the system's reduction of documentation and data access time, giving them more time with patients. System acceptance varied among doctors. System use also had positive impacts on timesaving, data quality, and clinical workflow. Critical Care Information Systems is crucial and has great potentials in enhancing and delivering critical care. However, the case study findings showed that the system faced complex challenges and was underutilised despite its potential. The role of socio-technical factors and their fit in realizing the potential of Critical Care Information Systems requires continuous, in-depth evaluation and stakeholder understanding and acknowledgement. The comprehensive and specific evaluation

  14. Understanding Socio Technical Modularity

    DEFF Research Database (Denmark)

    Thuesen, Christian Langhoff; Kudsk, Anders; Hvam, Lars

    2011-01-01

    Modularity has gained an increasing popularity as a central concept for exploring product structure, process structure, organization structure and supply chain structure. With the offset in system theory the predominant understanding of modularity however faces difficulties in explaining the social...... dimension of modularity like irrational behaviors, cultural differences, learning processes, social organization and institutional influences on modularity. The paper addresses this gab offering a reinterpretation of the modularity concept from a socio-technical perspective in general and Actor Network...... Theory in particular. By formulating modularity from an ANT perspective covering social, material and process aspects, the modularity of a socio-technical system can be understood as an entanglement of product, process, organizational and institutional modularity. The theoretical framework is illustrated...

  15. The Shaping of Managers' Security Objectives through Information Security Awareness Training

    Science.gov (United States)

    Harris, Mark A.

    2010-01-01

    Information security research states that corporate security policy and information security training should be socio-technical in nature and that corporations should consider training as a primary method of protecting their information systems. However, information security policies and training are predominately technical in nature. In addition,…

  16. Adapting an Agent-Based Model of Socio-Technical Systems to Analyze System and Security Failures

    Science.gov (United States)

    2016-05-09

    develop frameworks assisting in collaborative design[6], to built platforms for col- lecting feedback from patients for researchers in healthcare ...cyber security with simulated humans. In Proceedings of the Twenty-Third Innovative Applications of Artificial Intelligence Conference, 2011. [3] L...Conference, 2015. [6] J. D. Faus and F. Grimaldo. Infraworld, a multi-agent based framework to assist in civil infrastructure collaborative design. In

  17. Improving a health information system for real-time data entries: An action research project using socio-technical systems theory.

    Science.gov (United States)

    Adaba, Godfried Bakiyem; Kebebew, Yohannes

    2018-03-01

    This paper presents the findings of an action research (AR) project to improve a health information system (HIS) at the Operating Theater Department (OTD) of a National Health Service (NHS) hospital in South East England, the UK. Informed by socio-technical systems (STS) theory, AR was used to design an intervention to enhance an existing patient administration system (PAS) to enable data entries in real time while contributing to the literature. The study analyzed qualitative data collected through interviews, participant observations, and document reviews. The study found that the design of the PAS was unsuitable to the work of the three units of the OTD. Based on the diagnoses and STS theory, the project developed and implemented a successful intervention to enhance the legacy system for data entries in real time. The study demonstrates the value of AR from a socio-technical perspective for improving existing systems in healthcare settings. The steps adopted in this study could be applied to improve similar systems. A follow-up study will be essential to assess the sustainability of the improved system.

  18. The Natural Hospital Environment: a Socio-Technical-Material perspective.

    Science.gov (United States)

    Fernando, Juanita; Dawson, Linda

    2014-02-01

    This paper introduces two concepts into analyses of information security and hospital-based information systems-- a Socio-Technical-Material theoretical framework and the Natural Hospital Environment. The research is grounded in a review of pertinent literature with previously published Australian (Victoria) case study data to analyse the way clinicians work with privacy and security in their work. The analysis was sorted into thematic categories, providing the basis for the Natural Hospital Environment and Socio-Technical-Material framework theories discussed here. Natural Hospital Environments feature inadequate yet pervasive computer use, aural privacy shortcomings, shared workspace, meagre budgets, complex regulation that hinders training outcomes and out-dated infrastructure and are highly interruptive. Working collaboratively in many cases, participants found ways to avoid or misuse security tools, such as passwords or screensavers for patient care. Workgroup infrastructure was old, architecturally limited, haphazard in some instances, and was less useful than paper handover sheets to ensure the quality of patient care outcomes. Despite valiant efforts by some participants, they were unable to control factors influencing the privacy of patient health information in public hospital settings. Future improvements to hospital-based organisational frameworks for e-health can only be made when there is an improved understanding of the Socio-Technical-Material theoretical framework and Natural Hospital Environment contexts. Aspects within control of clinicians and administrators can be addressed directly although some others are beyond their control. An understanding and acknowledgement of these issues will benefit the management and planning of improved and secure hospital settings. Copyright © 2013 Elsevier Ireland Ltd. All rights reserved.

  19. Socio-Technical Considerations for the Use of Blockchain Technology in Healthcare.

    Science.gov (United States)

    Wong, Ming Chao; Yee, Kwang Chien; Nøhr, Christian

    2018-01-01

    Blockchain technology is often considered as the fourth industrial revolution that will change the world. The enthusiasm of the transformative nature of blockchain technology has infiltrated healthcare. Blockchain is often seen as the much needed and perfect technology for healthcare, addressing the difficult and complex issues of security and inter-operability. More importantly, the "value" and trust-based system can deliver automated action and response via its smart contract mechanism. Healthcare, however, is a complex system. Health information technology (HIT) so far, has not delivered its promise of transforming healthcare due to its complex socio-technical and context sensitive interaction. The introduction of blockchain technology will need to consider a whole range of socio-technical issues in order to improve the quality and safety of patient care. This paper presents a discussion on these socio-technical issues. More importantly, this paper argues that in order to achieve the best outcome from blockchain technology, there is a need to consider a clinical transformation from "information" to "value " and trust. This paper argues that urgent research is needed to address these socio-technical issues in order to facilitate best outcomes for blockchain in healthcare. These socio-technical issues must then be further evaluated by means of working prototypes in the medical domain in coming years.

  20. Understanding critical barriers to implementing a clinical information system in a nursing home through the lens of a socio-technical perspective.

    Science.gov (United States)

    Or, Calvin; Dohan, Michael; Tan, Joseph

    2014-09-01

    This paper addresses key barriers to implementing a clinical information system (CIS) in a Hong Kong nursing home setting, from a healthcare specific socio-technical perspective. Data was collected through field observations (n = 12) and semi-structured individual interviews (n = 18) of CIS stakeholders in a Hong Kong nursing home, and analyzed using the immersion/crystallization approach. Complex interactions relevant to our case were contextualized and interpreted within the perspective of the Sittig-Singh Healthcare Socio-Technical Framework (HSTF). Three broad clusters of implementation barriers from the eight HSTF dimensions were identified: (a) Infrastructure-based barriers, which relate to conflict between government regulations and system functional needs of users; lack of financial support; inconsistency between workflow, work policy, and procedures; and inadequacy of hardware-software infrastructural and technical support; (b) Process-based barriers, which relate to mismatch between the technology, existing work practice and workflow, and communication; low system speed, accessibility, and stability; deficient computer literacy; more experience in health care profession; clinical content inadequacy and unavailability; as well as poor system usefulness and user interface design; and (c) Outcome-based barriers, which relate to the lack of measurement and monitoring of system effectiveness. Two additional dimensions underlining the importance of the ability of a CIS to change are proposed to extend the Sittig-Singh HSTF. First, advocacy would promote the articulation and influence of changes in the system and subsequent outcomes by CIS stakeholders, and second, adaptability would ensure the ability of the system to adjust to emerging needs. The broad set of discovered implementation shortcomings expands prior research on why CIS can fail in nursing home settings. Moreover, our investigation offers a knowledge base and recommendations that can serve

  1. Bridging the Gap Between the Social and the Technical: The Enrolment of Socio-Technical Information Architects to Cope with the Two-Level Model of EPR Systems.

    Science.gov (United States)

    Pedersen, Rune

    2017-01-01

    This is a project proposal derived from an urge to re-define the governance of ICT in healthcare towards regional and national standardization of the patient pathways. The focus is on a two-levelled approach for governing EPR systems where the clinicians' model structured variables and patient pathways. The overall goal is a patient centric EPR portfolio. This paper define and enlighten the need for establishing the socio- technical architect role necessary to obtain the capabilities of a modern structured EPR system. Clinicians are not capable to moderate between the technical and the clinical.

  2. Formal modelling and analysis of socio-technical systems

    DEFF Research Database (Denmark)

    Probst, Christian W.; Kammüller, Florian; Hansen, Rene Rydhof

    2016-01-01

    systems are still mostly identified through brainstorming of experts. In this work we discuss several approaches to formalising socio-technical systems and their analysis. Starting from a flow logic-based analysis of the insider threat, we discuss how to include the socio aspects explicitly, and show......Attacks on systems and organisations increasingly exploit human actors, for example through social engineering. This non-technical aspect of attacks complicates their formal treatment and automatic identification. Formalisation of human behaviour is difficult at best, and attacks on socio-technical...... a formalisation that proves properties of this formalisation. On the formal side, our work closes the gap between formal and informal approaches to socio-technical systems. On the informal side, we show how to steal a birthday cake from a bakery by social engineering....

  3. Information Security

    NARCIS (Netherlands)

    Hartel, Pieter H.; Suryana Herman, Nanna; Leukfeldt, E.R.; Stol, W.Ph.

    2012-01-01

    Information security is all about the protection of digital assets, such as digital content, personal health records, state secrets etc. These assets can be handled by a party who is authorised to access and control the asset or a party who is not authorised to do so. Authorisation determines who is

  4. Quantifying resilience for resilience engineering of socio technical systems

    OpenAIRE

    Häring, Ivo; Ebenhöch, Stefan; Stolz, Alexander

    2016-01-01

    Resilience engineering can be defined to comprise originally technical, engineering and natural science approaches to improve the resilience and sustainability of socio technical cyber-physical systems of various complexities with respect to disruptive events. It is argued how this emerging interdisciplinary technical and societal science approach may contribute to civil and societal security research. In this context, the article lists expected benefits of quantifying resilience. Along the r...

  5. Strategic information security

    CERN Document Server

    Wylder, John

    2003-01-01

    Introduction to Strategic Information SecurityWhat Does It Mean to Be Strategic? Information Security Defined The Security Professional's View of Information Security The Business View of Information SecurityChanges Affecting Business and Risk Management Strategic Security Strategic Security or Security Strategy?Monitoring and MeasurementMoving Forward ORGANIZATIONAL ISSUESThe Life Cycles of Security ManagersIntroductionThe Information Security Manager's Responsibilities The Evolution of Data Security to Information SecurityThe Repository Concept Changing Job Requirements Business Life Cycles

  6. Information Security

    OpenAIRE

    2005-01-01

    Information security is all about the protection of digital assets, such as digital content, personal health records, state secrets etc. These assets can be handled by a party who is authorised to access and control the asset or a party who is not authorised to do so. Authorisation determines who is trusted to actually handle an asset. Two concepts complement authorisation. Authentication deter-mines who makes a request to handle an asset. To decide who is authorised, a system needs to au-the...

  7. Modelling and Analysing Socio-Technical Systems

    DEFF Research Database (Denmark)

    Aslanyan, Zaruhi; Ivanova, Marieta Georgieva; Nielson, Flemming

    2015-01-01

    Modern organisations are complex, socio-technical systems consisting of a mixture of physical infrastructure, human actors, policies and processes. An in-creasing number of attacks on these organisations exploits vulnerabilities on all different levels, for example combining a malware attack...

  8. Modeling and Analysing Socio-Technical Systems

    NARCIS (Netherlands)

    Aslanyan, Zaruhi; Ivanova, Marieta G.; Nielson, Flemming; Probst, Christian W.

    2015-01-01

    Modern organisations are complex, socio-technical systems consisting of a mixture of physical infrastructure, human actors, policies and processes. An in- creasing number of attacks on these organisations exploits vulnerabilities on all different levels, for example combining a malware attack with

  9. FRAM Modelling Complex Socio-technical Systems

    CERN Document Server

    Hollnagel, Erik

    2012-01-01

    There has not yet been a comprehensive method that goes behind 'human error' and beyond the failure concept, and various complicated accidents have accentuated the need for it. The Functional Resonance Analysis Method (FRAM) fulfils that need. This book presents a detailed and tested method that can be used to model how complex and dynamic socio-technical systems work, and understand both why things sometimes go wrong but also why they normally succeed.

  10. Norm-Aware Socio-Technical Systems

    Science.gov (United States)

    Savarimuthu, Bastin Tony Roy; Ghose, Aditya

    The following sections are included: * Introduction * The Need for Norm-Aware Systems * Norms in human societies * Why should software systems be norm-aware? * Case Studies of Norm-Aware Socio-Technical Systems * Human-computer interactions * Virtual environments and multi-player online games * Extracting norms from big data and software repositories * Norms and Sustainability * Sustainability and green ICT * Norm awareness through software systems * Where To, From Here? * Conclusions

  11. Information Systems Security Audit

    OpenAIRE

    Gheorghe Popescu; Veronica Adriana Popescu; Cristina Raluca Popescu

    2007-01-01

    The article covers:Defining an information system; benefits obtained by introducing new information technologies; IT management;Defining prerequisites, analysis, design, implementation of IS; Information security management system; aspects regarding IS security policy; Conceptual model of a security system; Auditing information security systems and network infrastructure security.

  12. Information security fundamentals

    CERN Document Server

    Peltier, Thomas R

    2013-01-01

    Developing an information security program that adheres to the principle of security as a business enabler must be the first step in an enterprise's effort to build an effective security program. Following in the footsteps of its bestselling predecessor, Information Security Fundamentals, Second Edition provides information security professionals with a clear understanding of the fundamentals of security required to address the range of issues they will experience in the field.The book examines the elements of computer security, employee roles and r

  13. INFORMATION SYSTEM SECURITY (CYBER SECURITY

    Directory of Open Access Journals (Sweden)

    Muhammad Siddique Ansari

    2016-03-01

    Full Text Available Abstract - Business Organizations and Government unequivocally relies on upon data to deal with their business operations. The most unfavorable impact on association is disappointment of friendship, goodness, trustworthiness, legitimacy and probability of data and administrations. There is an approach to ensure data and to deal with the IT framework's Security inside association. Each time the new innovation is made, it presents some new difficulties for the insurance of information and data. To secure the information and data in association is imperative on the grounds that association nowadays inside and remotely joined with systems of IT frameworks. IT structures are inclined to dissatisfaction and security infringement because of slips and vulnerabilities. These slips and vulnerabilities can be brought on by different variables, for example, quickly creating headway, human slip, poor key particulars, poor movement schedules or censuring the threat. Likewise, framework changes, new deserts and new strikes are a huge piece of the time displayed, which helpers augmented vulnerabilities, disappointments and security infringement all through the IT structure life cycle. The business went to the confirmation that it is essentially difficult to ensure a slip free, risk free and secure IT structure in perspective of the disfigurement of the disavowing security parts, human pass or oversight, and part or supplies frustration. Totally secure IT frameworks don't exist; just those in which the holders may have changing degrees of certainty that security needs of a framework are fulfilled do. The key viewpoints identified with security of data outlining are examined in this paper. From the start, the paper recommends pertinent legitimate structure and their duties including open association obligation, and afterward it returns to present and future time, system limits, structure security in business division. At long last, two key inadequacy markers

  14. Electronic healthcare information security

    CERN Document Server

    Dube, Kudakwashe; Shoniregun, Charles A

    2010-01-01

    The ever-increasing healthcare expenditure and pressing demand for improved quality and efficiency of patient care services are driving innovation in healthcare information management. The domain of healthcare has become a challenging testing ground for information security due to the complex nature of healthcare information and individual privacy. ""Electronic Healthcare Information Security"" explores the challenges of e-healthcare information and security policy technologies. It evaluates the effectiveness of security and privacy implementation systems for anonymization methods and techniqu

  15. Defining Information Security.

    Science.gov (United States)

    Lundgren, Björn; Möller, Niklas

    2017-11-15

    This article proposes a new definition of information security, the 'Appropriate Access' definition. Apart from providing the basic criteria for a definition-correct demarcation and meaning concerning the state of security-it also aims at being a definition suitable for any information security perspective. As such, it bridges the conceptual divide between so-called 'soft issues' of information security (those including, e.g., humans, organizations, culture, ethics, policies, and law) and more technical issues. Because of this it is also suitable for various analytical purposes, such as analysing possible security breaches, or for studying conflicting attitudes on security in an organization. The need for a new definition is demonstrated by pointing to a number of problems for the standard definition type of information security-the so-called CIA definition. Besides being too broad as well as too narrow, it cannot properly handle the soft issues of information security, nor recognize the contextual and normative nature of security.

  16. Towards Information Security Awareness

    OpenAIRE

    Marius Petrescu; Delia Mioara Popescu; Nicoleta Sirbu

    2010-01-01

    Information security has come to be recognized as increasingly important because global communication and information systems allow a potentially large number of unauthorized users to access and possibly alter information from around the world. As the dependence on information systems grows, so the security of information networks becomes ever more critical to any entity, no matter if it is a company or a public institution. Information security involves both technology and people. Any securi...

  17. Medical Information Security

    OpenAIRE

    William C. Figg, Ph.D.; Hwee Joo Kam, M.S.

    2011-01-01

    Modern medicine is facing a complex environment, not from medical technology but rather government regulations and information vulnerability. HIPPA is the government’s attempt to protect patient’s information yet this only addresses traditional record handling. The main threat is from the evolving security issues. Many medical offices and facilities have multiple areas of information security concerns. Physical security is often weak, office personnel are not always aware of security needs an...

  18. Social engineering attacks: an augmentation of the socio-technical systems framework

    CSIR Research Space (South Africa)

    Shozi, A

    2015-03-01

    Full Text Available or organisation’s information. We analyse social engineering attacks as a Socio-technical System because it recognises the interaction between people and technology in a work environment. In the case of social engineering attacks, the social subsystem would...

  19. Information security management handbook

    CERN Document Server

    2002-01-01

    The Information Security Management Handbook continues its tradition of consistently communicating the fundamental concepts of security needed to be a true CISSP. In response to new developments, Volume 4 supplements the previous volumes with new information covering topics such as wireless, HIPAA, the latest hacker attacks and defenses, intrusion detection, and provides expanded coverage on security management issues and applications security. Even those that don't plan on sitting for the CISSP exam will find that this handbook is a great information security reference.The changes in the tech

  20. Opening the Black-Box in Lifelong E-Learning for Employability: A Framework for a Socio-Technical E-Learning Employability System of Measurement (STELEM

    Directory of Open Access Journals (Sweden)

    Juan-Francisco Martínez-Cerdá

    2018-03-01

    Full Text Available Human beings must develop many skills to cope with the large amount of challenges that currently exist in the world: media empowerment for an active and democratic citizenship, knowledge acquisition and conversion for lifelong and life-wide learning, 21st century skills for matching demand and supply in labor markets, and dispositional employability for unpredictable future career success. One of the tools for achieving these is online education, in which students have the chance to manage their own time, content, and goals. Thus, this paper analyzes these issues from the perspective of skills gained through e-learning and validates the Socio-Technical E-learning Employability System of Measurement (STELEM framework. The research was carried out with former students of the Universitat Oberta de Catalunya. Exploratory and confirmatory factorial analyses validate several consistent and reliable scales in two areas: (i employability, based on educational social capital, media empowerment, knowledge acquisition, knowledge conversion, literacy, digitalness, collaboration, resilience, proactivity, identity, openness, motivation, organizational culture, and employment security; and (ii socio-technical systems existing in this open online university, based on its information and communications technology (ICT, learning tasks, as well as student-centered and organizational approaches. The research provides two new psychometrical scales that are useful for the evaluation, monitoring, and assessment of relationships and influences between socio-technical e-learning organizations and employability skills development, and proposes a set of indicators related to human and social capital, valid in employability contexts.

  1. Information security cost management

    CERN Document Server

    Bazavan, Ioana V

    2006-01-01

    While information security is an ever-present challenge for all types of organizations today, most focus on providing security without addressing the necessities of staff, time, or budget in a practical manner.Information Security Cost Management offers a pragmatic approach to implementing information security, taking budgetary and real-world constraints into consideration. By providing frameworks, step-by-step processes, and project management breakdowns, this book demonstrates how to design the best security strategy with the resources you have available. Organized into five sections, the book-Focuses on setting the right road map so that you can be most effective in your information security implementationsDiscusses cost-effective staffing, the single biggest expense to the security organizationPresents practical ways to build and manage the documentation that details strategy, provides resources for operating annual audits, and illustrates how to advertise accomplishments to senior management effectivelyI...

  2. Information security management handbook

    CERN Document Server

    Tipton, Harold F

    2003-01-01

    Since 1993, the Information Security Management Handbook has served not only as an everyday reference for information security practitioners but also as an important document for conducting the intense review necessary to prepare for the Certified Information System Security Professional (CISSP) examination. Now completely revised and updated and in its fifth edition, the handbook maps the ten domains of the Information Security Common Body of Knowledge and provides a complete understanding of all the items in it. This is a ...must have... book, both for preparing for the CISSP exam and as a c

  3. Approaching socio-technical issues in Knowledge Communication

    DEFF Research Database (Denmark)

    Kampf, Constance; Islas Sedano, Carolina

    2008-01-01

    This paper looks at the connection between technology, knowledge management and knowledge communication theory from a process perspective. Knowledge management and knowledge communication processes are examined through the iterations in creating project goals and objectives which connect the social...... and objectives with respect to knowledge communication theory, demonstrating the potential of knowledge communication concepts for socio-technical design processes, as well as the implications of socio-technical design processes in extending our understanding of knowledge communication....

  4. ITIL® and information security

    International Nuclear Information System (INIS)

    Jašek, Roman; Králík, Lukáš; Popelka, Miroslav

    2015-01-01

    This paper discusses the context of ITIL framework and management of information security. It is therefore a summary study, where the first part is focused on the safety objectives in connection with the ITIL framework. First of all, there is a focus on ITIL process ISM (Information Security Management), its principle and system management. The conclusion is about link between standards, which are related to security, and ITIL framework

  5. Applicability of Socio-Technical Model (STM in Working System of Modern Organizations

    Directory of Open Access Journals (Sweden)

    Rosmaini Tasmin

    2011-10-01

    Full Text Available Knowledge has been identified as one of the most important resources in organization that contributes to competitive advantages. Organizations around the world realize and put into practice an approach that bases on technological and sociological aspects to fill-up the gaps in their workplaces. The Socio-Technical Model (STM is an established organizational model introduced by Trist since 1960s at Tavistock Institute, London. It relates two most common components exist in all organizations, namely social systems (human and technological systems (information technology, machinery and equipment in organizations over many decades. This paper reviews the socio-technical model from various perspectives of its developmental stages and ideas written by researchers. Therefore, several literature reviews on socio-technical model have been compiled and discussed to justify whether its basic argument matches with required practices in Techno-Social environments. Through a socio-technical perspective on Knowledge Management, this paper highlights the interplay between social systems and technological system. It also suggests that management and leadership play critical roles in establishing the techno-social perspective for the effective assimilation of Knowledge Management practices.

  6. Information security management principles

    CERN Document Server

    Taylor, Andy; Finch, Amanda; Sutton, David; Taylor, Andy

    2013-01-01

    In today's technology-driven environment, there is an ever-increasing demand for information delivery. A compromise has to be struck between security and availability. This book is a pragmatic guide to information assurance for both business professionals and technical experts. This second edition includes the security of cloud-based resources.

  7. When Information Improves Information Security

    Science.gov (United States)

    Grossklags, Jens; Johnson, Benjamin; Christin, Nicolas

    This paper presents a formal, quantitative evaluation of the impact of bounded-rational security decision-making subject to limited information and externalities. We investigate a mixed economy of an individual rational expert and several naïve near-sighted agents. We further model three canonical types of negative externalities (weakest-link, best shot and total effort), and study the impact of two information regimes on the threat level agents are facing.

  8. Developing e-banking services for rural India: making use of socio-technical prototypes

    OpenAIRE

    Dittrich, Yvonne; Vaidyanathan, Lakshmi; Gonsalves, Timothy A; Jhunjhunwala, Ashok

    2017-01-01

    Information and Communication Technology (ICT) is one of the key enablers for including underserved communities in economic and societal development across the world. Our research analyzes several banking service projects developing technical solutions for rural India. This poster presents an experience report based on systematic debriefing of involved project leaders and initiators, triangulated with additional documentation. The concept of Socio-Technical Prototype is developed and used to ...

  9. Information security management handbook

    CERN Document Server

    Tipton, Harold F

    2006-01-01

    Access Control Systems and Methodology. Telecommunications and Network Security. Security Management Practices. Application Program Security. Cryptography. Computer, System, and Security Architecture. Operations Security. Business Continuity Planning and Disaster Recovery Planning. Law, Investigation and Ethics. Physical Security.

  10. Trust in technology a socio-technical perspective

    CERN Document Server

    Clarke, Karen; Rouncefield, Mark

    2006-01-01

    Encapsulates work done in the DIRC project (Interdisciplinary Research Collaboration in Dependability), bringing together a range of disciplinary approaches - computer science, sociology and software engineering - to produce a socio-technical systems perspective on the issues surrounding trust in technology in complex settings.

  11. Formal Modelling and Analysis of Socio-Technical Systems

    NARCIS (Netherlands)

    Probst, Christian W.; Kammüller, Florian; Rydhof Hansen, René; Probst, Christian W.; Hankin, Chris; Rydhof Hansen, René

    2015-01-01

    Attacks on systems and organisations increasingly exploit human actors, for example through social engineering. This non-technical aspect of attacks complicates their formal treatment and automatic identification. Formalisation of human behaviour is difficult at best, and attacks on socio-technical

  12. EMuRgency: Socio-technical innovations to save lives

    NARCIS (Netherlands)

    Kalz, Marco

    2013-01-01

    Kalz, M. (2013, 18 September). EMuRgency: Socio-technical innovations to save lives. Presentation provided during the workshop on 21st century learning in the health and emergency sectors in conjunction with the 8th European Conference on Technology-Enhanced Learning (ECTEL 2013). Paphos, Cyprus.

  13. The governance of sustainable socio-technical transitions

    NARCIS (Netherlands)

    Smith, A.G.; Stirling, A.C.; Berkhout, F.G.H.

    2005-01-01

    A quasi-evolutionary model of socio-technical transitions is described in which regimes face selection pressures continuously. Differentiated transition contexts determine the form and direction of regime change in response to these pressures. The articulation of pressures, and the degree to which

  14. Socio-technical considerations in epilepsy electronic patient record implementation.

    LENUS (Irish Health Repository)

    Mc Quaid, Louise

    2010-05-01

    Examination of electronic patient record (EPR) implementation at the socio-technical interface. This study was based on the introduction of an anti-epileptic drug (AED) management module of an EPR in an epilepsy out-patient clinic. The objective was to introduce the module to a live clinical setting within strictly controlled conditions to evaluate its usability and usefulness.

  15. A mechanism to assess the relationship between socio-technical ...

    African Journals Online (AJOL)

    A mechanism to assess the relationship between socio-technical congruence and project performance in incremental model. W.A.W.M. Sobri, S.S.M. Fauzi, M.H.N.M. Nasir, R Ahmad, A.J. Suali. Abstract. No Abstract. Keywords: coordination; software development; software project; software engineering project; ...

  16. Designing socio-technical systems : Structures and processes

    NARCIS (Netherlands)

    Bots, P.W.G.; Van Daalen, C.

    2012-01-01

    The Systems Engineering, Policy Analysis and Management (SEPAM) MSc curriculum taught at Delft University of Technology focuses on the design of socio-technical systems (STS). We teach our students to structure design activities by considering what we call the TIP aspects: Technical systems,

  17. Capturing socio-technical systems with agent-based modelling

    NARCIS (Netherlands)

    Van Dam, K.H.

    2009-01-01

    What is a suitable modelling approach for socio-technical systems? The answer to this question is of great importance to decision makers in large scale interconnected network systems. The behaviour of these systems is determined by many actors, situated in a dynamic, multi-actor, multi-objective and

  18. Using communication norms in socio-technical systems

    NARCIS (Netherlands)

    Weigand, H.; Whitworth, B.; de Moor, A.

    2009-01-01

    Often socio-technical systems are designed simply on the basis of what the user asks, and without considering explicitly whether the required process structure is right and wrong. However, poor communication may cause many problems. Therefore, a design cycle should always include diagnosis, and in

  19. Understanding the Modularity of Socio-technical Production Systems

    DEFF Research Database (Denmark)

    Thuesen, Christian Langhoff

    This paper seeks to contribute to the development of Configurational Theory by offering a reinterpretation of the modularity concept from a socio-technical perspective in general and Actor Network Theory (ANT) in particular. By formulating modularity from an ANT perspective covering social...

  20. Security classification of information

    Energy Technology Data Exchange (ETDEWEB)

    Quist, A.S.

    1993-04-01

    This document is the second of a planned four-volume work that comprehensively discusses the security classification of information. The main focus of Volume 2 is on the principles for classification of information. Included herein are descriptions of the two major types of information that governments classify for national security reasons (subjective and objective information), guidance to use when determining whether information under consideration for classification is controlled by the government (a necessary requirement for classification to be effective), information disclosure risks and benefits (the benefits and costs of classification), standards to use when balancing information disclosure risks and benefits, guidance for assigning classification levels (Top Secret, Secret, or Confidential) to classified information, guidance for determining how long information should be classified (classification duration), classification of associations of information, classification of compilations of information, and principles for declassifying and downgrading information. Rules or principles of certain areas of our legal system (e.g., trade secret law) are sometimes mentioned to .provide added support to some of those classification principles.

  1. Modelling Socio-Technical Aspects of Organisational Security

    DEFF Research Database (Denmark)

    Ivanova, Marieta Georgieva

    Identification of threats to organisations and risk assessment often take into consideration the pure technical aspects, overlooking the vulnerabilities originating from attacks on a social level, for example social engineering, and abstracting away the physical infrastructure. However, attacks...... would close this gap, however, it would also result in complicating the formal treatment and automatic identification of attacks. This dissertation shows that applying a system modelling approach to sociotechnical systems can be used for identifying attacks on organisations, which exploit various levels...... process calculus, we develop a formal analytical approach that generates attack trees from the model. The overall goal of the framework is to predict, prioritise and minimise the vulnerabilities in organisations by prohibiting the overall attack or at least increasing the difficulty and cost of fulfilling...

  2. Sustainability and deliberate transition of socio-technical systems

    DEFF Research Database (Denmark)

    Hansen, Ole Erik; Søndergård, Bent; Stærdahl, Jens

    or developing socio-technical systems in order to integrate the concept of sustainability as a driver for the deliberate and purposeful shaping and transition. The article discusses the requirements to effective governance networks and governing of governance networks. Research within innovation systems......The article suggests that deliberate planning for sustainability demands a focus on the transition of socio-technical systems in order to establish robust and more sustainable patterns of production and consumption. This implies the necessity of a new perspective for environmental planning......, transition management and technology systems combined with planning and experimental activities provides both a theoretical and empirical body of knowledge of such governance processes. The article discusses how this perspective can be used in relation to the process of developing bio-fuel systems...

  3. Dynamic Socio-technical System Design based on Stakeholder Interaction

    Directory of Open Access Journals (Sweden)

    Albert Fleischmann

    2015-07-01

    Full Text Available In order to directly involve stakeholders in socio-technical system design, we argue for streamlining executable process specifications with business process modeling. Due to current agility requirements of organizations, socio-technical system development is considered one of the key activities of members of the organizations. Dynamic process adaptation enable handling the volatility of business operation and IT infrastructure. Subject-oriented process representations are key enablers to dynamic adaptation due to their capability for stakeholders to create directly executable models. In this way stakeholder can be involved in change management pro-actively. Subject-oriented models (i represent all relevant features required for system control and decision making, and (ii are executable on demand. This effectiveness enables organizational change in a creative and efficient way, while establishing innovative design and change management tools. Subject-oriented Business Process Management capabilities are reflected in this realm revealing benefits and potential for further research.

  4. Socio-technical Spaces: Guiding Politics, Staging Design

    DEFF Research Database (Denmark)

    Clausen, Christian; Yoshinaka, Yutaka

    2005-01-01

    This article addresses how insights from the social shaping tradition and political process theory may contribute to an understanding of the sociotechnical design and implementation of change. This idea is pursued through the notion of 'socio-technical spaces' and its delineation, with respect...... political concerns. The paper tentatively points to some analytical implications and to challenges and possibilities for the 'bridging' between spaces otherwise rendered distinct....

  5. The socio-technical system and nuclear safety

    International Nuclear Information System (INIS)

    Stefanescu, Petre; Mihailescu, Nicolae; Dragusin, Octavian

    1999-01-01

    In the field of nuclear safety there have been defined notions like 'technical factors' and 'human factors'. The technical factors depend on designing and manufacturing of components/equipment, actually depend on the people's work. The study of human factors consists in analyzing and recommending the terms that allow an individual to be a reliable and safety agent. Accordingly, he/she is placed in working conditions corresponding to human abilities, associating the means of three levels: - designing, i.e. the action upon the technical system and upon work organization; - correction, i.e. the action upon the evolution of the technical system and organizing; - formation/training, i.e. action upon operators. The paper presents a characterization of the socio-technical system and on this basis discusses the issue of individual adjustment to the socio-technical system and reciprocally, the issue of the socio-technical system adjustment to the individual. Concepts as: ergonomics, physical medium, man/machine interface and support of the operator, man/machine task sharing, the work organizing are put in relation with the central subject, the nuclear safety

  6. Catastrophic failure in complex socio-technical systems

    International Nuclear Information System (INIS)

    Weir, D.

    2004-01-01

    This paper reviews the sequences leading to catastrophic failures in complex socio-technical systems. It traces some of the elements of an analytic framework to that proposed by Beer in Decision and Control, first published in 1966, and argues that these ideas are centrally relevant to a topic on which research interest has developed subsequently, the study of crises, catastrophes and disasters in complex socio-technical systems in high technology sectors. But while the system perspective is central, it is not by itself entirely adequate. The problems discussed cannot be discussed simply in terms of system parameters like variety, redundancy and complexity. Much empirical research supports the view that these systems typically operate in degraded mode. The degradations may be primarily initiated within the social components of the socio-technical system. Such variables as hierarchical position, actors' motivations and intentions are relevant to explain the ways in which communication systems typically operate to filter out messages from lower participants and to ignore the 'soft signals' issuing from small-scale and intermittent malfunctions. (author)

  7. The Personal Information Security Assistant

    NARCIS (Netherlands)

    Kegel, Roeland Hendrik,Pieter

    The human element is often found to be the weakest link in the information security chain. The Personal Information Security Assistant project aims to address this by improving the privacy and security awareness of end-users and by aligning the user's personal IT environment to the user's security

  8. A Socio-Technical Approach to Preventing, Mitigating, and Recovering from Ransomware Attacks.

    Science.gov (United States)

    Sittig, Dean F; Singh, Hardeep

    2016-01-01

    Recently there have been several high-profile ransomware attacks involving hospitals around the world. Ransomware is intended to damage or disable a user's computer unless the user makes a payment. Once the attack has been launched, users have three options: 1) try to restore their data from backup; 2) pay the ransom; or 3) lose their data. In this manuscript, we discuss a socio-technical approach to address ransomware and outline four overarching steps that organizations can undertake to secure an electronic health record (EHR) system and the underlying computing infrastructure. First, health IT professionals need to ensure adequate system protection by correctly installing and configuring computers and networks that connect them. Next, the health care organizations need to ensure more reliable system defense by implementing user-focused strategies, including simulation and training on correct and complete use of computers and network applications. Concomitantly, the organization needs to monitor computer and application use continuously in an effort to detect suspicious activities and identify and address security problems before they cause harm. Finally, organizations need to respond adequately to and recover quickly from ransomware attacks and take actions to prevent them in future. We also elaborate on recommendations from other authoritative sources, including the National Institute of Standards and Technology (NIST). Similar to approaches to address other complex socio-technical health IT challenges, the responsibility of preventing, mitigating, and recovering from these attacks is shared between health IT professionals and end-users.

  9. Security Information System Digital Simulation

    OpenAIRE

    Tao Kuang; Shanhong Zhu

    2015-01-01

    The study built a simulation model for the study of food security information system relay protection. MATLAB-based simulation technology can support the analysis and design of food security information systems. As an example, the food security information system fault simulation, zero-sequence current protection simulation and transformer differential protection simulation are presented in this study. The case studies show that the simulation of food security information system relay protect...

  10. Information Security Maturity Model

    OpenAIRE

    Information Security Maturity Model

    2011-01-01

    To ensure security, it is important to build-in security in both the planning and the design phases andadapt a security architecture which makes sure that regular and security related tasks, are deployedcorrectly. Security requirements must be linked to the business goals. We identified four domains thataffect security at an organization namely, organization governance, organizational culture, thearchitecture of the systems, and service management. In order to identify and explore the strengt...

  11. Information security principles and practice

    CERN Document Server

    Stamp, Mark

    2011-01-01

    Now updated-your expert guide to twenty-first century information security Information security is a rapidly evolving field. As businesses and consumers become increasingly dependent on complex multinational information systems, it is more imperative than ever to protect the confidentiality and integrity of data. Featuring a wide array of new information on the most current security issues, this fully updated and revised edition of Information Security: Principles and Practice provides the skills and knowledge readers need to tackle any information security challenge. Taking a pract

  12. Information Assurance Security in the Information Environment

    CERN Document Server

    Blyth, Andrew

    2006-01-01

    Intended for IT managers and assets protection professionals, this work aims to bridge the gap between information security, information systems security and information warfare. It covers topics such as the role of the corporate security officer; Corporate cybercrime; Electronic commerce and the global marketplace; Cryptography; and, more.

  13. Implementing an Information Security Program

    Energy Technology Data Exchange (ETDEWEB)

    Glantz, Clifford S.; Lenaeus, Joseph D.; Landine, Guy P.; O' Neil, Lori Ross; Leitch, Rosalyn; Johnson, Christopher; Lewis, John G.; Rodger, Robert M.

    2017-11-01

    The threats to information security have dramatically increased with the proliferation of information systems and the internet. Chemical, biological, radiological, nuclear, and explosives (CBRNe) facilities need to address these threats in order to protect themselves from the loss of intellectual property, theft of valuable or hazardous materials, and sabotage. Project 19 of the European Union CBRN Risk Mitigation Centres of Excellence Initiative is designed to help CBRN security managers, information technology/cybersecurity managers, and other decision-makers deal with these threats through the application of cost-effective information security programs. Project 19 has developed three guidance documents that are publically available to cover information security best practices, planning for an information security management system, and implementing security controls for information security.

  14. Audit for Information Systems Security

    Directory of Open Access Journals (Sweden)

    Ana-Maria SUDUC

    2010-01-01

    Full Text Available The information and communication technologies advances made available enormous and vast amounts of information. This availability generates also significant risks to computer systems, information and to the critical operations and infrastructures they support. In spite of significant advances in the information security area many information systems are still vulnerable to inside or outside attacks. The existence of an internal audit for information system security increases the probability of adopting adequate security measures and preventing these attacks or lowering the negative consequences. The paper presents an exploratory study on informatics audit for information systems security.

  15. Socio-technical issues and challenges in implementing safe patient handovers: insights from ethnographic case studies.

    Science.gov (United States)

    Balka, Ellen; Tolar, Marianne; Coates, Shannon; Whitehouse, Sandra

    2013-12-01

    Ineffective handovers in patient care, including those where information loss occurs between care providers, have been identified as a risk to patient safety. Computerization of health information is often offered as a solution to improve the quality of care handovers and decrease adverse events related to patient safety. The purpose of this paper is to broaden our understanding of clinical handover as a patient safety issue, and to identify socio-technical issues which may come to bear on the success of computer based handover tools. Three in depth ethnographic case studies were undertaken. Field notes were transcribed and analyzed with the aid of qualitative data analysis software. Within case analysis was performed on each case, and subsequently, cross case analyses were performed. We identified five types of socio-technical issues which must be addressed if electronic handover tools are to succeed. The inter-dependencies of these issues are addressed in relation to arenas in which health care work takes place. We suggest that the contextual nature of information, ethical and medico-legal issues arising in relation to information handover, and issues related to data standards and system interoperability must be addressed if computerized health information systems are to achieve improvements in patient safety related to handovers in care. Copyright © 2012 Elsevier Ireland Ltd. All rights reserved.

  16. Network Paradigm of Information Security

    Directory of Open Access Journals (Sweden)

    Alexandr Diomidovich Afanasyev

    2016-03-01

    Full Text Available An issue of topological analysis has been claimed as a key one while creating robust and secure network systems. Some examples of complex network applications in information security domain have been cited.

  17. Information Security Service Branding – beyond information security awareness

    Directory of Open Access Journals (Sweden)

    Rahul Rastogi

    2012-12-01

    Full Text Available End-users play a critical role in the effective implementation and running of an information security program in any organization. The success of such a program depends primarily on the effective implementation and execution of associated information security policies and controls and the resultant behavior and actions of end-users. However, end-users often have negative perception of information security in the organization and exhibit non-compliance. In order to improve compliance levels, it is vital to improve the image of information security in the minds of end-users. This paper borrows the concepts of brands and branding from the domain of marketing to achieve this objective and applies these concepts to information security. The paper also describes a process for creating the information security service brand in the organization.

  18. Outsourcing information security

    CERN Document Server

    Axelrod, Warren

    2004-01-01

    This comprehensive and timely resource examines security risks related to IT outsourcing, clearly showing you how to recognize, evaluate, minimize, and manage these risks. Unique in its scope, this single volume offers you complete coverage of the whole range of IT security services and fully treats the IT security concerns of outsourcing. The book helps you deepen your knowledge of the tangible and intangible costs and benefits associated with outsourcing IT and IS functions.

  19. Teaching RFID Information Systems Security

    Science.gov (United States)

    Thompson, Dale R.; Di, Jia; Daugherty, Michael K.

    2014-01-01

    The future cyber security workforce needs radio frequency identification (RFID) information systems security (INFOSEC) and threat modeling educational materials. A complete RFID security course with new learning materials and teaching strategies is presented here. A new RFID Reference Model is used in the course to organize discussion of RFID,…

  20. Communications and information infrastructure security

    CERN Document Server

    Voeller, John G

    2014-01-01

    Communication and Information Systems Security features articles from the Wiley Handbook of Science and Technology for Homeland Security covering strategies for protecting the telecommunications sector, wireless security, advanced web based technology for emergency situations. Science and technology for critical infrastructure consequence mitigation are also discussed.

  1. To The Question Of The Concepts "National Security", "Information Security", "National Information Security" Meanings

    OpenAIRE

    Alexander A. Galushkin

    2015-01-01

    In the present article author analyzes value of the concepts "national security", "information security", "national information security". Author gives opinions of scientists-jurists, definitions given by legislators and normotvorets in various regulations.

  2. INFORMATION SECURITY MANAGEMENT IN ORGANIZATIONS

    OpenAIRE

    Ndungu , Maryanne; Kandel, Sushila

    2015-01-01

    In today's globally interconnected economy, information security has become one of the most complex issues of concern at the world's leading organizations. The capital value of information is significantly increasing and forming a large part of the shareholder value due to increased dependence on information. Organizations that want to achieve competitive advantage amongst other goals have information security at the centre of their concerns. It is now evident that information is a busin...

  3. A socio-technical approach to teaching the social impacts of technological development

    DEFF Research Database (Denmark)

    Jensen, Per Langå; Broberg, Ole

    2001-01-01

    This paper describes a socio-technical approach to teach work environment in an en-gineering education as an alternative to a science-based presentation of each potential harmful factor. The socio-technical approach emphasizes that work environment must be understood in a social context and that ......This paper describes a socio-technical approach to teach work environment in an en-gineering education as an alternative to a science-based presentation of each potential harmful factor. The socio-technical approach emphasizes that work environment must be understood in a social context...

  4. Information Security Management System toolkit

    OpenAIRE

    Καραμανλής, Μάνος; Karamanlis, Manos

    2016-01-01

    Secure management of information is becoming critical for any organization because information is one of the most valuable assets in organization’s business operations. An Information security management system (ISMS) consists of the policies, procedures, guidelines, and associated resources and activities, collectively managed by an organization, in the pursuit of protecting its information assets. An ISMS is a systematic approach for establishing, implementing, operating, mon...

  5. Information risk and security modeling

    Science.gov (United States)

    Zivic, Predrag

    2005-03-01

    This research paper presentation will feature current frameworks to addressing risk and security modeling and metrics. The paper will analyze technical level risk and security metrics of Common Criteria/ISO15408, Centre for Internet Security guidelines, NSA configuration guidelines and metrics used at this level. Information IT operational standards view on security metrics such as GMITS/ISO13335, ITIL/ITMS and architectural guidelines such as ISO7498-2 will be explained. Business process level standards such as ISO17799, COSO and CobiT will be presented with their control approach to security metrics. Top level, the maturity standards such as SSE-CMM/ISO21827, NSA Infosec Assessment and CobiT will be explored and reviewed. For each defined level of security metrics the research presentation will explore the appropriate usage of these standards. The paper will discuss standards approaches to conducting the risk and security metrics. The research findings will demonstrate the need for common baseline for both risk and security metrics. This paper will show the relation between the attribute based common baseline and corporate assets and controls for risk and security metrics. IT will be shown that such approach spans over all mentioned standards. The proposed approach 3D visual presentation and development of the Information Security Model will be analyzed and postulated. Presentation will clearly demonstrate the benefits of proposed attributes based approach and defined risk and security space for modeling and measuring.

  6. Information security foundations, technologies and applications

    CERN Document Server

    Awad, Ali Ismail; Fairhurst, Michael

    2018-01-01

    This book outlines key emerging trends in information security from the foundations and technologies in biometrics, cybersecurity, and big data security to applications in hardware and embedded systems security, computer forensics, the Internet of Things security, and network security.

  7. Managing information technology security risk

    Science.gov (United States)

    Gilliam, David

    2003-01-01

    Information Technology (IT) Security Risk Management is a critical task for the organization to protect against the loss of confidentiality, integrity and availability of IT resources. As systems bgecome more complex and diverse and and attacks from intrusions and malicious content increase, it is becoming increasingly difficult to manage IT security risk. This paper describes a two-pronged approach in addressing IT security risk and risk management in the organization: 1) an institutional enterprise appraoch, and 2) a project life cycle approach.

  8. INFORMATION SECURITY IN LOGISTICS COOPERATION

    Directory of Open Access Journals (Sweden)

    Tomasz Małkus

    2015-03-01

    Full Text Available Cooperation of suppliers of raw materials, semi-finished products, finished products, wholesalers, retailers in the form of the supply chain, as well as outsourcing of specialized logistics service require ensuring adequate support of information. It concerns the use of appropriate computer tools. The security of information in such conditions of collaboration becomes the important problem for parties of contract. The objective of the paper is to characterize main issues relating to security of information in logistics cooperation.

  9. Information technology - Security techniques - Information security management systems - Requirements

    CERN Document Server

    International Organization for Standardization. Geneva

    2005-01-01

    ISO/IEC 27001:2005 covers all types of organizations (e.g. commercial enterprises, government agencies, not-for profit organizations). ISO/IEC 27001:2005 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization's overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof. ISO/IEC 27001:2005 is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties. ISO/IEC 27001:2005 is intended to be suitable for several different types of use, including the following: use within organizations to formulate security requirements and objectives; use within organizations as a way to ensure that security risks are cost effectively managed; use within organizations to ensure comp...

  10. Information Security and the Internet.

    Science.gov (United States)

    Doddrell, Gregory R.

    1996-01-01

    As business relies less on "fortress" style central computers and more on distributed systems, the risk of disruption increases because of inadequate physical security, support services, and site monitoring. This article discusses information security and why protection is required on the Internet, presents a best practice firewall, and…

  11. Transferring Codified Knowledge: Socio-Technical versus Top-Down Approaches

    Science.gov (United States)

    Guzman, Gustavo; Trivelato, Luiz F.

    2008-01-01

    Purpose: This paper aims to analyse and evaluate the transfer process of codified knowledge (CK) performed under two different approaches: the "socio-technical" and the "top-down". It is argued that the socio-technical approach supports the transfer of CK better than the top-down approach. Design/methodology/approach: Case study methodology was…

  12. Exploring the impact of socio-technical core-periphery structures in open source software development

    NARCIS (Netherlands)

    Amrit, Chintan Amrit; van Hillegersberg, Jos

    2010-01-01

    In this paper we apply the social network concept of core-periphery structure to the socio-technical structure of a software development team. We propose a socio-technical pattern that can be used to locate emerging coordination problems in Open Source projects. With the help of our tool and method

  13. The structuration of socio-technical regimes - Conceptual foundations from institutional theory

    NARCIS (Netherlands)

    Fuenfschilling, Lea; Truffer, Bernhard|info:eu-repo/dai/nl/6603148005

    2014-01-01

    In recent years, socio-technical transitions literature has gained importance in addressing long-term, transformative change in various industries. In order to account for the inertia and path-dependency experienced in these sectors, the concept of the socio-technical regime has been formulated.

  14. Computer and information security handbook

    CERN Document Server

    Vacca, John R

    2012-01-01

    The second edition of this comprehensive handbook of computer and information security provides the most complete view of computer security and privacy available. It offers in-depth coverage of security theory, technology, and practice as they relate to established technologies as well as recent advances. It explores practical solutions to many security issues. Individual chapters are authored by leading experts in the field and address the immediate and long-term challenges in the authors' respective areas of expertise. The book is organized into 10 parts comprised of 70 contributed

  15. Conceptualising Digital Materiality and its Socio-Technical Implications through the Phenomenon of Crowdsourcing

    Directory of Open Access Journals (Sweden)

    Patricia Morizio

    2014-10-01

    Full Text Available Digital materiality is a relatively new concept in the information systems literature that attempts to give “substance” to, or explain the material properties of, digital artefacts. These artefacts, such as software programs, are challenging our traditional assumptions of what is “materiality”. Crowdsourcing or the aggregation of publicly-reported data for a variety of purposes – from tracking instances of violence within a geographic area, to coordinating information for aid agencies working in humanitarian emergency situations – is an example technology that transcends the line of a purely physical or digital object. This paper will briefly touch on the definition of digital materiality within IS thought, followed by a discussion of how crowdsourcing fits into its conceptualisation, namely in terms of its characteristics and organisational consequences. The purpose is to instantiate the more theoretical notion of digital materiality through a tangible technology with far-reaching socio-technical implications.

  16. 76 FR 34761 - Classified National Security Information

    Science.gov (United States)

    2011-06-14

    ... MARINE MAMMAL COMMISSION Classified National Security Information [Directive 11-01] AGENCY: Marine... Commission's (MMC) policy on classified information, as directed by Information Security Oversight Office... of Executive Order 13526, ``Classified National Security Information,'' and 32 CFR part 2001...

  17. Conducting an information security audit

    Directory of Open Access Journals (Sweden)

    Prof. Ph.D . Gheorghe Popescu

    2008-05-01

    Full Text Available The rapid and dramatic advances in information technology (IT in recent years have withoutquestion generated tremendous benefits. At the same time, information technology has created significant,nunprecedented risks to government and to entities operations. So, computer security has become muchmore important as all levels of government and entities utilize information systems security measures toavoid data tampering, fraud, disruptions in critical operations, and inappropriate disclosure of sensitiveinformation. Obviously, uses of computer security become essential in minimizing the risk of malicious attacksfrom individuals and groups, considering that there are many current computer systems with onlylimited security precautions in place.As we already know financial audits are the most common examinations that a business manager en-counters.This is a familiar area for most executives: they know that financial auditors are going to examine the financial records and how those records are used. They may even be familiar with physical securityaudits. However, they are unlikely to be acquainted with information security audits; that is an audit ofhow the confidentiality, availability and integrity of an organization’s information are assured. Any way,if not, they should be, especially that an information security audit is one of the best ways to determine thesecurity of an organization’s information without incurring the cost and other associated damages of a securityincident.

  18. A Novel Interdisciplinary Approach to Socio-Technical Complexity

    Science.gov (United States)

    Bassetti, Chiara

    The chapter presents a novel interdisciplinary approach that integrates micro-sociological analysis into computer-vision and pattern-recognition modeling and algorithms, the purpose being to tackle socio-technical complexity at a systemic yet micro-grounded level. The approach is empirically-grounded and both theoretically- and analytically-driven, yet systemic and multidimensional, semi-supervised and computable, and oriented towards large scale applications. The chapter describes the proposed approach especially as for its sociological foundations, and as applied to the analysis of a particular setting --i.e. sport-spectator crowds. Crowds, better defined as large gatherings, are almost ever-present in our societies, and capturing their dynamics is crucial. From social sciences to public safety management and emergency response, modeling and predicting large gatherings' presence and dynamics, thus possibly preventing critical situations and being able to properly react to them, is fundamental. This is where semi/automated technologies can make the difference. The work presented in this chapter is intended as a scientific step towards such an objective.

  19. Complex socio-technical systems: Characterization and management guidelines.

    Science.gov (United States)

    Righi, Angela Weber; Saurin, Tarcisio Abreu

    2015-09-01

    Although ergonomics has paid increasing attention to the perspective of complexity, methods for its operationalization are scarce. This study introduces a framework for the operationalization of the "attribute view" of complexity, which involves: (i) the delimitation of the socio-technical system (STS); (ii) the description of four complexity attributes, namely a large number of elements in dynamic interactions, a wide diversity of elements, unexpected variability, and resilience; (iii) the assessment of six management guidelines, namely design slack, give visibility to processes and outcomes, anticipate and monitor the impacts of small changes, monitor the gap between prescription and practice, encourage diversity of perspectives when making decisions, and create an environment that supports resilience; and (iv) the identification of leverage points for improving the STS design, based on both the analysis of relationships among the attributes and their classification as irreducible/manageable complexity, and liability/asset. The use of the framework is illustrated by the study of an emergency department of a University hospital. Data collection involved analysis of documents, observations of work at the front-line, interviews with employees, and the application of questionnaires. Copyright © 2015 Elsevier Ltd and The Ergonomics Society. All rights reserved.

  20. Methods of Organizational Information Security

    Science.gov (United States)

    Martins, José; Dos Santos, Henrique

    The principle objective of this article is to present a literature review for the methods used in the security of information at the level of organizations. Some of the principle problems are identified and a first group of relevant dimensions is presented for an efficient management of information security. The study is based on the literature review made, using some of the more relevant certified articles of this theme, in international reports and in the principle norms of management of information security. From the readings that were done, we identified some of the methods oriented for risk management, norms of certification and good practice of security of information. Some of the norms are oriented for the certification of the product or system and others oriented to the processes of the business. There are also studies with the proposal of Frameworks that suggest the integration of different approaches with the foundation of norms focused on technologies, in processes and taking into consideration the organizational and human environment of the organizations. In our perspective, the biggest contribute to the security of information is the development of a method of security of information for an organization in a conflicting environment. This should make available the security of information, against the possible dimensions of attack that the threats could exploit, through the vulnerability of the organizational actives. This method should support the new concepts of "Network centric warfare", "Information superiority" and "Information warfare" especially developed in this last decade, where information is seen simultaneously as a weapon and as a target.

  1. Improving Information Security Risk Management

    Science.gov (United States)

    Singh, Anand

    2009-01-01

    manaOptimizing risk to information to protect the enterprise as well as to satisfy government and industry mandates is a core function of most information security departments. Risk management is the discipline that is focused on assessing, mitigating, monitoring and optimizing risks to information. Risk assessments and analyses are critical…

  2. Information Security and Integrity Systems

    Science.gov (United States)

    1990-01-01

    Viewgraphs from the Information Security and Integrity Systems seminar held at the University of Houston-Clear Lake on May 15-16, 1990 are presented. A tutorial on computer security is presented. The goals of this tutorial are the following: to review security requirements imposed by government and by common sense; to examine risk analysis methods to help keep sight of forest while in trees; to discuss the current hot topic of viruses (which will stay hot); to examine network security, now and in the next year to 30 years; to give a brief overview of encryption; to review protection methods in operating systems; to review database security problems; to review the Trusted Computer System Evaluation Criteria (Orange Book); to comment on formal verification methods; to consider new approaches (like intrusion detection and biometrics); to review the old, low tech, and still good solutions; and to give pointers to the literature and to where to get help. Other topics covered include security in software applications and development; risk management; trust: formal methods and associated techniques; secure distributed operating system and verification; trusted Ada; a conceptual model for supporting a B3+ dynamic multilevel security and integrity in the Ada runtime environment; and information intelligence sciences.

  3. The Shaping of the Scandinavian Socio-technical IS Research Tradition

    DEFF Research Database (Denmark)

    Bjørn-Andersen, Niels; Clemmensen, Torkil

    2017-01-01

    voice of the autoethnographer and the questioning voice of a younger researcher, the second author, who wants to bridge S/T into the future. The main contributions of this paper are to provide: 1) insights into career development in IS in general and in one of the Scandinavian IS pioneers in particular......This paper relates stories instrumental in shaping the career of an individual and which have also contributed to shaping of the IS field in general and the ‘Scandinavian Socio-Technical (S/T) Information Systems Research Tradition’ in particular. The method in this paper is an autoethnography......; 2) a historic account of some of the key events in the early days of S/T IS in Scandinavia; 3) an account of the experiences and the challenges in creating a new research field such as IS; and 4) a summary of Niels’s key learnings hopefully relevant to young and mid-career IS researchers....

  4. Inquiries into Malaysia's socio-technical disasters: recommendations and lessons learnt.

    Science.gov (United States)

    Said, Aini Mat; Ahmadun, Fakhru'l-Razi; Abdul Kadir, Razali; Daud, Mohamed

    2009-04-01

    Most democratic countries hold inquiries into disasters. One of their key functions is to establish the cause of an event and to learn lessons in order to prevent a recurrence. In addition, they offer an opportunity for communal catharsis, permitting the public to vent anger, distress and frustration and to exert pressure for policy changes. Malaysia has experienced six landmark socio-technical disasters since 1968, which resulted in the proposal or amendment of various safety/emergency acts and regulations. The authors used a grounded theory approach utilising a constant comparative method to analyse the recommendations made by the inquiries into these events. Data indicate that social and technical recommendations comprise 85 and 15 per cent, respectively, of the total recommendations made by the inquiry committees. This paper offers suggestions for improving the management of inquiry tribunals, as they will remain a valuable source of information for society and corporations to learn from past incidents.

  5. 75 FR 28777 - Information Collection; Financial Information Security Request Form

    Science.gov (United States)

    2010-05-24

    ... Collection; Financial Information Security Request Form AGENCY: Forest Service, USDA. ACTION: Notice; Request... currently approved information collection; Financial Information Security Request Form. DATES: Comments must... Standard Time, Monday through Friday. SUPPLEMENTARY INFORMATION: Title: Financial Information Security...

  6. Developing Scalable Information Security Systems

    Directory of Open Access Journals (Sweden)

    Valery Konstantinovich Ablekov

    2013-06-01

    Full Text Available Existing physical security systems has wide range of lacks, including: high cost, a large number of vulnerabilities, problems of modification and support system. This paper covers an actual problem of developing systems without this list of drawbacks. The paper presents the architecture of the information security system, which operates through the network protocol TCP/IP, including the ability to connect different types of devices and integration with existing security systems. The main advantage is a significant increase in system reliability, scalability, both vertically and horizontally, with minimal cost of both financial and time resources.

  7. Revealing the Socio-technical Design of Global e-businesses

    DEFF Research Database (Denmark)

    Kampf, Constance Elizabeth

    2012-01-01

    Global e-businesses such as Google, Amazon and E-bay affect both users and society. How can we begin to understand this duality in the socio-technical affordances of e-business? This paper examines a digital art performance as an example of the tensions between capitalist businesses and the public...... of socio-technical design and using dimensions of transparency to understand technology based Internet business, positing global Internet business as having two levels of socio-technical design—1) the micro level, dealing with user interaction, and 2) the macro level, dealing with the social design...

  8. THE SECURITY AUDIT WITHIN INFORMATION SYSTEMS

    OpenAIRE

    Dan Constantin TOFAN

    2011-01-01

    The information security audit is definitely a tool for determining, achieving, and maintaining a proper level of security in an organization. This article offers a comprehensive review of the world's most popular standards related to information systems security audit.

  9. Information security management with ITIL V3

    CERN Document Server

    Cazemier, Jacques A; Peters, Louk

    2010-01-01

    This groundbreaking new title looks at Information Security from defining what security measures positively support the business, to implementation to maintaining the required level and anticipating required changes. It covers:Fundamentals of information security ? providing readers insight and give background about what is going to be managed. Topics covered include: types of security controls, business benefits and the perspectives of business, customers, partners, service providers, and auditors.Fundamentals of management of information security - explains what information security manageme

  10. Exploring Socio-Technical Features of Green Interior Design of Residential Buildings: Indicators, Interdependence and Embeddedness

    Directory of Open Access Journals (Sweden)

    Yan Ning

    2016-12-01

    Full Text Available This research aims to develop indicators for assessing green interior design of new residential buildings in China, grounded in the socio-technical systems approach. The research was carried out through a critical literature review and two focus group studies. The results show that the boundaries of green interior design were identified with respect to three dimensions, namely performance, methodology and stakeholders. The socio-technical systems approach argues for the recognition of the interdependence between the systems elements and the feature of embeddedness. The interdependence of the systems elements exists within each of these three dimensions and across them. It is also found that the socio-technical systems of green interior design are embedded in the social, regulatory and geographic context. Taking interior design of residential buildings as the empirical setting, this study contributes to the literature of green building assessment by presenting a socio-technical systems approach.

  11. Worker Characteristics moderate the Impact of Socio - technical Workplace Interventions on Job Satisfaction

    OpenAIRE

    Mörtl, Peter; Schafler, Marlene; Lacueva-Pérez, Francisco José

    2017-01-01

    Workers’ job satisfaction is considered a critical indicator for the effectiveness of socio-technical interventions in the work place. However, job satisfaction represents a complex psychological phenomenon with many contributing factors that can be difficult to assess. To facilitate assessments of job satisfaction we review psychological theories and metrics of job satisfaction to investigate implications for socio-technical interventions. The findings suggest that the design and introductio...

  12. Information Warfare, Threats and Information Security

    Directory of Open Access Journals (Sweden)

    Dmitriy Nikolaevich Bespalov

    2014-01-01

    Full Text Available The article presents the opposite, but dependent on each other's reality - Revolutionary War information,information security goals and objectives of their study within the scheme "challenge-response", methodological and analytical support, the role of elites and the information society in promoting information security. One of the features of contemporaneityis the global spread of ICT, combined with poor governance and other difficulties in the construction of innovation infrastructures that are based on them in some countries. This leads to the reproduction of threats, primarily related to the ability to use ICT for purposes that are inconsistent with the objectives of maintaining international peace and security, compliance with the principles of non-use of force, non-interference in the internal affairs of states, etc. In this regard, include such terms as "a threat of information warfare", "information terrorism" and so forth. Information warfare, which stay in the policy declared the struggle for existence, and relationships are defined in terms of "friend-enemy", "ours-foreign". Superiority over the opponent or "capture of its territory" is the aim of political activity. And information security, serving activities similar process of political control, including a set of components, is a technology until their humanitarian. From the context and the decision itself is the ratio of the achieved results of information and political influence to the target - a positive image of Russia. Bringing its policy in line with the demands of a healthy public opinion provides conductivity of theauthorities initiatives in the country and increases the legitimacy of the Russian Federation actions in the world.

  13. Information security : the moving target

    CSIR Research Space (South Africa)

    Dlamini, MT

    2009-01-01

    Full Text Available -product to an integral part of business operations (Conner and Coviello, 2004). This paper gives an overview of the following: � Where did information security come from? (the past) � How did it get to where it is today? (the present) � In what direction... operators were permitted to use these computers. Other users would submit their jobs to the operator through protected slots (batch processing). The key security issue during this era was ensuring that only the privileged computer operator (one user one...

  14. Socio-Technical Implementation: Socio-technical Systems in the Context of Ubiquitous Computing, Ambient Intelligence, Embodied Virtuality, and the Internet of Things

    NARCIS (Netherlands)

    Nijholt, Antinus; Whitworth, B.; de Moor, A.

    2009-01-01

    In which computer science world do we design and implement our socio-technical systems? About every five or ten years new computer and interaction paradigms are introduced. We had the mainframe computers, the various generations of computers, including the Japanese fifth generation computers, the

  15. Pragmatic security metrics applying metametrics to information security

    CERN Document Server

    Brotby, W Krag

    2013-01-01

    Other books on information security metrics discuss number theory and statistics in academic terms. Light on mathematics and heavy on utility, PRAGMATIC Security Metrics: Applying Metametrics to Information Security breaks the mold. This is the ultimate how-to-do-it guide for security metrics.Packed with time-saving tips, the book offers easy-to-follow guidance for those struggling with security metrics. Step by step, it clearly explains how to specify, develop, use, and maintain an information security measurement system (a comprehensive suite of metrics) to

  16. Audit Characteristics for Information System Security

    OpenAIRE

    Marius POPA; Mihai DOINEA

    2007-01-01

    The paper presents the main aspects regarding the development of the information security and assurance of their security. The information systems, standards and audit processes definitions are offered. There are presented the most important security standards used in information system security assessment

  17. Information security of Smart Factories

    Science.gov (United States)

    Iureva, R. A.; Andreev, Y. S.; Iuvshin, A. M.; Timko, A. S.

    2018-05-01

    In several years, technologies and systems based on the Internet of things (IoT) will be widely used in all smart factories. When processing a huge array of unstructured data, their filtration and adequate interpretation are a priority for enterprises. In this context, the correct representation of information in a user-friendly form acquires special importance, for which the market today presents advanced analytical platforms designed to collect, store and analyze data on technological processes and events in real time. The main idea of the paper is the statement of the information security problem in IoT and integrity of processed information.

  18. Detailed Information Security in Cloud Computing

    OpenAIRE

    Pavel Valerievich Ivonin

    2013-01-01

    The object of research in this article is technology of public clouds, structure and security system of clouds. Problems of information security in clouds are considered, elements of security system in public clouds are described.

  19. Database and applications security integrating information security and data management

    CERN Document Server

    Thuraisingham, Bhavani

    2005-01-01

    This is the first book to provide an in-depth coverage of all the developments, issues and challenges in secure databases and applications. It provides directions for data and application security, including securing emerging applications such as bioinformatics, stream information processing and peer-to-peer computing. Divided into eight sections, each of which focuses on a key concept of secure databases and applications, this book deals with all aspects of technology, including secure relational databases, inference problems, secure object databases, secure distributed databases and emerging

  20. Information Security Management in Context of Globalization

    OpenAIRE

    Wawak, Slawomir

    2012-01-01

    Modern information technologies are the engine of globalization. At the same time, the global market influences the way of looking at information security. Information security thus becomes an increasingly important field. The article discuses the results of research on information security management systems in public administration in Poland.

  1. Optimal Aide Security Information Search (OASIS)

    National Research Council Canada - National Science Library

    Kapadia, Chetna

    2005-01-01

    The purpose of the Optimal AIDE Security Information Search (OASIS) effort was to investigate and prototype a tool that can assist the network security analyst in collecting useful information to defend the networks they manage...

  2. [Information security in health care].

    Science.gov (United States)

    Ködmön, József; Csajbók, Zoltán Ernő

    2015-07-05

    Doctors, nurses and other medical professionals are spending more and more time in front of the computer, using applications developed for general practitioners, specialized care, or perhaps an integrated hospital system. The data they handle during healing and patient care are mostly sensitive data and, therefore, their management is strictly regulated. Finding our way in the jungle of laws, regulations and policies is not simple. Notwithstanding, our lack of information does not waive our responsibility. This study summarizes the most important points of international recommendations, standards and legal regulations of the field, as well as giving practical advices for managing medical and patient data securely and in compliance with the current legal regulations.

  3. Socio technical modelling of a nuclear: case study applied to the Ionizing Radiation Metrology National Laboratory

    International Nuclear Information System (INIS)

    Acar, Maria Elizabeth Dias

    2015-01-01

    A methodology combining process mapping and analysis; knowledge elicitation mapping and critical analysis; and socio technical analysis based on social network analysis was conceived. The methodology was applied to a small knowledge intensive organization - LNMRI, and has allowed the appraisal of the main intellectual assets and their ability to evolve. In this sense, based on real issues such as attrition, the impacts of probable future scenarios were assessed. For such task, a multimodal network of processes, knowledge objects and people was analyzed using a set of appropriate metrics and means, including sphere of influence of key nodes. To differentiate the ability of people's role playing in the processes, some nodes' attributes were used to provide partition criteria for the network and thus the ability to differentiate the impact of potential loss of supervisors and operators. The proposed methodology has allowed for: 1) the identification of knowledge objects and their sources; 2) mapping and ranking of these objects according to their relevance and 3) the assessment of vulnerabilities in LNMRI's network structure and 4) revealing of informal mechanisms of knowledge sharing The conceived methodological framework has proved to be a robust tool for a broad diagnosis to support succession planning and also the organizational strategic planning. (author)

  4. Internet security information system implement method

    International Nuclear Information System (INIS)

    Liu Baoxu; Mei Jie; Xu Rongsheng; An Dehai; Yu Mingjian; Chen Xiangyang; Zheng Peng

    1999-01-01

    On the basis of analysis of the key elements that will affect the Internet Security Information System, the author takes UNIX Operating System as an example, and provides the important stages that must be considered when implementing the Internet Security Information System. An implemental model of the Internet Security Information System is given

  5. 76 FR 10262 - Information Security Program

    Science.gov (United States)

    2011-02-24

    ... FEDERAL MARITIME COMMISSION 46 CFR Part 503 [Docket No. 11-01] RIN 3072-AC40 Information Security... (FMC or Commission) amends its regulations relating to its Information Security Program to reflect the changes implemented by Executive Order 13526--Classified National Security Information--that took effect...

  6. 76 FR 62630 - Information Security Regulations

    Science.gov (United States)

    2011-10-11

    ... CENTRAL INTELLIGENCE AGENCY 32 CFR Part 1902 Information Security Regulations AGENCY: Central... information security regulations which have become outdated. The Executive Order upon which the regulations... CFR Part 1902 Information security regulations. PART 1902 [REMOVED AND RESERVED] Sec. 1902.13 [Removed...

  7. Developing and Validating the Socio-Technical Model in Ontology Engineering

    Science.gov (United States)

    Silalahi, Mesnan; Indra Sensuse, Dana; Giri Sucahyo, Yudho; Fadhilah Akmaliah, Izzah; Rahayu, Puji; Cahyaningsih, Elin

    2018-03-01

    This paper describes results from an attempt to develop a model in ontology engineering methodology and a way to validate the model. The approach to methodology in ontology engineering is from the point view of socio-technical system theory. Qualitative research synthesis is used to build the model using meta-ethnography. In order to ensure the objectivity of the measurement, inter-rater reliability method was applied using a multi-rater Fleiss Kappa. The results show the accordance of the research output with the diamond model in the socio-technical system theory by evidence of the interdependency of the four socio-technical variables namely people, technology, structure and task.

  8. Ethical Hacking in Information Security Curricula

    Science.gov (United States)

    Trabelsi, Zouheir; McCoey, Margaret

    2016-01-01

    Teaching offensive security (ethical hacking) is becoming a necessary component of information security curricula with a goal of developing better security professionals. The offensive security components extend curricula beyond system defense strategies. This paper identifies and discusses the learning outcomes achieved as a result of hands-on…

  9. Incentive Issues in Information Security Management

    Science.gov (United States)

    Lee, Chul Ho

    2012-01-01

    This dissertation studies three incentive issues in information security management. The first essay studies contract issues between a firm that outsources security functions and a managed security service provider (MSSP) that provides security functions to the firm. Since MSSP and firms cannot observe each other's actions, both can suffer…

  10. Security Price Informativeness with Delegated Traders

    OpenAIRE

    Gary Gorton; Ping He; Lixin Huang

    2010-01-01

    Trade in securities markets is conducted by agents acting for principals, using "mark-to-market" contracts whereby performance is assessed using security market prices. We endogenize contract choices, information production, informed trading, and security price informativeness. But there is a contract externality. Prices are informative only because other principals induce their agents to trade based on privately produced information. The agent-traders then have an incentive to coordinate and...

  11. Ethical aspects of information security and privacy

    NARCIS (Netherlands)

    Brey, Philip A.E.; Petkovic, Milan; Jonker, Willem

    2007-01-01

    This chapter reviews ethical aspects of computer and information security and privacy. After an introduction to ethical approaches to information technology, the focus is first on ethical aspects of computer security. These include the moral importance of computer security, the relation between

  12. Developing an Undergraduate Information Systems Security Track

    Science.gov (United States)

    Sharma, Aditya; Murphy, Marianne C.; Rosso, Mark A.; Grant, Donna

    2013-01-01

    Information Systems Security as a specialized area of study has mostly been taught at the graduate level. This paper highlights the efforts of establishing an Information Systems (IS) Security track at the undergraduate level. As there were many unanswered questions and concerns regarding the Security curriculum, focus areas, the benefit of…

  13. 78 FR 5116 - NASA Information Security Protection

    Science.gov (United States)

    2013-01-24

    ... 2700-AD61 NASA Information Security Protection AGENCY: National Aeronautics and Space Administration..., projects, plans, or protection services relating to the national security; or (h) The development... implement the provisions of Executive Order (E.O.) 13526, Classified National Security Information, and...

  14. reputation Risks through Information Security Incidents

    Directory of Open Access Journals (Sweden)

    Vitaly Eduardovich Dorokhov

    2014-05-01

    Full Text Available The article deals with accounting reputational risks arising through information security breaches in the management of a business entity. Security breach incidents which results to the loss of reputation are identified. Based on this analysis the definition of reputational risk in information security is given.

  15. 76 FR 4079 - Information Technology (IT) Security

    Science.gov (United States)

    2011-01-24

    ... Security, consistent with Federal policies for the security of unclassified information and information... Certification Program, and provide a Web site link within a contract clause to a library where contractors can... Security should be addressed through government-wide policies, standards, and requirements. NASA response...

  16. Convergence of Corporate and Information Security

    OpenAIRE

    Syed; Rahman, M.; Donahue, Shannon E.

    2010-01-01

    As physical and information security boundaries have become increasingly blurry many organizations are experiencing challenges with how to effectively and efficiently manage security within the corporate. There is no current standard or best practice offered by the security community regarding convergence; however many organizations such as the Alliance for Enterprise Security Risk Management (AESRM) offer some excellent suggestions for integrating a converged security program. This paper rep...

  17. 78 FR 73819 - Information Collection; Financial Information Security Request Form

    Science.gov (United States)

    2013-12-09

    ... DEPARTMENT OF AGRICULTURE Forest Service Information Collection; Financial Information Security..., Financial Information Security Request Form. DATES: Comments must be received in writing on or before... Information Security Request Form. OMB Number: 0596-0204. Expiration Date of Approval: 02/28/2014. Type of...

  18. Information technology security system engineering methodology

    Science.gov (United States)

    Childs, D.

    2003-01-01

    A methodology is described for system engineering security into large information technology systems under development. The methodology is an integration of a risk management process and a generic system development life cycle process. The methodology is to be used by Security System Engineers to effectively engineer and integrate information technology security into a target system as it progresses through the development life cycle. The methodology can also be used to re-engineer security into a legacy system.

  19. Developing Sustainable Digital Libraries: Socio-Technical Perspectives

    Science.gov (United States)

    Ashraf, Tariq, Ed.; Sharma, Jaideep, Ed.; Gulati, Puja Anand, Ed.

    2010-01-01

    The increasing prevalence of digital information systems and technologies compels libraries across the globe to update systems and provide users with a digital experience outside the confines of the structural library, providing useful benefits to the user while creating new areas of concern such as digital information preservation.…

  20. The Firewall and Security of Information Systems

    OpenAIRE

    Radut Carmen; Albici Mihaela; Tenovici Cristina Otilia

    2010-01-01

    Information security is a broader concept which refers to ensuring the integrity, confidentiality and availability of information. The dynamics of information technology to induce new risks to which organizations must implement new measures of control. Technological development has been accompanied by security solutions, equipment manufacturers and applications including technical methods of protection performance. However, while in information technology change is exponential, the human comp...

  1. Modeling Interdependent Socio-technical Networks via ABM Smart Grid Case

    NARCIS (Netherlands)

    Worm, D.T.H.; Langley, D.J.; Becker, J.M.

    2013-01-01

    The objective of this paper is to improve scientific modeling of interdependent socio-technical networks. In these networks the interplay between technical or infrastructural elements on the one hand and social and behavioral aspects on the other hand, is of importance. Examples include electricity

  2. Modeling interdependent socio-technical networks: The smart grid—an agent-based modeling approach

    NARCIS (Netherlands)

    Worm, D.; Langley, D.J.; Becker, J.

    2014-01-01

    The aim of this paper is to improve scientific modeling of interdependent socio-technical networks. In these networks the interplay between technical or infrastructural elements on the one hand and social and behavioral aspects on the other hand, plays an important role. Examples include electricity

  3. A socio-technical perspective on the electrification of the automobile: Niche and regime interaction

    NARCIS (Netherlands)

    Dijk, Marc

    2014-01-01

    This paper offers a socio-technical perspective on how the introduction of various alternatives to the internal combustion engine, especially the full-electric vehicle, influences the established propulsion technology (ICE). This perspective helps to move beyond the well-known incremental vs.

  4. Personal health records in the South African healthcare landscape: a socio-technical analysis

    CSIR Research Space (South Africa)

    Mxoli, A

    2014-11-01

    Full Text Available and control non-communicable lifestyle diseases. Despite numerous benefits adoption rates are low, and little is known regarding the factors that affect adoption in the South African context. This exploratory paper highlights socio-technical factors that can...

  5. Liability and automation : issues and challenges for socio-technical systems

    NARCIS (Netherlands)

    Contissa, G.; Laukyte, M.; Sartor, G.; Schebesta, H.; Masutti, A.; Lanzi, P.; Marti, P.; Tomasello, P.

    2013-01-01

    Who is responsible for accidents in highly automated systems? How do we apportion liability among the various participants in complex socio-technical organisations? How can different liability regulations at different levels (supranational, national, local) be harmonized? How do we provide for

  6. Liability and automation : issues and challenges for socio-technical systems

    NARCIS (Netherlands)

    Contissa, Giuseppe; Laukyte, Migle; Sartor, Giovanni; Schebesta, H.; Masutti, Anna; Lanzi, Paola; Marti, Patrizia; Paola, Tomasello

    2013-01-01


    Who is responsible for accidents in highly automated systems? How do we apportion liability among the various participants in complex socio-technical organisations? How can different liability regulations at different levels (supranational, national, local) be harmonized? How do we provide for

  7. Agent-Based Modeling and Analysis of Socio-Technical Systems

    NARCIS (Netherlands)

    Sharpanskykh, O.

    2011-01-01

    Socio-technical systems are characterized by high structural and behavioral complexities, which impede understanding and modeling of such systems. In particular, reciprocal relations between diverse local system processes that determine global system dynamics are not well understood. In this article

  8. Security of Nuclear Information. Implementing Guide

    International Nuclear Information System (INIS)

    2015-01-01

    This publication provides guidance on implementing the principle of confidentiality and on the broader aspects of information security (i.e. integrity and availability). It assists States in bridging the gap between existing government and industry standards on information security, the particular concepts and considerations that apply to nuclear security and the special provisions and conditions that exist when dealing with nuclear material and other radioactive material. Specifically it seeks to assist states in the identification, classification, and assignment of appropriate security controls to information that could adversely impact nuclear security if compromised

  9. Assessing innovation in emerging energy technologies: Socio-technical dynamics of carbon capture and storage (CCS) and enhanced geothermal systems (EGS) in the USA

    International Nuclear Information System (INIS)

    Stephens, Jennie C.; Jiusto, Scott

    2010-01-01

    This study applies a socio-technical systems perspective to explore innovation dynamics of two emerging energy technologies with potential to reduce greenhouse gas emissions from electrical power generation in the United States: carbon capture and storage (CCS) and enhanced geothermal systems (EGS). The goal of the study is to inform sustainability science theory and energy policy deliberations by examining how social and political dynamics are shaping the struggle for resources by these two emerging, not-yet-widely commercializable socio-technical systems. This characterization of socio-technical dynamics of CCS and EGS innovation includes examining the perceived technical, environmental, and financial risks and benefits of each system, as well as the discourses and actor networks through which the competition for resources - particularly public resources - is being waged. CCS and EGS were selected for the study because they vary considerably with respect to their social, technical, and environmental implications and risks, are unproven at scale and uncertain with respect to cost, feasibility, and life-cycle environmental impacts. By assessing the two technologies in parallel, the study highlights important social and political dimensions of energy technology innovation in order to inform theory and suggest new approaches to policy analysis.

  10. Modelling transport energy demand: A socio-technical approach

    International Nuclear Information System (INIS)

    Anable, Jillian; Brand, Christian; Tran, Martino; Eyre, Nick

    2012-01-01

    Despite an emerging consensus that societal energy consumption and related emissions are not only influenced by technical efficiency but also by lifestyles and socio-cultural factors, few attempts have been made to operationalise these insights in models of energy demand. This paper addresses that gap by presenting a scenario exercise using an integrated suite of sectoral and whole systems models to explore potential energy pathways in the UK transport sector. Techno-economic driven scenarios are contrasted with one in which social change is strongly influenced by concerns about energy use, the environment and well-being. The ‘what if’ Lifestyle scenario reveals a future in which distance travelled by car is reduced by 74% by 2050 and final energy demand from transport is halved compared to the reference case. Despite the more rapid uptake of electric vehicles and the larger share of electricity in final energy demand, it shows a future where electricity decarbonisation could be delayed. The paper illustrates the key trade-off between the more aggressive pursuit of purely technological fixes and demand reduction in the transport sector and concludes there are strong arguments for pursuing both demand and supply side solutions in the pursuit of emissions reduction and energy security.

  11. Information security and business continuity in Tecnatom

    International Nuclear Information System (INIS)

    Fernandez de Miguel, C.

    2013-01-01

    Information security is a key issue for companies that manage and process nuclear business related data. Availability of information systems as well as new data exchange facilities through simple and broad communication networks are the pillars of cooperation between different organizations, generating significant savings in costs and expanding the capacity to minimeze them. In this regard, information security is one of the major challenges for IT departments. This articles presents Tecnatoms experience in the Information Security Management Implementation project. Over several years, since 2004, the information security management has been developed and consolidated as an ongoing and horizontal process. (Author)

  12. Socio-Technical Deliberation about Free and Open Source Software: Accounting for the Status of Artifacts in Public Life

    Science.gov (United States)

    Benoit-Barne, Chantal

    2007-01-01

    This essay investigates the rhetorical practices of socio-technical deliberation about free and open source (F/OS) software, providing support for the idea that a public sphere is a socio-technical ensemble that is discursive and fluid, yet tangible and organized because it is enacted by both humans and non-humans. In keeping with the empirical…

  13. Optical and digital techniques for information security

    CERN Document Server

    2005-01-01

    Optical and Digital Techniques for Information Security is the first book in a series focusing on Advanced Sciences and Technologies for Security Applications. This book encompases the results of research investigation and technologies used to secure, verify, recognize, track, and authenticate objects and information from theft, counterfeiting, and manipulation by unauthorized persons and agencies. This Information Security book will draw on the diverse expertise in optical sciences and engineering, digital image processing, imaging systems, information processing, computer based information systems, sensors, detectors, and biometrics to report innovative technologies that can be applied to information security issues. The Advanced Sciences and Technologies for Security Applications series focuses on research monographs in the areas of: -Recognition and identification (including optical imaging, biometrics, authentication, verification, and smart surveillance systems) -Biological and chemical threat detection...

  14. Information security protecting the global enterprise

    CERN Document Server

    Pipkin, Donald L

    2000-01-01

    In this book, IT security expert Donald Pipkin addresses every aspect of information security: the business issues, the technical process issues, and the legal issues. Pipkin starts by reviewing the key business issues: estimating the value of information assets, evaluating the cost to the organization if they are lost or disclosed, and determining the appropriate levels of protection and response to security incidents. Next, he walks through the technical processes required to build a consistent, reasonable information security system, with appropriate intrusion detection and reporting features. Finally, Pipkin reviews the legal issues associated with information security, including corporate officers' personal liability for taking care that information is protected. The book's coverage is applicable to businesses of any size, from 50 employees to 50,000 or more, and ideal for everyone who needs at least a basic understanding of information security: network/system administrators, managers, planners, archite...

  15. A Layered Trust Information Security Architecture

    Science.gov (United States)

    de Oliveira Albuquerque, Robson; García Villalba, Luis Javier; Sandoval Orozco, Ana Lucila; Buiati, Fábio; Kim, Tai-Hoon

    2014-01-01

    Information can be considered the most important asset of any modern organization. Securing this information involves preserving confidentially, integrity and availability, the well-known CIA triad. In addition, information security is a risk management job; the task is to manage the inherent risks of information disclosure. Current information security platforms do not deal with the different facets of information technology. This paper presents a layered trust information security architecture (TISA) and its creation was motivated by the need to consider information and security from different points of view in order to protect it. This paper also extends and discusses security information extensions as a way of helping the CIA triad. Furthermore, this paper suggests information representation and treatment elements, operations and support components that can be integrated to show the various risk sources when dealing with both information and security. An overview of how information is represented and treated nowadays in the technological environment is shown, and the reason why it is so difficult to guarantee security in all aspects of the information pathway is discussed. PMID:25470490

  16. A layered trust information security architecture.

    Science.gov (United States)

    de Oliveira Albuquerque, Robson; Villalba, Luis Javier García; Orozco, Ana Lucila Sandoval; Buiati, Fábio; Kim, Tai-Hoon

    2014-12-01

    Information can be considered the most important asset of any modern organization. Securing this information involves preserving confidentially, integrity and availability, the well-known CIA triad. In addition, information security is a risk management job; the task is to manage the inherent risks of information disclosure. Current information security platforms do not deal with the different facets of information technology. This paper presents a layered trust information security architecture (TISA) and its creation was motivated by the need to consider information and security from different points of view in order to protect it. This paper also extends and discusses security information extensions as a way of helping the CIA triad. Furthermore, this paper suggests information representation and treatment elements, operations and support components that can be integrated to show the various risk sources when dealing with both information and security. An overview of how information is represented and treated nowadays in the technological environment is shown, and the reason why it is so difficult to guarantee security in all aspects of the information pathway is discussed.

  17. A Layered Trust Information Security Architecture

    Directory of Open Access Journals (Sweden)

    Robson de Oliveira Albuquerque

    2014-12-01

    Full Text Available Information can be considered the most important asset of any modern organization. Securing this information involves preserving confidentially, integrity and availability, the well-known CIA triad. In addition, information security is a risk management job; the task is to manage the inherent risks of information disclosure. Current information security platforms do not deal with the different facets of information technology. This paper presents a layered trust information security architecture (TISA and its creation was motivated by the need to consider information and security from different points of view in order to protect it. This paper also extends and discusses security information extensions as a way of helping the CIA triad. Furthermore, this paper suggests information representation and treatment elements, operations and support components that can be integrated to show the various risk sources when dealing with both information and security. An overview of how information is represented and treated nowadays in the technological environment is shown, and the reason why it is so difficult to guarantee security in all aspects of the information pathway is discussed.

  18. Unification of Information Security Policies for Network Security Solutions

    Directory of Open Access Journals (Sweden)

    D.S. Chernyavskiy

    2012-03-01

    Full Text Available Diversity of command languages on network security solutions’ (NSS interfaces causes problems in a process of information security policy (ISP deployment. Unified model for security policy representation and implementation in NSS could aid to avoid such problems and consequently enhance efficiency of the process. The proposed solution is Unified language for network security policy (ULNSP. The language is based on formal languages theory, and being coupled with its translator, ULNSP makes it possible to formalize and implement ISP independently of particular NSS.

  19. Survey of network and information security technology

    International Nuclear Information System (INIS)

    Liu Baoxu; Wang Xiaozhen

    2007-01-01

    With the rapidly development of the computer network technology and informationize working of our Country, Network and Information Security issues becomes the focal point problem that people shows solicitude for. On the basis analysing security threat and challenge of network information and their developing trend. This paper briefly analyses and discusses the main relatively study direction and content about the theory, technology and practice of Network and Information Security. (authors)

  20. Three Essays on Information Security Policies

    Science.gov (United States)

    Yang, Yubao

    2011-01-01

    Information security breaches pose a significant and increasing threat to national security and economic well-being. In the Symantec Internet Security Threat Report (2003), companies surveyed experienced an average of about 30 attacks per week. Anecdotal evidence suggests that losses from cyber-attacks can run into millions of dollars. The CSI-FBI…

  1. A Security Audit Framework to Manage Information System Security

    Science.gov (United States)

    Pereira, Teresa; Santos, Henrique

    The widespread adoption of information and communication technology have promoted an increase dependency of organizations in the performance of their Information Systems. As a result, adequate security procedures to properly manage information security must be established by the organizations, in order to protect their valued or critical resources from accidental or intentional attacks, and ensure their normal activity. A conceptual security framework to manage and audit Information System Security is proposed and discussed. The proposed framework intends to assist organizations firstly to understand what they precisely need to protect assets and what are their weaknesses (vulnerabilities), enabling to perform an adequate security management. Secondly, enabling a security audit framework to support the organization to assess the efficiency of the controls and policy adopted to prevent or mitigate attacks, threats and vulnerabilities, promoted by the advances of new technologies and new Internet-enabled services, that the organizations are subject of. The presented framework is based on a conceptual model approach, which contains the semantic description of the concepts defined in information security domain, based on the ISO/IEC_JCT1 standards.

  2. Hash functions and information theoretic security

    DEFF Research Database (Denmark)

    Bagheri, Nasoor; Knudsen, Lars Ramkilde; Naderi, Majid

    2009-01-01

    Information theoretic security is an important security notion in cryptography as it provides a true lower bound for attack complexities. However, in practice attacks often have a higher cost than the information theoretic bound. In this paper we study the relationship between information theoretic...

  3. Information security employee handbook: November 2010

    OpenAIRE

    2013-01-01

    This handbook is a quick reference guide to some of the most important points of the London 2012 information security policy. This information security handbook outlines the policies that all staff, secondees, volunteers and certain third parties who process LOCOG information must comply with.

  4. Information Systems Security: Whose Responsibility? | Senzige ...

    African Journals Online (AJOL)

    ... compounded by the increasingly international nature of information systems, this responsibility still rests with managers only. This paper looks at security concerns related to information systems, identifies the threats and suggests how the security of information systems should be handled. African Journal of Finance and ...

  5. Zen and the art of information security

    CERN Document Server

    Winkler, Ira

    2007-01-01

    While security is generally perceived to be a complicated and expensive process, Zen and the Art of Information Security makes security understandable to the average person in a completely non-technical, concise, and entertaining format. Through the use of analogies and just plain common sense, readers see through the hype and become comfortable taking very simple actions to secure themselves. Even highly technical people have misperceptions about security concerns and will also benefit from Ira Winkler's experiences making security understandable to the business world. Mr. Winkler is one of the most popular and highly rated speakers in the field of security, and lectures to tens of thousands of people a year. Zen and the Art of Information Security is based on one of his most well received international presentations.

  6. Information Security - Data Loss Prevention Procedure

    Science.gov (United States)

    The purpose of this procedure is to extend and provide specificity to the Environmental Protection Agency (EPA) Information Security Policy regarding data loss prevention and digital rights management.

  7. Information security becoming a priority for utilities

    Energy Technology Data Exchange (ETDEWEB)

    Nicolaides, S. [Numerex, Atlanta, GA (United States)

    2009-10-15

    As part of North America's national critical infrastructure, utilities are finding themselves at the forefront of a security issue. In October 2007, a leading security service provider reported a 90 per cent increase in the number of hackers attempting to attack its utility clients in just one year. Utilities are vulnerable to cyber attacks that could disrupt power production and the transmission system. This article discussed the need for intelligent technologies in securely enabling resource management and operational efficiency of the utilities market. It discussed the unique security challenges that utilities face at a time of greater regulatory activity, heightened environmental concerns, tighter data security requirements and an increasing need for remote monitoring and control. A new tool has emerged for cyber security in the form of an international standard that may offer a strong guideline to work toward 11 security domains. These include security policy; organization of information security; asset management; human resources security; physical and environmental security; communications and operations management; access control; information systems acquisition; development and maintenance; information security incident management; business continuity management; and compliance. 2 figs.

  8. Materials for the information security education

    International Nuclear Information System (INIS)

    Yashiro, Shigeo; Aoki, Kazuhisa; Sato, Tomohiko; Tanji, Kazuhiro

    2014-01-01

    With the rapid progress of the utilization of Information Technology (IT), IT infrastructure (network environment and information system) became crucial as a lifeline for promoting business. At the same time, changes in the circumstances surrounding the IT infrastructure globalize the threat of cyber attacks and increase the risk of the information security such as unlawful access to an information system, viral infection, an alteration of a website, disclosure of subtlety information, destruction of an information system and so on. Information security measure is an important issue in Japan Atomic Energy Agency (JAEA). In order to protect the information property of JAEA from the threat, Center for Computational Science and e-Systems (CCSE) has been taking triadic measures for information security: (1) to lay down a set of information security rules, (2) to introduce security equipments to backbone network and (3) to provide information security education. This report is a summary of the contents of the information security education by e-learning. (author)

  9. Information security management handbook, v.7

    CERN Document Server

    O'Hanley, Richard

    2013-01-01

    Updated annually, the Information Security Management Handbook, Sixth Edition, Volume 7 is the most comprehensive and up-to-date reference available on information security and assurance. Bringing together the knowledge, skills, techniques, and tools required of IT security professionals, it facilitates the up-to-date understanding required to stay one step ahead of evolving threats, standards, and regulations. Reporting on the latest developments in information security and recent changes to the (ISC)2(R) CISSP Common Body of Knowledge (CBK(R)), this volume features 27 new chapters on topics

  10. ITIL{sup ®} and information security

    Energy Technology Data Exchange (ETDEWEB)

    Jašek, Roman; Králík, Lukáš; Popelka, Miroslav [Tomas Bata University in Zlin, Faculty of Applied Informatics NadStranemi 4511, 760 05 Zlin (Czech Republic)

    2015-03-10

    This paper discusses the context of ITIL framework and management of information security. It is therefore a summary study, where the first part is focused on the safety objectives in connection with the ITIL framework. First of all, there is a focus on ITIL process ISM (Information Security Management), its principle and system management. The conclusion is about link between standards, which are related to security, and ITIL framework.

  11. Communications and Information: Emission Security

    National Research Council Canada - National Science Library

    1998-01-01

    The Air Force EMSEC process has experienced many changes. Although these changes were attempts to meet the variances of a dynamic world, they require security protection measures far beyond the needs of the average user...

  12. Information Security: USDA Needs to Implement Its Departmentwide Information Security Plan

    National Research Council Canada - National Science Library

    2000-01-01

    USDA has taken positive steps to begin improving its information security by developing its August 1999 Action Plan with recommendations to strengthen department-wide information security and hiring...

  13. Information security risk assessment, aggregation, and mitigation

    NARCIS (Netherlands)

    Lenstra, A.K.; Voss, T.; Wang, H.; Pieprzyk, J.; Varadharajan, V.

    2004-01-01

    As part of their compliance process with the Basel 2 operational risk management requirements, banks must define how they deal with information security risk management. In this paper we describe work in progress on a new quantitative model to assess and aggregate information security risks that is

  14. Social Networks and Corporate Information Security

    Directory of Open Access Journals (Sweden)

    Ekaterina Gennadievna Kondratova

    2013-06-01

    Full Text Available It is defined in the article social networks as a tool in the hands of cyber-criminals to compromise the organization’s data. The author focuses on a list of threats to information security caused by social networks usage, which should be considered in the set up of information security management system of the company.

  15. The (social) construction of information security

    NARCIS (Netherlands)

    Pieters, Wolter

    While the philosophical foundations of information security have been unexamined, there is an implicit philosophy of what protection of information is. This philosophy is based on the notion of containment, taken from analogies with things that offer physical security (e.g., buildings, safes,

  16. Problem of Information Security Traffic on Internet

    Directory of Open Access Journals (Sweden)

    Slavko Šarić

    2012-10-01

    Full Text Available Internet information traffic becomes greater and moreimportant. With increasing growth of information importancerequirement for its security becomes indispensable. Theinformation security problem especially affect large and smallcompanies whose prosperity is depending on Internet presence.This affecting the three areas of Internet commerce: credit cardtransactions, virtual private networks and digital certification.To ensure information traffic it is necessary to find a solution,in a proper way, for three major problems: frontier problem,market problem and government problem. While the eventualemergence of security standards for Internet transactions isexpected, it will not automatically result in secure Internettransactions. In future, there is a wealth of security issues thatwill continue to require attention: internal security, continuedhacking, social engineering, malicious code, reliability andperformance, skills shortages and denial of se1vice attacks.

  17. The role of socio-technical principles in leveraging meaningful benefits from IT investments.

    Science.gov (United States)

    Doherty, Neil F

    2014-03-01

    In recent years there has been a great deal of academic and practitioner interest in the role of 'benefits realisation management' [BRM] approaches, as a means of proactively leveraging value from IT investments. This growing body of work owes a very considerable, but as yet unacknowledged, debt to the work of Ken Eason, and other early socio-technical theorists. Consequently, the aim of this paper is to demonstrate, using the literature, how many of the principles, practices and techniques of BRM have evolved either directly or indirectly from socio-technical approaches to systems design. In so doing, this article makes a further important contribution to the literature by explicitly identifying the underlying principles and key practices of benefits realisation management. Copyright © 2012 Elsevier Ltd and The Ergonomics Society. All rights reserved.

  18. Characterizing complexity in socio-technical systems: a case study of a SAMU Medical Regulation Center.

    Science.gov (United States)

    Righi, Angela Weber; Wachs, Priscila; Saurin, Tarcísio Abreu

    2012-01-01

    Complexity theory has been adopted by a number of studies as a benchmark to investigate the performance of socio-technical systems, especially those that are characterized by relevant cognitive work. However, there is little guidance on how to assess, systematically, the extent to which a system is complex. The main objective of this study is to carry out a systematic analysis of a SAMU (Mobile Emergency Medical Service) Medical Regulation Center in Brazil, based on the core characteristics of complex systems presented by previous studies. The assessment was based on direct observations and nine interviews: three of them with regulator of emergencies medical doctor, three with radio operators and three with telephone attendants. The results indicated that, to a great extent, the core characteristics of complexity are magnified) due to basic shortcomings in the design of the work system. Thus, some recommendations are put forward with a view to reducing unnecessary complexity that hinders the performance of the socio-technical system.

  19. A socio-technical analysis of work with ideas in NPD: an industrial case study

    DEFF Research Database (Denmark)

    Gish, Liv; Hansen, Claus Thorp

    2013-01-01

    on piecing together a number of ideas that were developed and disseminated in a large industrial company. We do this through an in-depth case study of the development of the energy-labeled circulation pump Alpha Pro, developed by one of the world’s leading pump manufacturers, Grundfos. Using a socio-technical...... approach, we focus especially on the actors involved and the contextual factors, and less on the detailed development of technical ideas. In our study, we observe that (1) ideas are pieced together from previous ideas and results; (2) ideas are implemented through continuous mobilization of support...... and development of legitimate arguments; and (3) idea work is also a socio-technical process, because contextual factors matter. We observe that idea work is an ongoing process undertaken across different projects, actors, departments, strategies, and visions within Grundfos, while also involving external actors...

  20. A Socio-Technical Analysis of Patient Accessible Electronic Health Records.

    Science.gov (United States)

    Hägglund, Maria; Scandurra, Isabella

    2017-01-01

    In Sweden, and internationally, there is a movement towards increased transparency in healthcare including giving patients online access to their electronic health records (EHR). The purpose of this paper is to analyze the Swedish patient accessible EHR (PAEHR) service using a socio-technical framework, to increase the understanding of factors that influence the design, implementation, adoption and use of the service. Using the Sitting and Singh socio-technical framework as a basis for analyzing the Swedish PAEHR system and its context indicated that there are many stakeholders engaged in these types of services, with different driving forces and incentives that may influence the adoption and usefulness of PAEHR services. The analysis was useful in highlighting important areas that need to be further explored in evaluations of PAEHR services, and can act as a guide when planning evaluations of any PAEHR service.

  1. Developing e-banking services for rural India: making use of socio-technical prototypes

    DEFF Research Database (Denmark)

    Dittrich, Yvonne; Vaidyanathan, Lakshmi; Gonsalves, Timothy A

    2017-01-01

    an experience report based on systematic debriefing of involved project leaders and initiators, triangulated with additional documentation. The concept of Socio-Technical Prototype is developed and used to show how to mitigate the challenges of ICT based banking service provision for socially constrained...... communities. The concept of Socio-Technical Prototype extends the notion of prototypes, as it implies a full functioning implementation of the service including all relevant stakeholders. In order to not only prototype end-user functionality but also the interaction of the solution with the specific social......, technical and physical environment. The implications for software engineering in the development of such large-scale prototypes and pilots are outlined....

  2. Information Security: Past, Present and Future - Impact of Developments in Information Technology on Security

    NARCIS (Netherlands)

    Overbeek, P.L.

    1991-01-01

    The development of information security is addressed in relation to the development of information technology. The leading question is: how has information security developed itself so far, and how should it progress to address tomorrow's security needs. An overwiew is given of the use of

  3. Facilitating computer supported cooperative work with socio-technical self-descriptions

    OpenAIRE

    Kunau, Gabriele

    2006-01-01

    How can the concept of self-description from newer systems theory be used for improving the co-evolvement of software engineering and organizational change in CSCW-projects? This thesis suggests transferring the concept of self-description into a concept of socio-technical self-description allowing an organization to describe its own computer supported work processes. The presentation of results is organized in four steps: First, a theoretical foundation is elaborated; second, an initial meth...

  4. Information security practices emerging threats and perspectives

    CERN Document Server

    Awad, Ahmed; Woungang, Isaac

    2017-01-01

    This book introduces novel research targeting technical aspects of protecting information security and establishing trust in the digital space. New paradigms, and emerging threats and solutions are presented in topics such as application security and threat management; modern authentication paradigms; digital fraud detection; social engineering and insider threats; cyber threat intelligence; intrusion detection; behavioral biometrics recognition; hardware security analysis. The book presents both the important core and the specialized issues in the areas of protection, assurance, and trust in information security practice. It is intended to be a valuable resource and reference for researchers, instructors, students, scientists, engineers, managers, and industry practitioners. .

  5. Information fusion for cyber-security analytics

    CERN Document Server

    Karabatis, George; Aleroud, Ahmed

    2017-01-01

    This book highlights several gaps that have not been addressed in existing cyber security research. It first discusses the recent attack prediction techniques that utilize one or more aspects of information to create attack prediction models. The second part is dedicated to new trends on information fusion and their applicability to cyber security; in particular, graph data analytics for cyber security, unwanted traffic detection and control based on trust management software defined networks, security in wireless sensor networks & their applications, and emerging trends in security system design using the concept of social behavioral biometric. The book guides the design of new commercialized tools that can be introduced to improve the accuracy of existing attack prediction models. Furthermore, the book advances the use of Knowledge-based Intrusion Detection Systems (IDS) to complement existing IDS technologies. It is aimed towards cyber security researchers. .

  6. Secure information release in timed automata

    DEFF Research Database (Denmark)

    Vasilikos, Panagiotis; Nielson, Flemming; Nielson, Hanne Riis

    2018-01-01

    . In this paper, we develop a formal approach of information flow for timed automata that allows intentional information leaks. The security of a timed automaton is then defined using a bisimulation relation that takes account of the non-determinism and the clocks of timed automata. Finally, we define...... of security goals for confidentiality and integrity. Notions of security based on Information flow control, such as non-interference, provide strong guarantees that no information is leaked; however, many cyberphysical systems leak intentionally some information in order to achieve their purposes...... an algorithm that traverses a timed automaton and imposes information flow constraints on it and we prove that our algorithm is sound with respect to our security notion....

  7. Management of Information Security in Financial Accounting

    OpenAIRE

    Aurel Serb; Constantin Baron; Nicoleta Magdalena Iacob; Costinela-Luminita Defta

    2014-01-01

    Security issues in financial accounting are complex, and the risks are often difficult to stipulate, even for experts. The issues presented in this article try to be formed in a contribution to the consolidation of problems in the field of risk, and former vulnerabilities in cyber security in financial accounting. The use of an information security management system became a requirement for organizations because on the states began adopting mandatory data protection legislation and informatio...

  8. Implementing healthcare information security: standards can help.

    Science.gov (United States)

    Orel, Andrej; Bernik, Igor

    2013-01-01

    Using widely spread common approaches to systems security in health dedicated controlled environments, a level of awareness, confidence and acceptance of relevant standardisation is evaluated. Patients' information is sensitive, so putting appropriate organisational techniques as well as modern technology in place to secure health information is of paramount importance. Mobile devices are becoming the top priorities in advanced information security planning with healthcare environments being no exception. There are less and less application areas in healthcare without having a need for a mobile functionality which represents an even greater information security challenge. This is also true in emergency treatments, rehabilitation and homecare just to mention a few areas outside hospital controlled environments. Unfortunately quite often traditional unsecured communications principles are still in routine use for communicating sensitive health related information. The security awareness level with users, patients and care professionals is not high enough so potential threats and risks may not be addressed and the respective information security management is therefore weak. Standards like ISO/IEC 27000 ISMS family, the ISO/IEC 27799 information security guidelines in health are often not well known, but together with legislation principles such as HIPAA, they can help.

  9. Best practices show the way to information security maturity

    CSIR Research Space (South Africa)

    Lessing, MM

    2008-09-01

    Full Text Available A Security Maturity Model (SMM) provides an organisation with a distinct Information Security framework. Organisations that conform to these models are likely to pursue satisfactory Information Security. Additionally, the use of Security Maturity...

  10. The executive MBA in information security

    CERN Document Server

    Trinckes, John J

    2009-01-01

    Supplying a complete overview of the concepts executives need to know, this book provides the tools needed to ensure your organization has an effective information security management program in place. It also includes a ready-to use security framework for developing workable programs and supplies proven tips for avoiding common pitfalls.

  11. Teaching Information Security Students to "Think thief"

    NARCIS (Netherlands)

    Hartel, Pieter H.; Junger, Marianne

    2012-01-01

    We report on an educational experiment where information security master students were encouraged to think out of the box. Instead of taking the usual point of view of the security engineer we challenged the students to take the point of view of the motivated offender. We report on the exciting

  12. Health Information Security in Hospitals: the Application of Security Safeguards.

    Science.gov (United States)

    Mehraeen, Esmaeil; Ayatollahi, Haleh; Ahmadi, Maryam

    2016-02-01

    A hospital information system has potentials to improve the accessibility of clinical information and the quality of health care. However, the use of this system has resulted in new challenges, such as concerns over health information security. This paper aims to assess the status of information security in terms of administrative, technical and physical safeguards in the university hospitals. This was a survey study in which the participants were information technology (IT) managers (n=36) who worked in the hospitals affiliated to the top ranked medical universities (university A and university B). Data were collected using a questionnaire. The content validity of the questionnaire was examined by the experts and the reliability of the questionnaire was determined using Cronbach's coefficient alpha (α=0.75). The results showed that the administrative safeguards were arranged at a medium level. In terms of the technical safeguards and the physical safeguards, the IT managers rated them at a strong level. According to the results, among three types of security safeguards, the administrative safeguards were assessed at the medium level. To improve it, developing security policies, implementing access control models and training users are recommended.

  13. Information Security of Apple Pay

    OpenAIRE

    Chen, Xinru

    2016-01-01

    In the era of high-tech, the mode of payment is no longer just use cash or credit card. There are various payments come to our daily life. Online payment and other kinds of electronic payments are wildly in use by people. Apple Pay is a tool that provides easier and safer payment service for consumer. The main objective of this thesis is to understand deeply and analyze how easy and convenient Apple Pay is to use and why it is known as most secure form of payment. Besides that, there is a ...

  14. Information Security Management: The Study of Lithuanian State Institutions

    OpenAIRE

    Jastiuginas, Saulius

    2012-01-01

    Growing information security cases and scope illustrate that the relevance of information security issues becomes critical and present information security means are not sufficient enough to manage information security. Narrow comprehension of information security merely as technological problem is broadened by the research results of economic, managerial, psychological, legal and other related aspects’ influence to information security. Information is named as the object of information s...

  15. Securing military information systems on public infrastructure

    CSIR Research Space (South Africa)

    Botha, P

    2015-03-01

    Full Text Available to set up in time for scenarios which require real time information. This may force communications to utilise public infrastructure. Securing communications for military mobile and Web based systems over public networks poses a greater challenge compared...

  16. Biometric Feature Script for Information Security

    Directory of Open Access Journals (Sweden)

    N. E. Gunko

    2010-03-01

    Full Text Available Special studies related to the development of rules for making decisions on the psychological characteristics of the offender in his manuscript handwriting with the goal of ensuring information security.

  17. Validity of information security policy models

    Directory of Open Access Journals (Sweden)

    Joshua Onome Imoniana

    Full Text Available Validity is concerned with establishing evidence for the use of a method to be used with a particular set of population. Thus, when we address the issue of application of security policy models, we are concerned with the implementation of a certain policy, taking into consideration the standards required, through attribution of scores to every item in the research instrument. En today's globalized economic scenarios, the implementation of information security policy, in an information technology environment, is a condition sine qua non for the strategic management process of any organization. Regarding this topic, various studies present evidences that, the responsibility for maintaining a policy rests primarily with the Chief Security Officer. The Chief Security Officer, in doing so, strives to enhance the updating of technologies, in order to meet all-inclusive business continuity planning policies. Therefore, for such policy to be effective, it has to be entirely embraced by the Chief Executive Officer. This study was developed with the purpose of validating specific theoretical models, whose designs were based on literature review, by sampling 10 of the Automobile Industries located in the ABC region of Metropolitan São Paulo City. This sampling was based on the representativeness of such industries, particularly with regards to each one's implementation of information technology in the region. The current study concludes, presenting evidence of the discriminating validity of four key dimensions of the security policy, being such: the Physical Security, the Logical Access Security, the Administrative Security, and the Legal & Environmental Security. On analyzing the Alpha of Crombach structure of these security items, results not only attest that the capacity of those industries to implement security policies is indisputable, but also, the items involved, homogeneously correlate to each other.

  18. Algorithms, architectures and information systems security

    CERN Document Server

    Sur-Kolay, Susmita; Nandy, Subhas C; Bagchi, Aditya

    2008-01-01

    This volume contains articles written by leading researchers in the fields of algorithms, architectures, and information systems security. The first five chapters address several challenging geometric problems and related algorithms. These topics have major applications in pattern recognition, image analysis, digital geometry, surface reconstruction, computer vision and in robotics. The next five chapters focus on various optimization issues in VLSI design and test architectures, and in wireless networks. The last six chapters comprise scholarly articles on information systems security coverin

  19. INFORMATION SECURITY IN MOBILE MODULAR MEASURING SYSTEMS

    Directory of Open Access Journals (Sweden)

    A. N. Tkhishev

    2017-01-01

    Full Text Available A special aspect of aircraft test is carrying out both flight evaluation and ground operation evaluation in a structure of flying aids and special tools equipment. The specific of flight and sea tests involve metering in offshore zone, which excludes the possibility of fixed geodetically related measuring tools. In this regard, the specific role is acquired by shipbased measurement systems, in particular the mobile modular measuring systems. Information processed in the mobile modular measurement systems is a critical resource having a high level of confidentiality. When carrying out their functions, it should be implemented a proper information control of the mobile modular measurement systems to ensure their protection from the risk of data leakage, modification or loss, i.e. to ensure a certain level of information security. Due to the specific of their application it is difficult to solve the problems of information security in such complexes. The intruder model, the threat model, the security requirements generated for fixed informatization objects are not applicable to mobile systems. It was concluded that the advanced mobile modular measuring systems designed for flight experiments monitoring and control should be created due to necessary information protection measures and means. The article contains a diagram of security requirements formation, starting with the data envelopment analysis and ending with the practical implementation. The information security probabilistic model applied to mobile modular measurement systems is developed. The list of current security threats based on the environment and specific of the mobile measurement system functioning is examined. The probabilistic model of the information security evaluation is given. The problems of vulnerabilities transformation of designed information system into the security targets with the subsequent formation of the functional and trust requirements list are examined.

  20. Information security value in e-entrepreneurship

    OpenAIRE

    Nunes, Sérgio

    2012-01-01

    This paper researches the information security value in e-entrepreneurship by revising the literature that establishes the entrepreneurial domain and by relating it with the development of technological resources that create value for the customer in an online business. It details multiple paradigms regarding consumer’s values of information security, while relating them with common practices and previous researches in technological entrepreneurship. This research presents and discusses the b...

  1. Encyclopedia of Information Ethics and Security

    OpenAIRE

    Reviewed by Yavuz AKBULUT

    2008-01-01

    233Rapid developments in information andcommunication technologies have created newsecurity threats along with ethical dilemmas. Thesedevelopments have been so fast that appropriatesecurity precautions and ethical codes fail to keeppace with the technological developments. In thisrespect, education of both professionals andordinary citizens regarding information technologyethics carries utmost importance. Encyclopedia ofInformation Ethics and Security serves as anauthentic and comprehensive r...

  2. Measuring Information Security: Guidelines to Build Metrics

    Science.gov (United States)

    von Faber, Eberhard

    Measuring information security is a genuine interest of security managers. With metrics they can develop their security organization's visibility and standing within the enterprise or public authority as a whole. Organizations using information technology need to use security metrics. Despite the clear demands and advantages, security metrics are often poorly developed or ineffective parameters are collected and analysed. This paper describes best practices for the development of security metrics. First attention is drawn to motivation showing both requirements and benefits. The main body of this paper lists things which need to be observed (characteristic of metrics), things which can be measured (how measurements can be conducted) and steps for the development and implementation of metrics (procedures and planning). Analysis and communication is also key when using security metrics. Examples are also given in order to develop a better understanding. The author wants to resume, continue and develop the discussion about a topic which is or increasingly will be a critical factor of success for any security managers in larger organizations.

  3. MOBILE DEVICES AND EFFECTIVE INFORMATION SECURITY

    Directory of Open Access Journals (Sweden)

    Igor Bernik

    2013-05-01

    Full Text Available Rapidly increasing numbers of sophisticated mobile devices (smart phones, tab computers, etc. all over the world mean that ensuring information security will only become a more pronounced problem for individuals and organizations. It’s important to effectively protect data stored on or accessed by mobile devices, and also during transmission of data between devices and between device and information system. Technological and other trends show, that the cyber threats are also rapidly developing and spreading. It's crucial to educate users about safe usage and to increase their awareness of security issues. Ideally, users should keep-up with technological trends and be well equipped with knowledge otherwise mobile technology will significantly increase security risks. Most important is that we start educating youth so that our next generations of employees will be part of a culture of data and information security awareness.

  4. Designing water demand management schemes using a socio-technical modelling approach.

    Science.gov (United States)

    Baki, Sotiria; Rozos, Evangelos; Makropoulos, Christos

    2018-05-01

    Although it is now widely acknowledged that urban water systems (UWSs) are complex socio-technical systems and that a shift towards a socio-technical approach is critical in achieving sustainable urban water management, still, more often than not, UWSs are designed using a segmented modelling approach. As such, either the analysis focuses on the description of the purely technical sub-system, without explicitly taking into account the system's dynamic socio-economic processes, or a more interdisciplinary approach is followed, but delivered through relatively coarse models, which often fail to provide a thorough representation of the urban water cycle and hence cannot deliver accurate estimations of the hydrosystem's responses. In this work we propose an integrated modelling approach for the study of the complete socio-technical UWS that also takes into account socio-economic and climatic variability. We have developed an integrated model, which is used to investigate the diffusion of household water conservation technologies and its effects on the UWS, under different socio-economic and climatic scenarios. The integrated model is formed by coupling a System Dynamics model that simulates the water technology adoption process, and the Urban Water Optioneering Tool (UWOT) for the detailed simulation of the urban water cycle. The model and approach are tested and demonstrated in an urban redevelopment area in Athens, Greece under different socio-economic scenarios and policy interventions. It is suggested that the proposed approach can establish quantifiable links between socio-economic change and UWS responses and therefore assist decision makers in designing more effective and resilient long-term strategies for water conservation. Copyright © 2017 Elsevier B.V. All rights reserved.

  5. Protection of National Security Information

    National Research Council Canada - National Science Library

    Elsea, Jennifer K

    2006-01-01

    Recent cases involving alleged disclosures of classified information to the news media or others who are not entitled to receive it have renewed Congress s interest with regard to the possible need...

  6. 78 FR 48037 - Facility Security Clearance and Safeguarding of National Security Information and Restricted Data

    Science.gov (United States)

    2013-08-07

    ... Clearance and Safeguarding of National Security Information and Restricted Data AGENCY: Nuclear Regulatory... the objectives of Executive Order 13526, Classified National Security Information. The rule allows... signed Executive Order 13526, Classified National Security Information, which was published in the...

  7. 76 FR 40296 - Declassification of National Security Information

    Science.gov (United States)

    2011-07-08

    ... Declassification of National Security Information AGENCY: National Archives and Records Administration. ACTION... classified national security information in records transferred to NARA's legal custody. The rule incorporates changes resulting from issuance of Executive Order 13526, Classified National Security Information...

  8. Socio-technical systems and interaction design - 21st century relevance.

    Science.gov (United States)

    Maguire, Martin

    2014-03-01

    This paper focuses on the relationship between the socio-technical system and the user-technology interface. It looks at specific aspects of the organisational context such as multiple user roles, job change, work processes and workflows, technical infrastructure, and the challenges they present for the interaction designer. The implications of trends such as more mobile and flexible working, the use of social media, and the growth of the virtual organisation, are also considered. The paper also reviews rapidly evolving technologies such as pervasive systems and artificial intelligence, and the skills that workers will need to engage with them. Copyright © 2013 Elsevier Ltd and The Ergonomics Society. All rights reserved.

  9. Tool-based Risk Assessment of Cloud Infrastructures as Socio-Technical Systems

    DEFF Research Database (Denmark)

    Nidd, Michael; Ivanova, Marieta Georgieva; Probst, Christian W.

    2015-01-01

    Assessing risk in cloud infrastructures is difficult. Typical cloud infrastructures contain potentially thousands of nodes that are highly interconnected and dynamic. Another important component is the set of human actors who get access to data and computing infrastructure. The cloud infrastructure...... exercise for cloud infrastructures using the socio-technical model developed in the TRESPASS project; after showing how to model typical components of a cloud infrastructure, we show how attacks are identified on this model and discuss their connection to risk assessment. The technical part of the model...... is extracted automatically from the configuration of the cloud infrastructure, which is especially important for systems so dynamic and complex....

  10. EMuRgency: Addressing cardiac arrest with socio-technical innovation in a smart learning region

    Directory of Open Access Journals (Sweden)

    Sabina Jeschke

    2013-08-01

    Full Text Available This paper introduces the EMuRgency project. The project has the goal to increase awareness and competences regarding the problem of cardiac arrest in the Euregio Meuse-Rhine (EMR and to use socio-technical innovations to transfer it into a smart learning region. Based on the conscious competence framework solutions for stakeholders on different levels of the framework are introduced, namely a public display network, mobile learning apps and a volunteer notification system. Finally, a future research outlook is given.

  11. Renewable energies in transition: from their social acceptability to their socio-technical feasibility

    International Nuclear Information System (INIS)

    Zelem, M.C.

    2012-01-01

    The increasing recourse to renewable energies presents an opportunity to guarantee the smooth passage from an energy guzzling and carbon emitting system to one with more reasonable characteristics, allowing our societal structures to aspire for longer durability. This process entails putting aside the notion of social acceptability, which tends to place the weight of responsibility for our energy devouring life styles on consumers, replacing it by the notion of socio-technical feasibility which forces questioning the meaning of technology and political choices in energy matters. (author)

  12. Composite Socio-Technical Systems: A Method for Social Energy Systems

    Energy Technology Data Exchange (ETDEWEB)

    Zhang, Yingchen [National Renewable Energy Laboratory (NREL), Golden, CO (United States); He, Fulin [Huazhong University of Science & Technology; Hao, Jun [University of Denver; Dai, Xiaoxiao [University of Denver; Zhang, Jun Jason [University of Denver; Wei, Jiaolong [Huazhong University of Science & Technology

    2017-12-01

    In order to model and study the interactions between social on technical systems, a systemic method, namely the composite socio-technical systems (CSTS), is proposed to incorporate social systems, technical systems and the interaction mechanism between them. A case study on University of Denver (DU) campus grid is presented in paper to demonstrate the application of the proposed method. In the case study, the social system, technical system, and the interaction mechanism are defined and modelled within the framework of CSTS. Distributed and centralized control and management schemes are investigated, respectively, and numerical results verifies the feasibility and performance of the proposed composite system method.

  13. Assessing socio-technical mindsets: Public deliberations on carbon capture and storage in the context of energy sources and climate change

    International Nuclear Information System (INIS)

    Einsiedel, Edna F.; Boyd, Amanda D.; Medlock, Jennifer; Ashworth, Peta

    2013-01-01

    The adaptation and transition to new configurations of energy systems brought on by challenges of climate change, energy security, and sustainability have encouraged more integrative approaches that bring together the social and technical dimensions of technology. The perspectives of energy systems and climate change play an important role in the development and implementation of emerging energy technologies and attendant policies on greenhouse gas reduction. This research examines citizens’ views on climate change and a number of energy systems, with a specific focus on the use of carbon capture and storage (CCS) as a technology to address greenhouse gas emissions. An all-day workshop with 82 local participants was held in the city of Calgary in Alberta, Canada to explore the views of climate change, energy and CCS. Participants were provided the opportunity to ask experts questions and discuss in small groups their views of climate change policy and energy systems. Results demonstrate that participants’ assessments of energy systems are influenced by social–political–institutional–economic contexts such as trust in industry and government, perception of parties benefiting from the technology, and tradeoffs between energy systems. We discuss our findings in the context of understanding social learning processes as part of socio-technical systems change. - Highlight: ► Energy systems are judged in the context of wider socio-technical system dimensions. ► Skepticism about climate change may affect support for CCS. ► Concerns about CCS include: CO 2 leaks, accuracy of monitoring and costs.

  14. Information Security: Comments on the Proposed Federal Information Security Management Act of 2002

    National Research Council Canada - National Science Library

    Dacey, Robert

    2002-01-01

    ... 2001.1 Concerned with reports that continuing, pervasive information security weaknesses place federal operations at significant risk of disruption, tampering, fraud, and inappropriate disclosures...

  15. Theoretical foundations of information security investment security companies

    Directory of Open Access Journals (Sweden)

    G.V. Berlyak

    2015-03-01

    Full Text Available Methodological problems related to the lack of guidance in the provisions (standards of accounting on the reflection in the accounting and financial reporting of the research object. In this connection, it is proposed to amend the provisions (standards of accounting. This will allow to come to the consistency of accounting methods of operations with elements of investment activity. Based on analysis of the information needs of users suggested indicators identikativnye blocks (block corporate finance unit assess the relationship with financial institutions, block the fulfillment of obligations according to the calculations, the investment unit, a science and innovation, investment security and developed forms of internal accounting controls and improvements to existing forms financial statements for the investment activities of the enterprise. Using enterprise data reporting forms provide timely and reliable information on the identity and structure of investment security and enable the company to effectively plan and develop personnel policies for enterprise management.

  16. The economics of information security and privacy

    CERN Document Server

    Böhme, Rainer

    2013-01-01

    In the late 1990s, researchers began to grasp that the roots of many information security failures can be better explained with the language of economics than by pointing to instances of technical flaws. This led to a thriving new interdisciplinary research field combining economic and engineering insights, measurement approaches and methodologies to ask fundamental questions concerning the viability of a free and open information society. While economics and information security comprise the nucleus of an academic movement that quickly drew the attention of thinktanks, industry, and governmen

  17. INFORMATION SECURITY RISK ASSESSMENT USING EXISTING LEGAL AND METHODOLOGICAL BASE

    Directory of Open Access Journals (Sweden)

    A. I. Trubei

    2015-01-01

    Full Text Available The article provides a survey of the existing regulatory framework for information security riskmanagement. Practical methods for information security risk and vulnerability assessment are proposed.

  18. Information security improving blocklist driven firewall implementation

    OpenAIRE

    Kylmänen, J. (Juha)

    2013-01-01

    Abstract The Internet has become a commodity and with it information security and privacy issues have appeared. Common threats against the end users include malware and phishing. Phishing is a social engineering technique used to mimic legit banking or social networking websites in an attempt to gain sensitive information from the user and malware is software with malicious intent. ...

  19. Speeding decisions. Social security's information exchange program.

    Science.gov (United States)

    Winter, Kitt; Hastings, Bob

    2011-05-01

    The Social Security Administration has plenty of reasons to streamline its records request process-more than 15 million reasons each year, in fact. That's why it has been pioneering information exchange projects with the private sector, including use of the Nationwide Health Information Network.

  20. Security-aware organisational cultures as a starting point for mitigating socio-technical risks

    NARCIS (Netherlands)

    Übelacker, Sven; Horbach, Matthias

    This extended abstract briefly introduces Hofstede’s three leveled model of hu- man mental programming which captures the unique mental constitution of a person. These levels devide the vague “human factor‿ in more approachable categories. In the following sections each category is addressed and

  1. Geological Disposal of Radioactive Waste: A Long-Term Socio-Technical Experiment.

    Science.gov (United States)

    Schröder, Jantine

    2016-06-01

    In this article we investigate whether long-term radioactive waste management by means of geological disposal can be understood as a social experiment. Geological disposal is a rather particular technology in the way it deals with the analytical and ethical complexities implied by the idea of technological innovation as social experimentation, because it is presented as a technology that ultimately functions without human involvement. We argue that, even when the long term function of the 'social' is foreseen to be restricted to safeguarding the functioning of the 'technical', geological disposal is still a social experiment. In order to better understand this argument and explore how it could be addressed, we elaborate the idea of social experimentation with the notion of co-production and the analytical tools of delegation, prescription and network as developed by actor-network theory. In doing so we emphasize that geological disposal inherently involves relations between surface and subsurface, between humans and nonhumans, between the social, material and natural realm, and that these relations require recognition and further elaboration. In other words, we argue that geological disposal concurrently is a social and a technical experiment, or better, a long-term socio-technical experiment. We end with proposing the idea of 'actor-networking' as a sensitizing concept for future research into what geological disposal as a socio-technical experiment could look like.

  2. Rejecting renewables: The socio-technical impediments to renewable electricity in the United States

    International Nuclear Information System (INIS)

    Sovacool, Benjamin K.

    2009-01-01

    If renewable power systems deliver such impressive benefits, why do they still provide only 3 percent of national electricity generation in the United States? As an answer, this article demonstrates that the impediments to renewable power are socio-technical, a term that encompasses the technological, social, political, regulatory, and cultural aspects of electricity supply and use. Extensive interviews of public utility commissioners, utility managers, system operators, manufacturers, researchers, business owners, and ordinary consumers reveal that it is these socio-technical barriers that often explain why wind, solar, biomass, geothermal, and hydroelectric power sources are not embraced. Utility operators reject renewable resources because they are trained to think only in terms of big, conventional power plants. Consumers practically ignore renewable power systems because they are not given accurate price signals about electricity consumption. Intentional market distortions (such as subsidies), and unintentional market distortions (such as split incentives) prevent consumers from becoming fully invested in their electricity choices. As a result, newer and cleaner technologies that may offer social and environmental benefits but are not consistent with the dominant paradigm of the electricity industry continue to face comparative rejection.

  3. A socio-technical approach to improving retail energy efficiency behaviours.

    Science.gov (United States)

    Christina, Sian; Waterson, Patrick; Dainty, Andrew; Daniels, Kevin

    2015-03-01

    In recent years, the UK retail sector has made a significant contribution to societal responses on carbon reduction. We provide a novel and timely examination of environmental sustainability from a systems perspective, exploring how energy-related technologies and strategies are incorporated into organisational life. We use a longitudinal case study approach, looking at behavioural energy efficiency from within one of the UK's leading retailers. Our data covers a two-year period, with qualitative data from a total of 131 participants gathered using phased interviews and focus groups. We introduce an adapted socio-technical framework approach in order to describe an existing organisational behavioural strategy to support retail energy efficiency. Our findings point to crucial socio-technical and goal-setting factors which both impede and/or enable energy efficient behaviours, these include: tensions linked to store level perception of energy management goals; an emphasis on the importance of technology for underpinning change processes; and, the need for feedback and incentives to support the completion of energy-related tasks. We also describe the evolution of a practical operational intervention designed to address issues raised in our findings. Our study provides fresh insights into how sustainable workplace behaviours can be achieved and sustained over time. Secondly, we discuss in detail a set of issues arising from goal conflict in the workplace; these include the development of a practical energy management strategy to facilitate secondary organisational goals through job redesign. Copyright © 2014 Elsevier Ltd and The Ergonomics Society. All rights reserved.

  4. Rejecting renewables. The socio-technical impediments to renewable electricity in the United States

    Energy Technology Data Exchange (ETDEWEB)

    Sovacool, Benjamin K. [Energy Governance Program, Centre on Asia and Globalisation, Lee Kuan Yew School of Public Policy, National University of Singapore (Singapore)

    2009-11-15

    If renewable power systems deliver such impressive benefits, why do they still provide only 3 percent of national electricity generation in the United States? As an answer, this article demonstrates that the impediments to renewable power are socio-technical, a term that encompasses the technological, social, political, regulatory, and cultural aspects of electricity supply and use. Extensive interviews of public utility commissioners, utility managers, system operators, manufacturers, researchers, business owners, and ordinary consumers reveal that it is these socio-technical barriers that often explain why wind, solar, biomass, geothermal, and hydroelectric power sources are not embraced. Utility operators reject renewable resources because they are trained to think only in terms of big, conventional power plants. Consumers practically ignore renewable power systems because they are not given accurate price signals about electricity consumption. Intentional market distortions (such as subsidies), and unintentional market distortions (such as split incentives) prevent consumers from becoming fully invested in their electricity choices. As a result, newer and cleaner technologies that may offer social and environmental benefits but are not consistent with the dominant paradigm of the electricity industry continue to face comparative rejection. (author)

  5. Rejecting renewables: The socio-technical impediments to renewable electricity in the United States

    Energy Technology Data Exchange (ETDEWEB)

    Sovacool, Benjamin K., E-mail: bsovacool@nus.edu.s [Energy Governance Program, Centre on Asia and Globalisation, Lee Kuan Yew School of Public Policy, National University of Singapore (Singapore)

    2009-11-15

    If renewable power systems deliver such impressive benefits, why do they still provide only 3 percent of national electricity generation in the United States? As an answer, this article demonstrates that the impediments to renewable power are socio-technical, a term that encompasses the technological, social, political, regulatory, and cultural aspects of electricity supply and use. Extensive interviews of public utility commissioners, utility managers, system operators, manufacturers, researchers, business owners, and ordinary consumers reveal that it is these socio-technical barriers that often explain why wind, solar, biomass, geothermal, and hydroelectric power sources are not embraced. Utility operators reject renewable resources because they are trained to think only in terms of big, conventional power plants. Consumers practically ignore renewable power systems because they are not given accurate price signals about electricity consumption. Intentional market distortions (such as subsidies), and unintentional market distortions (such as split incentives) prevent consumers from becoming fully invested in their electricity choices. As a result, newer and cleaner technologies that may offer social and environmental benefits but are not consistent with the dominant paradigm of the electricity industry continue to face comparative rejection.

  6. Information Security Risk Assessment in Hospitals.

    Science.gov (United States)

    Ayatollahi, Haleh; Shagerdi, Ghazal

    2017-01-01

    To date, many efforts have been made to classify information security threats, especially in the healthcare area. However, there are still many unknown risks which may threat the security of health information and their resources especially in the hospitals. The aim of this study was to assess the risks threatening information security in the hospitals located in one of the northwest cities of Iran. This study was completed in 2014. The participants were information technology managers who worked in the hospitals (n=27). The research instrument was a questionnaire composed of a number of open and closed questions. The content validity of the questionnaire was confirmed, and the reliability of the closed questions was measured by using the test-retest method (r =0.78). The results showed that among the information security risks, fire found to be a high probability/high impact risk factor. Human and physical/environmental threats were among the low probability risk factors. Regarding the information security safeguards used in the hospitals, the results showed that the use of the technical safeguards was the most frequent one (n =22, 91.7%) compared to the administrative (n =21, 87.5%) and the physical safeguards (n =16, 66.7%). The high probability risk factors require quick corrective actions to be taken. Therefore, the underlying causes of such threats should be identified and controlled before experiencing adverse effects. It is also important to note that information security in health care systems needs to be considered at a macro level with respect to the national interests and policies.

  7. Information Security Assessment of SMEs as Coursework -- Learning Information Security Management by Doing

    Science.gov (United States)

    Ilvonen, Ilona

    2013-01-01

    Information security management is an area with a lot of theoretical models. The models are designed to guide practitioners in prioritizing management resources in companies. Information security management education should address the gap between the academic ideals and practice. This paper introduces a teaching method that has been in use as…

  8. The socio-technical transition of distributed electricity storage into future networks—System value and stakeholder views

    International Nuclear Information System (INIS)

    Grünewald, Philipp H.; Cockerill, Timothy T.; Contestabile, Marcello; Pearson, Peter J.G.

    2012-01-01

    Whole system models for the GB electricity system suggest that distributed electricity storage has the potential to significantly reduce the system integration cost for future system scenarios. From a policy perspective, this poses the question why this value should not be realised within existing market structures. Opinion among stakeholders is divided. Some believe that storage deployment constitutes a ‘special case’ in need of policy support. Others insist that markets can provide the necessary platform to negotiate contracts, which reward storage operators for the range of services they could provide. This paper seeks to inform this debate with a process of stakeholder engagement using a perspective informed by socio-technical transition literatures. This approach allows the identification of tensions among actors in the electricity system and of possibilities for co-evolution in the deployment of storage technologies during a transition towards a low carbon electricity system. It also draws attention to policy-related challenges of technology lock-in and path dependency resulting from poor alignment of incumbent regimes with the requirements for distributed electricity storage. - Highlights: ► Electricity storage is poorly aligned with existing regimes in the electricity system. ► Stakeholders perceive electricity storage as “somebody else's problem”. ► Combining stakeholder views and transition theory provides new insight. ► Transition from network to operational benefits poses regulatory challenge. ► Value aggregation made difficult due to institutional barriers.

  9. 75 FR 10507 - Information Security Oversight Office; National Industrial Security Program Policy Advisory...

    Science.gov (United States)

    2010-03-08

    ... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office; National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: National Archives and Records... individuals planning to attend must be submitted to the Information Security Oversight Office (ISOO) no later...

  10. 75 FR 45154 - National Security Division; Agency Information Collection Activities:

    Science.gov (United States)

    2010-08-02

    ... DEPARTMENT OF JUSTICE [OMB Number 1124-0003] National Security Division; Agency Information...), National Security Division (NSD), will be submitting the following information collection request to the..., 10th & Constitution Avenue, NW., National Security Division, Counterespionage Section/Registration Unit...

  11. Security for decentralized health information systems.

    Science.gov (United States)

    Bleumer, G

    1994-02-01

    Health care information systems must reflect at least two basic characteristics of the health care community: the increasing mobility of patients and the personal liability of everyone giving medical treatment. Open distributed information systems bear the potential to reflect these requirements. But the market for open information systems and operating systems hardly provides secure products today. This 'missing link' is approached by the prototype SECURE Talk that provides secure transmission and archiving of files on top of an existing operating system. Its services may be utilized by existing medical applications. SECURE Talk demonstrates secure communication utilizing only standard hardware. Its message is that cryptography (and in particular asymmetric cryptography) is practical for many medical applications even if implemented in software. All mechanisms are software implemented in order to be executable on standard-hardware. One can investigate more or less decentralized forms of public key management and the performance of many different cryptographic mechanisms. That of, e.g. hybrid encryption and decryption (RSA+DES-PCBC) is about 300 kbit/s. That of signing and verifying is approximately the same using RSA with a DES hash function. The internal speed, without disk accesses etc., is about 1.1 Mbit/s. (Apple Quadra 950 (MC 68040, 33 MHz, RAM: 20 MB, 80 ns. Length of RSA modulus is 512 bit).

  12. Information security architecture an integrated approach to security in the organization

    CERN Document Server

    Killmeyer, Jan

    2000-01-01

    An information security architecture is made up of several components. Each component in the architecture focuses on establishing acceptable levels of control. These controls are then applied to the operating environment of an organization. Functionally, information security architecture combines technical, practical, and cost-effective solutions to provide an adequate and appropriate level of security.Information Security Architecture: An Integrated Approach to Security in the Organization details the five key components of an information security architecture. It provides C-level executives

  13. 76 FR 78009 - Information Collection; Implementation of Information Technology Security Provision

    Science.gov (United States)

    2011-12-15

    ...] Information Collection; Implementation of Information Technology Security Provision AGENCY: General Services... collection requirement regarding Implementation of Information Technology Security Provision. Public comments... Information Collection 3090- 0294, Implementation of Information Technology Security Provision, by any of the...

  14. 12 CFR 605.501 - Information Security Officer.

    Science.gov (United States)

    2010-01-01

    ... 12 Banks and Banking 6 2010-01-01 2010-01-01 false Information Security Officer. 605.501 Section... Information Security Officer. (a) The Information Security Officer of the Farm Credit Administration shall be responsible for implementation and oversight of the information security program and procedures adopted by the...

  15. 32 CFR 2700.51 - Information Security Oversight Committee.

    Science.gov (United States)

    2010-07-01

    ... 32 National Defense 6 2010-07-01 2010-07-01 false Information Security Oversight Committee. 2700... MICRONESIAN STATUS NEGOTIATIONS SECURITY INFORMATION REGULATIONS Implementation and Review § 2700.51 Information Security Oversight Committee. The OMSN Information Security Oversight Committee shall be chaired...

  16. 14 CFR 1203.201 - Information security objectives.

    Science.gov (United States)

    2010-01-01

    ... 14 Aeronautics and Space 5 2010-01-01 2010-01-01 false Information security objectives. 1203.201 Section 1203.201 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION INFORMATION SECURITY PROGRAM NASA Information Security Program § 1203.201 Information security objectives. The objectives of...

  17. Socio-technical systems analysis of waste to energy from municipal solid waste in developing economies: a case for Nigeria

    Directory of Open Access Journals (Sweden)

    Iyamu Hope O.

    2017-01-01

    Full Text Available Waste generation is an inevitable by-product of human activity, and it is on the rise due to rapid urbanisation, industrialisation, increased wealth and population. The composition of municipal solid waste (MSW in developed and developing economies differ, especially with the organic fraction. Research shows that the food waste stream of MSW in developing countries is over 50%. The case study for this investigation, Nigeria, has minimal formal recycling or resource recovery programs. The average composition of waste from previous research in the country is between 50–70% putrescible and 30–50% non-putrescible, presenting significant resource recovery potential in composting and biogas production. Waste-to-energy (WtE is an important waste management solution that has been successfully implemented and operated in most developed economies. This contribution reports the conditions that would be of interest before WtE potentials of MSW is harnessed, in an efficient waste management process in a developing economy like Nigeria. The investigation presents a set of socio-technical parameters and transition strategy model that would inform a productive MSW management and resource recovery, in which WtE can be part of the solution. This model will find application in the understanding of the interactions between the socio-economic, technical and environmental system, to promote sustainable resource recovery programs in developing economies, among which is WtE.

  18. 49 CFR 1548.19 - Security Directives and Information Circulars.

    Science.gov (United States)

    2010-10-01

    ... CARRIER SECURITY § 1548.19 Security Directives and Information Circulars. (a) TSA may issue an Information... aviation, TSA issues a Security Directive setting forth mandatory measures. (1) Each indirect air carrier... Security Directive that TSA issues to it, within the time prescribed in the Security Directive for...

  19. Secure Refactoring with Java Information Flow

    DEFF Research Database (Denmark)

    Helke, Steffen; Kammüunietd kller, Florian; Probst, Christian W.

    2016-01-01

    Refactoring means that a program is changed without changing its behaviour from an observer's point of view. Does the change of behaviour also imply that the security of the program is not affected by the changes? Using Myers and Liskov's distributed information flow control model DLM and its Java...

  20. Staffing Policy for Solving the Information Security

    Directory of Open Access Journals (Sweden)

    A. I. Tolstoy

    2012-06-01

    Full Text Available Determining staffing policy implementation of information security tasks is given. The basic requirements that must be taken into account when developing policies are defined. The policy framework is determined and recommendations for the design of such policies are formulated. Requirements for the implementation of the policy are defined.

  1. A process framework for information security management

    Directory of Open Access Journals (Sweden)

    Knut Haufe

    2016-01-01

    Full Text Available Securing sensitive organizational data has become increasingly vital to organizations. An Information Security Management System (ISMS is a systematic approach for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an organization's information security. Key elements of the operation of an ISMS are ISMS processes. However, and in spite of its importance, an ISMS process framework with a description of ISMS processes and their interaction as well as the interaction with other management processes is not available in the literature. Cost benefit analysis of information security investments regarding single measures protecting information and ISMS processes are not in the focus of current research, mostly focused on economics. This article aims to fill this research gap by proposing such an ISMS process framework as the main contribution. Based on a set of agreed upon ISMS processes in existing standards like ISO 27000 series, COBIT and ITIL. Within the framework, identified processes are described and their interaction and interfaces are specified. This framework helps to focus on the operation of the ISMS, instead of focusing on measures and controls. By this, as a main finding, the systemic character of the ISMS consisting of processes and the perception of relevant roles of the ISMS is strengthened.

  2. Data Security Using Cryptographic Approach | Okoro | Information ...

    African Journals Online (AJOL)

    The need for data security in Information and Communications Technology (ICT) can not be overemphasized. In this paper, the use of symmetric and asymmetric key cryptographies to clearly achieve the required protection by means of prime number system and modular multiplicative inverse has been highlighted and ...

  3. Securing the smart grid information exchange

    Energy Technology Data Exchange (ETDEWEB)

    Fries, Steffen; Falk, Rainer [Siemens AG, Corporate Technology, Muenchen (Germany)

    2012-07-01

    The smart grid is based on information exchange between various stakeholders using open communication technologies, to control the physical electric grid through the information grid. Protection against cyber attacks is essential to ensure a reliable operation of the smart grid. This challenge is addressed by various regulatory, standardization, and research activities. After giving an overview of the security demand of a smart grid, existing and appearing standardization activities are described. (orig.)

  4. Encyclopedia of Information Ethics and Security

    Directory of Open Access Journals (Sweden)

    Reviewed by Yavuz AKBULUT

    2008-01-01

    Full Text Available 233Rapid developments in information andcommunication technologies have created newsecurity threats along with ethical dilemmas. Thesedevelopments have been so fast that appropriatesecurity precautions and ethical codes fail to keeppace with the technological developments. In thisrespect, education of both professionals andordinary citizens regarding information technologyethics carries utmost importance. Encyclopedia ofInformation Ethics and Security serves as anauthentic and comprehensive reference source onsecurity and ethical issues related to informationand communication technologies. The encyclopediais consisted of 661 pages (+xvii covering a total of95 alphabetically ordered chapters on informationethics and security, which are followed by twocomprehensive sets of indexes. Each entry is anauthoritative contribution followed by in-depthdefinitions of relevant terminology and acronyms.The total number of key terms included in the encyclopedia is approximately 700. Thesource also includes more than 2000 references to existing literature on ethical andsecurity issues related to information and communication technologies. A total of 148respected scholars and leading experts all around the world contributed to the source.As indicated in the preface of the encyclopedia by editor, all entries were subjected toan initial double-blind peer review and an additional review prior to acceptance forpublication. Chapters mostly have parallel layouts beginning with a clear introductionfollowed by the theoretical background and the contribution. Each chapter concludeswith invaluable ethical implications for the field along with suggestions for furtherThe editor, Marian Quigley (PhD – Monash University, Australia; BA – ChisholmInstitute of Technology, Australia; Higher Diploma of Teaching Secondary [Art andCraft] is a former senior lecturer in the Faculty of Information Technology, MonashUniversity, Australia. She primarily works on the social effects

  5. Secure information transfer based on computing reservoir

    Energy Technology Data Exchange (ETDEWEB)

    Szmoski, R.M.; Ferrari, F.A.S. [Department of Physics, Universidade Estadual de Ponta Grossa, 84030-900, Ponta Grossa (Brazil); Pinto, S.E. de S, E-mail: desouzapinto@pq.cnpq.br [Department of Physics, Universidade Estadual de Ponta Grossa, 84030-900, Ponta Grossa (Brazil); Baptista, M.S. [Institute for Complex Systems and Mathematical Biology, SUPA, University of Aberdeen, Aberdeen (United Kingdom); Viana, R.L. [Department of Physics, Universidade Federal do Parana, 81531-990, Curitiba, Parana (Brazil)

    2013-04-01

    There is a broad area of research to ensure that information is transmitted securely. Within this scope, chaos-based cryptography takes a prominent role due to its nonlinear properties. Using these properties, we propose a secure mechanism for transmitting data that relies on chaotic networks. We use a nonlinear on–off device to cipher the message, and the transfer entropy to retrieve it. We analyze the system capability for sending messages, and we obtain expressions for the operating time. We demonstrate the system efficiency for a wide range of parameters. We find similarities between our method and the reservoir computing.

  6. Information security policy development for compliance

    CERN Document Server

    Williams, Barry L

    2013-01-01

    Although compliance standards can be helpful guides to writing comprehensive security policies, many of the standards state the same requirements in slightly different ways. Information Security Policy Development for Compliance: ISO/IEC 27001, NIST SP 800-53, HIPAA Standard, PCI DSS V2.0, and AUP V5.0 provides a simplified way to write policies that meet the major regulatory requirements, without having to manually look up each and every control. Explaining how to write policy statements that address multiple compliance standards and regulatory requirements, the book will he

  7. Information Security Role Model for Staff of Banking Structures

    Directory of Open Access Journals (Sweden)

    A. O. Vybornov

    2012-12-01

    Full Text Available Categories roles of information security employees of the banking organization are defined. Functional roles are described. The relationship between functional roles, employees, functions and authority are defined. The role of information security employees of the banking organization for information security system and information security management system are described. Recommendations for the implementation phases of the selection and appointment of the functional roles and to control the selection and role assignment information security employees of the banking organization are stated.

  8. Relationship between stakeholders' information value perception and information security behaviour

    Science.gov (United States)

    Tajuddin, Sharul; Olphert, Wendy; Doherty, Neil

    2015-02-01

    The study, reported in this paper, aims to explore the relationship between the stakeholders' perceptions about the value of information and their resultant information security behaviours. Moreover, this study seeks to explore the role of national and organisational culture in facilitating information value assignment. Information Security is a concept that formed from the recognition that information is valuable and that there is a need to protect it. The ISO 27002 defines information as an asset, which, like other important business assets, is essential to an organisation's business and consequently needs to be appropriately protected. By definition, an asset has a value to the organisation hence it requires protection. Information protection is typically accomplished through the implementation of countermeasures against the threats and vulnerabilities of information security, for example, implementation of technological processes and mechanisms such as firewall and authorization and authentication systems, set-up of deterrence procedures such as password control and enforcement of organisational policy on information handling procedures. However, evidence routinely shows that despite such measures, information security breaches and incidents are on the rise. These breaches lead to loss of information, personal records, or other data, with consequent implications for the value of the information asset. A number of studies have suggested that such problems are not related primarily to technology problems or procedural deficiencies, but rather to stakeholders' poor compliance with the security measures that are in place. Research indicates that compliance behaviour is affected by many variables including perceived costs and benefits, national and organisational culture and norms. However, there has been little research to understand the concept of information value from the perspective of those who interact with the data, and the consequences for information

  9. A Socio-technical Mapping and Analysis of Dominant Design Materialization

    DEFF Research Database (Denmark)

    Christiansen, John K.; Varnes, Claus

    the importance of high market shares for defining a wining dominating design, but despite the electric vehicle’s higher market share in the years 1899-1900 it was surpassed by the internal combustion vehicle. The socio-technical analysis departs from a narrative based on historical accounts on the competition...... between the electric vehicle and the internal combustion vehicle from late 1890 - until 1909. The analysis shows that the electric vehicle did not successfully attract new allies or overcome resistance from anti-programs to the same degree as the internal combustion vehicle. Findings suggest that some...... of the issues with few allies and anti-programs that emerged already during the late 1890'ties is still active in today's market and haunts the electric vehicle....

  10. Socio-Technical Perspective on Interdisciplinary Interactions During the Development of Complex Engineered Systems

    Science.gov (United States)

    McGowan, Anna-Maria R.; Daly, Shanna; Baker, Wayne; Papalambros, panos; Seifert, Colleen

    2013-01-01

    This study investigates interdisciplinary interactions that take place during the research, development, and early conceptual design phases in the design of large-scale complex engineered systems (LaCES) such as aerospace vehicles. These interactions, that take place throughout a large engineering development organization, become the initial conditions of the systems engineering process that ultimately leads to the development of a viable system. This paper summarizes some of the challenges and opportunities regarding social and organizational issues that emerged from a qualitative study using ethnographic and survey data. The analysis reveals several socio-technical couplings between the engineered system and the organization that creates it. Survey respondents noted the importance of interdisciplinary interactions and their benefits to the engineered system as well as substantial challenges in interdisciplinary interactions. Noted benefits included enhanced knowledge and problem mitigation and noted obstacles centered on organizational and human dynamics. Findings suggest that addressing the social challenges may be a critical need in enabling interdisciplinary interactions

  11. A MIXED BLESSING: RESILIENCE IN THE ENTREPRENEURIAL SOCIO-TECHNICAL SYSTEM OF BITCOIN

    Directory of Open Access Journals (Sweden)

    Marcel Morisse

    2016-04-01

    Full Text Available Studies of resilience highlight the tension between actions that allow a firm – and a system – to be robust and those that allows it to be flexible. Studies suggest that an entrepreneurial firm will prioritize flexibility, given resource constraints. However, what occurs when a number of firms are embedded in a common socio-technical system and an extreme event affects them collectively? This paper tests whether existing theory about resilience predicts the responses of entrepreneurs in such a system, with reference to an extreme event in the Bitcoin sociotechnical system: the much-publicized bankruptcy of Mt.Gox, a key player. It relies on indepth interviews with 8 entrepreneurs in Europe, triangulated with other data. We find that robustness is the dominant strategy for those interviewed. This is partly because the firms rely on pooled resources supplied by the collective, and partly because robustness builds trust, giving the firms a competitive advantage.

  12. A socio-technical approach for improving a Brazilian shoe manufacturing system.

    Science.gov (United States)

    Renner, J S; de M Guimarães, L B; de Oliveira, P A B

    2012-01-01

    This article presents a macroergonomic intervention in a footwear company in Rio Grande do Sul, Brazil, to improve both the quality of life of the employees and productivity by optimizing the traditional Taylor/Ford work organization. Multi-functionality and team working were implemented as means of making tasks more flexible and richer and the working hours were changed. The results showed a reduction in human and material resource costs and a consequent improvement in health and workers quality of life. Although middle managerial staff displayed strong resistance to the project and to breaking traditional production paradigms, the socio-technical system has been implemented throughout the plant and is expected to end up becoming the benchmark for other companies in the sector. Macro-ergonomics, footwear industry, organization work.

  13. A Quantitative Study on the Relationship of Information Security Policy Awareness, Enforcement, and Maintenance to Information Security Program Effectiveness

    Science.gov (United States)

    Francois, Michael T.

    2016-01-01

    Today's organizations rely heavily on information technology to conduct their daily activities. Therefore, their information security systems are an area of heightened security concern. As a result, organizations implement information security programs to address and mitigate that concern. However, even with the emphasis on information security,…

  14. The Role of Socio-technical Devices in Framing the Current Strategic Issues and Future States of the Service Market

    DEFF Research Database (Denmark)

    Tryggestad, Kjell

    2004-01-01

    The aim of this paper is to inquire into the role of socio-technical devices like value metrics and accounting in organizing the service market. The authors provide a case on how such devices participates in framing the market for transportation during the introduction of large-scale bridges....... In addition to the traditional role of accounting as a representation device, the authors also show how these devices participate in performing the service economy - undermining and redrawing organizational boundaries in unexpected ways. The presence of multiple connections with socio-technical devices...... are then brought into an explanation of the overflowing and reconfiguration of the transportation market....

  15. The UK homeowner-retrofitter as an innovator in a socio-technical system

    International Nuclear Information System (INIS)

    Galvin, Ray; Sunikka-Blank, Minna

    2014-01-01

    Policy on domestic thermal retrofits is usually designed as a top-down enterprise, setting standards and inducing homeowners to retrofit accordingly. Its underlying assumption is that correct retrofit technology is developed by experts and comes down through supply chains to households, who apply it as designed to their properties. However, this model is challenged by the insight from socio-technical systems studies (STST) that technology and society mutually form and influence each other at every level of society. Using this conceptual framework, this study investigated whether innovations are happening among retrofitting households, and what support these have for diffusion upwards into supply chains and outwards to other households. Qualitative data was gathered through semi-structured interviews among homeowner-retrofitters plus building professionals and citizens' initiatives which support these, in Cambridge, UK. Local innovation was found in the development of new retrofit technology and novel reconfiguring of existing solutions. Much of this was triggered by clashes between standard retrofit solutions and heritage or aesthetic values, economic necessity, or building professionals' lack of knowledge or experience. The findings suggest that instead of treating homeowners as passive recipients, UK thermal retrofit policy should broaden to identify useful innovations developed by homeowners and support them where appropriate. - Highlights: • Technology and innovations for thermal retrofitting are usually seen as top-down. • A socio-technical systems approach reveals a more active role of homeowners. • Interviews show them as innovators, inventors and teachers of retrofit technique. • Policy needs to identify, assess and disseminate appropriate innovations

  16. Information Security Risks on a University Campus

    Directory of Open Access Journals (Sweden)

    Amer A. Al-Rawas

    2002-06-01

    Full Text Available This paper is concerned with issues relating to security in the provision of information systems (IS services within a campus environment. It is based on experiences with a specific known environment; namely Sultan Qaboos University. In considering the risks and challenges that face us in the provision of IS services we need to consider a number of interwoven subject areas.  These are: the importance of information to campus communities, the types of information utilised, and the risk factors that relate to the provision of IS services. Based on our discussion of the risk factors identified within this paper, we make a number of recommendations for improving security within any environment that wishes to take the matter seriously. These recommendations are classified into three main groups: general, which are applicable to the entire institution; social, aimed at the work attitudes of staff and students; and technical, addressing the skills and technologies required.

  17. 78 FR 48076 - Facility Security Clearance and Safeguarding of National Security Information and Restricted Data

    Science.gov (United States)

    2013-08-07

    ...-2011-0268] RIN 3150-AJ07 Facility Security Clearance and Safeguarding of National Security Information..., Classified National Security Information. The rule would allow licensees flexibility in determining the means... licensee security education and training programs and enhances the protection of classified information...

  18. 32 CFR 2103.51 - Information Security Oversight Committee.

    Science.gov (United States)

    2010-07-01

    ... 32 National Defense 6 2010-07-01 2010-07-01 false Information Security Oversight Committee. 2103... BE DECLASSIFIED Implementation and Review § 2103.51 Information Security Oversight Committee. The NCS Information Security Oversight Committee shall be chaired by the Staff Counsel of the National Security...

  19. 32 CFR 2400.45 - Information Security Program Review.

    Science.gov (United States)

    2010-07-01

    ... 32 National Defense 6 2010-07-01 2010-07-01 false Information Security Program Review. 2400.45... SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.45 Information Security Program Review. (a) The Director, OSTP, shall require an annual formal review of the OSTP...

  20. 78 FR 7797 - Homeland Security Information Network Advisory Committee (HSINAC)

    Science.gov (United States)

    2013-02-04

    ... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2013-0005] Homeland Security Information Network... Committee Meeting. SUMMARY: The Homeland Security Information Network Advisory Committee (HSIN AC) will meet... received by the (Homeland Security Information Network Advisory Committee), go to http://www.regulations...

  1. 76 FR 67750 - Homeland Security Information Network Advisory Committee

    Science.gov (United States)

    2011-11-02

    ... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2011-0107] Homeland Security Information Network... Information Network Advisory Committee. SUMMARY: The Secretary of Homeland Security has determined that the renewal of the Homeland Security Information Network Advisory Committee (HSINAC) is necessary and in the...

  2. Processing multilevel secure test and evaluation information

    Science.gov (United States)

    Hurlburt, George; Hildreth, Bradley; Acevedo, Teresa

    1994-07-01

    The Test and Evaluation Community Network (TECNET) is building a Multilevel Secure (MLS) system. This system features simultaneous access to classified and unclassified information and easy access through widely available communications channels. It provides the necessary separation of classification levels, assured through the use of trusted system design techniques, security assessments and evaluations. This system enables cleared T&E users to view and manipulate classified and unclassified information resources either using a single terminal interface or multiple windows in a graphical user interface. TECNET is in direct partnership with the National Security Agency (NSA) to develop and field the MLS TECNET capability in the near term. The centerpiece of this partnership is a state-of-the-art Concurrent Systems Security Engineering (CSSE) process. In developing the MLS TECNET capability, TECNET and NSA are providing members, with various expertise and diverse backgrounds, to participate in the CSSE process. The CSSE process is founded on the concepts of both Systems Engineering and Concurrent Engineering. Systems Engineering is an interdisciplinary approach to evolve and verify an integrated and life cycle balanced set of system product and process solutions that satisfy customer needs (ASD/ENS-MIL STD 499B 1992). Concurrent Engineering is design and development using the simultaneous, applied talents of a diverse group of people with the appropriate skills. Harnessing diverse talents to support CSSE requires active participation by team members in an environment that both respects and encourages diversity.

  3. Report: Information Security Series: Security Practices Safe Drinking Water Information System

    Science.gov (United States)

    Report #2006-P-00021, March 30, 2006. We found that the Office of Water (OW) substantially complied with many of the information security controls reviewed and had implemented practices to ensure production servers are monitored.

  4. Information Security – Guidance for Manually Completing the Information Security Awareness Training

    Science.gov (United States)

    The purpose of this guidance is to provide an alternative manual process for disseminating EPA Information Security Awareness Training (ISAT) materials and collecting results from EPA users who elect to complete the ISAT manually.

  5. Security Clearances and the Protection of National Security Information: Law and Procedures

    National Research Council Canada - National Science Library

    Cohen, Sheldon

    2000-01-01

    ... designed to protect National Security information. The report provides an authoritative compendium for lawyers, security officers and for managers of corporations who must deal with the legal and procedural aspects of security clearances...

  6. Novel approach to information security management of confidential ...

    African Journals Online (AJOL)

    Novel approach to information security management of confidential and propriety information ... Journal of Fundamental and Applied Sciences ... valuable information by using steganography it can have a major impact security management.

  7. 39 CFR 267.4 - Information security standards.

    Science.gov (United States)

    2010-07-01

    ... 39 Postal Service 1 2010-07-01 2010-07-01 false Information security standards. 267.4 Section 267... INFORMATION § 267.4 Information security standards. (a) The Postal Service will operate under a uniform set of information security standards which address the following functional aspects of information flow and...

  8. 49 CFR 1544.305 - Security Directives and Information Circulars.

    Science.gov (United States)

    2010-10-01

    ... threat assessment or to a specific threat against civil aviation, TSA issues a Security Directive setting... 49 Transportation 9 2010-10-01 2010-10-01 false Security Directives and Information Circulars...) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRCRAFT OPERATOR...

  9. Modern Quantum Technologies of Information Security

    OpenAIRE

    Korchenko, Oleksandr; Vasiliu, Yevhen; Gnatyuk, Sergiy

    2010-01-01

    In this paper, the systematisation and classification of modern quantum technologies of information security against cyber-terrorist attack are carried out. The characteristic of the basic directions of quantum cryptography from the viewpoint of the quantum technologies used is given. A qualitative analysis of the advantages and disadvantages of concrete quantum protocols is made. The current status of the problem of practical quantum cryptography use in telecommunication networks is consider...

  10. A Secure Information Framework with APRQ Properties

    Science.gov (United States)

    Rupa, Ch.

    2017-08-01

    Internet of the things is the most trending topics in the digital world. Security issues are rampant. In the corporate or institutional setting, security risks are apparent from the outset. Market leaders are unable to use the cryptographic techniques due to their complexities. Hence many bits of private information, including ID, are readily available for third parties to see and to utilize. There is a need to decrease the complexity and increase the robustness of the cryptographic approaches. In view of this, a new cryptographic technique as good encryption pact with adjacency, random prime number and quantum code properties has been proposed. Here, encryption can be done by using quantum photons with gray code. This approach uses the concepts of physics and mathematics with no external key exchange to improve the security of the data. It also reduces the key attacks by generation of a key at the party side instead of sharing. This method makes the security more robust than with the existing approach. Important properties of gray code and quantum are adjacency property and different photons to a single bit (0 or 1). These can reduce the avalanche effect. Cryptanalysis of the proposed method shows that it is resistant to various attacks and stronger than the existing approaches.

  11. Reflecting socio-technical combinations in radioactive waste management. Results from the InSOTEC European research project

    International Nuclear Information System (INIS)

    Kallenbach-Herbert, Beate; Bergmans, Anne; Martell, Meritxell; Schroeder, Jantine

    2015-01-01

    InSOTEC is a three-year collaborative social sciences research project funded under the European Atomic Energy Community's 7th Framework Programme FP7. The project aims to generate a better understanding of the complex interplay between the technical and the social in the context of geological disposal of radioactive waste. In doing so, InSOTEC has moved beyond the social and technical division that is frequently being found in this context by - investigating the consideration of social sciences and the recognition of socio-technical combinations in research programs on geological disposal, - analyzing the socio-technical entanglement in selected contexts like siting, reversibility and retrievability, demonstrating safety and technology transfer on the basis of case studies, and - exploring the integration of diverse stakeholders in technology oriented networks. The analyses reveal that activities in the context of geological disposal, whether related to research, planning, siting etc., rather support the divide of social and technical aspects than fostering the consideration of their entanglement. Reasons identified for this are manifold. The wish to reduce complexity by focusing stakeholder involvement on social questions and fixing the technical part ''when acceptance is reached'' is only one of them. However, the analyses also show that over the long timescales of repository planning and implementation, robust management strategies must provide the flexibility to adapt to both technical and social developments and demands. Understanding the socio-technical interplay and creating structures for its consideration provides the basis for dealing with this challenge. This presentation will focus on the main findings of the InSOTEC project with regard to the consideration of socio-technical combinations in practice. These insights are currently under development and will be finalized at the end of the project in June 2014. We will reflect on

  12. Reflecting socio-technical combinations in radioactive waste management. Results from the InSOTEC European research project

    Energy Technology Data Exchange (ETDEWEB)

    Kallenbach-Herbert, Beate [Oeko-Institut e.V., Darmstadt (Germany); Bergmans, Anne [Antwerp Univ. (Belgium); Martell, Meritxell [Merience Strategic Thinking, Olerdola (Spain); Schroeder, Jantine [Antwerp Univ. (Belgium); SCK - CEN, Mol (Belgium)

    2015-07-01

    InSOTEC is a three-year collaborative social sciences research project funded under the European Atomic Energy Community's 7th Framework Programme FP7. The project aims to generate a better understanding of the complex interplay between the technical and the social in the context of geological disposal of radioactive waste. In doing so, InSOTEC has moved beyond the social and technical division that is frequently being found in this context by - investigating the consideration of social sciences and the recognition of socio-technical combinations in research programs on geological disposal, - analyzing the socio-technical entanglement in selected contexts like siting, reversibility and retrievability, demonstrating safety and technology transfer on the basis of case studies, and - exploring the integration of diverse stakeholders in technology oriented networks. The analyses reveal that activities in the context of geological disposal, whether related to research, planning, siting etc., rather support the divide of social and technical aspects than fostering the consideration of their entanglement. Reasons identified for this are manifold. The wish to reduce complexity by focusing stakeholder involvement on social questions and fixing the technical part ''when acceptance is reached'' is only one of them. However, the analyses also show that over the long timescales of repository planning and implementation, robust management strategies must provide the flexibility to adapt to both technical and social developments and demands. Understanding the socio-technical interplay and creating structures for its consideration provides the basis for dealing with this challenge. This presentation will focus on the main findings of the InSOTEC project with regard to the consideration of socio-technical combinations in practice. These insights are currently under development and will be finalized at the end of the project in June 2014. We will reflect on

  13. Analysis of information security reliability: A tutorial

    International Nuclear Information System (INIS)

    Kondakci, Suleyman

    2015-01-01

    This article presents a concise reliability analysis of network security abstracted from stochastic modeling, reliability, and queuing theories. Network security analysis is composed of threats, their impacts, and recovery of the failed systems. A unique framework with a collection of the key reliability models is presented here to guide the determination of the system reliability based on the strength of malicious acts and performance of the recovery processes. A unique model, called Attack-obstacle model, is also proposed here for analyzing systems with immunity growth features. Most computer science curricula do not contain courses in reliability modeling applicable to different areas of computer engineering. Hence, the topic of reliability analysis is often too diffuse to most computer engineers and researchers dealing with network security. This work is thus aimed at shedding some light on this issue, which can be useful in identifying models, their assumptions and practical parameters for estimating the reliability of threatened systems and for assessing the performance of recovery facilities. It can also be useful for the classification of processes and states regarding the reliability of information systems. Systems with stochastic behaviors undergoing queue operations and random state transitions can also benefit from the approaches presented here. - Highlights: • A concise survey and tutorial in model-based reliability analysis applicable to information security. • A framework of key modeling approaches for assessing reliability of networked systems. • The framework facilitates quantitative risk assessment tasks guided by stochastic modeling and queuing theory. • Evaluation of approaches and models for modeling threats, failures, impacts, and recovery analysis of information systems

  14. 32 CFR 154.42 - Evaluation of personnel security information.

    Science.gov (United States)

    2010-07-01

    ... 32 National Defense 1 2010-07-01 2010-07-01 false Evaluation of personnel security information... SECURITY DEPARTMENT OF DEFENSE PERSONNEL SECURITY PROGRAM REGULATION Adjudication § 154.42 Evaluation of personnel security information. (a) The criteria and adjudicative policy to be used in applying the...

  15. Research on network information security model and system construction

    OpenAIRE

    Wang Haijun

    2016-01-01

    It briefly describes the impact of large data era on China’s network policy, but also brings more opportunities and challenges to the network information security. This paper reviews for the internationally accepted basic model and characteristics of network information security, and analyses the characteristics of network information security and their relationship. On the basis of the NIST security model, this paper describes three security control schemes in safety management model and the...

  16. 48 CFR 1339.107-70 - Information security.

    Science.gov (United States)

    2010-10-01

    ... 48 Federal Acquisition Regulations System 5 2010-10-01 2010-10-01 false Information security. 1339... CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 1339.107-70 Information security. (a... coordinate with the designated Contracting Officer Representative (COR) to complete the Information Security...

  17. 49 CFR 8.9 - Information Security Review Committee.

    Science.gov (United States)

    2010-10-01

    ... 49 Transportation 1 2010-10-01 2010-10-01 false Information Security Review Committee. 8.9 Section.../DECLASSIFICATION/ACCESS Classification/Declassification of Information § 8.9 Information Security Review Committee. (a) There is hereby established a Department of Transportation Information Security Review Committee...

  18. Disaster at a University: A Case Study in Information Security

    Science.gov (United States)

    Ayyagari, Ramakrishna; Tyks, Jonathan

    2012-01-01

    Security and disaster training is identified as a top Information Technology (IT) required skill that needs to be taught in Information Systems (IS) curriculums. Accordingly, information security and privacy have become core concepts in information system education. Providing IT security on a shoestring budget is always difficult and many small…

  19. Secure medical information sharing in cloud computing.

    Science.gov (United States)

    Shao, Zhiyi; Yang, Bo; Zhang, Wenzheng; Zhao, Yi; Wu, Zhenqiang; Miao, Meixia

    2015-01-01

    Medical information sharing is one of the most attractive applications of cloud computing, where searchable encryption is a fascinating solution for securely and conveniently sharing medical data among different medical organizers. However, almost all previous works are designed in symmetric key encryption environment. The only works in public key encryption do not support keyword trapdoor security, have long ciphertext related to the number of receivers, do not support receiver revocation without re-encrypting, and do not preserve the membership of receivers. In this paper, we propose a searchable encryption supporting multiple receivers for medical information sharing based on bilinear maps in public key encryption environment. In the proposed protocol, data owner stores only one copy of his encrypted file and its corresponding encrypted keywords on cloud for multiple designated receivers. The keyword ciphertext is significantly shorter and its length is constant without relation to the number of designated receivers, i.e., for n receivers the ciphertext length is only twice the element length in the group. Only the owner knows that with whom his data is shared, and the access to his data is still under control after having been put on the cloud. We formally prove the security of keyword ciphertext based on the intractability of Bilinear Diffie-Hellman problem and the keyword trapdoor based on Decisional Diffie-Hellman problem.

  20. The interplay of institutions, actors and technologies in socio-technical systems - An analysis of transformations in the Australian urban water sector

    NARCIS (Netherlands)

    Fuenfschilling, Lea; Truffer, Bernhard

    2016-01-01

    Literature on socio-technical transitions has primarily emphasized the co-determination of institutions and technologies. In this paper, we want to focus on how actors play a mediating role between these two pillars of a socio-technical system. By introducing the theoretical concept of institutional

  1. Information Security Governance: When Compliance Becomes More Important than Security

    OpenAIRE

    Tan , Terence C. C.; Ruighaver , Anthonie B.; Ahmad , Atif

    2010-01-01

    International audience; Current security governance is often based on a centralized decision making model and still uses an ineffective 20th century risk management approach to security. This approach is relatively simple to manage since it needs almost no security governance below the top enterprise level where most decisions are made. However, while there is a role for more corporate governance, new regulations, and improved codes of best practice to address current weak organizational secu...

  2. 78 FR 69286 - Facility Security Clearance and Safeguarding of National Security Information and Restricted Data

    Science.gov (United States)

    2013-11-19

    ... Clearance and Safeguarding of National Security Information and Restricted Data AGENCY: Nuclear Regulatory... Executive Order 13526, Classified National Security Information. In addition, this direct final rule allowed... licensees (or their designees) to conduct classified [[Page 69287

  3. Engineering Principles for Information Technology Security (A Baseline for Achieving Security)

    National Research Council Canada - National Science Library

    Stoneburner, Gary

    2001-01-01

    The purpose of the Engineering Principles for Information Technology (IT) Security (HP-ITS) is to present a list of system-level security principles to he considered in the design, development, and operation of an information system...

  4. National Security and the Right to Information in Europe

    DEFF Research Database (Denmark)

    Jacobsen, Amanda Lynn

    2013-01-01

    Full text available at: http://cast.ku.dk/pdf/National_Security_and_the_Right_to_Information.pdf/......Full text available at: http://cast.ku.dk/pdf/National_Security_and_the_Right_to_Information.pdf/...

  5. Executive Guide: Information Security Management. Learning From Leading Organizations

    National Research Council Canada - National Science Library

    1998-01-01

    ... on. Deficiencies in federal information security are a growing concern. In a February 1997 series of reports to the Congress, GAO designated information security as a governmentwide high-risk area...

  6. Protecting the Privacy and Security of Your Health Information

    Science.gov (United States)

    ... can be used and shared with others. The Security Rule sets rules for how your health information must be kept secure with administrative, technical, and physical safeguards. You may have additional protections and health information rights under your State's laws. ...

  7. Sensitive Security Information and Transportation Security: Issues and Congressional Options

    National Research Council Canada - National Science Library

    Sollenberger, Mitchel A

    2004-01-01

    .... TSA's application of the SSI regulations has, however, resulted in some controversies over airport security procedures, employee accountability, passenger screening, and airport secrecy agreements...

  8. Physical protection educational program - information security aspects

    International Nuclear Information System (INIS)

    Tolstoy, A.

    2002-01-01

    Full text: Conceptual approaches for designing an expert training program on object physical protection taking into account information security aspects are examined. A special educational course does not only address the immediate needs for an educational support but also ensures that new professionals include new concepts and knowledge in their practice and encourages current practitioners towards such practice. Features of the modern physical protection systems (PPS) and classification of information circulating at them are pointed out. The requirements to the PPS information protection subsystem are discussed. During the PPS expert training on information security (IS) aspects they should receive certain knowledge, on the basis of which they could competently define and carry out the PPS IS policy for a certain object. Thus, it is important to consider minimally necessary volume of knowledge taught to the PPS experts for independent and competent implementation of the above listed tasks. For the graduate PPS IS expert training it is also necessary to examine the normative and legal acts devoted to IS as a whole and the PPS IS in particular. It is caused by necessity of conformity of methods and information protection tools implemented on a certain object to the federal and departmental IS requirements. The departmental normative IS requirements define an orientation of the PPS expert training. By curriculum development it is necessary to precisely determine for whom the PPS experts are taught. The curriculum should reflect common features of the PPS functioning of the certain object type, i.e. it should be adapted to a certain customer of the experts. The specified features were taken into account by development of an educational course 'Information security of the nuclear facility physical protection systems', taught at the Moscow Engineering Physics Institute (State University) according to the Russian-American educational program 'Master in Physical

  9. Data survivability vs. security in information systems

    International Nuclear Information System (INIS)

    Levitin, Gregory; Hausken, Kjell; Taboada, Heidi A.; Coit, David W.

    2012-01-01

    A multiple objective problem formulation and solution methodology is presented to select optimal information and data storage configurations considering both data survivability and data security, as well as cost. This paper considers a situation where the information is divided into several separately stored blocks in order to mitigate the risk of unauthorized access or theft. The information can be used only if all of the blocks are accessed. To impede the information theft, the defender prefers to maximize the number of blocks. On the other hand the destruction of any block destroys the integrity of information and makes it impossible to use. To impede the information destruction, the defender prefers to maximize the number of parallel (reserve) copies of each block, regardless how many blocks in series there are. Given the set of available information storage resources, the defender must consider a multi-objective optimization problem to determine how many blocks and their copies to create, and how to distribute them among available resources in order to minimize information vulnerability, insecurity, and storage cost. Non-dominated solutions to this problem are determined using a multiple objective genetic algorithm (MOGA). This methodology is demonstrated with two general examples.

  10. A Framework for Adaptive Information Security Systems : A Holistic Investigation

    OpenAIRE

    Mwakalinga, Jeffy

    2011-01-01

    This research proposes a framework for adaptive information security systems that considers both the technical and social aspects of information systems security. Initial development of information systems security focused on computer technology and communication protocols. Researchers and designers did not consider culture, traditions, ethics, and other social issues of the people using the systems when designing and developing information security systems. They also seemed to ignore environ...

  11. CRISP. Information Security Models and Their Economics

    International Nuclear Information System (INIS)

    Gustavsson, R.; Mellstrand, P.; Tornqvist, B.

    2005-03-01

    The deliverable D1.6 includes background material and specifications of a CRISP Framework on protection of information assets related to power net management and management of business operations related to energy services. During the project it was discovered by the CRISP consortium that the original description of WP 1.6 was not adequate for the project as such. The main insight was that the original emphasis on cost-benefit analysis of security protection measures was to early to address in the project. This issue is of course crucial in itself but requires new models of consequence analysis that still remains to be developed, especially for the new business models we are investigated in the CRISP project. The updated and approved version of the WP1.6 description, together with the also updated WP2.4 focus on Dependable ICT support of Power Grid Operations constitutes an integrated approach towards dependable and secure future utilities and their business processes. This document (D1.6) is a background to deliverable D2.4. Together they provide a dependability and security framework to the three CRISP experiments in WP3

  12. The role of organisational support in teleworker wellbeing: a socio-technical systems approach.

    Science.gov (United States)

    Bentley, T A; Teo, S T T; McLeod, L; Tan, F; Bosua, R; Gloet, M

    2016-01-01

    The prevalence of telework and other forms of mobile working enabled by digital technology is increasing markedly. Following a socio-technical systems approach, this study aims to examine the role of organisational social support and specific support for teleworkers in influencing teleworker wellbeing, the mediating role of social isolation, potentially resulting from a person-environment mismatch in these relationships, and possible differences in these relationships between low-intensity and hybrid teleworkers. Teleworkers' (n = 804) perceptions of support and telework outcomes (psychological strain, job satisfaction, and social isolation) were collected using an on-line survey of teleworking employees distributed within 28 New Zealand organisations where knowledge work was undertaken. Organisational social support and teleworker support was associated with increased job satisfaction and reduced psychological strain. Social isolation mediated the relationship between organisational social support and the two outcome variables, and some differences were observed in the structural relationships for hybrid and low-intensity teleworker sub-samples. These findings suggest that providing the necessary organisational and teleworker support is important for enhancing the teleworker-environment fit and thereby ensuring desirable telework outcomes. Copyright © 2015 Elsevier Ltd and The Ergonomics Society. All rights reserved.

  13. Systems scenarios: a tool for facilitating the socio-technical design of work systems.

    Science.gov (United States)

    Hughes, Helen P N; Clegg, Chris W; Bolton, Lucy E; Machon, Lauren C

    2017-10-01

    The socio-technical systems approach to design is well documented. Recognising the benefits of this approach, organisations are increasingly trying to work with systems, rather than their component parts. However, few tools attempt to analyse the complexity inherent in such systems, in ways that generate useful, practical outputs. In this paper, we outline the 'System Scenarios Tool' (SST), which is a novel, applied methodology that can be used by designers, end-users, consultants or researchers to help design or re-design work systems. The paper introduces the SST using examples of its application, and describes the potential benefits of its use, before reflecting on its limitations. Finally, we discuss potential opportunities for the tool, and describe sets of circumstances in which it might be used. Practitioner Summary: The paper presents a novel, applied methodological tool, named the 'Systems Scenarios Tool'. We believe this tool can be used as a point of reference by designers, end-users, consultants or researchers, to help design or re-design work systems. Included in the paper are two worked examples, demonstrating the tool's application.

  14. EO Model for Tacit Knowledge Externalization in Socio-Technical Enterprises

    Directory of Open Access Journals (Sweden)

    Shreyas Suresh Rao

    2017-03-01

    Full Text Available Aim/Purpose: A vital business activity within socio-technical enterprises is tacit knowledge externalization, which elicits and explicates tacit knowledge of enterprise employees as external knowledge. The aim of this paper is to integrate diverse aspects of externalization through the Enterprise Ontology model. Background: Across two decades, researchers have explored various aspects of tacit knowledge externalization. However, from the existing works, it is revealed that there is no uniform representation of the externalization process, which has resulted in divergent and contradictory interpretations across the literature. Methodology\t: The Enterprise Ontology model is constructed step-wise through the conceptual and measurement views. While the conceptual view encompasses three patterns that model the externalization process, the measurement view employs certainty-factor model to empirically measure the outcome of the externalization process. Contribution: The paper contributes towards knowledge management literature in two ways. The first contribution is the Enterprise Ontology model that integrates diverse aspects of externalization. The second contribution is a Web application that validates the model through a case study in banking. Findings: The findings show that the Enterprise Ontology model and the patterns are pragmatic in externalizing the tacit knowledge of experts in a problem-solving scenario within a banking enterprise. Recommendations for Practitioners\t: Consider the diverse aspects (what, where, when, why, and how during the tacit knowledge externalization process. Future Research:\tTo extend the Enterprise Ontology model to include externalization from partially automated enterprise systems.

  15. SPP Toolbox: Supporting Sustainable Public Procurement in the Context of Socio-Technical Transitions

    Directory of Open Access Journals (Sweden)

    Paula Cayolla Trindade

    2017-12-01

    Full Text Available Public procurement can shape production and consumption trends and represents a stimulus for both innovation and diversification in products and services, through a direct increase in demand. In recent years, the interest in demand-side policies has grown and several approaches have emerged, such as Green Public Procurement (GPP, Sustainable Public Procurement (SPP and Public Procurement of Innovation (PPI, representing strategic goals to be achieved through public procurement. In this context, there is a need to guide and support public organizations in the uptake of GPP, SPP and PPI practices. To respond to the challenges raised by the operationalization of such strategies, this paper proposes a new tool—the SPP Toolbox—for guiding public organizations as they re-think the procurement process, raising their ambitions and broadening their vision, thus changing the organizational approach towards culture, strategies, structures and practices. This toolbox integrates insights from GPP, SPP and PPI objectives and practices, in the context of the emergence of socio-technical transitions. The toolbox coherently links GPP, SPP and PPI, allowing flexibility in terms of goals, yet promoting an increasing complexity of institutionalized practices and skills—from GPP to SPP and then from SPP to PPI, organized in a framework fully integrated into the organizational strategy.

  16. The Systemic and Global Dimension of Business Resilience in a Socio-Technical Perspective

    Directory of Open Access Journals (Sweden)

    Paulo Garrido

    2016-02-01

    Full Text Available This paper proposes to augment the concept of a business resilience improving process by enlarging such a process with a dimension of external action that addresses the vaster frame of systemic resilience of our societies. To this aim, I propose to widen the concept of socio-technical system (STS to human societies, based on the idea that the development and survival of human societies has necessary social and technical factors. I also propose a concept of resilience in terms of dealing with failures of STS. Two particular cases of very large failure avoidance are considered: nuclear war and civilizational collapse, and I propose that such cases should be present in the referred dimension of external action of any business resilience program. Because the action of public governments and their cooperation is crucial for advancing global systemic resilience, I suggest that businesses should analyze and model the decisions of governments in a wider context of naturally occurring cooperating and conflicting human groups.

  17. Academic Information Security Researchers: Hackers or Specialists?

    Science.gov (United States)

    Dadkhah, Mehdi; Lagzian, Mohammad; Borchardt, Glenn

    2018-04-01

    In this opinion piece, we present a synopsis of our findings from the last 2 years concerning cyber-attacks on web-based academia. We also present some of problems that we have faced and try to resolve any misunderstandings about our work. We are academic information security specialists, not hackers. Finally, we present a brief overview of our methods for detecting cyber fraud in an attempt to present general guidelines for researchers who would like to continue our work. We believe that our work is necessary for protecting the integrity of scholarly publishing against emerging cybercrime.

  18. Practical Methods for Information Security Risk Management

    Directory of Open Access Journals (Sweden)

    Cristian AMANCEI

    2011-01-01

    Full Text Available The purpose of this paper is to present some directions to perform the risk man-agement for information security. The article follows to practical methods through question-naire that asses the internal control, and through evaluation based on existing controls as part of vulnerability assessment. The methods presented contains all the key elements that concurs in risk management, through the elements proposed for evaluation questionnaire, list of threats, resource classification and evaluation, correlation between risks and controls and residual risk computation.

  19. Examining the Relationship between Organization Systems and Information Security Awareness

    Science.gov (United States)

    Tintamusik, Yanarong

    2010-01-01

    The focus of this dissertation was to examine the crucial relationship between organization systems within the framework of the organizational behavior theory and information security awareness (ISA) of users within the framework of the information security theory. Despite advanced security technologies designed to protect information assets,…

  20. 41 CFR 105-53.133 - Information Security Oversight Office.

    Science.gov (United States)

    2010-07-01

    ... 41 Public Contracts and Property Management 3 2010-07-01 2010-07-01 false Information Security... FUNCTIONS Central Offices § 105-53.133 Information Security Oversight Office. (a) Creation and authority. The Information Security Oversight Office (ISOO), headed by the Director of ISOO, who is appointed by...

  1. 76 FR 5232 - Small Business Information Security Task Force

    Science.gov (United States)

    2011-01-28

    ... SMALL BUSINESS ADMINISTRATION Small Business Information Security Task Force AGENCY: U.S. Small... publish meeting minutes for the Small Business Information Security Task Force Meeting. DATES: 1 p.m... 2009, SBA submits the meeting minutes for the third meeting of the Small Business Information Security...

  2. 75 FR 77934 - Small Business Information Security Task Force

    Science.gov (United States)

    2010-12-14

    ... SMALL BUSINESS ADMINISTRATION Small Business Information Security Task Force AGENCY: U.S. Small... publish meeting minutes for the Small Business Information Security Task Force Meeting. DATES: 1 p.m... 2009, SBA submits the meeting minutes for the second meeting of the Small Business Information Security...

  3. 75 FR 70764 - Small Business Information Security Task Force

    Science.gov (United States)

    2010-11-18

    ... SMALL BUSINESS ADMINISTRATION Small Business Information Security Task Force AGENCY: U.S. Small... publish meeting minutes for the Small Business Information Security Task Force Meeting. DATES: 1 p.m... 2009, SBA submits the meeting minutes for the first meeting of the Small Business Information Security...

  4. 76 FR 11307 - Small Business Information Security Task Force

    Science.gov (United States)

    2011-03-01

    ... SMALL BUSINESS ADMINISTRATION Small Business Information Security Task Force AGENCY: U.S. Small... publish meeting minutes for the Small Business Information Security Task Force Meeting. DATES: 1 p.m... 2009, SBA submits the meeting minutes for the third meeting of the Small Business Information Security...

  5. 39 CFR 267.5 - National Security Information.

    Science.gov (United States)

    2010-07-01

    ... 39 Postal Service 1 2010-07-01 2010-07-01 false National Security Information. 267.5 Section 267.5... § 267.5 National Security Information. (a) Purpose and scope. The purpose of this section is to provide regulations implementing Executive Order 12356 National Security Information (hereinafter referred to as the...

  6. Exploring Factors that Influence Students' Behaviors in Information Security

    Science.gov (United States)

    Yoon, Cheolho; Hwang, Jae-Won; Kim, Rosemary

    2012-01-01

    Due to the ever-increasing use of the Internet, information security has become a critical issue in society. This is especially the case for young adults who have different attitudes towards information security practices. In this research, we examine factors that motivate college students' information security behaviors. Based on the concept of…

  7. Assessing Information Security Strategies, Tactics, Logic and Framework

    CERN Document Server

    Vladimirov, Andrew; Michajlowski, Andriej

    2010-01-01

    This book deals with the philosophy, strategy and tactics of soliciting, managing and conducting information security audits of all flavours. It will give readers the founding principles around information security assessments and why they are important, whilst providing a fluid framework for developing an astute 'information security mind' capable of rapid adaptation to evolving technologies, markets, regulations, and laws.

  8. Information Security for Business: the Necessity of Reputational Risk Management

    Directory of Open Access Journals (Sweden)

    Vitaly Eduardovich Dorokhov

    2015-06-01

    Full Text Available The article presents the analysis of actual information security problems in commercial segment. The main directions in regulations of the Russian Federation connected with information security assurance are defined. The results indicate the insufficiency of legal regulation in prevention of reputational losses due to information security incidents

  9. Information Security Intelligence as a Basis for Modern Information Security Management

    Directory of Open Access Journals (Sweden)

    Natalia Georgievna Miloslavskaya

    2013-12-01

    Full Text Available There is a transfer from the simple Log Management Systems and SIEM systems to those supporting Information Security Intelligence (ISI. ISIe as Business Intelligence enables companies to make more informed business decisions through more effective processing of great volumes of available information concerning their IT infrastructure. The relevance of such a transition is defined. The main goal and advantage of ISI are highlighted. The basic functionality of computer-based systems for ISI are determined.

  10. Information Security Intelligence as a Basis for Modern Information Security Management

    OpenAIRE

    Natalia Georgievna Miloslavskaya; Aleksandr Ivanovich Tolstoy

    2013-01-01

    There is a transfer from the simple Log Management Systems and SIEM systems to those supporting Information Security Intelligence (ISI). ISIe as Business Intelligence enables companies to make more informed business decisions through more effective processing of great volumes of available information concerning their IT infrastructure. The relevance of such a transition is defined. The main goal and advantage of ISI are highlighted. The basic functionality of computer-based systems for ISI ar...

  11. SECURITY AWARENESS – MAJOR PIECE IN THE PUZZLE OF INFORMATION SECURITY

    OpenAIRE

    MARIUS PETRESCU; NICOLETA SÎRBU; ANCA-GABRIELA PETRESCU; MIOARA BRABOVEANU

    2011-01-01

    Information security has come to be recognized as increasingly important because global communication and information systems allow a potentially large number of unauthorized users to access and possibly alter information from around the world. As the dependence on information systems grows, so the security of information networks becomes ever more critical to any entity, no matter if it is a company or a public institution. Information security involves both technology and people. Any securi...

  12. A socio-technical system framework for risk-informed performance-based building regulation

    NARCIS (Netherlands)

    Meacham, B.J.; Straalen, IJ.J. van

    2017-01-01

    Building regulatory systems have been evolving in recent decades, first with a transition to a functional or performance basis, and more recently with the introduction of new societal objectives, including those related to sustainability and climate change resiliency. Various policy and technical

  13. A Study of the Effect of Information Security Policies on Information Security Breaches in Higher Education Institutions

    Science.gov (United States)

    Waddell, Stanie Adolphus

    2013-01-01

    Many articles within the literature point to the information security policy as one of the most important elements of an effective information security program. Even though this belief is continually referred to in many information security scholarly articles, very few research studies have been performed to corroborate this sentiment. Doherty and…

  14. E-learning stakeholders information security vulnerability model

    OpenAIRE

    Mohd Alwi, Najwa Hayaati

    2012-01-01

    The motivation to conduct this research has come from awareness that the Internet exposes the e-learning environment to information security threats and vulnerabilities. Information security management as practised as a top down approach in many organisations tend to detach of people’s responsibility in ensuring the security of e-learning. Literature has pointed out that people’s behaviour required to be addressed to control the information security threats. This research proposes an ISM huma...

  15. Information systems security policies: a survey in Portuguese public administration

    OpenAIRE

    Lopes, Isabel Maria; Sá-Soares, Filipe de

    2010-01-01

    Information Systems Security is a relevant factor for present organizations. Among the security measures, policies assume a central role in literature. However, there is a reduced number of empirical studies about the adoption of information systems security policies. This paper contributes to mitigate this flaw by presenting the results of a survey in the adoption of Information System Security Policies in Local Public Administration in Portugal. The results are discussed in light of literat...

  16. Army Secure Operating System: Information Security for Real Time Systems

    National Research Council Canada - National Science Library

    Anderson, Eric

    1984-01-01

    The Army Secure Operating System (ASOS) project, under the management of the U.S. Army CECOM organization, will provide real time systems software necessary for fielding modern Battlefield Automation Systems...

  17. Information security architecture an integrated approach to security in the organization

    CERN Document Server

    Killmeyer, Jan

    2006-01-01

    Information Security Architecture, Second Edition incorporates the knowledge developed during the past decade that has pushed the information security life cycle from infancy to a more mature, understandable, and manageable state. It simplifies security by providing clear and organized methods and by guiding you to the most effective resources available.

  18. Cyber-crime Science = Crime Science + Information Security

    NARCIS (Netherlands)

    Hartel, Pieter H.; Junger, Marianne; Wieringa, Roelf J.

    2010-01-01

    Cyber-crime Science is an emerging area of study aiming to prevent cyber-crime by combining security protection techniques from Information Security with empirical research methods used in Crime Science. Information security research has developed techniques for protecting the confidentiality,

  19. Effect of Organizational Factors on Information Security Implementations

    Science.gov (United States)

    Perez, Rafael G.

    2013-01-01

    The purpose of this quantitative inferential study is to determine the level of correlation between the organizational factors of information security awareness, balanced security processes, and organizational structure with the size of the estimation gap of information security implementations mediated by the end user intentionality. The study…

  20. Institutionalization of Information Security: Case of the Indonesian Banking Sector

    Science.gov (United States)

    Nasution, Muhamad Faisal Fariduddin Attar

    2012-01-01

    This study focuses on the institutionalization of information security in the banking sector. This study is important to pursue since it explicates the internalization of information security governance and practices and how such internalization develops an organizational resistance towards security breach. The study argues that information…

  1. The chief information security officer insights, tools and survival skills

    CERN Document Server

    Kouns, Barry

    2011-01-01

    Chief Information Security Officers are bombarded with huge challenges every day, from recommending security applications to strategic thinking and business innovation. This guide describes the hard and soft skills that a successful CISO requires: not just a good knowledge of information security, but also attributes such as flexibility and communication skills.

  2. A socio-technical, probabilistic risk assessment model for surgical site infections in ambulatory surgery centers.

    Science.gov (United States)

    Bish, Ebru K; El-Amine, Hadi; Steighner, Laura A; Slonim, Anthony D

    2014-10-01

    To understand how structural and process elements may affect the risk for surgical site infections (SSIs) in the ambulatory surgery center (ASC) environment, the researchers employed a tool known as socio-technical probabilistic risk assessment (ST-PRA). ST-PRA is particularly helpful for estimating risks in outcomes that are very rare, such as the risk of SSI in ASCs. Study objectives were to (1) identify the risk factors associated with SSIs resulting from procedures performed at ASCs and (2) design an intervention to mitigate the likelihood of SSIs for the most common risk factors that were identified by the ST-PRA for a particular surgical procedure. ST-PRA was used to study the SSI risk in the ASC setting. Both quantitative and qualitative data sources were utilized, and sensitivity analysis was performed to ensure the robustness of the results. The event entitled "fail to protect the patient effectively" accounted for 51.9% of SSIs in the ambulatory care setting. Critical components of this event included several failure risk points related to skin preparation, antibiotic administration, staff training, proper response to glove punctures during surgery, and adherence to surgical preparation rules related to the wearing of jewelry, watches, and artificial nails. Assuming a 75% reduction in noncompliance on any combination of 2 of these 5 components, the risk for an SSI decreased from 0.0044 to between 0.0027 and 0.0035. An intervention that targeted the 5 major components of the major risk point was proposed, and its implications were discussed.

  3. International Socio-Technical Challenges for Geological Disposal (InSOTEC): Project Aims and Preliminary Results - 12236

    Energy Technology Data Exchange (ETDEWEB)

    Bergmans, Anne; Schroeder, Jantine [University of Antwerp, Faculty of Political and Social Sciences, 2000 Antwerp (Belgium); Simmons, Peter [University of East Anglia, School of Environmental Sciences, NR4 7TJ Norwich (United Kingdom); Barthe, Yannick; Meyer, Morgan [CNRS, Ecole des Mines, 75272 Paris (France); Sundqvist, Goeran [Universitetet i Oslo, Centre for Studies of Technology, Innovation and Culture, 0851 Oslo (Norway); Martell, Merixell [MERIENCE Strategic Thinking, 08734 Olerdola (Spain); Kallenbach-Herbert, Beate [Oeko Institut, 64295 Darmstadt (Germany)

    2012-07-01

    InSOTEC is a social sciences research project which aims to generate a better understanding of the complex interplay between the technical and the social in radioactive waste management and, in particular, in the design and implementation of geological disposal. It currently investigates and analyses the most striking socio-technical challenges to implementing geological disposal of radioactive waste in 14 national programs. A focus is put on situations and issues where the relationship between the technical and social components is still unstable, ambiguous and controversial, and where negotiations are taking place in terms of problem definitions and preferred solutions. Such negotiations can vary from relatively minor contestation, over mild commotion, to strong and open conflicts. Concrete examples of socio-technical challenges are: the question of siting, introducing the notion of reversibility / retrievability into the concept of geological disposal, or monitoring for confidence building. In a second stage the InSOTEC partners aim to develop a fine-grained understanding of how the technical and the social influence, shape, build upon each other in the case of radioactive waste management and the design and implementation of geological disposal. How are socio-technical combinations in this field translated and materialized into the solutions finally adopted? With what kinds of tools and instruments are they being integrated? Complementary to providing better theoretical insight into these socio-technical challenges/combinations, InSOTEC aims to provide concrete suggestions on how to address these within national and international contexts. To this end, InSOTEC will deliver insights into how mechanisms for interaction between the technical community and a broad range of socio-political actors could be developed. (authors)

  4. Information Security Behavioral Model: Towards Employees' Knowledge and Attitude

    OpenAIRE

    Mishra, Saurabh; Snehlata, Snehlata; Srivastava, Anjali

    2014-01-01

    Information Security has become a significant concern for today's organizations. The internal security threats acts as the most curtail type of security threat within an organization. These internal security threats are a result of poor conduct of security behavior by the employees within an organization. If not deal properly, it may hamper the auditing of organization. Auditing plays an important role in the business environment. Before conducting auditing it is essential to examine the beha...

  5. Information security knowledge sharing in organizations : Investigating the effect of behavioral information security governance and national culture

    OpenAIRE

    Rocha Flores, Waldo; Antonsen, Egil; Ekstedt, Mathias

    2014-01-01

    This paper presents an empirical investigation on what behavioral information security governance factors drives the establishment of information security knowledge sharing in organizations. Data was collected from organizations located in different geographic regions of the world, and the amount of data collected from two countries – namely, USA and Sweden – allowed us to investigate if the effect of behavioral information security governance factors on the establishment of security knowledg...

  6. How a submarine returns to periscope depth: analysing complex socio-technical systems using Cognitive Work Analysis.

    Science.gov (United States)

    Stanton, Neville A; Bessell, Kevin

    2014-01-01

    This paper presents the application of Cognitive Work Analysis to the description of the functions, situations, activities, decisions, strategies, and competencies of a Trafalgar class submarine when performing the function of returning to periscope depth. All five phases of Cognitive Work Analysis are presented, namely: Work Domain Analysis, Control Task Analysis, Strategies Analysis, Social Organisation and Cooperation Analysis, and Worker Competencies Analysis. Complex socio-technical systems are difficult to analyse but Cognitive Work Analysis offers an integrated way of analysing complex systems with the core of functional means-ends analysis underlying all of the other representations. The joined-up analysis offers a coherent framework for understanding how socio-technical systems work. Data were collected through observation and interviews at different sites across the UK. The resultant representations present a statement of how the work domain and current activities are configured in this complex socio-technical system. This is intended to provide a baseline, from which all future conceptions of the domain may be compared. The strength of the analysis is in the multiple representations from which the constraints acting on the work may be analysed. Future research needs to challenge the assumptions behind these constraints in order to develop new ways of working. Copyright © 2013 Elsevier Ltd and The Ergonomics Society. All rights reserved.

  7. Federal Information Security: Actions Needed to Address Widespread Weaknesses

    National Research Council Canada - National Science Library

    Brock, Jack

    2000-01-01

    I am pleased to be here today to discuss federal information security. Our recent audit findings in this area present a disturbing picture of the state of computer security practices at individual agencies...

  8. Information Security Policy Modeling for Network Security Systems

    Directory of Open Access Journals (Sweden)

    Dmitry Sergeevich Chernyavskiy

    2014-12-01

    Full Text Available Policy management for network security systems (NSSs is one of the most topical issues of network security management. Incorrect configurations of NSSs lead to system outages and appearance of vulnerabilities. Moreover, policy management process is a time-consuming task, which includes significant amount of manual work. These factors reduce efficiency of NSSs’ utilization. The paper discusses peculiarities of policy management process and existing approaches to policy modeling, presents a model aimed to formalize policies for NSSs independently on NSSs’ platforms and select the most effective NSSs for implementation of the policies.

  9. Business Information Exchange System with Security, Privacy, and Anonymity

    Directory of Open Access Journals (Sweden)

    Sead Muftic

    2016-01-01

    Full Text Available Business Information Exchange is an Internet Secure Portal for secure management, distribution, sharing, and use of business e-mails, documents, and messages. It has three applications supporting three major types of information exchange systems: secure e-mail, secure instant messaging, and secure sharing of business documents. In addition to standard security services for e-mail letters, which are also applied to instant messages and documents, the system provides innovative features of privacy and full anonymity of users and their locations, actions, transactions, and exchanged resources. In this paper we describe design, implementation, and use of the system.

  10. Enhancing Food Security through Information and Communication ...

    International Development Research Centre (IDRC) Digital Library (Canada)

    ... national food security, and prior approval of the government's National Food Security and Nutrition Policy 2006-2015. In alignment with these governmental commitments, this project will enable researchers to provide policymakers with practical and sustainable solutions that directly respond to national food security goals ...

  11. An Information Security Control Assessment Methodology for Organizations

    Science.gov (United States)

    Otero, Angel R.

    2014-01-01

    In an era where use and dependence of information systems is significantly high, the threat of incidents related to information security that could jeopardize the information held by organizations is more and more serious. Alarming facts within the literature point to inadequacies in information security practices, particularly the evaluation of…

  12. Federal Information Security and Data Breach Notification Laws

    Science.gov (United States)

    2009-01-29

    The following report describes information security and data breach notification requirements included in the Privacy Act, the Federal Information...information for unauthorized purposes. Data breach notification laws typically require covered entities to implement a breach notification policy, and...Feinstein), S. 495 (Leahy), and S. 1178 (Inouye)--were reported favorably out of Senate committees. Those bills include information security and data

  13. The application of artificial intelligence within information security.

    OpenAIRE

    2012-01-01

    D.Phil. Computer-based information systems will probably always have to contend with security issues. Much research have already gone into the field of information security. These research results have yielded some very sophisticated and effective security mechanisms and procedures. However, due to the ever increasing sophistication of criminals, combined with the ever changing and evolving information technology environment, some limitations still exist within the field of information sec...

  14. Embedding security messages in existing processes: a pragmatic and effective approach to information security culture change

    CERN Document Server

    Lopienski, Sebastian

    Companies and organizations world-wide depend more and more on IT infrastructure and operations. Computer systems store vital information and sensitive data; computing services are essential for main business processes. This high dependency comes with a number of security risks, which have to be managed correctly on technological, organizational and human levels. Addressing the human aspects of information security often boils down just to procedures, training and awareness raising. On the other hand, employees and collaborators do not adopt security attitude and habits simply when told to do so – a real change in behaviour requires an established security culture. But how to introduce a security culture? This thesis outlines the need of developing or improving security culture, and discusses how this can be done. The proposed approach is to gradually build security knowledge and awareness, and influence behaviours. The way to achieve this is to make security communication pervasive by embedding security me...

  15. Security leader insights for information protection lessons and strategies from leading security professionals

    CERN Document Server

    Fahy, Bob

    2014-01-01

    How do you, as a busy security executive or manager, stay current with evolving issues, familiarize yourself with the successful practices of your peers, and transfer this information to build a knowledgeable, skilled workforce the times now demand? With Security Leader Insights for Information Protection, a collection of timeless leadership best practices featuring insights from some of the nation's most successful security practitioners, you can. This book can be used as a quick and effective resource to bring your security staff up to speed on security's role in information protection. I

  16. Considerations on the selection and prioritization of information security solutions

    Directory of Open Access Journals (Sweden)

    Maria Cristina RĂDULESCU

    2016-05-01

    Full Text Available This paper provides a set of guidelines that can be used for prescribing a methodology or a detailed process for selecting and prioritizing security projects or solutions. It is based on the idea that costs of security solutions should be justified by their contribution to ensuring adequate protection of information resources in the organization which implements them. The article reviews general issues of security risks and costs, arguing the need for explicit consideration of information resources security requirements in order to validate decisions concerning security projects implementation. In such an approach, security requirements of information resources are used as a reference system to quantify the benefits and limitations of security solutions defined as alternative or complementary responses to certain security risks as their implementation faces budget constraints.

  17. Building Bridges between Hard and Soft Knowledge: The Co-production of Andra's Socio-technical Approach on Reversibility

    International Nuclear Information System (INIS)

    Aparicio, Luis

    2012-01-01

    At the crossroads of political decision making and scientific and technical design, the concept of reversibility appeared in French law with the Waste Act dated 30 December 1991. The study of possibilities for reversible or irreversible disposal within deep geological formations of HLW waste was assigned to the National Radioactive Waste Management Agency (Andra) which, through the same act, became an independent public institution. Fifteen years later, the Planning Act dated 28 June 2006 requests Andra to file a licence application for a reversible disposal facility to be reviewed by 2015, after a public debate. It also states that a new law will have to prescribe the exact reversibility conditions of disposal before a license is granted. As a result of this legal framing, the design and the implementation of a reversible disposal facility - Andra's CIGEO project - are placed in France within a new innovation regime. Based upon the progressive elaboration of socio-technical compromises to make radioactive waste governable, Andra's project robustness is measured both in technical and social terms. Matters of concern include, among others, local insertion and land-use planning, techno-economic optimisation, safety analysis and performance assessment, scientific and technical progress, social acceptability.. Moreover, the reversible principle implies that Andra must grant future generations the possibility of intervention for at least one hundred years. Defining a reversible deep disposal facility means therefore, for Andra, mobilising much more than technical expertise; it consists also in a kind of mediation work that shapes the project as a public issue. Traditional frontiers between experts, citizens and policy makers are thus blurred in this new regime of innovation. Other than scientific and technical accuracy, Andra's project capacity to hold up multiple perspectives and resisting their respective criticisms will also be assessed. Andra is therefore committed

  18. Information security of power enterprises of North-Arctic region

    Science.gov (United States)

    Sushko, O. P.

    2018-05-01

    The role of information technologies in providing technological security for energy enterprises is a component of the economic security for the northern Arctic region in general. Applying instruments and methods of information protection modelling of the energy enterprises' business process in the northern Arctic region (such as Arkhenergo and Komienergo), the authors analysed and identified most frequent risks of information security. With the analytic hierarchy process based on weighting factor estimations, information risks of energy enterprises' technological processes were ranked. The economic estimation of the information security within an energy enterprise considers weighting factor-adjusted variables (risks). Investments in information security systems of energy enterprises in the northern Arctic region are related to necessary security elements installation; current operating expenses on business process protection systems become materialized economic damage.

  19. Aspects regarding the implementation of information security standards in organizations

    Directory of Open Access Journals (Sweden)

    Mihai Bârsan

    2017-03-01

    Full Text Available Information security is one of the major challenges of the information and knowledge based society. The preoccupation of organizations to ensure the security of information in the digital environment has led to the emergence of specific standards in the field. Thus, ISO 27000 brings together reference standards in the field. Starting from ISO 27001, which summarizes policies and procedures on physical, legal and technological security risks, this paper looks at the steps the organization must undertake to implement the standards.

  20. Understanding and Specifying Information Security Needs to Support the Delivery of High Quality Security Services

    NARCIS (Netherlands)

    Su, X.; Bolzoni, D.; van Eck, Pascal

    2006-01-01

    In this paper we present an approach for specifying and prioritizing information security requirements in organizations. It is important to prioritize security requirements since hundred per cent security is not achievable and the limited resources available should be directed to satisfy the most

  1. Understanding and Specifying Information Security Needs to Support the Delivery of High Quality Security Services

    NARCIS (Netherlands)

    Su, X.; Bolzoni, D.; van Eck, Pascal

    2007-01-01

    In this paper we present an approach for specifying and prioritizing information security requirements in organizations. It is important to prioritize security requirements since hundred per cent security is not achievable and the limited resources available should be directed to satisfy the most

  2. Specifying Information Security Needs for the Delivery of High Quality Security Services

    NARCIS (Netherlands)

    Su, X.; Bolzoni, D.; van Eck, Pascal

    In this paper we present an approach for specifying and prioritizing information security requirements in organizations. We propose to explicitly link security requirements with the organizations' business vision, i.e. to provide business rationale for security requirements. The rationale is then

  3. Evaluating Factors of Security Policy on Information Security Effectiveness in Developing Nations: A Case of Nigeria

    Science.gov (United States)

    Okolo, Nkiru Benjamin

    2016-01-01

    Information systems of today face more potential security infringement than ever before. The regular susceptibility of data to breaches is a function of systems users' disinclination to follow appropriate security measures. A well-secured system maintains integrity, confidentiality, and availability, while providing appropriate and consistent…

  4. 36 CFR 1256.46 - National security-classified information.

    Science.gov (United States)

    2010-07-01

    ... 36 Parks, Forests, and Public Property 3 2010-07-01 2010-07-01 false National security-classified... Restrictions § 1256.46 National security-classified information. In accordance with 5 U.S.C. 552(b)(1), NARA... properly classified under the provisions of the pertinent Executive Order on Classified National Security...

  5. 78 FR 71631 - Committee Name: Homeland Security Information Network Advisory Committee (HSINAC)

    Science.gov (United States)

    2013-11-29

    ... DEPARTMENT OF HOMELAND SECURITY [DHS-2013-0037] Committee Name: Homeland Security Information.... SUMMARY: The Homeland Security Information Network Advisory Council (HSINAC) will meet December 17, 2013... , Phone: 202-343-4212. SUPPLEMENTARY INFORMATION: The Homeland Security Information Network Advisory...

  6. Information security management system planning for CBRN facilities

    International Nuclear Information System (INIS)

    Lenaeu, Joseph D.; O'Neil, Lori Ross; Leitch, Rosalyn M.; Glantz, Clifford S.; Landine, Guy P.; Bryant, Janet L.; Lewis, John; Mathers, Gemma; Rodger, Robert; Johnson, Christopher

    2015-01-01

    The focus of this document is to provide guidance for the development of information security management system planning documents at chemical, biological, radiological, or nuclear (CBRN) facilities. It describes a risk-based approach for planning information security programs based on the sensitivity of the data developed, processed, communicated, and stored on facility information systems.

  7. 48 CFR 2452.239-71 - Information Technology Virus Security.

    Science.gov (United States)

    2010-10-01

    ... 48 Federal Acquisition Regulations System 6 2010-10-01 2010-10-01 true Information Technology... Provisions and Clauses 2452.239-71 Information Technology Virus Security. As prescribed in 2439.107(b), insert the following clause: Information Technology Virus Security (FEB 2006) (a) The contractor hereby...

  8. Information security management system planning for CBRN facilities

    Energy Technology Data Exchange (ETDEWEB)

    Lenaeu, Joseph D. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); O' Neil, Lori Ross [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Leitch, Rosalyn M. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Glantz, Clifford S. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Landine, Guy P. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Bryant, Janet L. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Lewis, John [National Nuclear Lab., Workington (United Kingdom); Mathers, Gemma [National Nuclear Lab., Workington (United Kingdom); Rodger, Robert [National Nuclear Lab., Workington (United Kingdom); Johnson, Christopher [National Nuclear Lab., Workington (United Kingdom)

    2015-12-01

    The focus of this document is to provide guidance for the development of information security management system planning documents at chemical, biological, radiological, or nuclear (CBRN) facilities. It describes a risk-based approach for planning information security programs based on the sensitivity of the data developed, processed, communicated, and stored on facility information systems.

  9. Department of Energy security program needs effective information systems

    International Nuclear Information System (INIS)

    1991-10-01

    Although security is an important, nearly billion-dollar-a-year function in the Department of Energy (DOE), key information systems that hold important data about security weaknesses and incidents have limited analytical capabilities and contain unreliable information. The resultant difficulty in identifying patterns and trends reduces managers' ability to ensure the effectiveness of the security program. Resources are also wasted because DOE has deployed incompatible systems that are unable to electronically share or transfer data, often forcing employees to manually re-enter data that are already stored in computers elsewhere. Finally, continuing data problems with other important security information systems, such as those used to track security clearances and classified documents, indicate that information system deficiencies are extensive. A major reason for these problems is that DOE has not done a comprehensive, strategic assessment of its information and information technology needs of the security program. DOE's efforts are fragmented because it has not assigned to any organization the leadership responsibility to determine security information needs and to plan and manage security information resources Department-wide. This paper reports that a number of changes are needed to correct these problems and take advantage of information technology to help strengthen the security program

  10. Information security system quality assessment through the intelligent tools

    Science.gov (United States)

    Trapeznikov, E. V.

    2018-04-01

    The technology development has shown the automated system information security comprehensive analysis necessity. The subject area analysis indicates the study relevance. The research objective is to develop the information security system quality assessment methodology based on the intelligent tools. The basis of the methodology is the information security assessment model in the information system through the neural network. The paper presents the security assessment model, its algorithm. The methodology practical implementation results in the form of the software flow diagram are represented. The practical significance of the model being developed is noted in conclusions.

  11. EFFICIENCY INDICATORS INFORMATION MANAGEMENT IN INTEGRATED SECURITY SYSTEMS

    Directory of Open Access Journals (Sweden)

    N. S. Rodionova

    2014-01-01

    Full Text Available Summary. Introduction of information technology to improve the efficiency of security activity leads to the need to consider a number of negative factors associated with in consequence of the use of these technologies as a key element of modern security systems. One of the most notable factor is the exposure to information processes in protection systems security threats. This largely relates to integrated security systems (ISS is the system of protection with the highest level of informatization security functions. Significant damage to protected objects that they could potentially incur as a result of abnormal operation ISS, puts a very actual problem of assessing factors that reduce the efficiency of the ISS to justify the ways and methods to improve it. Because of the nature of threats and blocking distortion of information in the ISS of interest are: the volume undistorted ISF working environment, as a characteristic of data integrity; time access to information as a feature of its availability. This in turn leads to the need to use these parameters as the performance characteristics of information processes in the ISS - the completeness and timeliness of information processing. The article proposes performance indicators of information processes in integrated security systems in terms of optimal control procedures to protect information from unauthorized access. Set the considered parameters allows to conduct comprehensive security analysis of integrated security systems, and to provide recommendations to improve the management of information security procedures in them.

  12. Information security governance simplified from the boardroom to the keyboard

    CERN Document Server

    Fitzgerald, Todd

    2011-01-01

    Security practitioners must be able to build cost-effective security programs while also complying with government regulations. Information Security Governance Simplified: From the Boardroom to the Keyboard lays out these regulations in simple terms and explains how to use control frameworks to build an air-tight information security (IS) program and governance structure. Defining the leadership skills required by IS officers, the book examines the pros and cons of different reporting structures and highlights the various control frameworks available. It details the functions of the security d

  13. Towards Information Security Metrics Framework for Cloud Computing

    OpenAIRE

    Muhammad Imran Tariq

    2012-01-01

    Cloud computing has recently emerged as new computing paradigm which basically aims to provide customized, reliable, dynamic services over the internet.  Cost and security are influential issues to deploy cloud computing in large enterprise.  Privacy and security are very important issues in terms of user trust and legal compliance. Information Security (IS) metrics are best tool used to measure the efficiency, performance, effectiveness and impact of the security constraints. It is very hard...

  14. Promoting Economic Security through Information Technology ...

    African Journals Online (AJOL)

    The problem of economic insecurity is a global threat to national security. In Nigeria today, we have witness a lot of national security issues that risks the continued existence of the country as one indivisible political entity with many calling for disintegration. Hitherto, many terrorist networks have sprang up in many parts of ...

  15. Secure Broadcasting with Uncertain Channel State Information

    KAUST Repository

    Hyadi, Amal

    2016-01-06

    We investigate the problem of secure broadcasting over fast fading channels with imperfect main channel state information (CSI) at the transmitter. In particular, we analyze the effect of the noisy estimation of the main CSI on the throughput of a broadcast channel where the transmission is intended for multiple legitimate receivers in the presence of an eavesdropper. Besides, we consider the realistic case where the transmitter is only aware of the statistics of the eavesdropper s CSI and not of its channel s realizations. First, we discuss the common message transmission case where the source broadcasts the same information to all the receivers, and we provide an upper and a lower bounds on the ergodic secrecy capacity. For this case, we show that the secrecy rate is limited by the legitimate receiver having, on average, the worst main channel link and we prove that a non-zero secrecy rate can still be achieved even when the CSI at the transmitter is noisy. Then, we look at the independent messages case where the transmitter broadcasts multiple messages to the receivers, and each intended user is interested in an independent message. For this case, we present an expression for the achievable secrecy sum-rate and an upper bound on the secrecy sum-capacity and we show that, in the limit of large number of legitimate receivers K, our achievable secrecy sum-rate follows the scaling law log((1-a ) log(K)), where is the estimation error variance of the main CSI. The special cases of high SNR, perfect and no-main CSI are also analyzed. Analytical derivations and numerical results are presented to illustrate the obtained expressions for the case of independent and identically distributed Rayleigh fading channels.

  16. Secure Broadcasting with Uncertain Channel State Information

    KAUST Repository

    Hyadi, Amal

    2017-03-13

    We investigate the problem of secure broadcasting over fast fading channels with imperfect main channel state information (CSI) at the transmitter. In particular, we analyze the effect of the noisy estimation of the main CSI on the throughput of a broadcast channel where the transmission is intended for multiple legitimate receivers in the presence of an eavesdropper. Besides, we consider the realistic case where the transmitter is only aware of the statistics of the eavesdropper\\'s CSI and not of its channel\\'s realizations. First, we discuss the common message transmission case where the source broadcasts the same information to all the receivers, and we provide an upper and a lower bounds on the ergodic secrecy capacity. For this case, we show that the secrecy rate is limited by the legitimate receiver having, on average, the worst main channel link and we prove that a non-zero secrecy rate can still be achieved even when the CSI at the transmitter is noisy. Then, we look at the independent messages case where the transmitter broadcasts multiple messages to the receivers, and each intended user is interested in an independent message. For this case, we present an expression for the achievable secrecy sum-rate and an upper bound on the secrecy sum-capacity and we show that, in the limit of large number of legitimate receivers K, our achievable secrecy sum-rate follows the scaling law log((1-a ) log(K)), where is the estimation error variance of the main CSI. The special cases of high SNR, perfect and no-main CSI are also analyzed. Analytical derivations and numerical results are presented to illustrate the obtained expressions for the case of independent and identically distributed Rayleigh fading channels.

  17. Organisational Information Security Strategy: Review, Discussion and Future Research

    Directory of Open Access Journals (Sweden)

    Craig A. Horne

    2017-05-01

    Full Text Available Dependence on information, including for some of the world’s largest organisations such as governments and multi-national corporations, has grown rapidly in recent years. However, reports of information security breaches and their associated consequences indicate that attacks are escalating on organisations conducting these information-based activities. Organisations need to formulate strategy to secure their information, however gaps exist in knowledge. Through a thematic review of academic security literature, (1 we analyse the antecedent conditions that motivate the adoption of a comprehensive information security strategy, (2 the conceptual elements of strategy and (3 the benefits that are enjoyed post-adoption. Our contributions include a definition of information security strategy that moves from an internally-focussed protection of information towards a strategic view that considers the organisation, its resources and capabilities, and its external environment. Our findings are then used to suggest future research directions.

  18. Using Financial Instruments to Transfer the Information Security Risks

    Directory of Open Access Journals (Sweden)

    Pankaj Pandey

    2016-05-01

    Full Text Available For many individuals and organizations, cyber-insurance is the most practical and only way of handling a major financial impact of an information security event. However, the cyber-insurance market suffers from the problem of information asymmetry, lack of product diversity, illiquidity, high transaction cost, and so on. On the other hand, in theory, capital market-based financial instruments can provide a risk transfer mechanism with the ability to absorb the adverse impact of an information security event. Thus, this article addresses the limitations in the cyber-(reinsurance markets with a set of capital market-based financial instruments. This article presents a set of information security derivatives, namely options, vanilla options, swap, and futures that can be traded at an information security prediction market. Furthermore, this article demonstrates the usefulness of information security derivatives in a given scenario and presents an evaluation of the same in comparison with cyber-insurance. In our analysis, we found that the information security derivatives can at least be a partial solution to the problems in the cyber-insurance markets. The information security derivatives can be used as an effective tool for information elicitation and aggregation, cyber risk pricing, risk hedging, and strategic decision making for information security risk management.

  19. Risk-informed, performance-based safety-security interface

    International Nuclear Information System (INIS)

    Mrowca, B.; Eltawila, F.

    2012-01-01

    Safety-security interface is a term that is used as part of the commercial nuclear power security framework to promote coordination of the many potentially adverse interactions between plant security and plant safety. Its object is to prevent the compromise of either. It is also used to describe the concept of building security into a plant's design similar to the long standing practices used for safety therefore reducing the complexity of the operational security while maintaining or enhancing overall security. With this in mind, the concept of safety-security interface, when fully implemented, can influence a plant's design, operation and maintenance. It brings the approach use for plant security to one that is similar to that used for safety. Also, as with safety, the application of risk-informed techniques to fully implement and integrate safety and security is important. Just as designers and operators have applied these techniques to enhance and focus safety, these same techniques can be applied to security to not only enhance and focus the security but also to aid in the implementation of effective techniques to address the safety-security interfaces. Implementing this safety-security concept early within the design process can prevent or reduce security vulnerabilities through low cost solutions that often become difficult and expensive to retrofit later in the design and/or post construction period. These security considerations address many of the same issues as safety in ensuring that the response of equipment and plant personnel are adequate. That is, both safety and security are focused on reaching safe shutdown and preventing radiological release. However, the initiation of challenges and the progression of actions in response these challenges and even the definitions of safe shutdown can be considerably different. This paper explores the techniques and limitations that are employed to fully implement a risk-informed, safety-security interface

  20. Analysing Information Systems Security In Higher Learning Institutions Of Uganda

    OpenAIRE

    Mugyenyi Raymond

    2017-01-01

    Information communication technology has increased globalisation in higher learning institution all over the world. This has been achieved through introduction of systems that ease operations related to information handling in the institutions. The paper assessed and analysed the information systems security performance status in higher learning institutions of Uganda. The existing policies that govern the information security have also been analysed together with the current status of inform...

  1. Information Security for Compliance with Select Agent Regulations

    Science.gov (United States)

    Lewis, Nick; Campbell, Mark J.

    2015-01-01

    The past decade has seen a significant rise in research on high-consequence human and animal pathogens, many now known as “select agents.” While physical security around these agents is tightly regulated, information security standards are still lagging. The understanding of the threats unique to the academic and research environment is still evolving, in part due to poor communication between the various stakeholders. Perhaps as a result, information security guidelines published by select agent regulators lack the critical details and directives needed to achieve even the lowest security level of the Federal Information Security Management Act (FISMA). While only government agencies are currently required to abide by the provisions of FISMA (unless specified as preconditions for obtaining government grants or contracts—still a relatively rare or narrowly scoped occurrence), the same strategies were recently recommended by executive order for others. We propose that information security guidelines for select agent research be updated to promulgate and detail FISMA standards and processes and that the latter be ultimately incorporated into select agent regulations. We also suggest that information security in academic and research institutions would greatly benefit from active efforts to improve communication among the biosecurity, security, and information technology communities, and from a secure venue for exchange of timely information on emerging threats and solutions in the research environment. PMID:26042864

  2. Information security for compliance with select agent regulations.

    Science.gov (United States)

    Lewis, Nick; Campbell, Mark J; Baskin, Carole R

    2015-01-01

    The past decade has seen a significant rise in research on high-consequence human and animal pathogens, many now known as "select agents." While physical security around these agents is tightly regulated, information security standards are still lagging. The understanding of the threats unique to the academic and research environment is still evolving, in part due to poor communication between the various stakeholders. Perhaps as a result, information security guidelines published by select agent regulators lack the critical details and directives needed to achieve even the lowest security level of the Federal Information Security Management Act (FISMA). While only government agencies are currently required to abide by the provisions of FISMA (unless specified as preconditions for obtaining government grants or contracts--still a relatively rare or narrowly scoped occurrence), the same strategies were recently recommended by executive order for others. We propose that information security guidelines for select agent research be updated to promulgate and detail FISMA standards and processes and that the latter be ultimately incorporated into select agent regulations. We also suggest that information security in academic and research institutions would greatly benefit from active efforts to improve communication among the biosecurity, security, and information technology communities, and from a secure venue for exchange of timely information on emerging threats and solutions in the research environment.

  3. Socio-technical barriers to the use of energy-efficient timber drying technology in New Zealand

    International Nuclear Information System (INIS)

    Bell, Martha; Carrington, Gerry; Lawson, Rob; Stephenson, Janet

    2014-01-01

    This study of industrial energy behaviours identifies barriers to the use of energy-efficient drying technology in the New Zealand timber industry, and explores these barriers through the “energy cultures” lens. Vented kiln dryers were preferred by larger firms and heat pump kiln dryers were used by smaller firms. Although few firms could specify all their costs, we found no significant differences in the average operating costs, drying costs or commercial success of the larger and smaller firms. We found that socio-technical barriers create “energy cultures” at the level of both the firm and the sector, supporting the dominance of vented kiln dryers. The prevailing technologies, practices and norms at the sector level strongly support vented kilns, the status quo being embedded in the socio-technical context, hindering technological learning, improved energy efficiency and innovation. Influential stakeholders in the industry were thus part of, and locked into, the industry-wide energy culture, and were not in a position to effect change. We conclude that actors external to the prevailing industry energy culture need to leverage change in the industry norms, practices and/or technologies in order to reap the advantages of energy-efficient drying technology, assist its continued evolution and avoid the risks of path-dependency. - Highlights: • Firms processing timber in New Zealand use two main drying technologies. • Relatively inefficient vented dryers dominate over energy-efficient heat pumps. • Operating costs are similar but the socio-technical regime supports vented dryers. • Stasis is created by fixed energy cultures both within firms and across the sector. • Stasis hampers technical development in heat pump drying and business innovation

  4. Research on information security in big data era

    Science.gov (United States)

    Zhou, Linqi; Gu, Weihong; Huang, Cheng; Huang, Aijun; Bai, Yongbin

    2018-05-01

    Big data is becoming another hotspot in the field of information technology after the cloud computing and the Internet of Things. However, the existing information security methods can no longer meet the information security requirements in the era of big data. This paper analyzes the challenges and a cause of data security brought by big data, discusses the development trend of network attacks under the background of big data, and puts forward my own opinions on the development of security defense in technology, strategy and product.

  5. Information Governance: A Model for Security in Medical Practice

    Directory of Open Access Journals (Sweden)

    Patricia A.H. Williams

    2007-03-01

    Full Text Available Information governance is becoming an important aspect of organisational accountability. In consideration that information is an integral asset of most organisations, the protection of this asset will increasingly rely on organisational capabilities in security.  In the medical arena this information is primarily sensitive patient-based information. Previous research has shown that application of security measures is a low priority for primary care medical practice and that awareness of the risks are seriously underestimated. Consequently, information security governance will be a key issue for medical practice in the future. Information security governance is a relatively new term and there is little existing research into how to meet governance requirements. The limited research that exists describes information security governance frameworks at a strategic level. However, since medical practice is already lagging in the implementation of appropriate security, such definition may not be practical although it is obviously desirable. This paper describes an on-going action research project undertaken in the area of medical information security, and presents a tactical approach model aimed at addressing information security governance and the protection of medical data. 

  6. Information security requirements in patient-centred healthcare support systems.

    Science.gov (United States)

    Alsalamah, Shada; Gray, W Alex; Hilton, Jeremy; Alsalamah, Hessah

    2013-01-01

    Enabling Patient-Centred (PC) care in modern healthcare requires the flow of medical information with the patient between different healthcare providers as they follow the patient's treatment plan. However, PC care threatens the stability of the balance of information security in the support systems since legacy systems fall short of attaining a security balance when sharing their information due to compromises made between its availability, integrity, and confidentiality. Results show that the main reason for this is that information security implementation in discrete legacy systems focused mainly on information confidentiality and integrity leaving availability a challenge in collaboration. Through an empirical study using domain analysis, observations, and interviews, this paper identifies a need for six information security requirements in legacy systems to cope with this situation in order to attain the security balance in systems supporting PC care implementation in modern healthcare.

  7. Graphs for information security control in software defined networks

    Science.gov (United States)

    Grusho, Alexander A.; Abaev, Pavel O.; Shorgin, Sergey Ya.; Timonina, Elena E.

    2017-07-01

    Information security control in software defined networks (SDN) is connected with execution of the security policy rules regulating information accesses and protection against distribution of the malicious code and harmful influences. The paper offers a representation of a security policy in the form of hierarchical structure which in case of distribution of resources for the solution of tasks defines graphs of admissible interactions in a networks. These graphs define commutation tables of switches via the SDN controller.

  8. Information Security in Small and Medium-Sized Companies

    OpenAIRE

    David Kral

    2011-01-01

    Information security doesn’t involve only large organizations. Small and medium-sized companies must closely examine this issue too, because they are increasingly threatened by cyber attacks. Many of them mistakenly believe, that security of their valuable data is sufficient, or that the attackers are not interested in them. Existing standards and methodologies for implementation and management of information security are often hard to transfer to the environment of small and medium-sized bus...

  9. Integrating Programming Language and Operating System Information Security Mechanisms

    Science.gov (United States)

    2016-08-31

    suggestions for reducing the burden, to the Department of Defense, Executive Service Directorate (0704-0188). Respondents should be aware that...improve the precision of security enforcement, and to provide greater assurance of information security. This grant focuses on two key projects: language...based control of authority; and formal guarantees for the correctness of audit information. 15. SUBJECT TERMS 16. SECURITY CLASSIFICATION OF: 17

  10. THE MODEL FOR RISK ASSESSMENT ERP-SYSTEMS INFORMATION SECURITY

    Directory of Open Access Journals (Sweden)

    V. S. Oladko

    2016-12-01

    Full Text Available The article deals with the problem assessment of information security risks in the ERP-system. ERP-system functions and architecture are studied. The model malicious impacts on levels of ERP-system architecture are composed. Model-based risk assessment, which is the quantitative and qualitative approach to risk assessment, built on the partial unification 3 methods for studying the risks of information security - security models with full overlapping technique CRAMM and FRAP techniques developed.

  11. Information Security System and Development of a Modern Organization

    OpenAIRE

    Wawak, Slawomir

    2009-01-01

    Information security management systems are increasingly applied in a number of sectors of the new, global, interconnected economy. They are used by production and service companies, businesses that provide information technology and telecom services, state administration authorities and local governments. Specifically, they are used in case of crime groups or as a means of securing illegal transactions.

  12. Security information and event management systems: benefits and inefficiencies

    OpenAIRE

    Κάτσαρης, Δημήτριος Σ.

    2014-01-01

    In this Master’s thesis, the new trend in computer and information security industry called Security Information and Event Management systems will be covered. The evolution, advantages and weaknesses of these systems will be described, as well as a home-based implementation with open source tools will be proposed and implemented.

  13. An introduction to information security and ISO27001:2013

    CERN Document Server

    Watkins, Steve

    2013-01-01

    Up to date with the latest version of the Standard (ISO27001:2013), An Introduction to information security and ISO27001:2013 is the perfect solution for anyone wanting an accurate, fast, easy-to-read primer on information security from an acknowledged expert on ISO27001.

  14. An Overview of Economic Approaches to Information Security Management

    NARCIS (Netherlands)

    Su, X.

    The increasing concerns of clients, particularly in online commerce, plus the impact of legislations on information security have compelled companies to put more resources in information security. As a result, senior managers in many organizations are now expressing a much greater interest in

  15. Obstacle of Team Teaching and Collaborative Learning in Information Security

    Directory of Open Access Journals (Sweden)

    Marn-Ling Shing

    2007-10-01

    Full Text Available The field of information security includes diverse contents such as network security and computer forensics which are highly technical-oriented topics. In addition, information forensic requires the background of criminology. The information security also includes non-technical content such as information ethics and security laws. Because the diverse nature of information security, Shing et al. has proposed the use of team teaching and collaborative learning for the information security classes. Although team teaching seems to be efficient in information security, practically it needs a few challenges. The Purdue's case mentioned in Shing's paper has funding support of National Security Agency (NSA. However, a vast amount of resources may not be available for an instructor in a normal university. In addition, many obstacles are related to the administration problems. For example, how are the teaching evaluations computed if there are multiple instructors for a single course? How will instructors in a computer forensics class prepare students (criminal justice majors and information technology majors before taking the same class with diverse background? The paper surveyed approximately 25 students in a university in Virginia concerning the satisfaction of team-teaching. Finally, this paper describes ways to meet those challenges.

  16. A Framework for the Governance of Information Security

    Science.gov (United States)

    Edwards, Charles K.

    2013-01-01

    Information security is a complex issue, which is very critical for success of modern businesses. It can be implemented with the help of well-tested global standards and best practices. However, it has been studied that the human aspects of information security compliance pose significant challenge to its practitioners. There has been significant…

  17. IAEA Nuclear Security Programme: The role of information

    International Nuclear Information System (INIS)

    2010-01-01

    Discusses collecting and collating information on needs integrated in Nuclear Security Support Plans and analyzing data on illicit trafficking and nuclear security incidents. Coordination with donor States and international organizations on Illicit trafficking Database reports and other related information provided by states.

  18. An Agile Enterprise Regulation Architecture for Health Information Security Management

    Science.gov (United States)

    Chen, Ying-Pei; Hsieh, Sung-Huai; Chien, Tsan-Nan; Chen, Heng-Shuen; Luh, Jer-Junn; Lai, Jin-Shin; Lai, Feipei; Chen, Sao-Jie

    2010-01-01

    Abstract Information security management for healthcare enterprises is complex as well as mission critical. Information technology requests from clinical users are of such urgency that the information office should do its best to achieve as many user requests as possible at a high service level using swift security policies. This research proposes the Agile Enterprise Regulation Architecture (AERA) of information security management for healthcare enterprises to implement as part of the electronic health record process. Survey outcomes and evidential experiences from a sample of medical center users proved that AERA encourages the information officials and enterprise administrators to overcome the challenges faced within an electronically equipped hospital. PMID:20815748

  19. An agile enterprise regulation architecture for health information security management.

    Science.gov (United States)

    Chen, Ying-Pei; Hsieh, Sung-Huai; Cheng, Po-Hsun; Chien, Tsan-Nan; Chen, Heng-Shuen; Luh, Jer-Junn; Lai, Jin-Shin; Lai, Feipei; Chen, Sao-Jie

    2010-09-01

    Information security management for healthcare enterprises is complex as well as mission critical. Information technology requests from clinical users are of such urgency that the information office should do its best to achieve as many user requests as possible at a high service level using swift security policies. This research proposes the Agile Enterprise Regulation Architecture (AERA) of information security management for healthcare enterprises to implement as part of the electronic health record process. Survey outcomes and evidential experiences from a sample of medical center users proved that AERA encourages the information officials and enterprise administrators to overcome the challenges faced within an electronically equipped hospital.

  20. Process Control Security in the Cybercrime Information Exchange NICC

    NARCIS (Netherlands)

    Luiijf, H.A.M.

    2009-01-01

    Detecting, investigating and prosecuting cybercrime? Extremely important, but not really the solution for the problem. Prevention is better! The sectors that have joined the Cybercrime Information Exchange have accepted the challenge of ensuring the effectiveness of the (information) security of

  1. Multidisciplinary Approach in Teaching Foreign Languages to Information Security Professionals

    Directory of Open Access Journals (Sweden)

    N. M. Nikiforova

    2012-12-01

    Full Text Available The program of teaching foreign languages to information security professionals is aimed at unifying linguistic, extra linguistic and professional information distributed in the contents of the course.

  2. Information security as a countermeasure against cheating in video games

    OpenAIRE

    Mikkelsen, Kevin Kjelgren

    2017-01-01

    Most cheating in video games is possible due to information being accessible outside the intended frames of the game developer. The issue of protecting sensitive information have been handled in many areas outside of video games for a long time now. The goal of this paper is to review these information security solutions that are in use in more security concerned areas today and to potentially find transferable approaches that can help protect important and sensitive information in video game...

  3. SecurityCom: A Multi-Player Game for Researching and Teaching Information Security Teams

    Directory of Open Access Journals (Sweden)

    Douglas P. Twitchell

    2007-12-01

    Full Text Available A major portion of government and business organizations’ attempts to counteract information security threats is teams of security personnel.  These teams often consist of personnel of diverse backgrounds in specific specialties such as network administration, application development, and business administration, resulting in possible conflicts between security, functionality, and availability.  This paper discusses the use of games to teach and research information security teams and outlines research to design and build a simple, team-oriented, configurable, information security game. It will be used to study how information security teams work together to defend against attacks using a multi-player game, and to study the use of games in training security teams.  Studying how information security teams work, especially considering the topic of shared-situational awareness, could lead to better ways of forming, managing, and training teams.  Studying the effectiveness of the game as a training tool could lead to better training for security teams. 

  4. Qualitative Characterization of the Facebook Information Security Strategies

    Directory of Open Access Journals (Sweden)

    LOPES, S. F.

    2015-12-01

    Full Text Available Hyperconnectivity due to online social networks exposed security issues on data stored in these systems. This article presents an analysis on how online social networks designers have been communicating information security aspects through these systems’ interfaces. This analysis was made using the Semiotic Inspection Method on Facebook since it is largely used in Brazil and all over the world. Results showed that there is major concern with security information properties. Nevertheless it was possible to identify interface problems that could compromise use and understanding of such security properties

  5. Information-Pooling Bias in Collaborative Security Incident Correlation Analysis.

    Science.gov (United States)

    Rajivan, Prashanth; Cooke, Nancy J

    2018-03-01

    Incident correlation is a vital step in the cybersecurity threat detection process. This article presents research on the effect of group-level information-pooling bias on collaborative incident correlation analysis in a synthetic task environment. Past research has shown that uneven information distribution biases people to share information that is known to most team members and prevents them from sharing any unique information available with them. The effect of such biases on security team collaborations are largely unknown. Thirty 3-person teams performed two threat detection missions involving information sharing and correlating security incidents. Incidents were predistributed to each person in the team based on the hidden profile paradigm. Participant teams, randomly assigned to three experimental groups, used different collaboration aids during Mission 2. Communication analysis revealed that participant teams were 3 times more likely to discuss security incidents commonly known to the majority. Unaided team collaboration was inefficient in finding associations between security incidents uniquely available to each member of the team. Visualizations that augment perceptual processing and recognition memory were found to mitigate the bias. The data suggest that (a) security analyst teams, when conducting collaborative correlation analysis, could be inefficient in pooling unique information from their peers; (b) employing off-the-shelf collaboration tools in cybersecurity defense environments is inadequate; and (c) collaborative security visualization tools developed considering the human cognitive limitations of security analysts is necessary. Potential applications of this research include development of team training procedures and collaboration tool development for security analysts.

  6. BizWatts: A modular socio-technical energy management system for empowering commercial building occupants to conserve energy

    International Nuclear Information System (INIS)

    Gulbinas, R.; Jain, R.K.; Taylor, J.E.

    2014-01-01

    Highlights: • We developed a socio-technical commercial building energy management system. • It was designed for directly engaging and connecting building occupants via feedback. • We collected an array of clickstream data for internal design validation. • A pilot study validated its ability to drive energy savings in commercial buildings. - Abstract: Commercial buildings represent a significant portion of energy consumption and environmental emissions worldwide. To help mitigate the environmental impact of building operations, building energy management systems and behavior-based campaigns designed to reduce energy consumption are becoming increasingly popular. In this paper, we describe the development of a modular socio-technical energy management system, BizWatts, which combines the two approaches by providing real-time, appliance-level power management and socially contextualized energy consumption feedback. We describe in detail the physical and virtual architecture of the system, which simultaneously engages building occupants and facility managers, as well as the main principles behind the interface design and component functionalities. A discussion about how the data collection capabilities of the system enable insightful commercial building energy efficiency studies and quantitative network analysis is also included. We conclude by commenting on the validation of the system, identifying current system limitations and introducing new research avenues that the development and deployment of BizWatts enables

  7. Hybrid causal methodology and software platform for probabilistic risk assessment and safety monitoring of socio-technical systems

    International Nuclear Information System (INIS)

    Groth, Katrina; Wang Chengdong; Mosleh, Ali

    2010-01-01

    This paper introduces an integrated framework and software platform for probabilistic risk assessment (PRA) and safety monitoring of complex socio-technical systems. An overview of the three-layer hybrid causal logic (HCL) modeling approach and corresponding algorithms, implemented in the Trilith software platform, are provided. The HCL approach enhances typical PRA methods by quantitatively including the influence of soft causal factors introduced by human and organizational aspects of a system. The framework allows different modeling techniques to be used for different aspects of the socio-technical system. The HCL approach combines the power of traditional event sequence diagram (ESD)event tree (ET) and fault tree (FT) techniques for modeling deterministic causal paths, with the flexibility of Bayesian belief networks for modeling non-deterministic cause-effect relationships among system elements (suitable for modeling human and organizational influences). Trilith enables analysts to construct HCL models and perform quantitative risk assessment and management of complex systems. The risk management capabilities included are HCL-based risk importance measures, hazard identification and ranking, precursor analysis, safety indicator monitoring, and root cause analysis. This paper describes the capabilities of the Trilith platform and power of the HCL algorithm by use of example risk models for a type of aviation accident (aircraft taking off from the wrong runway).

  8. Hybrid causal methodology and software platform for probabilistic risk assessment and safety monitoring of socio-technical systems

    Energy Technology Data Exchange (ETDEWEB)

    Groth, Katrina, E-mail: kgroth@umd.ed [Center for Risk and Reliability, 0151 Glenn L. Martin Hall, University of Maryland, College Park, MD 20742 (United States); Wang Chengdong; Mosleh, Ali [Center for Risk and Reliability, 0151 Glenn L. Martin Hall, University of Maryland, College Park, MD 20742 (United States)

    2010-12-15

    This paper introduces an integrated framework and software platform for probabilistic risk assessment (PRA) and safety monitoring of complex socio-technical systems. An overview of the three-layer hybrid causal logic (HCL) modeling approach and corresponding algorithms, implemented in the Trilith software platform, are provided. The HCL approach enhances typical PRA methods by quantitatively including the influence of soft causal factors introduced by human and organizational aspects of a system. The framework allows different modeling techniques to be used for different aspects of the socio-technical system. The HCL approach combines the power of traditional event sequence diagram (ESD)event tree (ET) and fault tree (FT) techniques for modeling deterministic causal paths, with the flexibility of Bayesian belief networks for modeling non-deterministic cause-effect relationships among system elements (suitable for modeling human and organizational influences). Trilith enables analysts to construct HCL models and perform quantitative risk assessment and management of complex systems. The risk management capabilities included are HCL-based risk importance measures, hazard identification and ranking, precursor analysis, safety indicator monitoring, and root cause analysis. This paper describes the capabilities of the Trilith platform and power of the HCL algorithm by use of example risk models for a type of aviation accident (aircraft taking off from the wrong runway).

  9. What hinder the further development of wind power in China?—A socio-technical barrier study

    International Nuclear Information System (INIS)

    Zhao, Zhen-Yu; Chang, Rui-Dong; Chen, Yu-Long

    2016-01-01

    Promoting wind power is a long-term strategy of China to respond to both energy shortage and environmental pollution. Stimulated by various incentive policies, wind power generation in China has achieved tremendous growth, with the cumulative installed capacity being the largest worldwide for five consecutive years since 2010. However, obstructed by various barriers, wind power provides only 2.6% of national electricity generation in China, despite the strong support from the government. From a socio-technical transition perspective, this paper aims to systematically analyze the barriers hindering the further development of China's wind power. A wind power niche model is established to illustrate the complex interactions among actors in the wind power industry and electricity supply regime. Then, qualitative content analysis is adopted to process the related evidence and data, and four categories of socio-technical barriers are identified, including technology, governance, infrastructure and culture barriers. The study shows that various interrelated barriers form a blocking mechanism which prohibits the further development of wind power in China. Policy suggestions are proposed to eliminate the barriers and further empower the wind power niche. The lesson learned from China can offer useful references for other economies to promote wind power industries of their own. - Highlights: • Use wind power niche model to illustrate the interactions among actors in the industry. • Analyze technological, governance, infrastructural and cultural barriers. • Multidimensionality and interconnectedness of the barriers are illustrated. • Policy suggestions are proposed to deal with the wind power development barriers.

  10. Overcoming the socio-technical divide: A long-term source of hope in feminist studies of computer science

    Directory of Open Access Journals (Sweden)

    Corinna Bath

    2008-07-01

    Full Text Available The dichotomy of the technical and the social is strongly gendered in western thought. Therefore, potential dissolutions of the socio-technical divide have always been a source of hope from a feminist point of view. The starting point of this contribution are recent trends in the computer science discipline, such as the new interaction paradigm and the concept of ‘social machines’, which seem to challenge the borderline of the technical as opposed to the social and, thereby, refresh promises for changes in the gender-technology relationship. The paper primarily explores the entanglement between the socio-technical divide and the structural-symbolic gender order on the basis of historical academic discourses in German computer science. Thereby, traditions of critical thinking in the German computer science discipline and related feminist voices are introduced. A reflection of these historical discourses indicates that ‘interaction’ and ‘social machines’ are contested zones, which call for feminist intervention.

  11. The information systems security officer's guide establishing and managing an information protection program

    CERN Document Server

    Kovacich, Gerald L

    2003-01-01

    Information systems security continues to grow and change based on new technology and Internet usage trends. In order to protect your organization's confidential information, you need information on the latest trends and practical advice from an authority you can trust. The new ISSO Guide is just what you need. Information Systems Security Officer's Guide, Second Edition, from Gerald Kovacich has been updated with the latest information and guidance for information security officers. It includes more information on global changes and threats, managing an international information secur

  12. Remote monitoring, data sharing, and information security

    International Nuclear Information System (INIS)

    Parise, D.; Dalton, C.; Regula, J.

    2009-01-01

    Full-text: Remote Monitoring (RM) is being used with increased frequency by the IAEA for safeguards in many parts of the world. This is especially true in Japan where there are also agreements for data sharing. The automated nature of RM lends itself to assist in modernizing old cumbersome data sharing techniques. For example, electronic declarations can be received, parsed and checked; then data for that time period and facility can be automatically released. This could save considerable time and effort now spent processing paper declarations and hand copying data. But care must be taken to ensure the parsing, transfers, and connections for these systems are secure. Advanced authentication and encryption techniques are still vital in this process. This paper will describe how to improve security with vulnerability assessments, the use of certificates, avoiding compromising dial-up connections and other methods. A detailed network layout will be presented that will resemble a future RM collaboration with the IAEA and the Japanese. From this network design, key strategic security points will be identified and suggestions will be made to help secure them. (author)

  13. Organizational Characteristics Influencing SME Information Security Maturity

    NARCIS (Netherlands)

    Mijnhardt, F.; Baars, T.; Spruit, M.

    2016-01-01

    In the current business environment, many organizations use popular standards such as the ISO 27000x series, COBIT and related frameworks to protect themselves against security incidents. However, these standards and frameworks are overly complicated for Small to Medium sized Enterprises, leaving

  14. Promoting Economic Security through Information Technology Abstract

    African Journals Online (AJOL)

    PROF. O. E. OSUAGWU

    2013-12-01

    Dec 1, 2013 ... The problem of economic insecurity is a global threat to national security. ... of the country as one indivisible political entity with many calling for disintegration. ..... The integration of ICT in agriculture can .... Table 4.2.7 Respondents by IT on Business propriety and trade .... of production, distribution and.

  15. Engineering Information Security The Application of Systems Engineering Concepts to Achieve Information Assurance

    CERN Document Server

    Jacobs, Stuart

    2011-01-01

    Information security is the act of protecting information from unauthorized access, use, disclosure, disruption, modification, or destruction. This book discusses why information security is needed and how security problems can have widespread impacts. It covers the complete security lifecycle of products and services, starting with requirements and policy development and progressing through development, deployment, and operations, and concluding with decommissioning. Professionals in the sciences, engineering, and communications fields will turn to this resource to understand the many legal,

  16. Formal Analysis of Graphical Security Models

    DEFF Research Database (Denmark)

    Aslanyan, Zaruhi

    , software components and human actors interacting with each other to form so-called socio-technical systems. The importance of socio-technical systems to modern societies requires verifying their security properties formally, while their inherent complexity makes manual analyses impracticable. Graphical...... models for security offer an unrivalled opportunity to describe socio-technical systems, for they allow to represent different aspects like human behaviour, computation and physical phenomena in an abstract yet uniform manner. Moreover, these models can be assigned a formal semantics, thereby allowing...... formal verification of their properties. Finally, their appealing graphical notations enable to communicate security concerns in an understandable way also to non-experts, often in charge of the decision making. This dissertation argues that automated techniques can be developed on graphical security...

  17. Research on information security system of waste terminal disposal process

    Science.gov (United States)

    Zhou, Chao; Wang, Ziying; Guo, Jing; Guo, Yajuan; Huang, Wei

    2017-05-01

    Informatization has penetrated the whole process of production and operation of electric power enterprises. It not only improves the level of lean management and quality service, but also faces severe security risks. The internal network terminal is the outermost layer and the most vulnerable node of the inner network boundary. It has the characteristics of wide distribution, long depth and large quantity. The user and operation and maintenance personnel technical level and security awareness is uneven, which led to the internal network terminal is the weakest link in information security. Through the implementation of security of management, technology and physics, we should establish an internal network terminal security protection system, so as to fully protect the internal network terminal information security.

  18. Content Sharing Based on Personal Information in Virtually Secured Space

    Science.gov (United States)

    Sohn, Hosik; Ro, Yong Man; Plataniotis, Kostantinos N.

    User generated contents (UGC) are shared in an open space like social media where users can upload and consume contents freely. Since the access of contents is not restricted, the contents could be delivered to unwanted users or misused sometimes. In this paper, we propose a method for sharing UGCs securely based on the personal information of users. With the proposed method, virtual secure space is created for contents delivery. The virtual secure space allows UGC creator to deliver contents to users who have similar personal information and they can consume the contents without any leakage of personal information. In order to verify the usefulness of the proposed method, the experiment was performed where the content was encrypted with personal information of creator, and users with similar personal information have decrypted and consumed the contents. The results showed that UGCs were securely shared among users who have similar personal information.

  19. Evaluating Safety Culture Under the Socio-Technical Complex Systems Perspective

    International Nuclear Information System (INIS)

    Lemos, F. L. de

    2016-01-01

    itself as a quality of a social system, the proposed approach integrates the safety culture traits into the control structure of a broader system, the socio-technical complex system. A practical example, based on the Davis-Besse Nuclear Power Plant head degradation event, is presented. (author)

  20. Emerging Trends in Development of International Information Security Regime

    Directory of Open Access Journals (Sweden)

    Elena S. Zinovieva

    2016-01-01

    Full Text Available The article discusses the key trends shaping the international regime on information security. International cooperation in this area at the global level encounters contradictions of state interest. The main actors of the information security are the United States, Russia, China and the EU countries (Britain, France and Germany. The main contradiction is developing between the US on one side and Russia and China on the other. EU countries occupy the middle position, gravitating to that of US. The article proves that international cooperation on information security will reflect the overall logic of the development of international cooperation, which is characterized by a new model of cooperation, with the participation of state and non-state actors, known as multi-stakeholder partnerships and multi-level cooperation. The logic of the formation of an international regime on information security is closest to the logic of the formation of the international non-proliferation regime. It is in the interest of Russia to support the trend towards regionalization of information security regime. Russia can form a regional information security regime in the former Soviet Union on the basis of the CSTO and SCO and potentially on a wider Eurasian space. Such regional regime would give Russia an opportunity to shape the international regime and closely monitor emerging information security issues in the former Soviet Union, and remove the potential threat of "color revolutions".

  1. Process Control Security in the Cybercrime Information Exchange NICC

    OpenAIRE

    Luiijf, H.A.M.

    2009-01-01

    Detecting, investigating and prosecuting cybercrime? Extremely important, but not really the solution for the problem. Prevention is better! The sectors that have joined the Cybercrime Information Exchange have accepted the challenge of ensuring the effectiveness of the (information) security of process control systems (PCS), including SCADA. This publication makes it clear why it is vital that organizations establish and maintain control over the security of the information and communication...

  2. Securing information display by use of visual cryptography.

    Science.gov (United States)

    Yamamoto, Hirotsugu; Hayasaki, Yoshio; Nishida, Nobuo

    2003-09-01

    We propose a secure display technique based on visual cryptography. The proposed technique ensures the security of visual information. The display employs a decoding mask based on visual cryptography. Without the decoding mask, the displayed information cannot be viewed. The viewing zone is limited by the decoding mask so that only one person can view the information. We have developed a set of encryption codes to maintain the designed viewing zone and have demonstrated a display that provides a limited viewing zone.

  3. RISK MANAGEMENT FROM THE INFORMATION SECURITY PERSPECTIVE

    Directory of Open Access Journals (Sweden)

    Riza Ionuț

    2017-11-01

    Full Text Available Risk management has emerged ever since the appearance of human communities and it has developed at a slow rate. Over time, a significant improvement was made, from accepting hazards to the identification, evaluation and control of unwanted events, threat prevention and exploitation of opportunities through scientific risk management actions. The fundamental role of research in cyber security is to concentrate the efforts on those contexts and conditions which determine the way in which key players reach a common understanding of the way to conceive and eventually answer to certain challenges in cyber security. In order to build a clear perception of these effects, this work presents the main elements which define cyber space, to come to the aid of turning the management process into an efficient one, especially when talking about cyber space as a space for conflicts, both economic and political.

  4. 10 CFR 2.905 - Access to restricted data and national security information for parties; security clearances.

    Science.gov (United States)

    2010-01-01

    ... information for parties; security clearances. 2.905 Section 2.905 Energy NUCLEAR REGULATORY COMMISSION RULES... to Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.905 Access to restricted data and national security information for parties; security clearances. (a) Access...

  5. Information security : an investigation into password habits

    OpenAIRE

    Richardson, Darren

    2015-01-01

    This thesis considers password security guidelines used in current environments and stipulates that password requirements force users to create and use passwords which are easy for computers to guess but hard for humans to remember. The thesis begins by exploring a number of the most prevalent methods of illicitly obtaining passwords in an attempt to design an experimental method to test the notion of weak password distribution. Password cracking techniques are discussed, as well as less ...

  6. The Impact of Information Richness on Information Security Awareness Training Effectiveness

    Science.gov (United States)

    Shaw, R. S.; Chen, Charlie C.; Harris, Albert L.; Huang, Hui-Jou

    2009-01-01

    In recent years, rapid progress in the use of the internet has resulted in huge losses in many organizations due to lax security. As a result, information security awareness is becoming an important issue to anyone using the Internet. To reduce losses, organizations have made information security awareness a top priority. The three main barriers…

  7. A model-driven approach to information security compliance

    Science.gov (United States)

    Correia, Anacleto; Gonçalves, António; Teodoro, M. Filomena

    2017-06-01

    The availability, integrity and confidentiality of information are fundamental to the long-term survival of any organization. Information security is a complex issue that must be holistically approached, combining assets that support corporate systems, in an extended network of business partners, vendors, customers and other stakeholders. This paper addresses the conception and implementation of information security systems, conform the ISO/IEC 27000 set of standards, using the model-driven approach. The process begins with the conception of a domain level model (computation independent model) based on information security vocabulary present in the ISO/IEC 27001 standard. Based on this model, after embedding in the model mandatory rules for attaining ISO/IEC 27001 conformance, a platform independent model is derived. Finally, a platform specific model serves the base for testing the compliance of information security systems with the ISO/IEC 27000 set of standards.

  8. The electronic security partnership of safety/security and information systems departments.

    Science.gov (United States)

    Yow, J Art

    2012-01-01

    The ever-changing world of security electronics is reviewed in this article. The author focuses on its usage in a hospital setting and the need for safety/security and information systems departments to work together to protect and get full value from IP systems.

  9. Information Security - A Growing Challenge for Online Business

    OpenAIRE

    Gabriela GHEORGHE; Ioana LUPASC

    2017-01-01

    In present, the cyber attack move to a global scale, also the online business cyber threats have the effect of impeding and even huge losses. Security issues currently facing online commerce, online payment systems require finding solutions to improve the security solutions offered by the providers of Business Information solution.

  10. DST-funded information security centre of competence

    CSIR Research Space (South Africa)

    Taute, B

    2009-06-06

    Full Text Available &D that will lead to commercialisation and transfer of R&D outputs in Information Security. Three Market opportunities exist following this initiative. It relates to innovative products and services that contribute to enhanced National Cyber Security, innovative...

  11. Information Security Issues in Higher Education and Institutional Research

    Science.gov (United States)

    Custer, William L.

    2010-01-01

    Information security threats to educational institutions and their data assets have worsened significantly over the past few years. The rich data stores of institutional research are especially vulnerable, and threats from security breaches represent no small risk. New genres of threat require new kinds of controls if the institution is to prevent…

  12. Information Security - A Growing Challenge for Online Business

    Directory of Open Access Journals (Sweden)

    Gabriela GHEORGHE

    2017-06-01

    Full Text Available In present, the cyber attack move to a global scale, also the online business cyber threats have the effect of impeding and even huge losses. Security issues currently facing online commerce, online payment systems require finding solutions to improve the security solutions offered by the providers of Business Information solution.

  13. An Examination of Issues Surrounding Information Security in California Colleges

    Science.gov (United States)

    Butler, Robert D.

    2013-01-01

    Technological advances have provided increasing opportunities in higher education for delivering instruction and other services. However, exposure to information security attacks has been increasing as more organizations conduct their businesses online. Higher education institutions have one of the highest frequencies of security breaches as…

  14. Parliamentary control of security information agency in terms of security culture: State and problems

    Directory of Open Access Journals (Sweden)

    Radivojević Nenad

    2013-01-01

    Full Text Available Even though security services have the same function as before, today they have different tasks and significantly more work than before. Modern security problems of the late 20th and early 21st century require states to reorganize their security services, adapting them to the new changes. The reorganization involves, among other things, giving wider powers of the security services, in order to effectively counter the growing and sophisticated security threats, which may also lead to violations of human rights and freedoms. It is therefore necessary to define the right competence, organization, authority and control of these services. In democratic countries, there are several institutions with different levels of control of security services. Parliament is certainly one of the most important institutions in that control, both in the world and in our country. Powers, finance, the use of special measures and the nature and scope of work of the Security Information Agency are certainly object of the control of the National Assembly. What seems to be the problem is achieving a balance between the need for control of security services and security services to have effective methods for combating modern security problems. This paper presents the legal framework related to the National Assembly control of the Security Intelligence Agency, as well as the practical problems associated with this type of control. We analyzed the role of security culture as one of the factors of that control. In this regard, it provides guidance for the practical work of the members of parliament who control the Security Intelligence Agency, noting in particular the importance of and the need for continuous improvement of security culture representatives.

  15. 75 FR 49943 - New Agency Information Collection Activity Under OMB Review: Pipeline System Operator Security...

    Science.gov (United States)

    2010-08-16

    ... INFORMATION CONTACT: Joanna Johnson, Office of Information Technology, TSA-11, Transportation Security... Collection Activity Under OMB Review: Pipeline System Operator Security Information AGENCY: Transportation... System Operator Security Information. Type of Request: New collection. OMB Control Number: Not yet...

  16. Report: Information Security Series: Security Practices Comprehensive Environmental Response, Compensation, and Liability Information System

    Science.gov (United States)

    Report #2006-P-00019, March 28, 2006. OSWER’s implemented practices to ensure production servers were being monitored for known vulnerabilities and personnel with significant security responsibility completed the Agency’s recommended security training.

  17. A Model of Managerial Effectiveness in Information Security: From Grounded Theory to Empirical Test

    National Research Council Canada - National Science Library

    Knapp, Kenneth J

    2005-01-01

    Information security is a critical issue facing organizations worldwide. in order to mitigate risk and protect valuable information, organizations need to operate and manage effective information security programs...

  18. Agents Based e-Commerce and Securing Exchanged Information

    Science.gov (United States)

    Al-Jaljouli, Raja; Abawajy, Jemal

    Mobile agents have been implemented in e-Commerce to search and filter information of interest from electronic markets. When the information is very sensitive and critical, it is important to develop a novel security protocol that can efficiently protect the information from malicious tampering as well as unauthorized disclosure or at least detect any malicious act of intruders. In this chapter, we describe robust security techniques that ensure a sound security of information gathered throughout agent’s itinerary against various security attacks, as well as truncation attacks. A sound security protocol is described, which implements the various security techniques that would jointly prevent or at least detect any malicious act of intruders. We reason about the soundness of the protocol usingSymbolic Trace Analyzer (STA), a formal verification tool that is based on symbolic techniques. We analyze the protocol in key configurations and show that it is free of flaws. We also show that the protocol fulfils the various security requirements of exchanged information in MAS, including data-integrity, data-confidentiality, data-authenticity, origin confidentiality and data non-repudiability.

  19. New tools for an old trade: a socio-technical appraisal of how electronic decision support is used by primary care practitioners.

    Science.gov (United States)

    Peiris, David; Usherwood, Tim; Weeramanthri, Tarun; Cass, Alan; Patel, Anushka

    2011-11-01

    This article explores Australian general practitioners' (GPs) views on a novel electronic decision support (EDS) tool being developed for cardiovascular disease management. We use Timmermans and Berg's technology-in-practice approach to examine how technologies influence and are influenced by the social networks in which they are placed. In all, 21 general practitioners who piloted the tool were interviewed. The tool occupied an ill-defined middle ground in a dialectical relationship between GPs' routine care and factors promoting best practice. Drawing on Lipsky's concept of 'street-level bureaucrats', the tool's ability to process workloads expeditiously was of greatest appeal to GPs. This feature of the tool gave it the potential to alter the structure, process and content of healthcare encounters. The credibility of EDS tools appears to be mediated by fluid notions of best practice, based on an expert scrutiny of the evidence, synthesis via authoritative guidelines and dissemination through trusted and often informal networks. Balanced against this is the importance of 'soft' forms of knowledge such as intuition and timing in everyday decision-making. This resonates with Aristotle's theory of phronesis (practical wisdom) and may render EDS tools inconsequential if they merely process biomedical data. While EDS tools show promise in improving health practitioner performance, the socio-technical dimensions of their implementation warrant careful consideration. © 2011 The Authors. Sociology of Health & Illness © 2011 Foundation for the Sociology of Health & Illness/Blackwell Publishing Ltd.

  20. Information security management: a proposal to improve the effectiveness of information security in the scientific research environment

    International Nuclear Information System (INIS)

    Alexandria, Joao Carlos Soares de

    2009-01-01

    The increase of the connectivity in the business environment, combined with the growing dependency of information systems, has become the information security management an important governance tool. Information security has as main goal to protect the business transactions in order to work normally. In this way, It will be safeguarding the business continuity. The threats of information come from hackers' attacks, electronic frauds and spying, as well as fire, electrical energy interruption and humans fault. Information security is made by implementation of a set of controls, including of the others politics, processes, procedures, organizational structures, software and hardware, which require a continuous management and a well established structure to be able to face such challenges. This work tried to search the reasons why the organizations have difficulties to make a practice of information security management. Many of them just limit to adopt points measures, sometimes they are not consistent with their realities. The market counts on enough quantity of standards and regulations related to information security issues, for example, ISO/IEC 27002, American Sarbanes-Oxley act, Basel capital accord, regulations from regulatory agency (such as the Brazilians ones ANATEL, ANVISA and CVM). The market researches have showed that the information security implementation is concentrated on a well-defined group of organization mainly formed by large companies and from specifics sectors of economy, for example, financial and telecommunication. However, information security must be done by all organizations that use information systems to carry out their activities, independently of its size or economic area that it belongs. The situation of information security in the governmental sector of Brazil, and inside its research institutions, is considered worrying by the Brazilian Court of Accounts (TCU). This research work presents an assessment and diagnostic proposal of

  1. Labelling : Security in Information Management and Sharing

    NARCIS (Netherlands)

    Schotanus, H.A.; Hartog, T.; Hut, D.H.; Boonstra, D.

    2011-01-01

    Military communication infrastructures are often deployed as stand-alone information systems operating at the System High mode. Network-Enabled Capabilities (NEC) and combined military operations lead to new requirements for information management and sharing which current communication

  2. Secure information management using linguistic threshold approach

    CERN Document Server

    Ogiela, Marek R

    2013-01-01

    This book details linguistic threshold schemes for information sharing. It examines the opportunities of using these techniques to create new models of managing strategic information shared within a commercial organisation or a state institution.

  3. Information Technology Management: Social Security Administration Practices Can Be Improved

    National Research Council Canada - National Science Library

    Shaw, Clay

    2001-01-01

    To improve SSAs IT management practices, we recommend that the Acting Commissioner of Social Security direct the Chief Information Officer and the Deputy Commissioner for Systems to complete the following actions...

  4. Report: Improvements Needed in Key EPA Information System Security Practices

    Science.gov (United States)

    Report #10-P-0146, June 15, 2010. Williams Adley found that EPA program offices lacked evidence that they planned and executed tests of information system security controls as required by federal requirements.

  5. Information Security Management - Part Of The Integrated Management System

    Science.gov (United States)

    Manea, Constantin Adrian

    2015-07-01

    The international management standards allow their integrated approach, thereby combining aspects of particular importance to the activity of any organization, from the quality management systems or the environmental management of the information security systems or the business continuity management systems. Although there is no national or international regulation, nor a defined standard for the Integrated Management System, the need to implement an integrated system occurs within the organization, which feels the opportunity to integrate the management components into a cohesive system, in agreement with the purpose and mission publicly stated. The issues relating to information security in the organization, from the perspective of the management system, raise serious questions to any organization in the current context of electronic information, reason for which we consider not only appropriate but necessary to promote and implement an Integrated Management System Quality - Environment - Health and Operational Security - Information Security

  6. Report: Fiscal Year 2010 Federal Information Security Management Act Report

    Science.gov (United States)

    Report #11-P-0017, November 16, 2010. Attached is the Office of Inspector General’s (OIG’s) Fiscal Year 2010 Federal Information Security Management Act (FISMA) Reporting Template, as prescribed by the Office of Management and Budget (OMB).

  7. Need an Information Security in Access Control System?

    Directory of Open Access Journals (Sweden)

    V. R. Petrov

    2011-12-01

    Full Text Available The purpose of this paper is the general problems of information security in access control system. The field of using is the in project of reconstruction Physical protection system.

  8. Contraceptive security, information flow, and local adaptations ...

    African Journals Online (AJOL)

    Methodology : Morocco was selected for the case study. The researchers had ready access to key informants and information about the Logistics Management Information System. Because the study had time and resource constraints, research included desktop reviews and interview, rather than data collection in the field.

  9. Establishing an Information Security System related to Physical Protection

    International Nuclear Information System (INIS)

    Jang, Sung Soon; Yoo, Ho Sik

    2009-01-01

    A physical protection system (PPS) integrates people, procedures and equipment for the protection of assets or facilities against theft, sabotage or other malevolent attacks. In the physical protection field, it is important the maintain confidentiality of PPS related information, such as the alarm system layout, detailed maps of buildings, and guard schedules. In this abstract, we suggest establishing a methodology for an information security system. The first step in this methodology is to determine the information to protect and possible adversaries. Next, system designers should draw all possible paths to the information and arrange appropriate protection elements. Finally he/she should analyze and upgrade their information security system

  10. An Integrative Behavioral Model of Information Security Policy Compliance

    Directory of Open Access Journals (Sweden)

    Sang Hoon Kim

    2014-01-01

    Full Text Available The authors found the behavioral factors that influence the organization members’ compliance with the information security policy in organizations on the basis of neutralization theory, Theory of planned behavior, and protection motivation theory. Depending on the theory of planned behavior, members’ attitudes towards compliance, as well as normative belief and self-efficacy, were believed to determine the intention to comply with the information security policy. Neutralization theory, a prominent theory in criminology, could be expected to provide the explanation for information system security policy violations. Based on the protection motivation theory, it was inferred that the expected efficacy could have an impact on intentions of compliance. By the above logical reasoning, the integrative behavioral model and eight hypotheses could be derived. Data were collected by conducting a survey; 194 out of 207 questionnaires were available. The test of the causal model was conducted by PLS. The reliability, validity, and model fit were found to be statistically significant. The results of the hypotheses tests showed that seven of the eight hypotheses were acceptable. The theoretical implications of this study are as follows: (1 the study is expected to play a role of the baseline for future research about organization members’ compliance with the information security policy, (2 the study attempted an interdisciplinary approach by combining psychology and information system security research, and (3 the study suggested concrete operational definitions of influencing factors for information security policy compliance through a comprehensive theoretical review. Also, the study has some practical implications. First, it can provide the guideline to support the successful execution of the strategic establishment for the implement of information system security policies in organizations. Second, it proves that the need of education and training

  11. "Business Continuity and Information Security Maintenance" Masters’ Training Program

    OpenAIRE

    Miloslavskaya , Natalia; Senatorov , Mikhail; Tolstoy , Alexandr; Zapechnikov , Sergei

    2013-01-01

    Part 1: WISE 8; International audience; The experience of preparing for the "Business Continuity and Information Security Maintenance" (BC&ISM) Masters’ program implementation and realization at the "Information Security of Banking Systems" Department of the National Research Nuclear University MEPhI (NRNU MEPhI, Moscow, Russia) is presented. Justification of the educational direction choice for BC&ISM professionals is given. The model of IS Master being trained on this program is described. ...

  12. An integrative behavioral model of information security policy compliance.

    Science.gov (United States)

    Kim, Sang Hoon; Yang, Kyung Hoon; Park, Sunyoung

    2014-01-01

    The authors found the behavioral factors that influence the organization members' compliance with the information security policy in organizations on the basis of neutralization theory, Theory of planned behavior, and protection motivation theory. Depending on the theory of planned behavior, members' attitudes towards compliance, as well as normative belief and self-efficacy, were believed to determine the intention to comply with the information security policy. Neutralization theory, a prominent theory in criminology, could be expected to provide the explanation for information system security policy violations. Based on the protection motivation theory, it was inferred that the expected efficacy could have an impact on intentions of compliance. By the above logical reasoning, the integrative behavioral model and eight hypotheses could be derived. Data were collected by conducting a survey; 194 out of 207 questionnaires were available. The test of the causal model was conducted by PLS. The reliability, validity, and model fit were found to be statistically significant. The results of the hypotheses tests showed that seven of the eight hypotheses were acceptable. The theoretical implications of this study are as follows: (1) the study is expected to play a role of the baseline for future research about organization members' compliance with the information security policy, (2) the study attempted an interdisciplinary approach by combining psychology and information system security research, and (3) the study suggested concrete operational definitions of influencing factors for information security policy compliance through a comprehensive theoretical review. Also, the study has some practical implications. First, it can provide the guideline to support the successful execution of the strategic establishment for the implement of information system security policies in organizations. Second, it proves that the need of education and training programs suppressing

  13. The European cooperative approach to securing critical information infrastructure.

    Science.gov (United States)

    Purser, Steve

    2011-10-01

    This paper provides an overview of the EU approach to securing critical information infrastructure, as defined in the Action Plan contained in the Commission Communication of March 2009, entitled 'Protecting Europe from large-scale cyber-attacks and disruptions: enhancing preparedness, security and resilience' and further elaborated by the Communication of May 2011 on critical Information infrastructure protection 'Achievements and next steps: towards global cyber-security'. After explaining the need for pan-European cooperation in this area, the CIIP Action Plan is explained in detail. Finally, the current state of progress is summarised together with the proposed next steps.

  14. Information security in accordance with ISO/IEC 27000

    OpenAIRE

    Košćak , Damjan

    2011-01-01

    The diploma assignment discusses Information Technology Security according to standards ISO/IEC 27001 and ISO/IEC 27002. Diploma consists of two parts. In the first part of the diploma a theoretical bases of information security are presented. The second part presents the introduction of ISO/IEC 27001 security standard in the company »X« in wich I performed a practical training. In the closure my diploma work is upgraded with results of my research work and their analysis as well as wit...

  15. Double-Loop Health Technology: Enabling Socio-technical Design of Personal Health Technology in Clinical Practice

    DEFF Research Database (Denmark)

    Bardram, Jakob Eyvind; Frost, Mads

    2018-01-01

    present a case of designing personal health technology for mental health, which is integrated into hospital-based treatment. This system helps patients to manage their disease by tracking and correlation behavior and disease progression and provide feedback to them, while also deployed as part......Personal health technology is rapidly emerging as a response to the challenges associated with significant increase in chronic noncommunicable diseases. The overall design paradigm behind most of these applications is to manually and automatically sample data from sensors and smartphones and use...... this to provide patients with an awareness of their illness and give recommendation for treatment, care, and healthy living. Few of these systems are, however, designed to be part of a complex socio-technical care and treatment processes in existing healthcare systems and clinical pathways. In this chapter, we...

  16. Co-evolution of intelligent socio-technical systems modelling and applications in large scale emergency and transport domains

    CERN Document Server

    2013-01-01

    As the interconnectivity between humans through technical devices is becoming ubiquitous, the next step is already in the making: ambient intelligence, i.e. smart (technical) environments, which will eventually play the same active role in communication as the human players, leading to a co-evolution in all domains where real-time communication is essential. This topical volume, based on the findings of the Socionical European research project, gives equal attention to two highly relevant domains of applications: transport, specifically traffic, dynamics from the viewpoint of a socio-technical interaction and evacuation scenarios for large-scale emergency situations. Care was taken to investigate as much as possible the limits of scalability and to combine the modeling using complex systems science approaches with relevant data analysis.

  17. Service oriented architecture governance tools within information security

    OpenAIRE

    2012-01-01

    M.Tech. Service Oriented Architecture has many advantages. For example, organisations can align business with Information Technology, reuse the developed functionality, reduce development and maintain cost for applications. Organisations adopt Service Oriented Architecture with the aim of automating and integrating business processes. However, it has information security vulnerabilities that should be considered. For example, applications exchange information across the Internet, where it ...

  18. Three Essays on Information Technology Security Management in Organizations

    Science.gov (United States)

    Gupta, Manish

    2011-01-01

    Increasing complexity and sophistication of ever evolving information technologies has spurred unique and unprecedented challenges for organizations to protect their information assets. Companies suffer significant financial and reputational damage due to ineffective information technology security management, which has extensively been shown to…

  19. Information Security Management Practices of K-12 School Districts

    Science.gov (United States)

    Nyachwaya, Samson

    2013-01-01

    The research problem addressed in this quantitative correlational study was the inadequacy of sound information security management (ISM) practices in K-12 school districts, despite their increasing ownership of information assets. Researchers have linked organizational and sociotechnical factors to the implementation of information security…

  20. Case study on the role of socio-technical influences on the implementation and success of nuclear power in France

    International Nuclear Information System (INIS)

    Jedani, T.

    2004-01-01

    To fully understand a technological development one must appreciate social, political and economic factors in addition to the technological components (Hughes, 1991). The systems perspective, asserted by Hughes, implies that technologies cannot be understood in isolation, but only in their contexts, especially in their systemic contexts. This theory is illustrated through an examination of France's implementation of its nuclear power program in the early 1970's. Nuclear power provided France with the opportunity to achieve energy independence and, as a result, political control over its energy supply. The scope of this case study is limited to consideration of the socio-technical influences on the rise of nuclear power in France and includes an examination of the technical aspects of the innovation. In considering the socio-technical system encompassing France's adoption of nuclear power, this case study will contemplate: how France was able to persuade its people to accept nuclear power; what it is about French culture and politics that allowed them to succeed where most other countries have failed; the breakthroughs that led to the broad commercialization of nuclear power in France in the 1970's; and how France achieved its status as one of the world's top producers of nuclear energy. The time period during which this study is based is limited to the early 1970's, when France was reliant upon external energy supplies, up until the present day, where nuclear power has become France's main source of energy, thus contributing to France's autonomy in terms of its energy supply. This study will not address the issue of nuclear waste or the nuclear power safety debate which is also beyond the scope of this study. (author)

  1. Report: Fiscal Year 2015 Federal Information Security Modernization Act Report: Status of CSB’s Information Security Program

    Science.gov (United States)

    Report #16-P-0086, January 27, 2016. The effectiveness of the CSB’s information security program is challenged by its lack of personal identity verification cards for logical access, complete system inventory.

  2. Fuzzy assessment of health information system users' security awareness.

    Science.gov (United States)

    Aydın, Özlem Müge; Chouseinoglou, Oumout

    2013-12-01

    Health information systems (HIS) are a specific area of information systems (IS), where critical patient data is stored and quality health service is only realized with the correct use and efficient dissemination of this data to health workers. Therefore, a balance needs to be established between the levels of security and flow of information on HIS. Instead of implementing higher levels and further mechanisms of control to increase the security of HIS, it is preferable to deal with the arguably weakest link on HIS chain with respect to security: HIS users. In order to provide solutions and approaches for transforming users to the first line of defense in HIS but also to employ capable and appropriate candidates from the pool of newly graduated students, it is important to assess and evaluate the security awareness levels and characteristics of these existing and future users. This study aims to provide a new perspective to understand the phenomenon of security awareness of HIS users with the use of fuzzy analysis, and to assess the present situation of current and future HIS users of a leading medical and educational institution of Turkey, with respect to their security characteristics based on four different security scales. The results of the fuzzy analysis, the guide on how to implement this fuzzy analysis to any health institution and how to read and interpret these results, together with the possible implications of these results to the organization are provided.

  3. Security Policy Alignment: A Formal Approach

    NARCIS (Netherlands)

    Pieters, Wolter; Dimkov, T.; Pavlovic, Dusko

    2013-01-01

    Security policy alignment concerns the matching of security policies specified at different levels in socio-technical systems, and delegated to different agents, technical and human. For example, the policy that sales data should not leave an organization is refined into policies on door locks,

  4. Explore Awareness of Information Security: Insights from Cognitive Neuromechanism.

    Science.gov (United States)

    Han, Dongmei; Dai, Yonghui; Han, Tianlin; Dai, Xingyun

    2015-01-01

    With the rapid development of the internet and information technology, the increasingly diversified portable mobile terminals, online shopping, and social media have facilitated information exchange, social communication, and financial payment for people more and more than ever before. In the meantime, information security and privacy protection have been meeting with new severe challenges. Although we have taken a variety of information security measures in both management and technology, the actual effectiveness depends firstly on people's awareness of information security and the cognition of potential risks. In order to explore the new technology for the objective assessment of people's awareness and cognition on information security, this paper takes the online financial payment as example and conducts an experimental study based on the analysis of electrophysiological signals. Results indicate that left hemisphere and beta rhythms of electroencephalogram (EEG) signal are sensitive to the cognitive degree of risks in the awareness of information security, which may be probably considered as the sign to assess people's cognition of potential risks in online financial payment.

  5. Explore Awareness of Information Security: Insights from Cognitive Neuromechanism

    Directory of Open Access Journals (Sweden)

    Dongmei Han

    2015-01-01

    Full Text Available With the rapid development of the internet and information technology, the increasingly diversified portable mobile terminals, online shopping, and social media have facilitated information exchange, social communication, and financial payment for people more and more than ever before. In the meantime, information security and privacy protection have been meeting with new severe challenges. Although we have taken a variety of information security measures in both management and technology, the actual effectiveness depends firstly on people’s awareness of information security and the cognition of potential risks. In order to explore the new technology for the objective assessment of people’s awareness and cognition on information security, this paper takes the online financial payment as example and conducts an experimental study based on the analysis of electrophysiological signals. Results indicate that left hemisphere and beta rhythms of electroencephalogram (EEG signal are sensitive to the cognitive degree of risks in the awareness of information security, which may be probably considered as the sign to assess people’s cognition of potential risks in online financial payment.

  6. ISAP - an information security awareness portal

    OpenAIRE

    2010-01-01

    M.Sc. The exponential growth of the Internet contributes to risks and threats which materialize without our knowledge. The more computer and Internet use becomes a part of our daily lives, the more we expose ourselves and our personal information on the World Wide Web and hence, the more opportunities arise for fraudsters to get hold of this information. Internet use can be associated with Internet banking, online shopping, online transactions, Internet Relay Chat, newsgroups, search engin...

  7. 32 CFR 2001.50 - Telecommunications automated information systems and network security.

    Science.gov (United States)

    2010-07-01

    ... NATIONAL SECURITY INFORMATION Safeguarding § 2001.50 Telecommunications automated information systems and... identified in the Committee on National Security Systems (CNSS) issuances and the Intelligence Community Directive (ICD) 503, Intelligence Community Information Technology Systems Security Risk Management...

  8. 78 FR 72063 - Open Meeting of the Information Security and Privacy Advisory Board

    Science.gov (United States)

    2013-12-02

    ... NIST on information security and privacy issues pertaining to federal computer systems. Details... Information Security and Privacy Advisory Board AGENCY: National Institute of Standards and Technology, Commerce. ACTION: Notice. SUMMARY: The Information Security and Privacy Advisory Board (ISPAB) will meet...

  9. Academic Training Lecture Regular Programme: Computer Security - Introduction to information and computer security (1/4)

    CERN Multimedia

    2012-01-01

    Computer Security: Introduction to information and computer security (1/4), by Sebastian Lopienski (CERN).   Monday, 21 May, 2012 from 11:00 to 12:00 (Europe/Zurich) at CERN ( 31-3-004 - IT Auditorium ) Sebastian Lopienski is CERN's Deputy Computer Security Officer. He works on security strategy and policies; offers internal consultancy and audit services; develops and maintains security tools for vulnerability assessment and intrusion detection; provides training and awareness raising; and does incident investigation and response. During his work at CERN since 2001, Sebastian has had various assignments, including designing and developing software to manage and support services hosted in the CERN Computer Centre; providing Central CVS Service for software projects at CERN; and development of applications for accelerator controls in Java. He graduated from the University of Warsaw (MSc in Computer Science) in 2002, and earned an MBA degree at the Enterprise Administration Institute in Ai...

  10. Protection and security of data base information

    Directory of Open Access Journals (Sweden)

    Mariuţa ŞERBAN

    2011-06-01

    Full Text Available Data bases are one of the most important components in every large informatics system which stores and processes data and information. Because data bases contain all of the valuable information about a company, its clients, its financial activity, they represent one of the key elements in the structure of an organization, which determines imperatives such as confidentiality, integrity and ease of data access. The current paper discuses the integrity of data bases and it refers to the validity and the coherence of stored data. Usually, integrity is defined in connection with terms of constraint, that are rules regarding coherence which the data base cannot infringe. Data base that integrity refers to information correctness and assumes to detect, correct and prevent errors that might have an effect on the data comprised by the data bases.

  11. How to implement security controls for an information security program at CBRN facilities

    International Nuclear Information System (INIS)

    Lenaeus, Joseph D.; O'Neil, Lori Ross; Leitch, Rosalyn M.; Glantz, Clifford S.; Landine, Guy P.; Bryant, Janet L.; Lewis, John; Mathers, Gemma; Rodger, Robert; Johnson, Christopher

    2015-01-01

    This document was prepared by PNNL within the framework of Project 19 of the European Union Chemical Biological Radiological and Nuclear Risk Mitigation Centres of Excellence Initiative entitled, ''Development of procedures and guidelines to create and improve secure information management systems and data exchange mechanisms for CBRN materials under regulatory control.'' It provides management and workers at CBRN facilities, parent organization managers responsible for those facilities, and regulatory agencies (governmental and nongovernmental) with guidance on the best practices for protecting information security. The security mitigation approaches presented in this document were chosen because they present generally accepted guidance in an easy-to-understand manner, making it easier for facility personnel to grasp key concepts and envision how security controls could be implemented by the facility. This guidance is presented from a risk management perspective.

  12. How to implement security controls for an information security program at CBRN facilities

    Energy Technology Data Exchange (ETDEWEB)

    Lenaeus, Joseph D. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); O' Neil, Lori Ross [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Leitch, Rosalyn M. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Glantz, Clifford S. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Landine, Guy P. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Bryant, Janet L. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Lewis, John [National Nuclear Lab., Workington (United Kingdom); Mathers, Gemma [National Nuclear Lab., Workington (United Kingdom); Rodger, Robert [National Nuclear Lab., Workington (United Kingdom); Johnson, Christopher [National Nuclear Lab., Workington (United Kingdom)

    2015-12-01

    This document was prepared by PNNL within the framework of Project 19 of the European Union Chemical Biological Radiological and Nuclear Risk Mitigation Centres of Excellence Initiative entitled, ''Development of procedures and guidelines to create and improve secure information management systems and data exchange mechanisms for CBRN materials under regulatory control.'' It provides management and workers at CBRN facilities, parent organization managers responsible for those facilities, and regulatory agencies (governmental and nongovernmental) with guidance on the best practices for protecting information security. The security mitigation approaches presented in this document were chosen because they present generally accepted guidance in an easy-to-understand manner, making it easier for facility personnel to grasp key concepts and envision how security controls could be implemented by the facility. This guidance is presented from a risk management perspective.

  13. Do You Ignore Information Security in Your Journal Website?

    Science.gov (United States)

    Dadkhah, Mehdi; Borchardt, Glenn; Lagzian, Mohammad

    2017-08-01

    Nowadays, web-based applications extend to all businesses due to their advantages and easy usability. The most important issue in web-based applications is security. Due to their advantages, most academic journals are now using these applications, with papers being submitted and published through their websites. As these websites are resources for knowledge, information security is primary for maintaining their integrity. In this opinion piece, we point out vulnerabilities in certain websites and introduce the potential for future threats. We intend to present how some journals are vulnerable and what will happen if a journal can be infected by attackers. This opinion is not a technical manual in information security, it is a short inspection that we did to improve the security of academic journals.

  14. Information security in SCADA systems in nuclear power plants

    International Nuclear Information System (INIS)

    Satyamurty, S.A.V.

    2013-01-01

    Few decades back most of the I and C systems are Hardwired based. With the developments in digital electronics, micro processors and micro controllers, the I and C systems are becoming more and more Computer based. Though it brought convenience to the designer, comfort to the operator in the form of better GUI, it also brought many challenges in the form of information security. The talk covers the typical I and C design using SCADA systems, the challenges, typical problems faced and the need for information security. The talk illustrates various security measures to be implemented in the design, development and testing stages. These security measures have to be taken both in the development environment and deployment environment. Verification and validation of computer based system is very important. Configuration change management is very essential for smooth running of the plant. The talk illustrates the various measures need to be taken. (author)

  15. Trust Account Fraud And Effective Information Security Management

    Directory of Open Access Journals (Sweden)

    Sameera Mubarak

    2010-09-01

    Full Text Available The integrity of lawyers trust accounts has come under scrutiny in the last few years. There are strong possibilities of information technology security breaches happening within the firms, either accidental or deliberate. The damage caused by these security breaches could be extreme. For example, a trust account fund in an Australian law firm was misused in a security breach in which Telstra charged. A$50,000 for phone usage, mainly for ISD calls to Hong Kong.Our study involved interviewing principles of ten law companies to find out solicitors attitudes to computer security and the possibility of breaches of their trust accounts. We simultaneously carried out a survey to see if the trends identified in our case-studies could be backed up with broader quantitative data. We have also conducted in-depth interviews of 5 trust account regulators from the Law society of South Australia to know their view points on security threats on trust accounts. An overall finding highlights that law firms were not current with technology to combat computer crime, and inadequate access control was a major concern in safeguarding account data. Our conclusions revealed the urgent need for law firms to adopt security controls, implement information security policies and procedures and obtain cooperation from management to communicate these policies to staff.

  16. Building Global Competitiveness through Information Security ...

    African Journals Online (AJOL)

    If you would like more information about how to print, save, and work with PDFs, Highwire Press provides a helpful Frequently Asked Questions about PDFs. Alternatively, you can download the PDF file directly to your computer, from where it can be opened using a PDF reader. To download the PDF, click the Download link ...

  17. 75 FR 37253 - Classified National Security Information

    Science.gov (United States)

    2010-06-28

    ... ``Secret.'' (3) Each interior page of a classified document shall be marked at the top and bottom either... ``(TS)'' for Top Secret, ``(S)'' for Secret, and ``(C)'' for Confidential will be used. (2) Portions... from the informational text. (1) Conspicuously place the overall classification at the top and bottom...

  18. 75 FR 707 - Classified National Security Information

    Science.gov (United States)

    2010-01-05

    ... classified at one of the following three levels: (1) ``Top Secret'' shall be applied to information, the... exercise this authority. (2) ``Top Secret'' original classification authority may be delegated only by the... official has been delegated ``Top Secret'' original classification authority by the agency head. (4) Each...

  19. 77 FR 19680 - Extension of Agency Information Collection Activity Under OMB Review: Rail Transportation Security

    Science.gov (United States)

    2012-04-02

    ... DEPARTMENT OF HOMELAND SECURITY Transportation Security Administration [Docket No. TSA-2006-26514] Extension of Agency Information Collection Activity Under OMB Review: Rail Transportation Security AGENCY: Transportation Security Administration, DHS. ACTION: 30-day Notice. SUMMARY: This notice announces that the...

  20. 77 FR 15114 - Extension of Agency Information Collection Activity Under OMB Review: Transportation Security...

    Science.gov (United States)

    2012-03-14

    ... DEPARTMENT OF HOMELAND SECURITY Transportation Security Administration Extension of Agency Information Collection Activity Under OMB Review: Transportation Security Officer (TSO) Medical Questionnaire AGENCY: Transportation Security Administration, DHS. ACTION: 30-day Notice. SUMMARY: This notice...

  1. 75 FR 2556 - Extension of Agency Information Collection Activity Under OMB Review: Transportation Security...

    Science.gov (United States)

    2010-01-15

    ... DEPARTMENT OF HOMELAND SECURITY Transportation Security Administration Extension of Agency Information Collection Activity Under OMB Review: Transportation Security Officer (TSO) Medical Questionnaire AGENCY: Transportation Security Administration, DHS. ACTION: 30-day notice. SUMMARY: This notice...

  2. Factors Affecting Information Security Focused on SME and Agricultural Enterprises

    OpenAIRE

    V.; A.; A.; F.

    2016-01-01

    Progress in the field of information and communication technology is a source of advantage that improves quality of business services; increases productivity levels and brings competitive advantage to enterprises and organisations related to agricultural production. However, the use of information and communication technology (ICT) is connected with information security risks that threaten business continuity and information assets. The ICT in small and medium-sized enterprises (SME) and agri...

  3. Information Systems at Enterprise. Design of Secure Network of Enterprise

    Science.gov (United States)

    Saigushev, N. Y.; Mikhailova, U. V.; Vedeneeva, O. A.; Tsaran, A. A.

    2018-05-01

    No enterprise and company can do without designing its own corporate network in today's information society. It accelerates and facilitates the work of employees at any level, but contains a big threat to confidential information of the company. In addition to the data theft attackers, there are plenty of information threats posed by modern malware effects. In this regard, the computational security of corporate networks is an important component of modern information technologies of computer security for any enterprise. This article says about the design of the protected corporate network of the enterprise that provides the computers on the network access to the Internet, as well interoperability with the branch. The access speed to the Internet at a high level is provided through the use of high-speed access channels and load balancing between devices. The security of the designed network is performed through the use of VLAN technology as well as access lists and AAA server.

  4. Information security as part of the nuclear safety culture

    Energy Technology Data Exchange (ETDEWEB)

    Sitnica, A., E-mail: demetrkj@westinghouse.com [Westinghouse Electric Co., 1000 Westinghouse Drive, Cranberry Township, PA 16066 (United States)

    2016-09-15

    No industry, organization, individual or even the government is immune to the information security risks which are associated with nuclear power. It can no longer be ignored, delayed or treated as unimportant. Nuclear safety is paramount to our industry, and cyber security must be woven into the fabric of our safety culture in order to succeed. Achieving this in an environment which has remained relatively unchanged and conservative prior to digitalisation demands a shift in behavior and culture. (Author)

  5. Information security as part of the nuclear safety culture

    International Nuclear Information System (INIS)

    Sitnica, A.

    2016-09-01

    No industry, organization, individual or even the government is immune to the information security risks which are associated with nuclear power. It can no longer be ignored, delayed or treated as unimportant. Nuclear safety is paramount to our industry, and cyber security must be woven into the fabric of our safety culture in order to succeed. Achieving this in an environment which has remained relatively unchanged and conservative prior to digitalisation demands a shift in behavior and culture. (Author)

  6. Data Leakage Prevention for Secure Cross-Domain Information Exchange

    OpenAIRE

    Nordbotten, Nils Agne; Engelstad, Paal E.; Kongsgård, Kyrre Wahl; Haakseth, Raymond; Mancini, Federico

    2017-01-01

    Cross-domain information exchange is an increasingly important capability for conducting efficient and secure operations, both within coalitions and within single nations. A data guard is a common cross-domain sharing solution that inspects the security labels of exported data objects and validates that they are such that they can be released according to policy. While we see that guard solutions can be implemented with high assurance, we find that obtaining an equivalent level of assurance i...

  7. A Comparative Analysis of University Information Systems within the Scope of the Information Security Risks

    Directory of Open Access Journals (Sweden)

    Rustu Yilmaz

    2016-05-01

    Full Text Available Universities are the leading institutions that are the sources of educated human population who both produce information and ensure to develop new products and new services by using information effectively, and who are needed in every area. Therefore, universities are expected to be institutions where information and information management are used efficiently. In the present study, the topics such as infrastructure, operation, application, information, policy and human-based information security at universities were examined within the scope of the information security standards which are highly required and intended to be available at each university today, and then a comparative analysis was conducted specific to Turkey. Within the present study, the Microsoft Security Assessment Tool developed by Microsoft was used as the risk analysis tool. The analyses aim to enable the universities to compare their information systems with the information systems of other universities within the scope of the information security awareness, and to make suggestions in this regard.

  8. Intrinsic information Security: Embedding security issues in the design process of telematics systems

    NARCIS (Netherlands)

    Tettero, Olaf; Tettero, O.

    This book presents a systematic approach to embed information security issues in the design process of telematics systems. The approach supports both designers and user organisations. We elaborate on the activities that designers should perform to design telematics systems in which information

  9. Information and technology: Improving food security in Uganda ...

    International Development Research Centre (IDRC) Digital Library (Canada)

    2014-06-23

    Jun 23, 2014 ... Information and technology: Improving food security in Uganda ... knowledge to make decisions about planting, harvesting, and managing livestock, but ... to be effective for minimizing risks and increasing agricultural productivity. ... In time, this network of information – made possible by digital technology ...

  10. Applying Real Options Thinking to Information Security in Networked Organizations

    NARCIS (Netherlands)

    Daneva, Maia

    2006-01-01

    An information security strategy of an organization participating in a networked business sets out the plans for designing a variety of actions that ensure confidentiality, availability, and integrity of company’s key information assets. The actions are concerned with authentication and

  11. The threat nets approach to information system security risk analysis

    NARCIS (Netherlands)

    Mirembe, Drake

    2015-01-01

    The growing demand for healthcare services is motivating hospitals to strengthen outpatient case management using information systems in order to serve more patients using the available resources. Though the use of information systems in outpatient case management raises patient data security

  12. Forecasting the Demand for Information Security Personnel

    Directory of Open Access Journals (Sweden)

    Anatoliy Alexandrovich Malyuk

    2016-06-01

    Full Text Available During the formation of information society the problem of determining the demand for IS personnel (DfISP, consisting of IS specialists and IS practitioners, is of particular relevance at present. The goal of the paper is to calculate the demand for IS specialists (DfISS. To achieve it we used the informal heuristic methods and introduced some important indicators for DfISP forecast. As a validation of the conceptual approach proposed we show how to apply it on the regional level of one country on one real-world example. All the reasoning and calculations can be narrowed down to the DfISS forecasting within one corporation or IS professionals of a specific profile.

  13. Information security in the context of philosophy of management

    Directory of Open Access Journals (Sweden)

    Irina Yurievna Alekseeva

    2017-04-01

    Full Text Available Building a culture of information security involves consideration of problems of management in society. Ideas and approaches developed in philosophy of management are relevant to studies in problems of information security in broader methodological and social context. The article focuses on problems of information and psychological security in social systems. The author considers disorienting signs and signals as information threat to security of persons and societies. The author argues that management ideology of pseudo-economical reductionism makes distortion at the level of values and priorities of the system. This ideology exalts competitiveness to the detriment of the systems’ viability. Philosophy of complexity (better known as “philosophy of complex systems” embraces new visions for methodology of management in XXI century. “Observer of complexity” and “complexity of observer of complexity” phenomena are central in this context. The problem of appropriate language for system self-description is of critical importance. This language is necessary for substantive production of intellectual tools for problems solving and decision making; refusal to produce such tools is fraught with decrease of information security level.

  14. Human and Machine Entanglement in the Digital Archive: Academic Libraries and Socio-Technical Change

    Science.gov (United States)

    Manoff, Marlene

    2015-01-01

    This essay urges a broadening of the discourse of library and information science (LIS) to address the convergence of forces shaping the information environment. It proposes adopting a model from the field of science studies that acknowledges the interdependence and coevolution of social, cultural, and material phenomena. Digital archives and…

  15. The dynamics of transitions in socio-technical systems: a multi-level analysis of the transition pathway from horse-drawn carriages to automobiles (1860-1930)

    NARCIS (Netherlands)

    Geels, F.W.

    2005-01-01

    This article investigates transitions at the level of societal functions (e.g. transport, communication, housing). Societal functions are fulfilled by socio-technical systems, which consist of a cluster of aligned elements, e.g. artefacts, knowledge, user practices and markets, regulation, cultural

  16. Examining the Impact of Non-Technical Security Management Factors on Information Security Management in Health Informatics

    Science.gov (United States)

    Imam, Abbas H.

    2013-01-01

    Complexity of information security has become a major issue for organizations due to incessant threats to information assets. Healthcare organizations are particularly concerned with security owing to the inherent vulnerability of sensitive information assets in health informatics. While the non-technical security management elements have been at…

  17. Developing a secured social networking site using information security awareness techniques

    Directory of Open Access Journals (Sweden)

    Julius O. Okesola

    2014-11-01

    Full Text Available Background: Ever since social network sites (SNS became a global phenomenon in almost every industry, security has become a major concern to many SNS stakeholders. Several security techniques have been invented towards addressing SNS security, but information security awareness (ISA remains a critical point. Whilst very few users have used social circles and applications because of a lack of users’ awareness, the majority have found it difficult to determine the basis of categorising friends in a meaningful way for privacy and security policies settings. This has confirmed that technical control is just part of the security solutions and not necessarily a total solution. Changing human behaviour on SNSs is essential; hence the need for a privately enhanced ISA SNS. Objective: This article presented sOcialistOnline – a newly developed SNS, duly secured and platform independent with various ISA techniques fully implemented. Method: Following a detailed literature review of the related works, the SNS was developed on the basis of Object Oriented Programming (OOP approach, using PhP as the coding language with the MySQL database engine at the back end. Result: This study addressed the SNS requirements of privacy, security and services, and attributed them as the basis of architectural design for sOcialistOnline. SNS users are more aware of potential risk and the possible consequences of unsecured behaviours. Conclusion: ISA is focussed on the users who are often the greatest security risk on SNSs, regardless of technical securities implemented. Therefore SNSs are required to incorporate effective ISA into their platform and ensure users are motivated to embrace it.

  18. Organizational information assets classification model and security architecture methodology

    Directory of Open Access Journals (Sweden)

    Mostafa Tamtaji

    2015-12-01

    Full Text Available Today's, Organizations are exposed with huge and diversity of information and information assets that are produced in different systems shuch as KMS, financial and accounting systems, official and industrial automation sysytems and so on and protection of these information is necessary. Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released.several benefits of this model cuses that organization has a great trend to implementing Cloud computing. Maintaining and management of information security is the main challenges in developing and accepting of this model. In this paper, at first, according to "design science research methodology" and compatible with "design process at information systems research", a complete categorization of organizational assets, including 355 different types of information assets in 7 groups and 3 level, is presented to managers be able to plan corresponding security controls according to importance of each groups. Then, for directing of organization to architect it’s information security in cloud computing environment, appropriate methodology is presented. Presented cloud computing security architecture , resulted proposed methodology, and presented classification model according to Delphi method and expers comments discussed and verified.

  19. CRITICAL INFORMATION INFRASTRUCTURE SECURITY - NETWORK INTRUSION DETECTION SYSTEMS

    Directory of Open Access Journals (Sweden)

    Cristea DUMITRU

    2011-12-01

    Full Text Available Critical Information Infrastructure security will always be difficult to ensure, just because of the features that make it irreplaceable tor other critical infrastructures normal operation. It is decentralized, interconnected interdependent, controlled by multiple actors (mainly private and incorporating diverse types of technologies. It is almost axiomatic that the disruption of the Critical Information Infrastructure affects systems located much farther away, and the cyber problems have direct consequences on the real world. Indeed the Internet can be used as a multiplier in order to amplify the effects of an attack on some critical infrastructures. Security challenges increase with the technological progress. One of the last lines of defense which comes to complete the overall security scheme of the Critical Information Infrastructure is represented by the Network Intrusion Detection Systems.

  20. Book Review: Conquest in Cyberspace: National Security and Information Warfare

    Directory of Open Access Journals (Sweden)

    Gary C. Kessler

    2007-06-01

    Full Text Available Libicki, M.C. (2007. Conquest in Cyberspace: National Security and Information Warfare. New York: Cambridge University Press. 323 pages, ISBN: 978-0-521-69214-4 (paper, US$80Reviewed by Gary C. Kessler (gary.kessler@champlain.eduMany books -- and even movies ("Live Free or Die Hard" -- are based upon the premise of an impending information war. In these scenarios -- made all too plausible by the increased frequency with which we read about and experience major information security incidents -- a Bad Guy exploits known computer security vulnerabilities in order to control major national infrastructures via the Internet so as to reap financial, economic, and/or personal power.(see PDF for full review

  1. Information security policy: contributions from internal marketing for its effectiveness

    Directory of Open Access Journals (Sweden)

    Cristiane Ellwanger

    2012-06-01

    Full Text Available Protecting sources of information has become a great challenge to the organizations, due to the advance of the information technologies, the integration between them and the constant stream of information that flows through the communication networks. The establishment of an Information Security Policy – PSI may resolve a part of the problems related to security, but it cannot totally solve them, since the human resources present in the internal environment of the organizations may spoil the effectiveness of the PSI. Given the importance of the human aspects in the context of the information security, the present work discusses the use of internal marketing as a management strategy in order to obtain or reestablish the commitment of the users to the principles defined in the PSI, and demonstrates, through an experimental research, the impact of using internal marketing techniques to the effectiveness of that policy. The results of this experiment make quantitatively evident how relevant the use of these techniques may be in order to have the procedures described in the PSI actually carried out by the users, and demonstrates a 402,4% increase in the support to the information security policy, considering the procedures indicated in the PSI that were totally executed.

  2. Securing information using optically generated biometric keys

    Science.gov (United States)

    Verma, Gaurav; Sinha, Aloka

    2016-11-01

    In this paper, we present a new technique to obtain biometric keys by using the fingerprint of a person for an optical image encryption system. The key generation scheme uses the fingerprint biometric information in terms of the amplitude mask (AM) and the phase mask (PM) of the reconstructed fingerprint image that is implemented using the digital holographic technique. Statistical tests have been conducted to check the randomness of the fingerprint PM key that enables its usage as an image encryption key. To explore the utility of the generated biometric keys, an optical image encryption system has been further demonstrated based on the phase retrieval algorithm and the double random phase encoding scheme in which keys for the encryption are used as the AM and the PM key. The advantage associated with the proposed scheme is that the biometric keys’ retrieval requires the simultaneous presence of the fingerprint hologram and the correct knowledge of the reconstruction parameters at the decryption stage, which not only verifies the authenticity of the person but also protects the valuable fingerprint biometric features of the keys. Numerical results are carried out to prove the feasibility and the effectiveness of the proposed encryption system.

  3. The enhancement of security in healthcare information systems.

    Science.gov (United States)

    Liu, Chia-Hui; Chung, Yu-Fang; Chen, Tzer-Shyong; Wang, Sheng-De

    2012-06-01

    With the progress and the development of information technology, the internal data in medical organizations have become computerized and are further established the medical information system. Moreover, the use of the Internet enhances the information communication as well as affects the development of the medical information system that a lot of medical information is transmitted with the Internet. Since there is a network within another network, when all networks are connected together, they will form the "Internet". For this reason, the Internet is considered as a high-risk and public environment which is easily destroyed and invaded so that a relevant protection is acquired. Besides, the data in the medical network system are confidential that it is necessary to protect the personal privacy, such as electronic patient records, medical confidential information, and authorization-controlled data in the hospital. As a consequence, a medical network system is considered as a network requiring high security that excellent protections and managerial strategies are inevitable to prevent illegal events and external attacks from happening. This study proposes secure medical managerial strategies being applied to the network environment of the medical organization information system so as to avoid the external or internal information security events, allow the medical system to work smoothly and safely that not only benefits the patients, but also allows the doctors to use it more conveniently, and further promote the overall medical quality. The objectives could be achieved by preventing from illegal invasion or medical information being stolen, protecting the completeness and security of medical information, avoiding the managerial mistakes of the internal information system in medical organizations, and providing the highly-reliable medical information system.

  4. Fuzzy Search Method for Hi Education Information Security

    Directory of Open Access Journals (Sweden)

    Grigory Grigorevich Novikov

    2016-03-01

    Full Text Available The main reason of the research is how to use fuzzy search method for information security of Hi Education or some similar purposes. So many sensitive information leaks are through non SUMMARY 149 classified documents legal publishing. That’s why many intelligence services so love to use the «mosaic» information collection method. This article is about how to prevent it.

  5. Geometrical Fuzzy Search Method for the Business Information Security Systems

    Directory of Open Access Journals (Sweden)

    Grigory Grigorievich Novikov

    2014-12-01

    Full Text Available The main reason of the article is how to use one of new fuzzy search method for information security of business or some other purposes. So many sensitive information leaks are through non-classified documents legal publishing. That’s why many intelligence services like to use the “mosaic” information collection method so much: This article is about how to prevent it.

  6. Using Financial Instruments to Transfer the Information Security Risks

    OpenAIRE

    Pankaj Pandey; Einar Snekkenes

    2016-01-01

    For many individuals and organizations, cyber-insurance is the most practical and only way of handling a major financial impact of an information security event. However, the cyber-insurance market suffers from the problem of information asymmetry, lack of product diversity, illiquidity, high transaction cost, and so on. On the other hand, in theory, capital market-based financial instruments can provide a risk transfer mechanism with the ability to absorb the adverse impact of an information...

  7. Computer Security: Introduction to information and computer security (1/4)

    CERN Multimedia

    CERN. Geneva

    2012-01-01

    Sebastian Lopienski is CERN's Deputy Computer Security Officer. He works on security strategy and policies; offers internal consultancy and audit services; develops and maintains security tools for vulnerability assessment and intrusion detection; provides training and awareness raising; and does incident investigation and response. During his work at CERN since 2001, Sebastian has had various assignments, including designing and developing software to manage and support services hosted in the CERN Computer Centre; providing Central CVS Service for software projects at CERN; and development of applications for accelerator controls in Java. He graduated from the University of Warsaw (MSc in Computer Science) in 2002, and earned an MBA degree at the Enterprise Administration Institute in Aix-en-Provence and Haute Ecole de Gestion in Geneva in 2010. His professional interests include software and network security, distributed systems, and Web and mobile technologies. With the prevalence of modern information te...

  8. Information Security Scheme Based on Computational Temporal Ghost Imaging.

    Science.gov (United States)

    Jiang, Shan; Wang, Yurong; Long, Tao; Meng, Xiangfeng; Yang, Xiulun; Shu, Rong; Sun, Baoqing

    2017-08-09

    An information security scheme based on computational temporal ghost imaging is proposed. A sequence of independent 2D random binary patterns are used as encryption key to multiply with the 1D data stream. The cipher text is obtained by summing the weighted encryption key. The decryption process can be realized by correlation measurement between the encrypted information and the encryption key. Due to the instinct high-level randomness of the key, the security of this method is greatly guaranteed. The feasibility of this method and robustness against both occlusion and additional noise attacks are discussed with simulation, respectively.

  9. 75 FR 45151 - National Security Division; Agency Information Collection Activities: Proposed Collection...

    Science.gov (United States)

    2010-08-02

    ... DEPARTMENT OF JUSTICE [OMB Number 1124-0006] National Security Division; Agency Information...), National Security Division (NSD), will be submitting the following information collection request to the..., 10th & Constitution Avenue, NW., National Security Division, Counterespionage Section/Registration Unit...

  10. 78 FR 54454 - Open Meeting of the Information Security and Privacy Advisory Board

    Science.gov (United States)

    2013-09-04

    ... security and privacy issues pertaining to federal computer systems. Details regarding the ISPAB's... Information Security and Privacy Advisory Board AGENCY: National Institute of Standards and Technology, Commerce. ACTION: Notice. SUMMARY: The Information Security and Privacy Advisory Board (ISPAB) will meet...

  11. ICT, Education and Older People in Australia: A Socio-Technical Analysis

    Science.gov (United States)

    Tatnall, Arthur

    2014-01-01

    People over 65 (or older people) are a growing proportion of the population in many developed countries including Australia. In the last 10 to 12 years interest from this group in the use of Information and Communication Technologies (ICT) and the Internet has also grown considerably. ICT has much to offer older people as a means of keeping in…

  12. Socio-technical study of small-scale gold mining in Suriname

    NARCIS (Netherlands)

    Seccatore, J; de Theije, M.E.M.

    2017-01-01

    Small-scale gold mining is Suriname’s main economic sector, producing about two thirds of the nation’s gold. Despite this, the sector is only very loosely regulated and most small-scale mining activities are informal. Surinamese miners are only a minority: the majority are Brazilian migrants, who

  13. BIM-based collaborative design and socio-technical analytics of green buildings

    NARCIS (Netherlands)

    El-Diraby, T.; Krijnen, T.; Papagelis, M.

    2017-01-01

    As Building Information Modeling evolves into becoming the central mean for coordinating project design and planning activities, we notice a few limitations/opportunities in the way current BIM tools address the needs for integrated design, collaboration and analysis (the initial objective of BIM).

  14. Human and Citizen Rights Guarantees While Providing Information Security

    Directory of Open Access Journals (Sweden)

    Serhii Yesimov

    2018-05-01

    Full Text Available With the development of information and communication technologies, issues of providing information security are becoming more and more aggravated. These are crimes related to the use of electronic computers, systems and computer networks and telecommunication networks, the propaganda of separatism and extremism, etc. While providing information security in the digital environment, the role of technical and legal human rights guarantees, due to technical means of protection, is increasing. Relying on the developers of technical means of protection determines the difference between the aforesaid concepts and the traditional approach to ensuring the protection of human and citizen rights, in which responsibilities are put on information intermediaries, owners of confidential information. Technical guarantees of human rights are a necessary component of ensuring information security, but the effectiveness of the application is provided in conjunction with the legal guarantees of human rights, as evidenced by the tendency to recognize the principles of inviolability of privacy on the basis of design decisions in the law of the European Union as legal acts. Providing information security is a legitimate goal of establishing constraints of human rights, since it can be correlated with the norms of international law. The establishment of constraints of human rights is permissible in order to attain other objectives–ensuring state security, public order, health, rights and freedoms of the person in the information sphere. The legitimacy of this goal is determined by its compliance with the objectives envisaged by international agreements ratified in an established order. The article examines the impact of the use of technical means in the field of providing information security in the aspect of following the fundamental human and civil rights in Ukraine, taking into account the legislation of the European Union and the decision of the European Court

  15. Information security risk management for computerized health information systems in hospitals: a case study of Iran.

    Science.gov (United States)

    Zarei, Javad; Sadoughi, Farahnaz

    2016-01-01

    In recent years, hospitals in Iran - similar to those in other countries - have experienced growing use of computerized health information systems (CHISs), which play a significant role in the operations of hospitals. But, the major challenge of CHIS use is information security. This study attempts to evaluate CHIS information security risk management at hospitals of Iran. This applied study is a descriptive and cross-sectional research that has been conducted in 2015. The data were collected from 551 hospitals of Iran. Based on literature review, experts' opinion, and observations at five hospitals, our intensive questionnaire was designed to assess security risk management for CHISs at the concerned hospitals, which was then sent to all hospitals in Iran by the Ministry of Health. Sixty-nine percent of the studied hospitals pursue information security policies and procedures in conformity with Iran Hospitals Accreditation Standards. At some hospitals, risk identification, risk evaluation, and risk estimation, as well as risk treatment, are unstructured without any specified approach or methodology. There is no significant structured approach to risk management at the studied hospitals. Information security risk management is not followed by Iran's hospitals and their information security policies. This problem can cause a large number of challenges for their CHIS security in future. Therefore, Iran's Ministry of Health should develop practical policies to improve information security risk management in the hospitals of Iran.

  16. Information security risk management for computerized health information systems in hospitals: a case study of Iran

    Science.gov (United States)

    Zarei, Javad; Sadoughi, Farahnaz

    2016-01-01

    Background In recent years, hospitals in Iran – similar to those in other countries – have experienced growing use of computerized health information systems (CHISs), which play a significant role in the operations of hospitals. But, the major challenge of CHIS use is information security. This study attempts to evaluate CHIS information security risk management at hospitals of Iran. Materials and methods This applied study is a descriptive and cross-sectional research that has been conducted in 2015. The data were collected from 551 hospitals of Iran. Based on literature review, experts’ opinion, and observations at five hospitals, our intensive questionnaire was designed to assess security risk management for CHISs at the concerned hospitals, which was then sent to all hospitals in Iran by the Ministry of Health. Results Sixty-nine percent of the studied hospitals pursue information security policies and procedures in conformity with Iran Hospitals Accreditation Standards. At some hospitals, risk identification, risk evaluation, and risk estimation, as well as risk treatment, are unstructured without any specified approach or methodology. There is no significant structured approach to risk management at the studied hospitals. Conclusion Information security risk management is not followed by Iran’s hospitals and their information security policies. This problem can cause a large number of challenges for their CHIS security in future. Therefore, Iran’s Ministry of Health should develop practical policies to improve information security risk management in the hospitals of Iran. PMID:27313481

  17. THE INFORMATION CONFIDENTIALITY AND CYBER SECURITY IN MEDICAL INSTITUTIONS

    Directory of Open Access Journals (Sweden)

    SABAU-POPA CLAUDIA DIANA

    2015-07-01

    Full Text Available The information confidentiality and cyber security risk affects the right to confidentiality and privacy of the patient, as regulated in Romania by the Law 46/2002. The manifestation of the cyber security risk event affects the reputation of the healthcare institution and is becoming more and more complex and often due to the: development of network technology, the medical equipment connected to wifi and the electronic databases. The databases containing medical records were implemented due to automation. Thus, transforming data into medical knowledge contribute to a better understanding of the disease. Due to these factors, the measures taken by the hospital management for this type of risk are adapted to the cyber changes. The hospital objectives aim: the implementation of a robust information system, the early threats identifications and the incident reporting. Neglecting this type of risk can generate financial loss, inability to continue providing health care services for a certain period of time, providing an erroneous diagnosis, medical equipment errors etc. Thus, in a digital age the appropriate risk management for the information security and cyber risk represent a necessity. The main concern of hospitals worldwide is to align with international requirements and obtain credentials in terms of data security from the International Organisation for Standardization, which regulates the management of this type of risk. Romania is at the beginning in terms of concerns regarding the management, avoidance and mitigation of information security, the health system being most highly exposed to its manifestation. The present paper examines the concerns of the health system to the confidentiality of information and cyber security risk and its management arrangements. Thus, a set of key risk indicators is implemented and monitored for 2011-2013, using a user interface, a Dashboard, which acts as an early warning system of the manifestation of the

  18. AUDITING THE SECURITY OF INFORMATION SYSTEMS WITHIN AN ORGANIZATION

    Directory of Open Access Journals (Sweden)

    STEGĂROIU CARINA-ELENA

    2013-02-01

    Full Text Available The safety provided by a well configured firewall is no excuse for neglecting the standard security procedures;setting up and installing a firewall is the first line of defense and not a full proof solution, auditing being only onecomponent of the system, whilst the other is protecting the resources and when we consider auditing as being theprocess of recording certain events that take place on a computer or within a network, we must come to the conclusionthat this is the only technique that allows us to identify the source of a possible issue within the network.Information security is used as a means to protect the intellectual property rights, whilst the main objective insetting up an information security system is to enlist the confidence of prospective business partners. In accordancewith the legal requisites and the principle of maximizing one’s investment, regardless of the many forms it could take,or the means through which it is stored, transmitted or distributed, information must be protected.Information security is not only a technical problem, but mainly a managerial issue, as the security standard,ISO/IEC 17799 meets the needs of any type of organization, be it public or private, through a series of practices relatedto the management of information security.This paper aims to present the process of taking entry data from a plethora of programs and storing it in acentral location. Due to its flexibility, this process can be a useful auditing instrument, as long as we are familiar withthe way it works and how the events are recorded.

  19. Information security: where computer science, economics and psychology meet.

    Science.gov (United States)

    Anderson, Ross; Moore, Tyler

    2009-07-13

    Until ca. 2000, information security was seen as a technological discipline, based on computer science but with mathematics helping in the design of ciphers and protocols. That perspective started to change as researchers and practitioners realized the importance of economics. As distributed systems are increasingly composed of machines that belong to principals with divergent interests, incentives are becoming as important to dependability as technical design. A thriving new field of information security economics provides valuable insights not just into 'security' topics such as privacy, bugs, spam and phishing, but into more general areas of system dependability and policy. This research programme has recently started to interact with psychology. One thread is in response to phishing, the most rapidly growing form of online crime, in which fraudsters trick people into giving their credentials to bogus websites; a second is through the increasing importance of security usability; and a third comes through the psychology-and-economics tradition. The promise of this multidisciplinary research programme is a novel framework for analysing information security problems-one that is both principled and effective.

  20. Security Issues for Information Quality on Mobile Devices

    Directory of Open Access Journals (Sweden)

    Dana Ramona ANDRISESCU

    2010-01-01

    Full Text Available Mobile devices are used everywhere, from making acall to store huge volume of information. But together withdevices shrinking and rise of storage space on a single device webring to mind the problem of trusting the stored information.Trusting the information and assuring its quality meansknowing the security threats these devices face and measuresthat should be taken. Many questions rise from here like “Whathappens when a mobile device is used by several persons andespecially employees?”, “Is that information reliable andoriginal?”, “Who is responsible for a device and its security?”.We are going to see in this paper that information quality can beassured even on portable devices by using the adequate securitymeasures.