WorldWideScience

Sample records for stringent security requirements

  1. Flight Hardware Packaging Design for Stringent EMC Radiated Emission Requirements

    Science.gov (United States)

    Lortz, Charlene L.; Huang, Chi-Chien N.; Ravich, Joshua A.; Steiner, Carl N.

    2013-01-01

    This packaging design approach can help heritage hardware meet a flight project's stringent EMC radiated emissions requirement. The approach requires only minor modifications to a hardware's chassis and mainly concentrates on its connector interfaces. The solution is to raise the surface area where the connector is mounted by a few millimeters using a pedestal, and then wrapping with conductive tape from the cable backshell down to the surface-mounted connector. This design approach has been applied to JPL flight project subsystems. The EMC radiated emissions requirements for flight projects can vary from benign to mission critical. If the project's EMC requirements are stringent, the best approach to meet EMC requirements would be to design an EMC control program for the project early on and implement EMC design techniques starting with the circuit board layout. This is the ideal scenario for hardware that is built from scratch. Implementation of EMC radiated emissions mitigation techniques can mature as the design progresses, with minimal impact to the design cycle. The real challenge exists for hardware that is planned to be flown following a built-to-print approach, in which heritage hardware from a past project with a different set of requirements is expected to perform satisfactorily for a new project. With acceptance of heritage, the design would already be established (circuit board layout and components have already been pre-determined), and hence any radiated emissions mitigation techniques would only be applicable at the packaging level. The key is to take a heritage design with its known radiated emissions spectrum and repackage, or modify its chassis design so that it would have a better chance of meeting the new project s radiated emissions requirements.

  2. The rapidly evolving centromere-specific histone has stringent functional requirements in Arabidopsis thaliana.

    Science.gov (United States)

    Ravi, Maruthachalam; Kwong, Pak N; Menorca, Ron M G; Valencia, Joel T; Ramahi, Joseph S; Stewart, Jodi L; Tran, Robert K; Sundaresan, Venkatesan; Comai, Luca; Chan, Simon W-L

    2010-10-01

    Centromeres control chromosome inheritance in eukaryotes, yet their DNA structure and primary sequence are hypervariable. Most animals and plants have megabases of tandem repeats at their centromeres, unlike yeast with unique centromere sequences. Centromere function requires the centromere-specific histone CENH3 (CENP-A in human), which replaces histone H3 in centromeric nucleosomes. CENH3 evolves rapidly, particularly in its N-terminal tail domain. A portion of the CENH3 histone-fold domain, the CENP-A targeting domain (CATD), has been previously shown to confer kinetochore localization and centromere function when swapped into human H3. Furthermore, CENP-A in human cells can be functionally replaced by CENH3 from distantly related organisms including Saccharomyces cerevisiae. We have used cenh3-1 (a null mutant in Arabidopsis thaliana) to replace endogenous CENH3 with GFP-tagged variants. A H3.3 tail domain-CENH3 histone-fold domain chimera rescued viability of cenh3-1, but CENH3's lacking a tail domain were nonfunctional. In contrast to human results, H3 containing the A. thaliana CATD cannot complement cenh3-1. GFP-CENH3 from the sister species A. arenosa functionally replaces A. thaliana CENH3. GFP-CENH3 from the close relative Brassica rapa was targeted to centromeres, but did not complement cenh3-1, indicating that kinetochore localization and centromere function can be uncoupled. We conclude that CENH3 function in A. thaliana, an organism with large tandem repeat centromeres, has stringent requirements for functional complementation in mitosis.

  3. Waste management from reprocessing: a stringent regulatory requirements for high quality conditioned residues

    International Nuclear Information System (INIS)

    Bordier, J. C.; Greneche, D.; Devezeaux, J. G.; Dalcorso, J.

    2000-01-01

    Nuclear waste production and management in France is governed by safety requirements imposed to all operators. French nuclear safety relies on two basic principles: · Responsibility of the nuclear operator, which expands to waste generated, · Safety basic objectives issued by national Safety Authority. For a long time the regulatory framework for waste production and management has been satisfactorily applied and has benefited to each actor of the process. LLW/MLW and HLW nuclear waste are currently conditioned in safe matrices or packages either likely to be disposed in surface repositories or designed with the intention to be disposed underground according to their radioactive content. France is looking into the case of VLLW and has already carried out a design for future disposal, the design being in the pipe. Other types of waste (i. e. radium bearing waste, graphite, and tritium content waste) are also considered in the whole framework of French waste management. (author)

  4. Windows Security patch required

    CERN Multimedia

    3004-01-01

    This concerns Windows PCs (XP, 2000, NT) which are NOT centrally managed at CERN for security patches, e.g. home PCs, experiment PCs, portables,... A security hole which can give full privileges on Windows systems needs to be URGENTLY patched. Details of the security hole and hotfix are at: http://cern.ch/it-div/news/hotfix-MS03-026.asp http://www.microsoft.com/technet/security/bulletin/MS03-026.asp

  5. Windows Security patch required

    CERN Multimedia

    2003-01-01

    This concerns Windows PCs (XP, 2000, NT) which are NOT centrally managed at CERN for security patches, e.g. home PCs, experiment PCs, portables, ... A security hole which can give full privileges on Windows systems needs to be URGENTLY patched. Details of the security hole and hotfix are at: http://cern.ch/it-div/news/hotfix-MS03-026.asp http://www.microsoft.com/technet/security/bulletin/MS03-026.asp

  6. Windows Security patch required

    CERN Multimedia

    2003-01-01

    This concerns Windows PCs (XP, 2000, NT) which are NOT centrally managed at CERN for security patches, e.g. home PCs, experiment PCs, portables,... A security hole which can give full privileges on Windows systems needs to be URGENTLY patched. Details of the security hole and hotfix are at: http://cern.ch/it-div/news/hotfix-MS03-026.asp http://www.microsoft.com/technet/security/bulletin/MS03-026.asp

  7. Security Requirements for Post-Transition Cuba

    National Research Council Canada - National Science Library

    Crowther, Glenn A

    2007-01-01

    .... With that change, Cuba's security requirements will change as well. This monograph analyzes security requirements that the new Cuba will face and proposes what missions and structure the Cuban security forces might have after a...

  8. Capturing security requirements for software systems

    Science.gov (United States)

    El-Hadary, Hassan; El-Kassas, Sherif

    2014-01-01

    Security is often an afterthought during software development. Realizing security early, especially in the requirement phase, is important so that security problems can be tackled early enough before going further in the process and avoid rework. A more effective approach for security requirement engineering is needed to provide a more systematic way for eliciting adequate security requirements. This paper proposes a methodology for security requirement elicitation based on problem frames. The methodology aims at early integration of security with software development. The main goal of the methodology is to assist developers elicit adequate security requirements in a more systematic way during the requirement engineering process. A security catalog, based on the problem frames, is constructed in order to help identifying security requirements with the aid of previous security knowledge. Abuse frames are used to model threats while security problem frames are used to model security requirements. We have made use of evaluation criteria to evaluate the resulting security requirements concentrating on conflicts identification among requirements. We have shown that more complete security requirements can be elicited by such methodology in addition to the assistance offered to developers to elicit security requirements in a more systematic way. PMID:25685514

  9. Cloud computing security requirements: a systematic review

    OpenAIRE

    Iankoulova, Iliana; Daneva, Maia; Rolland, C; Castro, J.; Pastor, O

    2012-01-01

    Many publications have dealt with various types of security requirements in cloud computing but not all types have been explored in sufficient depth. It is also hard to understand which types of requirements have been under-researched and which are most investigated. This paper's goal is to provide a comprehensive and structured overview of cloud computing security requirements and solutions. We carried out a systematic review and identified security requirements from previous publications th...

  10. Information technology - Security techniques - Information security management systems - Requirements

    CERN Document Server

    International Organization for Standardization. Geneva

    2005-01-01

    ISO/IEC 27001:2005 covers all types of organizations (e.g. commercial enterprises, government agencies, not-for profit organizations). ISO/IEC 27001:2005 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization's overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof. ISO/IEC 27001:2005 is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties. ISO/IEC 27001:2005 is intended to be suitable for several different types of use, including the following: use within organizations to formulate security requirements and objectives; use within organizations as a way to ensure that security risks are cost effectively managed; use within organizations to ensure comp...

  11. 24 CFR 201.24 - Security requirements.

    Science.gov (United States)

    2010-04-01

    ... manufactured home. (c) Recording and perfection of security. The lender shall assure that the legal description... 24 Housing and Urban Development 2 2010-04-01 2010-04-01 false Security requirements. 201.24... TITLE I PROPERTY IMPROVEMENT AND MANUFACTURED HOME LOANS Eligibility and Disbursement Requirements § 201...

  12. 7 CFR 764.355 - Security requirements.

    Science.gov (United States)

    2010-01-01

    ... as security, a certification of ownership in real estate is required. Certification of ownership may... estate in question and lists the balances due on all known debts against the real estate. Whenever the Agency is uncertain of the record owner or debts against the real estate security, a title search is...

  13. Security Requirements – Analysis of the Issue

    Directory of Open Access Journals (Sweden)

    Jhon Vincent

    2013-12-01

    Full Text Available Needs about security are matters little taken into account when managing requirements engineering , and when considered in the life cycle of the system , they tend to become a general list of functions, as password of protection , firewalls , virus detection tools , and other similar. But in fact, they cannot be considered as requirements of security, because they are implementation mechanisms to try to meet unspecified requirements, as an authenticated access. As a result, the security requirements for the system are ignored, which are required to protect essential services and assets, besides, when are specified, is not considered the prospect of future attacks. This paper describes the need for a systematic approach to managing security requirements engineering, in order to help avoid the problem of generic lists and take into account the future perspective. Several related approaches are described and also are provided references additional material that can help requirements engineers to ensure that their products be taken into account, effectively , the security requirements.

  14. Cloud computing security requirements: a systematic review

    NARCIS (Netherlands)

    Iankoulova, Iliana; Daneva, Maia; Rolland, C; Castro, J.; Pastor, O

    Many publications have dealt with various types of security requirements in cloud computing but not all types have been explored in sufficient depth. It is also hard to understand which types of requirements have been under-researched and which are most investigated. This paper's goal is to provide

  15. Argumentation-Based Security Requirements Elicitation: The Next Round

    NARCIS (Netherlands)

    Ionita, Dan; Bullee, Jan-Willem; Wieringa, Roelf J.

    2014-01-01

    Information Security Risk Assessment can be viewed as part of requirements engineering because it is used to translate security goals into security requirements, where security requirements are the desired system properties that mitigate threats to security goals. To improve the defensibility of

  16. Requirements For Security Sector Reform Success

    Science.gov (United States)

    2016-05-26

    democratic institutions, spur economic growth , trade, and investment, advance peace and security, and promote opportunity and development.2 This monograph... corruption and organized crime, and promoting economic opportunity.8 The 2012 US Strategy towards Sub-Saharan Africa contains four pillars to advance...enable good governance and economic growth in partnered nations that require external assistance to achieve those goals. These organizations work with

  17. Security Requirements Management in Software Product Line Engineering

    Science.gov (United States)

    Mellado, Daniel; Fernández-Medina, Eduardo; Piattini, Mario

    Security requirements engineering is both a central task and a critical success factor in product line development due to the complexity and extensive nature of product lines. However, most of the current product line practices in requirements engineering do not adequately address security requirements engineering. Therefore, in this chapter we will propose a security requirements engineering process (SREPPLine) driven by security standards and based on a security requirements decision model along with a security variability model to manage the variability of the artefacts related to security requirements. The aim of this approach is to deal with security requirements from the early stages of the product line development in a systematic way, in order to facilitate conformance with the most relevant security standards with regard to the management of security requirements, such as ISO/IEC 27001 and ISO/IEC 15408.

  18. 49 CFR 236.1033 - Communications and security requirements.

    Science.gov (United States)

    2010-10-01

    ... Train Control Systems § 236.1033 Communications and security requirements. (a) All wireless... 49 Transportation 4 2010-10-01 2010-10-01 false Communications and security requirements. 236.1033... exceeding the security strength required to protect the data as defined in the railroad's PTCSP and required...

  19. The Impact on IPO Performance of More Stringent Listing Rules with a Pre-listing Earnings Requirement: Evidence from Hong Kong

    OpenAIRE

    Wai-yan Cheng; Yan-leung Cheung; Yuen-ching Tse

    2005-01-01

    This study considers the impact of a change to listing rules covering IPO performance in the Hong Kong stock market. The change, introduced in 1994, imposed a three-year pre-listing earning requirement on new issues. The objective of this research is to screen out a subset of poor IPO performers. We find there is no significant difference in performance between IPOs before and after the regulatory change. We further divide our sample of IPOs registered before the regulatory change into two su...

  20. 31 CFR 203.21 - Collateral security requirements.

    Science.gov (United States)

    2010-07-01

    ... 31 Money and Finance: Treasury 2 2010-07-01 2010-07-01 false Collateral security requirements. 203... TREASURY TAX AND LOAN PROGRAM Investment Program and Collateral Security Requirements for TT&L Depositaries § 203.21 Collateral security requirements. Financial institutions that process EFTPS tax payments, but...

  1. Requirements of a Better Secure Program Coding

    Directory of Open Access Journals (Sweden)

    Marius POPA

    2012-01-01

    Full Text Available Secure program coding refers to how manage the risks determined by the security breaches because of the program source code. The papers reviews the best practices must be doing during the software development life cycle for secure software assurance, the methods and techniques used for a secure coding assurance, the most known and common vulnerabilities determined by a bad coding process and how the security risks are managed and mitigated. As a tool of the better secure program coding, the code review process is presented, together with objective measures for code review assurance and estimation of the effort for the code improvement.

  2. Pattern and security requirements engineering-based establishment of security standards

    CERN Document Server

    Beckers, Kristian

    2015-01-01

    Security threats are a significant problem for information technology companies today. This book focuses on how to mitigate these threats by using security standards and provides ways to address associated problems faced by engineers caused by ambiguities in the standards. The security standards are analysed, fundamental concepts of the security standards presented, and the relations to the elementary concepts of security requirements engineering (SRE) methods explored. Using this knowledge, engineers can build customised methods that support the establishment of security standards. Standard

  3. General Approaches and Requirements on Safety and Security of Radioactive Materials Transport in Russian Federation

    International Nuclear Information System (INIS)

    Ershov, V.N.; Buchel'nikov, A.E.; Komarov, S.V.

    2016-01-01

    Development and implementation of safety and security requirements for transport of radioactive materials in the Russian Federation are addressed. At the outset it is worth noting that the transport safety requirements implemented are in full accordance with the IAEA's ''Regulations for the Safe Transport of Radioactive Material (2009 Edition)''. However, with respect to security requirements for radioactive material transport in some cases the Russian Federation requirements for nuclear material are more stringent compared to IAEA recommendations. The fundamental principles of safety and security of RM managements, recommended by IAEA documents (publications No. SF-1 and GOV/41/2001) are compared. Its correlation and differences concerning transport matters, the current level and the possibility of harmonization are analysed. In addition a reflection of the general approaches and concrete transport requirements is being evaluated. Problems of compliance assessment, including administrative and state control problems for safety and security provided at internal and international shipments are considered and compared. (author)

  4. 20 CFR 209.3 - Social security number required.

    Science.gov (United States)

    2010-04-01

    ... 20 Employees' Benefits 1 2010-04-01 2010-04-01 false Social security number required. 209.3... RAILROAD EMPLOYERS' REPORTS AND RESPONSIBILITIES § 209.3 Social security number required. Each employer shall furnish to the Board a social security number for each employee for whom any report is submitted...

  5. Modelling Security Requirements Through Extending Scrum Agile Development Framework

    OpenAIRE

    Alotaibi, Minahi

    2016-01-01

    Security is today considered as a basic foundation in software development and therefore, the modelling and implementation of security requirements is an essential part of the production of secure software systems. Information technology organisations are moving towards agile development methods in order to satisfy customers' changing requirements in light of accelerated evolution and time restrictions with their competitors in software production. Security engineering is considered difficult...

  6. 7 CFR 762.126 - Security requirements.

    Science.gov (United States)

    2010-01-01

    ... have a higher lien priority (including purchase money interest) than an unguaranteed loan secured by... than or equal to 85 percent of the value of the security. Junior liens on crops or livestock products... instruments will not contain future advance clauses (except for taxes, insurance, or other reasonable costs to...

  7. 48 CFR 1337.110-70 - Personnel security processing requirements.

    Science.gov (United States)

    2010-10-01

    ... information technology (IT) system, as required by the Department of Commerce Security Manual and Department of Commerce Security Program Policy and Minimum Implementation Standards. (b) Insert clause 1352.237... as National Security Contracts that will be performed on or within a Department of Commerce facility...

  8. Decomposition of the Security Requirements for Connected Information Domains

    NARCIS (Netherlands)

    Schotanus, H.A.; Boonstra, D.; Broenink, E.G.

    2011-01-01

    The introduction of network enabled capabilities (NEC) changed the way defence organisations look at their IT infrastructure. Finding the right balance between security and duty-to-share has proven to be a difficult challenge. The situations are complex and may lead to high security requirements

  9. Security Requirements for One Stop Government

    Science.gov (United States)

    Schäfer, Georg E.

    The highest ranking e-government solutions are based on one-window, one-click or one stop government concepts. For Europe, the EU services directive sets new requirements for e-government, that have to be met till December 2009. Simple, easy to understand and complete information is one requirement. The other requirements are, that the services covered by this directive shall be available electronically and at a distance (which means mostly “by Internet”). Acceptable solutions are digitally signed mails and, as an alternative or supplement, transaction oriented online services. To implement this, a one stop government with document safe is best practice.

  10. Requirements for multimedia metadata schemes in surveillance applications for security

    NARCIS (Netherlands)

    Rest, J.H.C. van; Grootjen, F.A.; Grootjen, M.; Wijn, R.; Aarts, O.A.J.; Roelofs, M.L.; Burghouts, G.J.; Bouma, H.; Alic, L.; Kraaij, W.

    2013-01-01

    Surveillance for security requires communication between systems and humans, involves behavioural and multimedia research, and demands an objective benchmarking for the performance of system components.Metadata representation schemes are extremely important to facilitate (system) interoperability

  11. Information security requirements in patient-centred healthcare support systems.

    Science.gov (United States)

    Alsalamah, Shada; Gray, W Alex; Hilton, Jeremy; Alsalamah, Hessah

    2013-01-01

    Enabling Patient-Centred (PC) care in modern healthcare requires the flow of medical information with the patient between different healthcare providers as they follow the patient's treatment plan. However, PC care threatens the stability of the balance of information security in the support systems since legacy systems fall short of attaining a security balance when sharing their information due to compromises made between its availability, integrity, and confidentiality. Results show that the main reason for this is that information security implementation in discrete legacy systems focused mainly on information confidentiality and integrity leaving availability a challenge in collaboration. Through an empirical study using domain analysis, observations, and interviews, this paper identifies a need for six information security requirements in legacy systems to cope with this situation in order to attain the security balance in systems supporting PC care implementation in modern healthcare.

  12. Defining and Enforcing Hardware Security Requirements

    Science.gov (United States)

    2011-12-01

    The Nether - lands: Gordon and Breach, 1997. [26] M. Harrison, W. Ruzzo, and J. Ullman, “Protection in operating systems,” Communications of the ACM...Verification: Principles and Processes. Dordrecht, The Nether - lands: Springer, 2006. [70] M. Glinz, “On non-functional requirements,” IEEE

  13. 77 FR 71568 - Capital, Margin, and Segregation Requirements for Security-Based Swap Dealers and Major Security...

    Science.gov (United States)

    2012-12-03

    ...; ] SECURITIES AND EXCHANGE COMMISSION 17 CFR Part 240 RIN 3235-AL12 Capital, Margin, and Segregation... proposed capital and margin requirements for security-based swap dealers (``SBSDs'') and major security...

  14. How to Compare the Security Quality Requirements Engineering (SQUARE) Method with Other Methods

    National Research Council Canada - National Science Library

    Mead, Nancy R

    2007-01-01

    The Security Quality Requirements Engineering (SQUARE) method, developed at the Carnegie Mellon Software Engineering Institute, provides a systematic way to identify security requirements in a software development project...

  15. Security and Privacy in Video Surveillance: Requirements and Challenges

    DEFF Research Database (Denmark)

    Mahmood Rajpoot, Qasim; Jensen, Christian D.

    2014-01-01

    observed by the system. Several techniques to protect the privacy of individuals have therefore been proposed, but very little research work has focused on the specific security requirements of video surveillance data (in transit or in storage) and on authorizing access to this data. In this paper, we...... present a general model of video surveillance systems that will help identify the major security and privacy requirements for a video surveillance system and we use this model to identify practical challenges in ensuring the security of video surveillance data in all stages (in transit and at rest). Our......Use of video surveillance has substantially increased in the last few decades. Modern video surveillance systems are equipped with techniques that allow traversal of data in an effective and efficient manner, giving massive powers to operators and potentially compromising the privacy of anyone...

  16. 49 CFR 659.21 - System security plan: general requirements.

    Science.gov (United States)

    2010-10-01

    ... 49 Transportation 7 2010-10-01 2010-10-01 false System security plan: general requirements. 659.21 Section 659.21 Transportation Other Regulations Relating to Transportation (Continued) FEDERAL TRANSIT ADMINISTRATION, DEPARTMENT OF TRANSPORTATION RAIL FIXED GUIDEWAY SYSTEMS; STATE SAFETY OVERSIGHT Role of the...

  17. 77 FR 71369 - Capital, Margin, and Segregation Requirements for Security-Based Swap Dealers and Major Security...

    Science.gov (United States)

    2012-11-30

    ... From the Federal Register Online via the Government Publishing Office SECURITIES AND EXCHANGE COMMISSION 17 CFR Part 240 RIN 3235-AL12 Capital, Margin, and Segregation Requirements for Security-Based Swap Dealers and Major Security-Based Swap Participants and Capital Requirements for Broker-Dealers...

  18. 78 FR 4365 - Capital, Margin, and Segregation Requirements for Security-Based Swap Dealers and Major Security...

    Science.gov (United States)

    2013-01-22

    ... Securities and Exchange Commission (``Commission'') published in the Federal Register a proposed rule for... SECURITIES AND EXCHANGE COMMISSION 17 CFR Part 240 [Release No. 34-68660; File No. S7-08-12] RIN 3235-AL12 Capital, Margin, and Segregation Requirements for Security-Based Swap Dealers and Major...

  19. 75 FR 10973 - Hazardous Materials: Risk-Based Adjustment of Transportation Security Plan Requirements

    Science.gov (United States)

    2010-03-09

    ... materials that would be subject to security planning requirements under the NPRM. In this comment summary... would trigger security planning requirements for other classes of materials. Generally, the NPRM... concerning whether specific classes of materials should be subject to security planning requirements. 1...

  20. Requirements of a security framework for the semantic web

    CSIR Research Space (South Africa)

    Mbaya, IR

    2009-02-01

    Full Text Available introduce new security challenges. Consequently, security becomes a crucial factor for the adoption of the Semantic Web. There are existing suggested security frameworks for the Semantic Web, however none of these address all issues related to the Semantic...

  1. 33 CFR 104.305 - Vessel Security Assessment (VSA) requirements.

    Science.gov (United States)

    2010-07-01

    ... conducting the VSA, the Company Security Officer (CSO) must analyze the vessel background information and the... evaluates existing vessel protective measures, procedures, and operations for: (1) Ensuring performance of... alertness and performance; (iv) Security training deficiencies; and (v) Security equipment and systems...

  2. 77 FR 63849 - Facility Security Officer Training Requirements; Correction

    Science.gov (United States)

    2012-10-17

    ... DEPARTMENT OF HOMELAND SECURITY Coast Guard [Docket No. USCG-2012-0908] Facility Security Officer... comments; correction. SUMMARY: The Coast Guard published a notice of public meeting; request for comments... comments on the development of a Facility Security Officer training program. The notice contains an...

  3. 17 CFR 41.21 - Requirements for underlying securities.

    Science.gov (United States)

    2010-04-01

    ... underlying security is: (i) Common stock, (ii) Such other equity security as the Commission and the SEC jointly deem appropriate, or (iii) A note, bond, debenture, or evidence of indebtedness; and (3) The... Exchange Act of 1934; (3) The securities in the index are: (i) Common stock, (ii) Such other equity...

  4. 10 CFR 73.58 - Safety/security interface requirements for nuclear power reactors.

    Science.gov (United States)

    2010-01-01

    ... 10 Energy 2 2010-01-01 2010-01-01 false Safety/security interface requirements for nuclear power... PLANTS AND MATERIALS Physical Protection Requirements at Fixed Sites § 73.58 Safety/security interface... licensee shall assess and manage the potential for adverse effects on safety and security, including the...

  5. A Business Goal Driven Approach for Understanding and Specifying Information Security Requirements

    NARCIS (Netherlands)

    Su, X.; Bolzoni, D.; van Eck, Pascal

    In this paper we present an approach for specifying and prioritizing information security requirements in organizations. It is important to prioritize security requirements since hundred per cent security is not achievable and the limited resources available should be directed to satisfy the most

  6. 19 CFR 113.1 - Authority to require security or execution of bond.

    Science.gov (United States)

    2010-04-01

    ... 19 Customs Duties 1 2010-04-01 2010-04-01 false Authority to require security or execution of bond. 113.1 Section 113.1 Customs Duties U.S. CUSTOMS AND BORDER PROTECTION, DEPARTMENT OF HOMELAND SECURITY; DEPARTMENT OF THE TREASURY CUSTOMS BONDS General Provisions § 113.1 Authority to require security or...

  7. What Isn't Working and New Requirements. The Need to Harmonize Safety and Security Requirements

    International Nuclear Information System (INIS)

    Flory, D.

    2011-01-01

    The year 2011 marks the 50th anniversary of the first IAEA regulations governing the transport of radioactive material. However transport safety at the IAEA obviously predates this, since the regulations took time to develop. In 1957, GC. 1/1 already states: 'The Agency should undertake studies with a view to the establishment of regulations relating to the international transportation of radioactive materials. ...'. And goes further: 'The transport of radioisotopes and radiation sources has brought to light many problems and involves the need for uniform packaging and shipping regulations ... facilitate the acceptance of such materials by sea and air carriers'. This conference reiterates the challenge given then through the sub-title 'The next fifty years - Creating a Safe, Secure and Sustainable Framework'. Looking back, we can see that the sustainable framework was a goal in 1957, where radioactive material could be transported should it be desired. Since these early days we have added to safety the need to ensure security. However we still see the same calls today to eradicate denial of shipment, which might suggest we have not progressed. But the picture today is very different - we have today well established requirements for safe transport of radioactive material, and the recommendations for security in transport are coming of age for all radioactive materials. The outstanding issue would seem to be harmonisation, not just between safety and security in IAEA documents, but also harmonisation between Member States.

  8. What Isn’t Working and New Requirements. The Need to Harmonize Safety and Security Requirements

    International Nuclear Information System (INIS)

    Flory, D.

    2016-01-01

    This paper sets out the key issues for consideration at the transport conference. It will introduce each of the aspects of the framework for safe, secure and sustainable transport, building on the description of the existing situation presented in Session 1A. It will discuss purpose of the IAEA framework, and examine the scientific basis, the IAEA recommendations and requirements, the UN interface, the use of conventions, national implementation, industry compliance, communication and information, response and restoration. It will also look at the activities and related requirements outside of transport which could influence the transport frameworks either in a positive or negative manner. (author)

  9. 33 CFR 106.305 - Facility Security Assessment (FSA) requirements.

    Science.gov (United States)

    2010-07-01

    ... owner or operator must ensure that the Company Security Officer (CSO) analyzes the OCS facility...; (iii) The impact of watch-keeping duties and risk of fatigue on personnel alertness and performance...— (i) Ensuring performance of all security duties; (ii) Controlling access to the OCS facility through...

  10. 78 FR 77606 - Security Requirements for Facilities Storing Spent Nuclear Fuel

    Science.gov (United States)

    2013-12-24

    ... NUCLEAR REGULATORY COMMISSION 10 CFR Parts 72 and 73 [NRC-2009-0558] RIN 3150-AI78 Security... rulemaking that would revise the security requirements for storing spent nuclear fuel (SNF) in an independent... Nuclear Security and Incident Response, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001...

  11. 7 CFR 1781.9 - Security, feasibility, evidence of debt, title, insurance and other requirements.

    Science.gov (United States)

    2010-01-01

    ... AND DEVELOPMENT (RCD) LOANS AND WATERSHED (WS) LOANS AND ADVANCES § 1781.9 Security, feasibility, evidence of debt, title, insurance and other requirements. (a) Security. WS loans, WS advances, and RCD... secure a WS loan, WS advance, or RCD loan. These should be consistent with the applicable provisions of...

  12. 76 FR 12645 - Ownership Limitations and Governance Requirements for Security-Based Swap Clearing Agencies...

    Science.gov (United States)

    2011-03-08

    ... 3235-AK74 Ownership Limitations and Governance Requirements for Security- Based Swap Clearing Agencies... which such security- based swap dealer or major security-based swap participant has a material debt or... restrictions in Regulation MC with respect to the ownership and voting interests in and the governance of...

  13. 21 CFR 1301.71 - Security requirements generally.

    Science.gov (United States)

    2010-04-01

    ... buildings; (6) The type of vault, safe, and secure enclosures or other storage system (e.g., automatic...) The adequacy of key control systems and/or combination lock control systems; (9) The adequacy of...

  14. Information security governance: business requirements and research directions

    CSIR Research Space (South Africa)

    Höne, K

    2009-01-01

    Full Text Available minimum effort is being spent on the topics deemed important by the business community. Information Security Governance in general can benefit from an improved alignment between the needs of business and the outputs of the research community....

  15. 17 CFR 242.400 - Customer margin requirements for security futures-authority, purpose, interpretation, and scope.

    Science.gov (United States)

    2010-04-01

    ... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Customer margin requirements..., AND NMS AND CUSTOMER MARGIN REQUIREMENTS FOR SECURITY FUTURES Customer Margin Requirements for Security Futures § 242.400 Customer margin requirements for security futures—authority, purpose...

  16. 7 CFR 774.18 - Interest rate, terms and security requirements.

    Science.gov (United States)

    2010-01-01

    ... 7 Agriculture 7 2010-01-01 2010-01-01 false Interest rate, terms and security requirements. 774.18..., DEPARTMENT OF AGRICULTURE SPECIAL PROGRAMS EMERGENCY LOAN FOR SEED PRODUCERS PROGRAM § 774.18 Interest rate, terms and security requirements. (a) Interest rate. (1) The interest rate on the loan will be zero...

  17. 12 CFR 215.10 - Reporting requirement for credit secured by certain bank stock.

    Science.gov (United States)

    2010-01-01

    ... MEMBER BANKS (REGULATION O) § 215.10 Reporting requirement for credit secured by certain bank stock. Each... 12 Banks and Banking 2 2010-01-01 2010-01-01 false Reporting requirement for credit secured by certain bank stock. 215.10 Section 215.10 Banks and Banking FEDERAL RESERVE SYSTEM BOARD OF GOVERNORS OF...

  18. 48 CFR 1804.470 - Security requirements for unclassified information technology (IT) resources.

    Science.gov (United States)

    2010-10-01

    ... 48 Federal Acquisition Regulations System 6 2010-10-01 2010-10-01 true Security requirements for unclassified information technology (IT) resources. 1804.470 Section 1804.470 Federal Acquisition Regulations... Classified Information Within Industry 1804.470 Security requirements for unclassified information technology...

  19. 48 CFR 1352.239-72 - Security requirements for information technology resources.

    Science.gov (United States)

    2010-10-01

    ... information technology resources. 1352.239-72 Section 1352.239-72 Federal Acquisition Regulations System... Clauses 1352.239-72 Security requirements for information technology resources. As prescribed in 48 CFR 1339.270(b), insert the following clause: Security Requirements for Information Technology Resources...

  20. 14 CFR 1274.937 - Security requirements for unclassified information technology resources.

    Science.gov (United States)

    2010-01-01

    ... information technology resources. 1274.937 Section 1274.937 Aeronautics and Space NATIONAL AERONAUTICS AND... Conditions § 1274.937 Security requirements for unclassified information technology resources. Security Requirements for Unclassified Information Technology Resources July 2002 (a) The Recipient shall be responsible...

  1. Risk and Business Goal Based Security Requirement and Countermeasure Prioritization

    NARCIS (Netherlands)

    Herrmann, Andrea; Morali, A.; Etalle, Sandro; Wieringa, Roelf J.; Niedrite, Laila; Strazdina, Renate; Wangler, Benkt

    Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement “good-enough security‿ but need to be able to justify their security investment plans. Currently companies achieve this by means of

  2. 77 FR 61771 - Facility Security Officer Training Requirements

    Science.gov (United States)

    2012-10-11

    ... Administrator of the Department of Transportation in developing the FSO training curriculum. The purpose of the... with the Maritime Administrator of the Department of Transportation in developing the FSO training... Security Officer training program, with the primary focus on developing the curriculum for such a program...

  3. Automated analysis of security requirements through risk-based argumentation

    NARCIS (Netherlands)

    Yu, Yijun; Nunes Leal Franqueira, V.; Tun, Thein Tan; Wieringa, Roelf J.; Nuseibeh, Bashar

    2015-01-01

    Computer-based systems are increasingly being exposed to evolving security threats, which often reveal new vulnerabilities. A formal analysis of the evolving threats is difficult due to a number of practical considerations such as incomplete knowledge about the design, limited information about

  4. Security in transnational interoperable PPDR communications: Threats and requirements

    NARCIS (Netherlands)

    Ferrús, R.; Sallent, O.; Verkoelen, C.; Fransen, F.; Saijonmaa, J.; Olivieri, C.; Duits, M.; Galin, A.; Pangallo, F.; Modi, D.P.

    2015-01-01

    The relevance of cross border security operations has been identified as a priority at European level for a long time. A European network where Public Protection and Disaster Relief (PPDR) forces share communications processes and a legal framework would greatly enforce response to disaster recovery

  5. 33 CFR 105.305 - Facility Security Assessment (FSA) requirements.

    Science.gov (United States)

    2010-07-01

    ... dangerous goods and hazardous substances; (v) Delivery of vessel stores; (vi) Any facility security... use including the presence of stowaways; (v) Smuggling dangerous substances and devices to the... disruption, including disruption to transportation systems, of an attack on or at the facility; and (7...

  6. 76 FR 30204 - Exelon Nuclear, Dresden Nuclear Power Station, Unit 1; Exemption From Certain Security Requirements

    Science.gov (United States)

    2011-05-24

    ... NUCLEAR REGULATORY COMMISSION [Docket No. 50-010; NRC-2011-0108] Exelon Nuclear, Dresden Nuclear Power Station, Unit 1; Exemption From Certain Security Requirements 1.0 Background Exelon Nuclear is the... nuclear material are not inimical to the common defense and security and do not constitute an unreasonable...

  7. Leadership in organizations with high security and reliability requirements

    International Nuclear Information System (INIS)

    Gonzalez, F.

    2013-01-01

    Developing leadership skills in organizations is the key to ensure the sustainability of excellent results in industries with high requirements safety and reliability. In order to have a model of leadership development specific to this type of organizations, Tecnatom in 2011, we initiated a project internal, to find and adapt a competency model to these requirements.

  8. 76 FR 65542 - N.S. Savannah; Exemption From Certain Security Requirements

    Science.gov (United States)

    2011-10-21

    ... NUCLEAR REGULATORY COMMISSION [Docket No. 50-238; NRC-2011-0222] N.S. Savannah; Exemption From Certain Security Requirements 1.0 Background The U.S. Department of Transportation, Maritime [[Page 65543

  9. 48 CFR 52.204-2 - Security Requirements.

    Science.gov (United States)

    2010-10-01

    ... (CONTINUED) CLAUSES AND FORMS SOLICITATION PROVISIONS AND CONTRACT CLAUSES Text of Provisions and Clauses 52... this contract or any of its elements from an unclassified status or a lower classification to a higher... Requirements (AUG 1996) (a) This clause applies to the extent that this contract involves access to information...

  10. 17 CFR 41.42 - Customer margin requirements for security futures-authority, purpose, interpretation, and scope.

    Science.gov (United States)

    2010-04-01

    ... 17 Commodity and Securities Exchanges 1 2010-04-01 2010-04-01 false Customer margin requirements... Margin Requirements § 41.42 Customer margin requirements for security futures—authority, purpose... to regulate customer margin collected by brokers, dealers, and members of national securities...

  11. The effect of increasingly stringent diagnostic criteria on sex ...

    African Journals Online (AJOL)

    Sex differences in premorbid function and symptomatology were examined as increasingly stringent criteria for schizophrenia were applied to 182 male and 139 female . psychotic patients. The male/female ratio rose from 1.6 among those meeting the CATEGO 'broad' criteria for schizophrenia to 3.7 among those satisfying ...

  12. Circuitry linking the Csr and stringent response global regulatory systems.

    Science.gov (United States)

    Edwards, Adrianne N; Patterson-Fortin, Laura M; Vakulskas, Christopher A; Mercante, Jeffrey W; Potrykus, Katarzyna; Vinella, Daniel; Camacho, Martha I; Fields, Joshua A; Thompson, Stuart A; Georgellis, Dimitris; Cashel, Michael; Babitzke, Paul; Romeo, Tony

    2011-06-01

    CsrA protein regulates important cellular processes by binding to target mRNAs and altering their translation and/or stability. In Escherichia coli, CsrA binds to sRNAs, CsrB and CsrC, which sequester CsrA and antagonize its activity. Here, mRNAs for relA, spoT and dksA of the stringent response system were found among 721 different transcripts that copurified with CsrA. Many of the transcripts that copurified with CsrA were previously determined to respond to ppGpp and/or DksA. We examined multiple regulatory interactions between the Csr and stringent response systems. Most importantly, DksA and ppGpp robustly activated csrB/C transcription (10-fold), while they modestly activated csrA expression. We propose that CsrA-mediated regulation is relieved during the stringent response. Gel shift assays confirmed high affinity binding of CsrA to relA mRNA leader and weaker interactions with dksA and spoT. Reporter fusions, qRT-PCR and immunoblotting showed that CsrA repressed relA expression, and (p)ppGpp accumulation during stringent response was enhanced in a csrA mutant. CsrA had modest to negligible effects on dksA and spoT expression. Transcription of dksA was negatively autoregulated via a feedback loop that tended to mask CsrA effects. We propose that the Csr system fine-tunes the stringent response and discuss biological implications of the composite circuitry. © Published 2011. This article is a US Government work and is in the public domain in the USA.

  13. Meeting the security requirements of electronic medical records in the ERA of high-speed computing.

    Science.gov (United States)

    Alanazi, H O; Zaidan, A A; Zaidan, B B; Kiah, M L Mat; Al-Bakri, S H

    2015-01-01

    This study has two objectives. First, it aims to develop a system with a highly secured approach to transmitting electronic medical records (EMRs), and second, it aims to identify entities that transmit private patient information without permission. The NTRU and the Advanced Encryption Standard (AES) cryptosystems are secured encryption methods. The AES is a tested technology that has already been utilized in several systems to secure sensitive data. The United States government has been using AES since June 2003 to protect sensitive and essential information. Meanwhile, NTRU protects sensitive data against attacks through the use of quantum computers, which can break the RSA cryptosystem and elliptic curve cryptography algorithms. A hybrid of AES and NTRU is developed in this work to improve EMR security. The proposed hybrid cryptography technique is implemented to secure the data transmission process of EMRs. The proposed security solution can provide protection for over 40 years and is resistant to quantum computers. Moreover, the technique provides the necessary evidence required by law to identify disclosure or misuse of patient records. The proposed solution can effectively secure EMR transmission and protect patient rights. It also identifies the source responsible for disclosing confidential patient records. The proposed hybrid technique for securing data managed by institutional websites must be improved in the future.

  14. 78 FR 78470 - Registration and Financial Security Requirements for Freight Forwarders; International...

    Science.gov (United States)

    2013-12-26

    ...). See, e.g., Motor Carrier Financial Information Reporting Requirements-Request for Public Comments, 68...] Registration and Financial Security Requirements for Freight Forwarders; International Association of Movers... FURTHER INFORMATION CONTACT: Mr. Thomas Yager, Chief of Driver and Carrier Operations, (202) 366-4001 or...

  15. 78 FR 78472 - Registration and Financial Security Requirements for Brokers of Property and Freight Forwarders...

    Science.gov (United States)

    2013-12-26

    ...). See, e.g., Motor Carrier Financial Information Reporting Requirements-Request for Public Comments, 68...] Registration and Financial Security Requirements for Brokers of Property and Freight Forwarders; Association of...-9329. To avoid duplication, please use only one of these four methods. FOR FURTHER INFORMATION CONTACT...

  16. Using the AMAN-DA method to generate security requirements: a case study in the maritime domain

    OpenAIRE

    Souag, Amina; Mazo, Raúl; Salinesi, Camille; Comyn-Wattiau, Isabelle

    2017-01-01

    [Context and motivation] Security requirements are known to be " the most difficult of requirements types " , and potentially the ones causing the greatest risk if they are not correct. One approach to requirements elicitation is based on the reuse of explicit knowledge. AMAN-DA is a requirement elicitation method that reuses encapsulated knowledge in security and domain ontologies to produce security requirements specifications. [Question/Problem] The main research question addressed in this...

  17. Is ionizing radiation regulated more stringently than chemical carcinogens

    International Nuclear Information System (INIS)

    Travis, C.C.; Pack, S.R.; Hattemer-Frey, H.A.

    1989-01-01

    It is widely believed that United States government agencies regulate exposure to ionizing radiation more stringently than exposure to chemical carcinogens. It is difficult to verify this perception, however, because chemical carcinogens and ionizing radiation are regulated using vastly different strategies. Chemical carcinogens are generally regulated individually. Regulators consider the risk of exposure to one chemical rather than the cumulative radiation exposure from all sources. Moreover, standards for chemical carcinogens are generally set in terms of quantities released or resultant environmental concentrations, while standards for ionizing radiation are set in terms of dose to the human body. Since chemicals and ionizing radiation cannot be compared on the basis of equal dose to the exposed individual, standards regulating chemicals and ionizing radiation cannot be compared directly. It is feasible, however, to compare the two sets of standards on the basis of equal risk to the exposed individual, assuming that standards for chemicals and ionizing radiation are equivalent if estimated risk levels are equitable. This paper compares risk levels associated with current standards for ionizing radiation and chemical carcinogens. The authors do not attempt to determine whether either type of risk is regulated too stringently or not stringently enough but endeavor only to ascertain if ionizing radiation is actually regulated more strictly than chemical carcinogens

  18. Analysis of the security and privacy requirements of cloud-based electronic health records systems.

    Science.gov (United States)

    Rodrigues, Joel J P C; de la Torre, Isabel; Fernández, Gonzalo; López-Coronado, Miguel

    2013-08-21

    The Cloud Computing paradigm offers eHealth systems the opportunity to enhance the features and functionality that they offer. However, moving patients' medical information to the Cloud implies several risks in terms of the security and privacy of sensitive health records. In this paper, the risks of hosting Electronic Health Records (EHRs) on the servers of third-party Cloud service providers are reviewed. To protect the confidentiality of patient information and facilitate the process, some suggestions for health care providers are made. Moreover, security issues that Cloud service providers should address in their platforms are considered. To show that, before moving patient health records to the Cloud, security and privacy concerns must be considered by both health care providers and Cloud service providers. Security requirements of a generic Cloud service provider are analyzed. To study the latest in Cloud-based computing solutions, bibliographic material was obtained mainly from Medline sources. Furthermore, direct contact was made with several Cloud service providers. Some of the security issues that should be considered by both Cloud service providers and their health care customers are role-based access, network security mechanisms, data encryption, digital signatures, and access monitoring. Furthermore, to guarantee the safety of the information and comply with privacy policies, the Cloud service provider must be compliant with various certifications and third-party requirements, such as SAS70 Type II, PCI DSS Level 1, ISO 27001, and the US Federal Information Security Management Act (FISMA). Storing sensitive information such as EHRs in the Cloud means that precautions must be taken to ensure the safety and confidentiality of the data. A relationship built on trust with the Cloud service provider is essential to ensure a transparent process. Cloud service providers must make certain that all security mechanisms are in place to avoid unauthorized access

  19. 77 FR 52692 - NIST Federal Information Processing Standard (FIPS) 140-3 (Second Draft), Security Requirements...

    Science.gov (United States)

    2012-08-30

    ...-03] NIST Federal Information Processing Standard (FIPS) 140-3 (Second Draft), Security Requirements....'' Authority: Federal Information Processing Standards (FIPS) are issued by the National Institute of Standards... Standards and Technology (NIST) seeks additional comments on specific sections of Federal Information...

  20. 20 CFR 703.203 - Application for security deposit determination; information to be submitted; other requirements.

    Science.gov (United States)

    2010-04-01

    ... 20 Employees' Benefits 3 2010-04-01 2010-04-01 false Application for security deposit determination; information to be submitted; other requirements. 703.203 Section 703.203 Employees' Benefits... each insurance rating service designated by the Branch and posted on the Internet at http://www.dol.gov...

  1. 48 CFR 3052.204-70 - Security requirements for unclassified information technology resources.

    Science.gov (United States)

    2010-10-01

    ... unclassified information technology resources. 3052.204-70 Section 3052.204-70 Federal Acquisition Regulations... for unclassified information technology resources. As prescribed in (HSAR) 48 CFR 3004.470-3, insert a clause substantially the same as follows: Security Requirements for Unclassified Information Technology...

  2. 48 CFR 352.239-72 - Security requirements for Federal information technology resources.

    Science.gov (United States)

    2010-10-01

    ... Federal information technology resources. 352.239-72 Section 352.239-72 Federal Acquisition Regulations... Provisions and Clauses 352.239-72 Security requirements for Federal information technology resources. As... Federal Information Technology Resources (January 2010) (a) Applicability. This clause applies whether the...

  3. 48 CFR 652.239-71 - Security Requirements for Unclassified Information Technology Resources.

    Science.gov (United States)

    2010-10-01

    ... Unclassified Information Technology Resources. 652.239-71 Section 652.239-71 Federal Acquisition Regulations... Provisions and Clauses 652.239-71 Security Requirements for Unclassified Information Technology Resources. As... Technology Resources (SEP 2007) (a) General. The Contractor shall be responsible for information technology...

  4. 48 CFR 1252.239-70 - Security requirements for unclassified information technology resources.

    Science.gov (United States)

    2010-10-01

    ... unclassified information technology resources. 1252.239-70 Section 1252.239-70 Federal Acquisition Regulations... of Provisions and Clauses 1252.239-70 Security requirements for unclassified information technology... Unclassified Information Technology Resources (APR 2005) (a) The Contractor shall be responsible for...

  5. Model of assessment of requirements of privacy, security and quality of service for mobile medical applications

    Directory of Open Access Journals (Sweden)

    Edward Paul Guillen Pinto

    2017-08-01

    Full Text Available Introduction: The development of mobile technologies has facilitated the creation of mHealth applications, which are considered key tools for safe and quality care for patients from remote populations and with lack of infrastructure for the provision of health services. The article considers a proposal for an evaluation model that allows to determine weaknesses and vulnerabilities at the security level and quality of service (QoS in mHealth applications. Objective: To carry out an approximation of a model of analysis that supports the decision making, concerning the use and production of safe applications, minimizing the impact and the probability of occurrence of the risks of computer security. Materials and methods: The type of applied research is of a descriptive type, because each one details the characteristics that the mobile health applications must have to achieve an optimum level of safety. The methodology uses the rules that regulate applications and mixes them with techniques of security analysis, using the characterization of risks posed by Open Web Application Security Project-OWASP and the QoS requirements of the International Telecommunication Union-ITU. Results: An effective analysis was obtained in actual current applications, which shows their weaknesses and the aspects to be corrected to comply with appropriate security parameters. Conclusions: The model allows to evaluate the safety and quality of service (QoS requirements of mobile health applications that can be used to evaluate current applications or to generate the criteria before deployment.

  6. DOE Integrated Safeguards and Security (DISS) historical document archival and retrieval analysis, requirements and recommendations

    Energy Technology Data Exchange (ETDEWEB)

    Guyer, H.B.; McChesney, C.A.

    1994-10-07

    The overall primary Objective of HDAR is to create a repository of historical personnel security documents and provide the functionality needed for archival and retrieval use by other software modules and application users of the DISS/ET system. The software product to be produced from this specification is the Historical Document Archival and Retrieval Subsystem The product will provide the functionality to capture, retrieve and manage documents currently contained in the personnel security folders in DOE Operations Offices vaults at various locations across the United States. The long-term plan for DISS/ET includes the requirement to allow for capture and storage of arbitrary, currently undefined, clearance-related documents that fall outside the scope of the ``cradle-to-grave`` electronic processing provided by DISS/ET. However, this requirement is not within the scope of the requirements specified in this document.

  7. Theft of Virtual Property — Towards Security Requirements for Virtual Worlds

    Science.gov (United States)

    Beyer, Anja

    The article is focused to introduce the topic of information technology security for Virtual Worlds to a security experts’ audience. Virtual Worlds are Web 2.0 applications where the users cruise through the world with their individually shaped avatars to find either amusement, challenges or the next best business deal. People do invest a lot of time but beyond they invest in buying virtual assets like fantasy witcheries, wepaons, armour, houses, clothes,...etc with the power of real world money. Although it is called “virtual” (which is often put on the same level as “not existent”) there is a real value behind it. In November 2007 dutch police arrested a seventeen years old teenager who was suspicted to have stolen virtual items in a Virtual World called Habbo Hotel [Reuters07]. In order to successfully provide security mechanisms into Virtual Worlds it is necessarry to fully understand the domain for which the security mechansims are defined. As Virtual Worlds must be clasified into the domain of Social Software the article starts with an overview of how to understand Web 2.0 and gives a short introduction to Virtual Worlds. The article then provides a consideration of assets of Virtual Worlds participants, describes how these assets can be threatened and gives an overview of appopriate security requirements and completes with an outlook of possible countermeasures.

  8. New safety and security requirements for the transport of nuclear and other radioactive materials in Hungary

    International Nuclear Information System (INIS)

    Katona, T.; Horvath, K.; Safar, J.

    2016-01-01

    In addition to the promulgation of mode-specific regulations of international transport of dangerous goods, some Hungarian governmental and ministerial decrees impose further conditions upon the transport of nuclear and other radioactive materials. One of these ministerial decrees on the transport, carriage and packaging of radioactive materials is under revision and it will require • approval of emergency response plan (including security and safety contingency plan); • report on transport incidents and accidents for classifying them in accordance with the INES scale; • the competent authority to request experts’ support for the approval of package designs, radioactive material designs and shipments. Regarding the security of the transport of nuclear and other radioactive materials a new Hungarian governmental decree and a related guidance are about to be published which will supply additional requirements in the field of the transport security especially concerning radioactive materials, implementing - among others - IAEA recommendations of the NSS No9 and No14. The main and relevant features of the Hungarian nuclear regulatory system and the details of both new decrees regarding the safety and security issues of transport of nuclear and other radioactive materials will be discussed. (author)

  9. Incorporating Security Quality Requirements Engineering (SQUARE) into Standard Life-Cycle Models

    National Research Council Canada - National Science Library

    Mead, Nancy R; Viswanathan, Venkatesh; Padmanabhan, Deepa; Raveendran, Anusha

    2008-01-01

    ...). This report is for information technology managers and security professionals, management personnel with technical and information security knowledge, and any personnel who manage security-critical...

  10. Development of DSRC device and communication system performance measures recommendations for DSRC OBE performance and security requirements.

    Science.gov (United States)

    2016-05-22

    This report presents recommendations for minimum DSRC device communication performance and security : requirements to ensure effective operation of the DSRC system. The team identified recommended DSRC : communications requirements aligned to use cas...

  11. Comparison of urine iodine/creatinine ratio between patients following stringent and less stringent low iodine diet for radioiodine remnant ablation of thyroid cancer

    International Nuclear Information System (INIS)

    Roh, Jee Ho; Kim, Byung Il; Ha, Ji Su; Chang, Sei Joong; Shin, Hye Young; Choi, Joon Hyuk; Kim, Do Min; Kim, Chong Soon

    2006-01-01

    A low iodine diet (LID) for 1 ∼ 2 weeks is recommended for patients who undergoing radioiodine remnant ablation. However, the LID educations for patients are different among centers because there is no concrete recommendation for protocol of LID. In this investigation, we compared two representative types of LID protocols performed in several centers in Korea using urine iodine to creatinine tatio (urine I/Cr). From 2006, April to June, patients referred to our center for radioiodine remnant ablation of thyroid cancer from several local hospitals which had different LID protocols were included. We divided into two groups, stringent LID for 1 week and less stringent LID for 2 weeks, then measured their urine I/Cr ratio with spot urine when patients were admitted to the hospital. Total 27 patients were included in this investigation (M:F = 1:26; 13 in one-week stringent LID; 14 in two-week less stringent LID). Average of urine I/Cr ratio was 127.87 ± 78.52 μ g/g in stringent LID for 1 week, and 289.75 ± 188.24 μ g/g in less stringent LID for 2 weeks. It was significantly lower in stringent LID for 1 week group (ρ = 0.008). The number of patients whose urine I/Cr ratios were below 100 μ g/g was 6 of 13 in stringent LID for 1 week group, and 3 of 14 in less stringent LID for 2 weeks group. Stringent LID for 1 week resulted in better urinary I/Cr ratio in our investigation compared with the other protocol. However it still resulted in plenty of inadequate range of I/Cr ratio, so more stringent protocol such as stringent LID for 2 weeks is expected more desirable

  12. Security

    Science.gov (United States)

    Technology & Learning, 2008

    2008-01-01

    Anytime, anywhere, learning provides opportunities to create digital learning environments for new teaching styles and personalized learning. As part of making sure the program is effective, the safety and security of students and assets are essential--and mandated by law. The Children's Internet Protection Act (CIPA) addresses Internet content…

  13. NERSC Cyber Security Challenges That Require DOE Development andSupport

    Energy Technology Data Exchange (ETDEWEB)

    Draney, Brent; Campbell, Scott; Walter, Howard

    2007-01-16

    Traditional security approaches do not adequately addressall the requirements of open, scientific computing facilities. Many ofthe methods used for more restricted environments, including almost allcorporate/commercial systems, do not meet the needs of today's science.Use of only the available "state of the practice" commercial methods willhave adverse impact on the ability of DOE to accomplish its sciencegoals, and impacts the productivity of the DOE Science community. Inparticular, NERSC and other high performance computing (HPC) centers havespecial security challenges that are unlikely to be met unless DOE fundsdevelopment and support of reliable and effective tools designed to meetthe cyber security needs of High Performance Science. The securitychallenges facing NERSC can be collected into three basic problem sets:network performance and dynamics, application complexity and diversity,and a complex user community that can have transient affiliations withactual institutions. To address these problems, NERSC proposes thefollowing four general solutions: auditing user and system activityacross sites; firewall port configuration in real time;cross-site/virtual organization identity management and access control;and detecting security issues in application middleware. Solutions arealsoproposed for three general long term issues: data volume,application complexity, and information integration.

  14. Security

    OpenAIRE

    Leander, Anna

    2009-01-01

    This paper argues that security belongs to a specific category of commodities: “contested commodities” around which there is an ongoing and unsettled symbolic struggle over whether or not they can and should be though of as commodities (section 1). The contested nature of commodification has implications for how markets function; market practices tend to be defined and organized in ways that minimize their contentiousness and obfuscate their expansion. The paper looks at the implications of t...

  15. Control Systems Security Center Comparison Study of Industrial Control System Standards against the Control Systems Protection Framework Cyber-Security Requirements

    Energy Technology Data Exchange (ETDEWEB)

    Robert P. Evans

    2005-09-01

    Cyber security standards, guidelines, and best practices for control systems are critical requirements that have been delineated and formally recognized by industry and government entities. Cyber security standards provide a common language within the industrial control system community, both national and international, to facilitate understanding of security awareness issues but, ultimately, they are intended to strengthen cyber security for control systems. This study and the preliminary findings outlined in this report are an initial attempt by the Control Systems Security Center (CSSC) Standard Awareness Team to better understand how existing and emerging industry standards, guidelines, and best practices address cyber security for industrial control systems. The Standard Awareness Team comprised subject matter experts in control systems and cyber security technologies and standards from several Department of Energy (DOE) National Laboratories, including Argonne National Laboratory, Idaho National Laboratory, Pacific Northwest National Laboratory, and Sandia National Laboratories. This study was conducted in two parts: a standard identification effort and a comparison analysis effort. During the standard identification effort, the Standard Awareness Team conducted a comprehensive open-source survey of existing control systems security standards, regulations, and guidelines in several of the critical infrastructure (CI) sectors, including the telecommunication, water, chemical, energy (electric power, petroleum and oil, natural gas), and transportation--rail sectors and sub-sectors. During the comparison analysis effort, the team compared the requirements contained in selected, identified, industry standards with the cyber security requirements in ''Cyber Security Protection Framework'', Version 0.9 (hereafter referred to as the ''Framework''). For each of the seven sector/sub-sectors listed above, one standard was

  16. Teaching Case: IS Security Requirements Identification from Conceptual Models in Systems Analysis and Design: The Fun & Fitness, Inc. Case

    Science.gov (United States)

    Spears, Janine L.; Parrish, James L., Jr.

    2013-01-01

    This teaching case introduces students to a relatively simple approach to identifying and documenting security requirements within conceptual models that are commonly taught in systems analysis and design courses. An introduction to information security is provided, followed by a classroom example of a fictitious company, "Fun &…

  17. Safeguards and security requirements for weapons plutonium disposition in light water reactors

    International Nuclear Information System (INIS)

    Thomas, L.L.; Strait, R.S.

    1994-10-01

    This paper explores the issues surrounding the safeguarding of the plutonium disposition process in support of the United States nuclear weapons dismantlement program. It focuses on the disposition of the plutonium by burning mixed oxide fuel in light water reactors (LWR) and addresses physical protection, material control and accountability, personnel security and international safeguards. The S and S system needs to meet the requirements of the DOE Orders, NRC Regulations and international safeguards agreements. Experience has shown that incorporating S and S measures into early facility designs and integrating them into operations provides S and S that is more effective, more economical, and less intrusive. The plutonium disposition safeguards requirements with which the US has the least experience are the implementation of international safeguards on plutonium metal; the large scale commercialization of the mixed oxide fuel fabrication; and the transportation to and loading in the LWRs of fresh mixed oxide fuel. It is in these areas where the effort needs to be concentrated if the US is to develop safeguards and security systems that are effective and efficient

  18. Competence Requirements of ISO/IEC Standards for Information Security Professionals

    Directory of Open Access Journals (Sweden)

    Natalia G. Miloslavskaya

    2017-11-01

    Full Text Available The rapid progress in the filed of information security (IS puts one in a need of periodic revision of professional competencies (formulated in the federal state educational standards –FSESs and working functions (formulated in the professional standards – PSs. Under these conditions, a timely reaction to everything new that emerges or will appear in modern regulatory documents (primarily in standards is extremely important. We make a forecast for the content of the ISO/IEC 27021 and ISO/IEC 19896 standards drafted by the International Organization for Standardization (ISO, which should contain the requirements for the competencies of IS management system professionals and the competence of IS testers and evaluators. Our forecast takes into account the requirements of the ISO/IEC 27000 standard group and the recommendations of the European e-Competence Framework e-CF 3.0.

  19. 76 FR 15874 - Beneficial Ownership Reporting Requirements and Security-Based Swaps

    Science.gov (United States)

    2011-03-22

    ... (202) 551-3500, Division of Corporation Finance, U.S. Securities and Exchange Commission, 100 F Street...) analysis, such as counting beneficial ownership of those derivative securities exercisable or convertible... equity securities through the exercise or conversion of any derivative security, whether or not presently...

  20. 76 FR 34579 - Beneficial Ownership Reporting Requirements and Security-Based Swaps

    Science.gov (United States)

    2011-06-14

    ... (202) 551-3500, Division of Corporation Finance, U.S. Securities and Exchange Commission, 100 F Street... underlying derivative securities exercisable or convertible within 60 days,\\37\\ is imported into the ten... securities through the exercise or conversion of any derivative security, whether or not presently...

  1. AN ANALYSIS OF TECHNICAL SECURITY CONTROL REQUIREMENTS FOR DIGITAL I&C SYSTEMS IN NUCLEAR POWER PLANTS

    Directory of Open Access Journals (Sweden)

    JAE-GU SONG

    2013-10-01

    Full Text Available Instrumentation and control systems in nuclear power plants have been digitalized for the purpose of maintenance and precise operation. This digitalization, however, brings out issues related to cyber security. In the most recent past, international standard organizations, regulatory institutes, and research institutes have performed a number of studies addressing these systems cyber security. In order to provide information helpful to the system designers in their application of cyber security for the systems, this paper presents methods and considerations to define attack vectors in a target system, to review and select the requirements in the Regulatory Guide 5.71, and to integrate the results to identify applicable technical security control requirements. In this study, attack vectors are analyzed through the vulnerability analyses and penetration tests with a simplified safety system, and the elements of critical digital assets acting as attack vectors are identified. Among the security control requirements listed in Appendices B and C to Regulatory Guide 5.71, those that should be implemented into the systems are selected and classified in groups of technical security control requirements using the results of the attack vector analysis. For the attack vector elements of critical digital assets, all the technical security control requirements are evaluated to determine whether they are applicable and effective, and considerations in this evaluation are also discussed. The technical security control requirements in three important categories of access control, monitoring and logging, and encryption are derived and grouped according to the elements of attack vectors as results for the sample safety system.

  2. Role of the Stringent Stress Response in the Antibiotic Resistance Phenotype of Methicillin-Resistant Staphylococcus aureus.

    Science.gov (United States)

    Aedo, Sandra; Tomasz, Alexander

    2016-04-01

    Resistance to beta-lactam antibiotics in methicillin-resistantStaphylococcus aureus(MRSA) requires the presence of an acquired genetic determinant,mecAormecC, which encode penicillin-binding protein PBP2A or PBP2A', respectively. Although all MRSA strains share a mechanism of resistance, the phenotypic expression of beta-lactam resistance shows considerable strain-to-strain variation. The stringent stress response, a stress response that results from nutrient limitation, was shown to play a key role in determining the resistance level of an MRSA strain. In the present study, we validated the impact of the stringent stress response on transcription and translation ofmecAin the MRSA clinical isolate strain N315, which also carries known regulatory genes (mecI/mecR1/mecR2andblaI/blaR1) formecAtranscription. We showed that the impact of the stringent stress response on the resistance level may be restricted to beta-lactam resistance based on a "foreign" determinant such asmecA, as opposed to resistance based on mutations in the nativeS. aureusdeterminantpbpB(encoding PBP2). Our observations demonstrate that high-level resistance mediated by the stringent stress response follows the current model of beta-lactam resistance in which the native PBP2 protein is also essential for expression of the resistance phenotype. We also show that theStaphylococcus sciuri pbpDgene (also calledmecAI), the putative evolutionary precursor ofmecA, confers oxacillin resistance in anS. aureusstrain, generating a heterogeneous phenotype that can be converted to high and homogenous resistance by induction of the stringent stress response in the bacteria. Copyright © 2016, American Society for Microbiology. All Rights Reserved.

  3. 48 CFR 1352.237-70 - Security processing requirements-high or moderate risk contracts.

    Science.gov (United States)

    2010-10-01

    ... overseas, or to obtain access to a Department of Commerce IT system. All Department of Commerce security... facility or Department of Commerce IT system. (4) Security processing shall consist of limited personal... Department of Commerce facilities or denial of access to IT systems. (g) Access to National Security...

  4. 48 CFR 1852.204-76 - Security requirements for unclassified information technolocgy resources.

    Science.gov (United States)

    2010-10-01

    ...) Concept of Operations for reporting security incidents. Specifically, any confirmed incident of a system... annual IT security training in NASA IT Security policies, procedures, computer ethics, and best practices..., and/or web services) to someone other than themselves and takes or assumes the responsibility for the...

  5. An Assessment of the New York State Enhanced Security Guard Training Legislation and Its Efficacy on Security Officer Preparedness

    Science.gov (United States)

    2011-12-01

    stringent legislation in relation to training, background checks, and licensing /registration for private security personnel) (New York City Council, 2004...and possess the necessary certificates, licenses , and permits as required by the contract. Figure 2 shows the training and certification that FPS...businesses to large organizations, and fast-food franchises . The studies were conducted in England, France, Greece, and the United States. Some of

  6. Knowledge Base for an Intelligent System in order to Identify Security Requirements for Government Agencies Software Projects

    Directory of Open Access Journals (Sweden)

    Adán Beltrán G.

    2016-01-01

    Full Text Available It has been evidenced that one of the most common causes in the failure of software security is the lack of identification and specification of requirements for information security, it is an activity with an insufficient importance in the software development or software acquisition We propose the knowledge base of CIBERREQ. CIBERREQ is an intelligent knowledge-based system used for the identification and specification of security requirements in the software development cycle or in the software acquisition. CIBERREQ receives functional software requirements written in natural language and produces non-functional security requirements through a semi-automatic process of risk management. The knowledge base built is formed by an ontology developed collaboratively by experts in information security. In this process has been identified six types of assets: electronic data, physical data, hardware, software, person and service; as well as six types of risk: competitive disadvantage, loss of credibility, economic risks, strategic risks, operational risks and legal sanctions. In addition there are defined 95 vulnerabilities, 24 threats, 230 controls, and 515 associations between concepts. Additionally, automatic expansion was used with Wikipedia for the asset types Software and Hardware, obtaining 7125 and 5894 software and hardware subtypes respectively, achieving thereby an improvement of 10% in the identification of the information assets candidates, one of the most important phases of the proposed system.

  7. Security and functional requirements for the smart meter gateway; Sicherheitstechnische Vorgaben und funktionale Anforderungen an das Smart Meter Gateway

    Energy Technology Data Exchange (ETDEWEB)

    Bast, Holger; Vollmer, Stefan [Bundesamt fuer Sicherheit in der Informationstechnik, Bonn (Germany)

    2012-07-01

    The availability of smart metering for the majority of both private and corporate prosumers is an essential precondition to get smart grids into operation. However, several concerns about data protection and security issues of smart meters have been raised and discussed in German media. The German Federal Data Protection Commissioner argued that without any further precautions personal data processed in smart meters could be collected and misused by unauthorized third parties if there is no technical standard that specifies technical requirements for necessary data security functions combined with regulatory instruments to make them mandatory. The German Federal Office for Information Security develops a protection profile based on Common Criteria and Technical Guidelines that allow a comparable security certification of such devices. (orig.)

  8. Strategic information security

    CERN Document Server

    Wylder, John

    2003-01-01

    Introduction to Strategic Information SecurityWhat Does It Mean to Be Strategic? Information Security Defined The Security Professional's View of Information Security The Business View of Information SecurityChanges Affecting Business and Risk Management Strategic Security Strategic Security or Security Strategy?Monitoring and MeasurementMoving Forward ORGANIZATIONAL ISSUESThe Life Cycles of Security ManagersIntroductionThe Information Security Manager's Responsibilities The Evolution of Data Security to Information SecurityThe Repository Concept Changing Job Requirements Business Life Cycles

  9. BC3I: towards requirements specification for preparing an information security budget

    CSIR Research Space (South Africa)

    Dlamini, MT

    2009-07-01

    Full Text Available implementing a cost-effective and optimal information security budget; in a manner that preserve organisations’ information security posture and compliance status. Research reported on in this paper forms part of an ongoing project known as the BC3I (Broad...

  10. 12 CFR 350.12 - Disclosure required by applicable banking or securities law or regulations.

    Science.gov (United States)

    2010-01-01

    ... securities law or regulations. 350.12 Section 350.12 Banks and Banking FEDERAL DEPOSIT INSURANCE CORPORATION REGULATIONS AND STATEMENTS OF GENERAL POLICY DISCLOSURE OF FINANCIAL AND OTHER INFORMATION BY FDIC-INSURED... made under applicable banking or securities law or regulations. [62 FR 10201, Mar. 6, 1997] ...

  11. 77 FR 70213 - Capital, Margin, and Segregation Requirements for Security-Based Swap Dealers and Major Security...

    Science.gov (United States)

    2012-11-23

    .... VaR Models iv. Credit Risk Charges v. Capital Charge In Lieu of Margin Collateral vi. Treatment of Swaps c. Risk Management d. Funding Liquidity Stress Test Requirement e. Other Rule 15c3-1 Provisions... Haircuts iii. Capital Charge in Lieu of Margin Collateral iv. Credit Risk Charge v. Funding Liquidity...

  12. Maritime supply chain security: Navigating through a sea of compliance requirements

    Directory of Open Access Journals (Sweden)

    Emma Maspero

    2008-11-01

    Full Text Available As a direct result of the 9-11 New York attack all modes of freight and passengertransportation were scrutinised for vulnerabilities. Over 90% of international trade takes place via sea transport for at least some part of the supply chain and as a result there has been a drive to better secure maritime transportation. This paper outlines the background to and the rationale behind the most important of the new security measures for maritime transportation and provides an overview of the likely implications for supply chain role-players. In addition the paper endeavours to create awareness of the importance of maritime supply chain security.

  13. Maritime supply chain security: navigating through a sea of compliance requirements

    CSIR Research Space (South Africa)

    Maspero, EL

    2008-11-01

    Full Text Available plans • ship/port/company security officer assignment and responsibilities • training and drills • survey and certification Compliance to Part B of the ISPS code is not mandatory for Contracting Governments; rather it focuses on fleshing out... Global Supply Chain Management Forum, SGSCMF-W1-2004 Available online at: http://www.stanford.edu/group/scforum/Welcome/White%20Papers/SC_Security.pdf, 04/08/08 Lyndon B. Johnson School of Public Affairs. 2006. Port and supply-chain security...

  14. 75 FR 65881 - Ownership Limitations and Governance Requirements for Security-Based Swap Clearing Agencies...

    Science.gov (United States)

    2010-10-26

    ... responsible, fostering cooperation and coordination with persons engaged in the clearance and settlement of... decentralized, security-based swap clearing agencies would help to prevent a single market participant's failure...

  15. Texas should require homeland security standards for high-speed rail

    OpenAIRE

    Polunsky, Steven M.

    2015-01-01

    Approved for public release; distribution is unlimited A private corporation is proposing a high-speed intercity passenger train system to operate between Dallas and Houston usingJapanese technology and methods. This project brings with it an array of unique and unprecedented homeland security issues. Train bombings in Madrid and London and attacks on high-speed trains elsewhere raise questions about the security of such transportation. A modern high-speed rail system is a network of poten...

  16. Maritime supply chain security: Navigating through a sea of compliance requirements

    OpenAIRE

    Emma Maspero; Esbeth van Dyk; Hans Ittmann

    2008-01-01

    As a direct result of the 9-11 New York attack all modes of freight and passengertransportation were scrutinised for vulnerabilities. Over 90% of international trade takes place via sea transport for at least some part of the supply chain and as a result there has been a drive to better secure maritime transportation. This paper outlines the background to and the rationale behind the most important of the new security measures for maritime transportation and provides an overview of the likely...

  17. Rapid species responses to changes in climate require stringent climate protection targets

    NARCIS (Netherlands)

    Vliet, van A.J.H.; Leemans, R.

    2006-01-01

    The Avoiding Dangerous Climate Change book consolidates the scientific findings of the Exeter conference and gives an account of the most recent developments on critical thresholds and key vulnerabilities of the climate system, impacts on human and natural systems, emission pathways and

  18. A rapid response air quality analysis system for use in projects having stringent quality assurance requirements

    International Nuclear Information System (INIS)

    Bowman, A.W.

    1990-01-01

    This paper describes an approach to solve air quality problems which frequently occur during iterations of the baseline change process. From a schedule standpoint, it is desirable to perform this evaluation in as short a time as possible while budgetary pressures limit the size of the staff available to do the work. Without a method in place to deal with baseline change proposal requests the environment analysts may not be able to produce the analysis results in the time frame expected. Using a concept called the Rapid Response Air Quality Analysis System (RAAS), the problems of timing and cost become tractable. The system could be adapted to assess other atmospheric pathway impacts, e.g., acoustics or visibility. The air quality analysis system used to perform the EA analysis (EA) for the Salt Repository Project (part of the Civilian Radioactive Waste Management Program), and later to evaluate the consequences of proposed baseline changes, consists of three components: Emission source data files; Emission rates contained in spreadsheets; Impact assessment model codes. The spreadsheets contain user-written codes (macros) that calculate emission rates from (1) emission source data (e.g., numbers and locations of sources, detailed operating schedules, and source specifications including horsepower, load factor, and duty cycle); (2) emission factors such as those published by the U.S. Environmental Protection Agency, and (3) control efficiencies

  19. Food and nutritional security requires adequate protein as well as energy, delivered from whole-year crop production

    DEFF Research Database (Denmark)

    Coles, Graeme D; Wratten, Stephen D; Porter, John Roy

    2016-01-01

    Human food security requires the production of sufficient quantities of both high-quality protein and dietary energy. In a series of case-studies from New Zealand, we show that while production of food ingredients from crops on arable land can meet human dietary energy requirements effectively...... and nutritional security will largely be an outcome of national or regional agroeconomies addressing their own food needs. We hope that our model will be used for similar analyses of food production systems in other countries, agroecological zones and economies....... with an accompanying economic analysis of commercially-available, pre-prepared or simply-cooked foods that can be produced from our case-study crop and animal products. We calculate the per-person, per-day cost of both quality-corrected protein and dietary energy as provided in the processed foods. We conclude...

  20. 78 FR 48218 - Emergency Order Establishing Additional Requirements for Attendance and Securement of Certain...

    Science.gov (United States)

    2013-08-07

    ... for more than one hour, setting of the automatic brake and independent brake on any locomotive..., and position of the automatic brake valve of an unattended locomotive. See Sec. 232.103(n)(4). In FRA... terminal. The employees responsible for securing the train or vehicles must lock the controlling locomotive...

  1. RiskREP: Risk-Based Security Requirements Elicitation and Prioritization

    NARCIS (Netherlands)

    Herrmann, Andrea; Morali, A.; Etalle, Sandro; Wieringa, Roelf J.; Niedrite, Laila; Strazdina, Renate; Wangler, Benkt

    2011-01-01

    Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement “good-enough security‿ but need to be able to justify their security investment plans. In this paper, we present a Risk-Based

  2. 49 CFR 1572.9 - Applicant information required for HME security threat assessment.

    Science.gov (United States)

    2010-10-01

    ...) Has not been adjudicated as lacking mental capacity or committed to a mental health facility... lacking mental capacity, or committed to a mental health facility. (c) The applicant must certify and date... security threat assessment. Routine Uses: Routine uses of this information include disclosure to the FBI to...

  3. Technology transfer of dynamic IT outsourcing requires security measures in SLAs

    NARCIS (Netherlands)

    F. Dickmann (Frank); M. Brodhun (Maximilian); J. Falkner (Jürgen); T.A. Knoch (Tobias); U. Sax (Ulrich)

    2010-01-01

    textabstractFor the present efforts in dynamic IT outsourcing environments like Grid or Cloud computing security and trust are ongoing issues. SLAs are a proved remedy to build up trust in outsourcing relations. Therefore, it is necessary to determine whether SLAs can improve trust from the

  4. Towards security requirements: Iconicity as a feature of an informal modeling language

    NARCIS (Netherlands)

    Vasenev, Alexandr; Ionita, Dan; Zoppi, Tomasso; Ceccarelli, Andrea; Wieringa, Roelf J.

    2017-01-01

    Self-adaptive systems need to be designed with respect to threats within their operating conditions. Identifying such threats during the design phase can benefit from the involvement of stakeholders. Using a system model, the stakeholders, who may neither be IT experts nor security experts, can

  5. Requirements, model and prototype for a multi-utility locational and security information hub.

    Science.gov (United States)

    2015-11-01

    This project lays the foundation for building an exchange hub for locational and security data and risk assessment of potential excavation work. It acts primarily at 2 stages: upstream of the mark-out process, as a decision support tool to help strea...

  6. Interpretive Analysis of the Joint Maritime Command Information System (JMCIS) Sensitive Compartmented Information (SCI) Local Area Network (LAN) security Requirements

    Science.gov (United States)

    1994-09-01

    38 A. WHAT IS COMPUTER SECURITY? ......................................... 39 1. S ecrecy...by potential enemies. 38 A. WHAT IS COMPUTER SECURITY? There are many definitions of computer security, but in the simplest terms, computer security

  7. Rapid Curtailing of the Stringent Response by Toxin-Antitoxin Encoded mRNases

    DEFF Research Database (Denmark)

    Tian, Chengzhe; Roghanian, Mohammad; Jørgensen, Mikkel Girke

    2016-01-01

    Escherichia coli regulates its metabolism to adapt to changes in the environment, in particular to stressful downshifts in nutrient quality. Such shifts elicit the so-called stringent response coordinated by the alarmone guanosine tetra- and pentaphosphate [(p)ppGpp]. At sudden amino-acid (aa......RNase-encoding TA modules present in the wt strain. This observation suggested that toxins are part of the negative feedback to control the (p)ppGpp level during early stringent response. We built a ribosome trafficking model to evaluate the fold of increase in the RelA activity just after the onset of aa...... %. IMPORTANCE: The early stringent response elicited by amino-acid starvation is controlled by a sharp increase of the cellular (p)ppGpp level. Toxin-antitoxin encoded mRNases are activated by (p)ppGpp through enhanced degradation of antitoxins. The present work shows that this activation happens at a very...

  8. Strong tobacco control program requirements and secure funding are not enough: lessons from Florida.

    Science.gov (United States)

    Kennedy, Allison; Sullivan, Sarah; Hendlin, Yogi; Barnes, Richard; Glantz, Stanton

    2012-05-01

    Florida's Tobacco Pilot Program (TPP; 1998-2003), with its edgy Truth media campaign, achieved unprecedented youth smoking reductions and became a model for tobacco control programming. In 2006, 3 years after the TPP was defunded, public health groups restored funding for tobacco control programming by convincing Florida voters to amend their constitution. Despite the new program's strong legal structure, Governor Charlie Crist's Department of Health implemented a low-impact program. Although they secured the program's strong structure and funding, Florida's nongovernmental public health organizations did not mobilize to demand a high-impact program. Implementation of Florida's Amendment 4 demonstrates that a strong programmatic structure and secure funding are insufficient to ensure a successful public health program, without external pressure from nongovernmental groups.

  9. Phylogenetic analysis of proteins involved in the stringent response in plant cells.

    Science.gov (United States)

    Ito, Doshun; Ihara, Yuta; Nishihara, Hidenori; Masuda, Shinji

    2017-07-01

    The nucleotide (p)ppGpp is a second messenger that controls the stringent response in bacteria. The stringent response modifies expression of a large number of genes and metabolic processes and allows bacteria to survive under fluctuating environmental conditions. Recent genome sequencing analyses have revealed that genes responsible for the stringent response are also found in plants. These include (p)ppGpp synthases and hydrolases, RelA/SpoT homologs (RSHs), and the pppGpp-specific phosphatase GppA/Ppx. However, phylogenetic relationship between enzymes involved in bacterial and plant stringent responses is as yet generally unclear. Here, we investigated the origin and evolution of genes involved in the stringent response in plants. Phylogenetic analysis and primary structures of RSH homologs from different plant phyla (including Embryophyta, Charophyta, Chlorophyta, Rhodophyta and Glaucophyta) indicate that RSH gene families were introduced into plant cells by at least two independent lateral gene transfers from the bacterial Deinococcus-Thermus phylum and an unidentified bacterial phylum; alternatively, they were introduced into a proto-plant cell by a lateral gene transfer from the endosymbiotic cyanobacterium followed by gene loss of an ancestral RSH gene in the cyanobacterial linage. Phylogenetic analysis of gppA/ppx families indicated that plant gppA/ppx homologs form an individual cluster in the phylogenetic tree, and show a sister relationship with some bacterial gppA/ppx homologs. Although RSHs contain a plastidial transit peptide at the N terminus, GppA/Ppx homologs do not, suggesting that plant GppA/Ppx homologs function in the cytosol. These results reveal that a proto-plant cell obtained genes for the stringent response by lateral gene transfer events from different bacterial phyla and have utilized them to control metabolism in plastids and the cytosol.

  10. Food and nutritional security requires adequate protein as well as energy, delivered from whole-year crop production.

    Science.gov (United States)

    Coles, Graeme D; Wratten, Stephen D; Porter, John R

    2016-01-01

    Human food security requires the production of sufficient quantities of both high-quality protein and dietary energy. In a series of case-studies from New Zealand, we show that while production of food ingredients from crops on arable land can meet human dietary energy requirements effectively, requirements for high-quality protein are met more efficiently by animal production from such land. We present a model that can be used to assess dietary energy and quality-corrected protein production from various crop and crop/animal production systems, and demonstrate its utility. We extend our analysis with an accompanying economic analysis of commercially-available, pre-prepared or simply-cooked foods that can be produced from our case-study crop and animal products. We calculate the per-person, per-day cost of both quality-corrected protein and dietary energy as provided in the processed foods. We conclude that mixed dairy/cropping systems provide the greatest quantity of high-quality protein per unit price to the consumer, have the highest food energy production and can support the dietary requirements of the highest number of people, when assessed as all-year-round production systems. Global food and nutritional security will largely be an outcome of national or regional agroeconomies addressing their own food needs. We hope that our model will be used for similar analyses of food production systems in other countries, agroecological zones and economies.

  11. Food and nutritional security requires adequate protein as well as energy, delivered from whole-year crop production

    Directory of Open Access Journals (Sweden)

    Graeme D. Coles

    2016-07-01

    Full Text Available Human food security requires the production of sufficient quantities of both high-quality protein and dietary energy. In a series of case-studies from New Zealand, we show that while production of food ingredients from crops on arable land can meet human dietary energy requirements effectively, requirements for high-quality protein are met more efficiently by animal production from such land. We present a model that can be used to assess dietary energy and quality-corrected protein production from various crop and crop/animal production systems, and demonstrate its utility. We extend our analysis with an accompanying economic analysis of commercially-available, pre-prepared or simply-cooked foods that can be produced from our case-study crop and animal products. We calculate the per-person, per-day cost of both quality-corrected protein and dietary energy as provided in the processed foods. We conclude that mixed dairy/cropping systems provide the greatest quantity of high-quality protein per unit price to the consumer, have the highest food energy production and can support the dietary requirements of the highest number of people, when assessed as all-year-round production systems. Global food and nutritional security will largely be an outcome of national or regional agroeconomies addressing their own food needs. We hope that our model will be used for similar analyses of food production systems in other countries, agroecological zones and economies.

  12. Energy Security Requires Diversity: An Argument for The Defense Production Act Title III Biofuel Initiative

    Science.gov (United States)

    2013-06-19

    speeches/su80jec.phtml. 39 Steven R. Weisman, Reagan Says U.S. Would Bar a Takeover in Saudi Arabia that Impeded Flow of Oil, THE NEW YORK TIMES...October 2, 1981, available at http://www.nytimes.com/1981/10/02/world/reagan-says-us-would-bar-a- takeover -in- saudi-arabia-that-imperiled-flow-of-oil.html...of the Naval strategist Alfred Thayer Mahan, the U.S. secured a network of naval bases, including Guam, Guantanamo Bay, Hawaii and Puerto Rico

  13. More options and better job security required in career paths of physiotherapist researchers: an observational study.

    Science.gov (United States)

    Bernhardt, Julie; Tang, Lili Shyn-Li

    2008-01-01

    What career paths have physiotherapist researchers taken? What should career paths for physiotherapist researchers look like? Observational study with questionnaire. Australian physiotherapists who had a completed a Doctor of Philosophy degree by 2006. Fifty-six of 87 physiotherapists with a doctorate degree (response rate 64%) completed the questionnaire. Over half had completed the doctorate since 2000. An interest in clinical research was the strongest driver for undertaking a doctorate degree. Of the respondents, 52% worked in traditional academic roles while those who pursued other mixed clinical/research or pure research paths reported a lack of job security; 38% continued to work clinically, with a further 43% reporting they would like to but had insufficient time or a career structure that did not allow clinical work. 54% felt that the profession valued research, while 63% felt that research was valued by clinicians. The four main suggestions for improving current research career paths were: 1) develop research careers that allow mixed clinical/research and academic/clinical roles; 2) improve funding for training, particularly post-doctoral positions, and secure appropriately funded physiotherapy research positions; 3) improve co-operation between academic (university) and clinical researchers; and 4) develop more flexible research careers to accommodate private practitioner researchers and others wishing to combine clinical work with teaching and research. Physiotherapist researchers need broader career options and seek greater opportunity to link with clinical practice. Encouraging a vibrant research culture should foster professional excellence and enhance our reputation in the community.

  14. The stringent response regulates adaptation to darkness in the cyanobacterium Synechococcus elongatus.

    Science.gov (United States)

    Hood, Rachel D; Higgins, Sean A; Flamholz, Avi; Nichols, Robert J; Savage, David F

    2016-08-16

    The cyanobacterium Synechococcus elongatus relies upon photosynthesis to drive metabolism and growth. During darkness, Synechococcus stops growing, derives energy from its glycogen stores, and greatly decreases rates of macromolecular synthesis via unknown mechanisms. Here, we show that the stringent response, a stress response pathway whose genes are conserved across bacteria and plant plastids, contributes to this dark adaptation. Levels of the stringent response alarmone guanosine 3'-diphosphate 5'-diphosphate (ppGpp) rise after a shift from light to dark, indicating that darkness triggers the same response in cyanobacteria as starvation in heterotrophic bacteria. High levels of ppGpp are sufficient to stop growth and dramatically alter many aspects of cellular physiology, including levels of photosynthetic pigments and polyphosphate, DNA content, and the rate of translation. Cells unable to synthesize ppGpp display pronounced growth defects after exposure to darkness. The stringent response regulates expression of a number of genes in Synechococcus, including ribosomal hibernation promoting factor (hpf), which causes ribosomes to dimerize in the dark and may contribute to decreased translation. Although the metabolism of Synechococcus differentiates it from other model bacterial systems, the logic of the stringent response remains remarkably conserved, while at the same time having adapted to the unique stresses of the photosynthetic lifestyle.

  15. Structural characterization of the stringent response related exopolyphosphatase/guanosine pentaphosphate phosphohydrolase protein family

    DEFF Research Database (Denmark)

    Kristensen, Ole; Laurberg, Martin; Liljas, Anders

    2004-01-01

    Exopolyphosphatase/guanosine pentaphosphate phosphohydrolase (PPX/GPPA) enzymes play central roles in the bacterial stringent response induced by starvation. The high-resolution crystal structure of the putative Aquifex aeolicus PPX/GPPA phosphatase from the actin-like ATPase domain superfamily h...

  16. Game Theory Meets Wireless Sensor Networks Security Requirements and Threats Mitigation: A Survey

    Directory of Open Access Journals (Sweden)

    Mohamed S. Abdalzaher

    2016-06-01

    Full Text Available We present a study of using game theory for protecting wireless sensor networks (WSNs from selfish behavior or malicious nodes. Due to scalability, low complexity and disseminated nature of WSNs, malicious attacks can be modeled effectively using game theory. In this study, we survey the different game-theoretic defense strategies for WSNs. We present a taxonomy of the game theory approaches based on the nature of the attack, whether it is caused by an external attacker or it is the result of an internal node acting selfishly or maliciously. We also present a general trust model using game theory for decision making. We, finally, identify the significant role of evolutionary games for WSNs security against intelligent attacks; then, we list several prospect applications of game theory to enhance the data trustworthiness and node cooperation in different WSNs.

  17. Game Theory Meets Wireless Sensor Networks Security Requirements and Threats Mitigation: A Survey.

    Science.gov (United States)

    Abdalzaher, Mohamed S; Seddik, Karim; Elsabrouty, Maha; Muta, Osamu; Furukawa, Hiroshi; Abdel-Rahman, Adel

    2016-06-29

    We present a study of using game theory for protecting wireless sensor networks (WSNs) from selfish behavior or malicious nodes. Due to scalability, low complexity and disseminated nature of WSNs, malicious attacks can be modeled effectively using game theory. In this study, we survey the different game-theoretic defense strategies for WSNs. We present a taxonomy of the game theory approaches based on the nature of the attack, whether it is caused by an external attacker or it is the result of an internal node acting selfishly or maliciously. We also present a general trust model using game theory for decision making. We, finally, identify the significant role of evolutionary games for WSNs security against intelligent attacks; then, we list several prospect applications of game theory to enhance the data trustworthiness and node cooperation in different WSNs.

  18. Node security

    CERN Document Server

    Barnes, Dominic

    2013-01-01

    A practical and fast-paced guide that will give you all the information you need to secure your Node applications.If you are a developer who wishes to secure your Node applications, whether you are already using Node Security in production, or are considering using it for your next project, then this book will enable you to ensure security of your applications. An understanding of JavaScript is a prerequisite, and some experience with Node is recommended, though not required.

  19. 17 CFR 240.15g-9 - Sales practice requirements for certain low-priced securities.

    Science.gov (United States)

    2010-04-01

    ...) Obtain from the person information concerning the person's financial situation, investment experience, and investment objectives; (2) Reasonably determine, based on the information required by paragraph (b... accurately reflect the person's financial situation, investment experience, and investment objectives; and (4...

  20. Securing Mobile Networks in an Operational Setting

    Science.gov (United States)

    Ivancic, William D.; Stewart, David H.; Bell, Terry L.; Paulsen, Phillip E.; Shell, Dan

    2004-01-01

    This paper describes a network demonstration and three month field trial of mobile networking using mobile-IPv4. The network was implemented as part of the US Coast Guard operational network which is a ".mil" network and requires stringent levels of security. The initial demonstrations took place in November 2002 and a three month field trial took place from July through September of 2003. The mobile network utilized encryptors capable of NSA-approved Type 1 algorithms, mobile router from Cisco Systems and 802.11 and satellite wireless links. This paper also describes a conceptual architecture for wide-scale deployment of secure mobile networking in operational environments where both private and public infrastructure is used. Additional issues presented include link costs, placement of encryptors and running routing protocols over layer-3 encryption devices.

  1. Improving Deterministic Reserve Requirements for Security Constrained Unit Commitment and Scheduling Problems in Power Systems

    Science.gov (United States)

    Wang, Fengyu

    Traditional deterministic reserve requirements rely on ad-hoc, rule of thumb methods to determine adequate reserve in order to ensure a reliable unit commitment. Since congestion and uncertainties exist in the system, both the quantity and the location of reserves are essential to ensure system reliability and market efficiency. The modeling of operating reserves in the existing deterministic reserve requirements acquire the operating reserves on a zonal basis and do not fully capture the impact of congestion. The purpose of a reserve zone is to ensure that operating reserves are spread across the network. Operating reserves are shared inside each reserve zone, but intra-zonal congestion may block the deliverability of operating reserves within a zone. Thus, improving reserve policies such as reserve zones may improve the location and deliverability of reserve. As more non-dispatchable renewable resources are integrated into the grid, it will become increasingly difficult to predict the transfer capabilities and the network congestion. At the same time, renewable resources require operators to acquire more operating reserves. With existing deterministic reserve requirements unable to ensure optimal reserve locations, the importance of reserve location and reserve deliverability will increase. While stochastic programming can be used to determine reserve by explicitly modelling uncertainties, there are still scalability as well as pricing issues. Therefore, new methods to improve existing deterministic reserve requirements are desired. One key barrier of improving existing deterministic reserve requirements is its potential market impacts. A metric, quality of service, is proposed in this thesis to evaluate the price signal and market impacts of proposed hourly reserve zones. Three main goals of this thesis are: 1) to develop a theoretical and mathematical model to better locate reserve while maintaining the deterministic unit commitment and economic dispatch

  2. Regional, national and international security requirements for the transport of nuclear cargo by sea

    Energy Technology Data Exchange (ETDEWEB)

    Booker, P.A.; Barnwell, I. [Marine Operations, BNFL International Transport and British Nuclear Group Security (United Kingdom)

    2004-07-01

    Since the beginning of the nuclear age in the 1940's, the world has focused on the immense possibilities of nuclear power with both its destructive and productive capabilities. The civil nuclear industry in the UK, as in most nuclear weapons states, grew from the military facilities built in the post war years under the political climate of the Cold War. In the early years of the industry, civil and defence nuclear facilities were inextricably linked both in public perceptions and the regulatory infrastructure under which they operated. The nuclear arms race and the spread of communism overshadowed people's perceptions of there being two separate uses of nuclear material. This was a double edged sword which initially allowed the industry to develop largely unhindered by public concerns but latterly meant the industry could not break away from its roots and to many is still perceived as a dangerous and destructive force. Regulatory frameworks governing all aspects of the industry have developed both nationally and internationally driven by valid public concerns, political agendas and an international consensus that the unregulated use of nuclear material has catastrophic possibilities on an international scale. With the internationalisation of the civil nuclear industry and the costs associated with developing facilities to fully support each stage of the fuel cycle, from enrichment, fuel manufacturing, reprocessing and waste remediation, it became inevitable that a transport infrastructure would develop to make best use of the facilities. Regulations, both national and international are implicit in ensuring the security of nuclear material in transit. Due to the physical size of many of the irradiated fuel packages and implications of the changes to transport safety regulations, international transports of nuclear material, other than within mainland Europe, is predominantly carried out by sea.

  3. Regional, national and international security requirements for the transport of nuclear cargo by sea

    International Nuclear Information System (INIS)

    Booker, P.A.; Barnwell, I.

    2004-01-01

    Since the beginning of the nuclear age in the 1940's, the world has focused on the immense possibilities of nuclear power with both its destructive and productive capabilities. The civil nuclear industry in the UK, as in most nuclear weapons states, grew from the military facilities built in the post war years under the political climate of the Cold War. In the early years of the industry, civil and defence nuclear facilities were inextricably linked both in public perceptions and the regulatory infrastructure under which they operated. The nuclear arms race and the spread of communism overshadowed people's perceptions of there being two separate uses of nuclear material. This was a double edged sword which initially allowed the industry to develop largely unhindered by public concerns but latterly meant the industry could not break away from its roots and to many is still perceived as a dangerous and destructive force. Regulatory frameworks governing all aspects of the industry have developed both nationally and internationally driven by valid public concerns, political agendas and an international consensus that the unregulated use of nuclear material has catastrophic possibilities on an international scale. With the internationalisation of the civil nuclear industry and the costs associated with developing facilities to fully support each stage of the fuel cycle, from enrichment, fuel manufacturing, reprocessing and waste remediation, it became inevitable that a transport infrastructure would develop to make best use of the facilities. Regulations, both national and international are implicit in ensuring the security of nuclear material in transit. Due to the physical size of many of the irradiated fuel packages and implications of the changes to transport safety regulations, international transports of nuclear material, other than within mainland Europe, is predominantly carried out by sea

  4. 77 FR 35259 - Guidance on Due Diligence Requirements in Determining Whether Securities Are Eligible for Investment

    Science.gov (United States)

    2012-06-13

    ... understand the quality of the X underwriting of the underlying collateral as well as any risk concentrations... requirements in assessing credit risk for portfolio investments. Today, the OCC is issuing final guidance that...: Kerri Corn, Director for Market Risk, or Michael Drennan, Senior Advisor, Credit and Market Risk...

  5. 76 FR 73777 - Guidance on Due Diligence Requirements in Determining Whether Investment Securities Are Eligible...

    Science.gov (United States)

    2011-11-29

    ... understand the quality of the X underwriting of the underlying collateral as well as any risk concentrations... requirements in assessing credit risk for portfolio investments. DATES: Comments must be received December 29...: Kerri Corn, Director for Market Risk, Credit and Market Risk Division, (202) 874-4660; or Carl Kaminski...

  6. Basic requirements to be established in a norm of radiologic security for operation of measuring equipment

    International Nuclear Information System (INIS)

    Milagros Ruiz, M.; Cateriano, Miguel A.

    2001-01-01

    According to the requirements in Argentina, each user of radioactive material must have a specific Authorization and a person who acts as the responsible for these material. But there is not any specific norm for each one. Dew to what we said before, it is necessary to make a rule to Industrials Uses. That is why this paper tries to establish the basis to do it. (author)

  7. 15 CFR 744.11 - License requirements that apply to entities acting contrary to the national security or foreign...

    Science.gov (United States)

    2010-01-01

    ... entities acting contrary to the national security or foreign policy interests of the United States. 744.11... national security or foreign policy interests of the United States. BIS may impose foreign policy export... to United States national security or foreign policy interests or enabling such transfer, service...

  8. Perceptions of self-drive tourists along the Alaska-Canada border toward the increased security requirements of the western hemisphere travel initiative

    Science.gov (United States)

    Nicholas Palso

    2009-01-01

    This study explores the attitudes and feelings of self-drive tourists who cross the Alaska-Canada border about the increased security requirements of the Western Hemisphere Travel Initiative (WHTI), and how such attitudes and feelings may impact the tourism industry in this region. Results of a 2007 survey suggest that implementation of passport requirements will have...

  9. The Stringent Response Induced by Phosphate Limitation Promotes Purine Salvage in Agrobacterium fabrum.

    Science.gov (United States)

    Sivapragasam, Smitha; Deochand, Dinesh K; Meariman, Jacob K; Grove, Anne

    2017-10-31

    Agrobacterium fabrum induces tumor growth in susceptible plant species. The upregulation of virulence genes that occurs when the bacterium senses plant-derived compounds is enhanced by acidic pH and limiting inorganic phosphate. Nutrient starvation may also trigger the stringent response, and purine salvage is among the pathways expected to be favored under such conditions. We show here that phosphate limitation induces the stringent response, as evidenced by production of (p)ppGpp, and that the xdhCSML operon encoding the purine salvage enzyme xanthine dehydrogenase is upregulated ∼15-fold. The xdhCSML operon is under control of the TetR family transcription factor XdhR; direct binding of ppGpp to XdhR attenuates DNA binding, and the enhanced xdhCSML expression correlates with increased cellular levels of (p)ppGpp. Xanthine dehydrogenase may also divert purines away from salvage pathways to form urate, the ligand for the transcription factor PecS, which in the plant pathogen Dickeya dadantii is a key regulator of virulence gene expression. However, urate levels remain low under conditions that produce increased levels of xdhCSML expression, and neither acidic pH nor limiting phosphate results in induction of genes under control of PecS. Instead, expression of such genes is induced only by externally supplemented urate. Taken together, our data indicate that purine salvage is favored during the stringent response induced by phosphate starvation, suggesting that control of this pathway may constitute a novel approach to modulating virulence. Because bacterial purine catabolism appears to be unaffected, as evidenced by the absence of urate accumulation, we further propose that the PecS regulon is induced by only host-derived urate.

  10. Information security fundamentals

    CERN Document Server

    Peltier, Thomas R

    2013-01-01

    Developing an information security program that adheres to the principle of security as a business enabler must be the first step in an enterprise's effort to build an effective security program. Following in the footsteps of its bestselling predecessor, Information Security Fundamentals, Second Edition provides information security professionals with a clear understanding of the fundamentals of security required to address the range of issues they will experience in the field.The book examines the elements of computer security, employee roles and r

  11. Security for grids

    Energy Technology Data Exchange (ETDEWEB)

    Humphrey, Marty; Thompson, Mary R.; Jackson, Keith R.

    2005-08-14

    Securing a Grid environment presents a distinctive set of challenges. This paper groups the activities that need to be secured into four categories: naming and authentication; secure communication; trust, policy, and authorization; and enforcement of access control. It examines the current state of the art in securing these processes and introduces new technologies that promise to meet the security requirements of Grids more completely.

  12. Security and privacy requirements for a multi-institutional cancer research data grid: an interview-based study

    Directory of Open Access Journals (Sweden)

    Weems William A

    2009-06-01

    security officers, directors of offices of research, information security officers and university legal counsel. Nineteen total interviews were conducted over a period of 16 weeks. Respondents provided answers for all four scenarios (a total of 87 questions. Results were grouped by broad themes, including among others: governance, legal and financial issues, partnership agreements, de-identification, institutional technical infrastructure for security and privacy protection, training, risk management, auditing, IRB issues, and patient/subject consent. Conclusion The findings suggest that with additional work, large scale federated sharing of data within a regulated environment is possible. A key challenge is developing suitable models for authentication and authorization practices within a federated environment. Authentication – the recognition and validation of a person's identity – is in fact a global property of such systems, while authorization – the permission to access data or resources – mimics data sharing agreements in being best served at a local level. Nine specific recommendations result from the work and are discussed in detail. These include: (1 the necessity to construct separate legal or corporate entities for governance of federated sharing initiatives on this scale; (2 consensus on the treatment of foreign and commercial partnerships; (3 the development of risk models and risk management processes; (4 development of technical infrastructure to support the credentialing process associated with research including human subjects; (5 exploring the feasibility of developing large-scale, federated honest broker approaches; (6 the development of suitable, federated identity provisioning processes to support federated authentication and authorization; (7 community development of requisite HIPAA and research ethics training modules by federation members; (8 the recognition of the need for central auditing requirements and authority, and; (9 use of two

  13. Security and privacy requirements for a multi-institutional cancer research data grid: an interview-based study.

    Science.gov (United States)

    Manion, Frank J; Robbins, Robert J; Weems, William A; Crowley, Rebecca S

    2009-06-15

    Data protection is important for all information systems that deal with human-subjects data. Grid-based systems--such as the cancer Biomedical Informatics Grid (caBIG)--seek to develop new mechanisms to facilitate real-time federation of cancer-relevant data sources, including sources protected under a variety of regulatory laws, such as HIPAA and 21CFR11. These systems embody new models for data sharing, and hence pose new challenges to the regulatory community, and to those who would develop or adopt them. These challenges must be understood by both systems developers and system adopters. In this paper, we describe our work collecting policy statements, expectations, and requirements from regulatory decision makers at academic cancer centers in the United States. We use these statements to examine fundamental assumptions regarding data sharing using data federations and grid computing. An interview-based study of key stakeholders from a sample of US cancer centers. Interviews were structured, and used an instrument that was developed for the purpose of this study. The instrument included a set of problem scenarios--difficult policy situations that were derived during a full-day discussion of potentially problematic issues by a set of project participants with diverse expertise. Each problem scenario included a set of open-ended questions that were designed to elucidate stakeholder opinions and concerns. Interviews were transcribed verbatim and used for both qualitative and quantitative analysis. For quantitative analysis, data was aggregated at the individual or institutional unit of analysis, depending on the specific interview question. Thirty-one (31) individuals at six cancer centers were contacted to participate. Twenty-four out of thirty-one (24/31) individuals responded to our request- yielding a total response rate of 77%. Respondents included IRB directors and policy-makers, privacy and security officers, directors of offices of research, information

  14. Security and privacy requirements for a multi-institutional cancer research data grid: an interview-based study

    Science.gov (United States)

    2009-01-01

    Background Data protection is important for all information systems that deal with human-subjects data. Grid-based systems – such as the cancer Biomedical Informatics Grid (caBIG) – seek to develop new mechanisms to facilitate real-time federation of cancer-relevant data sources, including sources protected under a variety of regulatory laws, such as HIPAA and 21CFR11. These systems embody new models for data sharing, and hence pose new challenges to the regulatory community, and to those who would develop or adopt them. These challenges must be understood by both systems developers and system adopters. In this paper, we describe our work collecting policy statements, expectations, and requirements from regulatory decision makers at academic cancer centers in the United States. We use these statements to examine fundamental assumptions regarding data sharing using data federations and grid computing. Methods An interview-based study of key stakeholders from a sample of US cancer centers. Interviews were structured, and used an instrument that was developed for the purpose of this study. The instrument included a set of problem scenarios – difficult policy situations that were derived during a full-day discussion of potentially problematic issues by a set of project participants with diverse expertise. Each problem scenario included a set of open-ended questions that were designed to elucidate stakeholder opinions and concerns. Interviews were transcribed verbatim and used for both qualitative and quantitative analysis. For quantitative analysis, data was aggregated at the individual or institutional unit of analysis, depending on the specific interview question. Results Thirty-one (31) individuals at six cancer centers were contacted to participate. Twenty-four out of thirty-one (24/31) individuals responded to our request- yielding a total response rate of 77%. Respondents included IRB directors and policy-makers, privacy and security officers, directors of

  15. Dual Regulation of Bacillus subtilis kinB Gene Encoding a Sporulation Trigger by SinR through Transcription Repression and Positive Stringent Transcription Control

    Directory of Open Access Journals (Sweden)

    Yasutaro Fujita

    2017-12-01

    Full Text Available It is known that transcription of kinB encoding a trigger for Bacillus subtilis sporulation is under repression by SinR, a master repressor of biofilm formation, and under positive stringent transcription control depending on the adenine species at the transcription initiation nucleotide (nt. Deletion and base substitution analyses of the kinB promoter (PkinB region using lacZ fusions indicated that either a 5-nt deletion (Δ5, nt -61/-57, +1 is the transcription initiation nt or the substitution of G at nt -45 with A (G-45A relieved kinB repression. Thus, we found a pair of SinR-binding consensus sequences (GTTCTYT; Y is T or C in an inverted orientation (SinR-1 between nt -57/-42, which is most likely a SinR-binding site for kinB repression. This relief from SinR repression likely requires SinI, an antagonist of SinR. Surprisingly, we found that SinR is essential for positive stringent transcription control of PkinB. Electrophoretic mobility shift assay (EMSA analysis indicated that SinR bound not only to SinR-1 but also to SinR-2 (nt -29/-8 consisting of another pair of SinR consensus sequences in a tandem repeat arrangement; the two sequences partially overlap the ‘-35’ and ‘-10’ regions of PkinB. Introduction of base substitutions (T-27C C-26T in the upstream consensus sequence of SinR-2 affected positive stringent transcription control of PkinB, suggesting that SinR binding to SinR-2 likely causes this positive control. EMSA also implied that RNA polymerase and SinR are possibly bound together to SinR-2 to form a transcription initiation complex for kinB transcription. Thus, it was suggested in this work that derepression of kinB from SinR repression by SinI induced by Spo0A∼P and occurrence of SinR-dependent positive stringent transcription control of kinB might induce effective sporulation cooperatively, implying an intimate interplay by stringent response, sporulation, and biofilm formation.

  16. Security during the Construction of New Nuclear Power Plants: Technical Basis for Access Authorization and Fitness-For-Duty Requirements

    Energy Technology Data Exchange (ETDEWEB)

    Branch, Kristi M.; Baker, Kathryn A.

    2009-09-01

    A technical letter report to the NRC summarizing the findings of a benchmarking study, literature review, and workshop with experts on current industry standards and expert judgments about needs for security during the construction phase of critical infrastructure facilities in the post-September 11 U.S. context, with a special focus on the construction phase of nuclear power plants and personnel security measures.

  17. Air Cargo Security

    Science.gov (United States)

    2007-07-30

    security identification display areas ( SIDAs ). This effectively elevates the required security measures for these cargo handling areas and requires...monitoring. Additional technologies, such as computer algorithms for highlighting potential threat objects, may also be considered to aid human observers

  18. Cyber Safety and Security for Reduced Crew Operations (RCO)

    Science.gov (United States)

    Driscoll, Kevin

    2017-01-01

    NASA and the Aviation Industry is looking into reduced crew operations (RCO) that would cut today's required two-person flight crews down to a single pilot with support from ground-based crews. Shared responsibility across air and ground personnel will require highly reliable and secure data communication and supporting automation, which will be safety-critical for passenger and cargo aircraft. This paper looks at the different types and degrees of authority delegation given from the air to the ground and the ramifications of each, including the safety and security hazards introduced, the mitigation mechanisms for these hazards, and other demands on an RCO system architecture which would be highly invasive into (almost) all safety-critical avionics. The adjacent fields of unmanned aerial systems and autonomous ground vehicles are viewed to find problems that RCO may face and related aviation accident scenarios are described. The paper explores possible data communication architectures to meet stringent performance and information security (INFOSEC) requirements of RCO. Subsequently, potential challenges for RCO data communication authentication, encryption and non-repudiation are identified. The approach includes a comprehensive safety-hazard analysis of the RCO system to determine top level INFOSEC requirements for RCO and proposes an option for effective RCO implementation. This paper concludes with questioning the economic viability of RCO in light of the expense of overcoming the operational safety and security hazards it would introduce.

  19. Security authentication using the reflective glass pattern imaging effect.

    Science.gov (United States)

    Zhu, Ji Cheng; Shen, Su; Wu, Jian Hong

    2015-11-01

    The reflective glass pattern imaging effect is investigated experimentally for the utility in forming a synthetic 3D image as a security authentication device in this Letter. An array of homogeneously randomly distributed reflective elements and a corresponding micropattern array are integrated onto a thin layer of polyester film aiming to create a vivid image floating over a substrate surface, which can be clearly visible to the naked eye. By using the reflective-type configuration, the micro-optic system can be realized on a thinner substrate and is immune to external stain due to its flat working plane. A novel gravure-like doctor blading technique can realize a resolution up to 12,000 dpi and a stringent 2D alignment requirement should be imposed. Such devices can find applications in document security and banknotes or other valuable items to protect them against forgery.

  20. Air Quality and Health Benefits of China's Recent Stringent Environmental Policy

    Science.gov (United States)

    Zheng, Y.; Xue, T.; Zhang, Q.; Geng, G.; He, K.

    2016-12-01

    Aggressive emission control measures were taken by China's central and local governments after the promulgation of the "Air Pollution Prevention and Control Action Plan" in 2013. We evaluated the air quality and health benefits of this ever most stringent air pollution control policy during 2013-2015 by utilizing a two-stage data fusion model and newly-developed cause-specific integrated exposure-response functions (IER) developed for the Global Burden of Disease (GBD). The two-stage data fusion model predicts spatiotemporal continuous PM2.5 (particulate matter with aerodynamic diameter less than 2.5 µm) concentrations by integrating satellite-derived aerosol optical depth (AOD) measurements, PM2.5 concentrations from measurement and air quality model, and other ancillary information. During the years of analysis, PM2.5 concentration dropped significantly on national average and over heavily polluted regions as identified by Mann-Kendall analysis. The national PM2.5-attributable mortality decreased by 72.8 (95% CI: 59.4, 85.2) thousand (6%) from 1.23 (95% CI: 1.06, 1.39) million in 2013 to 1.15 (95% CI: 0.98, 1.31) million in 2015 due to considerable reduction (i.e. 18%) of population-weighted PM2.5 from 61.4 to 50.5 µg/m3. Meteorological variations between 2013 and 2015 were estimated to raise the PM2.5 levels by 0.24 µg/m3 and national mortality by 2.1 (95% CI: 1.6, 2.6) thousand through sensitivity tests, which implies the dominant role of anthropogenic impacts on PM2.5 abatement and attributable mortality reduction. Our study affirms the effectiveness of China's recent air quality policy, however, due to the possible supralinear shape of C-R functions, health benefits induced by air quality improvement in these years are limited. We therefore appeal for continuous implementation of current policies and further stringent measures from both air quality improvement and public health protection perspectives.

  1. Quality of Security Service: Adaptive Security

    National Research Council Canada - National Science Library

    Levin, Timothy E; Irvine, Cynthia E; Spyropoulou, Evdoxia

    2004-01-01

    The premise of Quality of Security Service is that system and network management functions can be more effective if variable levels of security services and requirements can be presented to users or network tasks...

  2. WORKSTATION SECURITY ENSURANCE

    OpenAIRE

    Hudoklin, Alenka; Stadler, Alenka

    1998-01-01

    A methodology for the ensured security of a workstation connected in a computer network with in an organization is presented. A technique for the determination of the required security level for a workstation's tangible and intangible components is described. A set of security measures for each security level of the workstation's tangible and intangible components is selected. The methodology is applied to workstations in the computer network of a Slovenian state agency. The required security...

  3. Does dishonesty really invite third-party punishment? Results of a more stringent test.

    Science.gov (United States)

    Konishi, Naoki; Ohtsubo, Yohsuke

    2015-05-01

    Many experiments have demonstrated that people are willing to incur cost to punish norm violators even when they are not directly harmed by the violation. Such altruistic third-party punishment is often considered an evolutionary underpinning of large-scale human cooperation. However, some scholars argue that previously demonstrated altruistic third-party punishment against fairness-norm violations may be an experimental artefact. For example, envy-driven retaliatory behaviour (i.e. spite) towards better-off unfair game players may be misidentified as altruistic punishment. Indeed, a recent experiment demonstrated that participants ceased to inflict third-party punishment against an unfair player once a series of key methodological problems were systematically controlled for. Noticing that a previous finding regarding apparently altruistic third-party punishment against honesty-norm violations may have been subject to methodological issues, we used a different and what we consider to be a more sound design to evaluate these findings. Third-party punishment against dishonest players withstood this more stringent test. © 2015 The Author(s) Published by the Royal Society. All rights reserved.

  4. Emission reductions in transition economies: A result of output contraction or more stringent environmental policy?

    Energy Technology Data Exchange (ETDEWEB)

    Zugravu, N.; Millock, K. [University Paris 1 Pantheon-Sorbonne (France); Duchene, G. [University Paris 12, Creteil (France)

    2007-07-01

    Countries in Central and Eastern Europe significantly reduced their CO{sub 2} emissions between 1996 and 2001. Was this emission reduction just the fortuitous result of the major economic transformation undergone by those countries in the transition away from a centralized plan economy? Or is the emission reduction rather a result of more stringent environmental policy? The objective of the article is to answer this question through a model of the relation between environmental quality and enforcement, on the one hand, and environmental quality and economic growth, on the other hand. The authors develop structural equations for the demand (emissions) and supply (environmental stringency) of pollution. The supply equation takes into account the institutional quality of the country (control of corruption and political stability) as well as consumer preferences for environmental quality, as proxied by per capita revenue and unemployment. The system is estimated by three stage least squares on a sample of three groups of countries for comparative analysis: Central and Eastern European countries, Western European countries, and emerging economies. The results indicate that, all else equal, the scale effect on its own would have increased industrial CO{sub 2} emissions in the Central and Eastern European countries in the sample by 44.6% between 1996 and 2001. The composition effect accounted for a corresponding reduction in emissions by 16%. The technique effect had the largest marginal impact, corresponding to a 37.4% reduction in emissions.

  5. Bulk development and stringent selection of microsatellite markers in the western flower thrips Frankliniella occidentalis.

    Science.gov (United States)

    Cao, Li-Jun; Li, Ze-Min; Wang, Ze-Hua; Zhu, Liang; Gong, Ya-Jun; Chen, Min; Wei, Shu-Jun

    2016-05-20

    Recent improvements in next-generation sequencing technologies have enabled investigation of microsatellites on a genome-wide scale. Faced with a huge amount of candidates, the use of appropriate marker selection criteria is crucial. Here, we used the western flower thrips Frankliniella occidentalis for an empirical microsatellite survey and validation; 132,251 candidate microsatellites were identified, 92,102 of which were perfect. Dinucleotides were the most abundant category, while (AG)n was the most abundant motif. Sixty primer pairs were designed and validated in two natural populations, of which 30 loci were polymorphic, stable, and repeatable, but not all in Hardy-Weinberg equilibrium (HWE) and linkage equilibrium. Four marker panels were constructed to understand effect of marker selection on population genetic analyses: (i) only accept loci with single nucleotide insertions (SNI); (ii) only accept the most polymorphic loci (MP); (iii) only accept loci that did not deviate from HWE, did not show SNIs, and had unambiguous peaks (SS) and (iv) all developed markers (ALL). Although the MP panel resulted in microsatellites of highest genetic diversity followed by the SNI, the SS performed best in individual assignment. Our study proposes stringent criteria for selection of microsatellites from a large-scale number of genomic candidates for population genetic studies.

  6. The Stringent Response Promotes Antibiotic Resistance Dissemination by Regulating Integron Integrase Expression in Biofilms

    Directory of Open Access Journals (Sweden)

    Emilie Strugeon

    2016-08-01

    Full Text Available Class 1 integrons are genetic systems that enable bacteria to capture and express gene cassettes. These integrons, when isolated in clinical contexts, most often carry antibiotic resistance gene cassettes. They play a major role in the dissemination of antibiotic resistance among Gram-negative bacteria. The key element of integrons is the integrase, which allows gene cassettes to be acquired and shuffled. Planktonic culture experiments have shown that integrase expression is regulated by the bacterial SOS response. In natural settings, however, bacteria generally live in biofilms, which are characterized by strong antibiotic resilience and by increased expression of stress-related genes. Here, we report that under biofilm conditions, the stringent response, which is induced upon starvation, (i increases basal integrase and SOS regulon gene expression via induction of the SOS response and (ii exerts biofilm-specific regulation of the integrase via the Lon protease. This indicates that biofilm environments favor integron-mediated acquisition of antibiotic resistance and other adaptive functions encoded by gene cassettes.

  7. Junos Security

    CERN Document Server

    Cameron, Rob; Giecco, Patricio; Eberhard, Timothy; Quinn, James

    2010-01-01

    Junos® Security is the complete and authorized introduction to the new Juniper Networks SRX hardware series. This book not only provides a practical, hands-on field guide to deploying, configuring, and operating SRX, it also serves as a reference to help you prepare for any of the Junos Security Certification examinations offered by Juniper Networks. Network administrators and security professionals will learn how to use SRX Junos services gateways to address an array of enterprise data network requirements -- including IP routing, intrusion detection, attack mitigation, unified threat manag

  8. 76 FR 46603 - Security Ratings

    Science.gov (United States)

    2011-08-03

    ... SECURITIES AND EXCHANGE COMMISSION 17 CFR Parts 200, 229, 230, 232, 239, 240, and 249 [Release No. 33-9245; 34-64975; File No. S7-18-08] RIN 3235-AK18 Security Ratings AGENCY: Securities and Exchange... requirements under the Securities Act of 1933 and the Securities Exchange Act of 1934 for securities offering...

  9. Computer security engineering management

    International Nuclear Information System (INIS)

    McDonald, G.W.

    1988-01-01

    For best results, computer security should be engineered into a system during its development rather than being appended later on. This paper addresses the implementation of computer security in eight stages through the life cycle of the system; starting with the definition of security policies and ending with continuing support for the security aspects of the system throughout its operational life cycle. Security policy is addressed relative to successive decomposition of security objectives (through policy, standard, and control stages) into system security requirements. This is followed by a discussion of computer security organization and responsibilities. Next the paper directs itself to analysis and management of security-related risks, followed by discussion of design and development of the system itself. Discussion of security test and evaluation preparations, and approval to operate (certification and accreditation), is followed by discussion of computer security training for users is followed by coverage of life cycle support for the security of the system

  10. Protecting America's economy, environment, health, and security against invasive species requires a strong federal program in systematic biology

    Science.gov (United States)

    Hilda Diaz-Soltero; Amy Y. Rossman

    2011-01-01

    Systematics is the science that identifies and groups organisms by understanding their origins, relationships, and distributions. It is fundamental to understanding life on earth, our crops, wildlife, and diseases, and it provides the scientific foundation to recognize and manage invasive species. Protecting America's economy, environment, health, and security...

  11. Adaptation to fluctuating temperatures in an RNA virus is driven by the most stringent selective pressure.

    Directory of Open Access Journals (Sweden)

    María Arribas

    Full Text Available The frequency of change in the selective pressures is one of the main factors driving evolution. It is generally accepted that constant environments select specialist organisms whereas changing environments favour generalists. The particular outcome achieved in either case also depends on the relative strength of the selective pressures and on the fitness costs of mutations across environments. RNA viruses are characterized by their high genetic diversity, which provides fast adaptation to environmental changes and helps them evade most antiviral treatments. Therefore, the study of the adaptive possibilities of RNA viruses is highly relevant for both basic and applied research. In this study we have evolved an RNA virus, the bacteriophage Qβ, under three different temperatures that either were kept constant or alternated periodically. The populations obtained were analyzed at the phenotypic and the genotypic level to characterize the evolutionary process followed by the virus in each case and the amount of convergent genetic changes attained. Finally, we also investigated the influence of the pre-existent genetic diversity on adaptation to high temperature. The main conclusions that arise from our results are: i under periodically changing temperature conditions, evolution of bacteriophage Qβ is driven by the most stringent selective pressure, ii there is a high degree of evolutionary convergence between replicated populations and also among populations evolved at different temperatures, iii there are mutations specific of a particular condition, and iv adaptation to high temperatures in populations differing in their pre-existent genetic diversity takes place through the selection of a common set of mutations.

  12. Cyber security in nuclear power plants and its portability to other industrial infrastructures

    Energy Technology Data Exchange (ETDEWEB)

    Champigny, Sebastien; Gupta, Deeksha; Watson, Venesa; Waedt, Karl [AREVA GmbH, Erlangen (Germany)

    2017-06-15

    Power generation increasingly relies on decentralised and interconnected computerised systems. Concepts like ''Industrial Internet of Things'' of the Industrial Internet Consortium (IIC), and ''Industry 4.0'' find their way in this strategic industry. Risk of targeted exploits of errors and vulnerabilities increases with complexity, interconnectivity and decentralization. Inherently stringent security requirements and features make nuclear computerised applications and systems a benchmark for industrial counterparts seeking to hedge against those risks. Consequently, this contribution presents usual cyber security regulations and practices for nuclear power plants. It shows how nuclear cyber security can be ported and used in an industrial context to protect critical infrastructures against cyber-attacks and industrial espionage.

  13. Cyber security in nuclear power plants and its portability to other industrial infrastructures

    International Nuclear Information System (INIS)

    Champigny, Sebastien; Gupta, Deeksha; Watson, Venesa; Waedt, Karl

    2017-01-01

    Power generation increasingly relies on decentralised and interconnected computerised systems. Concepts like ''Industrial Internet of Things'' of the Industrial Internet Consortium (IIC), and ''Industry 4.0'' find their way in this strategic industry. Risk of targeted exploits of errors and vulnerabilities increases with complexity, interconnectivity and decentralization. Inherently stringent security requirements and features make nuclear computerised applications and systems a benchmark for industrial counterparts seeking to hedge against those risks. Consequently, this contribution presents usual cyber security regulations and practices for nuclear power plants. It shows how nuclear cyber security can be ported and used in an industrial context to protect critical infrastructures against cyber-attacks and industrial espionage.

  14. FOOD SECURITY

    Directory of Open Access Journals (Sweden)

    Dorina Ardelean

    2013-12-01

    Full Text Available The assurance of food security at the individual level doesn’t implicitly provide for the one at family level as the concepts of hunger, malnutrition and food insecurity are the steps of the same process of access restricted to a sufficient supply of food. In order to achieve food security at the individual level the following is necessary: ensuring food availability (production, reserve stocks; redistribution of food availability within the country or out through international exchanges; effective access of the population to purchase food consumer goods, by ensuring its effective demand as required. Food security of families (FFS is required for assuring individual food security (IFS, but it is not sufficient because the food available may be unevenly distributed between family members. National food security (NFS corresponds to the possibilities that different countries have to ensure both FFS and IFS without sacrificing other important objectives. Under the name of GAS is defined the global food security which represents permanent access for the entire population of the globe to the necessary food for a healthy and active life.

  15. Secure portal.

    Energy Technology Data Exchange (ETDEWEB)

    Nelson, Cynthia Lee

    2007-09-01

    There is a need in security systems to rapidly and accurately grant access of authorized personnel to a secure facility while denying access to unauthorized personnel. In many cases this role is filled by security personnel, which can be very costly. Systems that can perform this role autonomously without sacrificing accuracy or speed of throughput are very appealing. To address the issue of autonomous facility access through the use of technology, the idea of a ''secure portal'' is introduced. A secure portal is a defined zone where state-of-the-art technology can be implemented to grant secure area access or to allow special privileges for an individual. Biometric technologies are of interest because they are generally more difficult to defeat than technologies such as badge swipe and keypad entry. The biometric technologies selected for this concept were facial and gait recognition. They were chosen since they require less user cooperation than other biometrics such as fingerprint, iris, and hand geometry and because they have the most potential for flexibility in deployment. The secure portal concept could be implemented within the boundaries of an entry area to a facility. As a person is approaching a badge and/or PIN portal, face and gait information can be gathered and processed. The biometric information could be fused for verification against the information that is gathered from the badge. This paper discusses a facial recognition technology that was developed for the purposes of providing high verification probabilities with low false alarm rates, which would be required of an autonomous entry control system. In particular, a 3-D facial recognition approach using Fisher Linear Discriminant Analysis is described. Gait recognition technology, based on Hidden Markov Models has been explored, but those results are not included in this paper. Fusion approaches for combining the results of the biometrics would be the next step in realizing

  16. Stringently Defined Otitis Prone Children Demonstrate Deficient Naturally Induced Mucosal Antibody Response to Moraxella catarrhalis Proteins

    Directory of Open Access Journals (Sweden)

    Dabin Ren

    2017-08-01

    Full Text Available Moraxella catarrhalis (Mcat is a prominent mucosal pathogen causing acute otitis media (AOM. We studied Mcat nasopharyngeal (NP colonization, AOM frequency and mucosal antibody responses to four vaccine candidate Mcat proteins: outer membrane protein (OMP CD, oligopeptide permease (Opp A, hemagglutinin (Hag, and Pilin A clade 2 (PilA2 from stringently defined otitis prone (sOP children, who experience the greatest burden of disease, compared to non-otitis prone (NOP children. sOP children had higher NP colonization of Mcat (30 vs. 22%, P = 0.0003 and Mcat-caused AOM rates (49 vs. 24%, P < 0.0001 than NOP children. Natural acquisition of mucosal antibodies to Mcat proteins OMP CD (IgG, P < 0.0001, OppA (IgG, P = 0.018, Hag (IgG and IgA, both P < 0.0001, and PilA2 (IgA, P < 0.0001 was lower in sOP than NOP children. Higher levels of mucosal IgG to Hag (P = 0.039 and PilA2 (P = 0.0076, and IgA to OMP CD (P = 0.010, OppA (P = 0.030, and PilA2 (P = 0.043 were associated with lower carriage of Mcat in NOP but not sOP children. Higher levels of mucosal IgG to OMP CD (P = 0.0070 and Hag (P = 0.0003, and IgA to Hag (P = 0.0067 at asymptomatic colonization than those at onset of AOM were associated with significantly lower rate of Mcat NP colonization progressing to AOM in NOP compared to sOP children (3 vs. 26%, P < 0.0001. In conclusion, sOP children had a diminished mucosal antibody response to Mcat proteins, which was associated with higher frequencies of asymptomatic NP colonization and NP colonization progressing to Mcat-caused AOM. Enhancing Mcat antigen-specific mucosal immune responses to levels higher than achieved by natural exposure will be necessary to prevent AOM in sOP children.

  17. Achieving stringent climate targets. An analysis of the role of transport and variable renewable energies using energy-economy-climate models

    Energy Technology Data Exchange (ETDEWEB)

    Pietzcker, Robert Carl

    2014-07-01

    Anthropogenic climate change is threatening the welfare of mankind. Accordingly, policy makers have repeatedly stated the goal of slowing climate change and limiting the increase of global mean temperature to less than 2 C above pre-industrial times (the so-called ''two degree target''). Stabilizing the temperature requires drastic reductions of greenhouse gas (GHG) emissions to nearly zero. As the global system of energy supply currently relies on fossil fuels, reducing GHG emissions can only be achieved through a full-scale transformation of the energy system. This thesis investigates the economic requirements and implications of different scenarios that achieve stringent climate mitigation targets. It starts with the analysis of characteristic decarbonization patterns and identifies two particularly relevant aspects of mitigation scenarios: deployment of variable renewable energies (VRE) and decarbonization of the transport sector. After investigating these fields in detail, we turned towards one of the most relevant questions for policy makers and analyzed the trade-off between the stringency of a climate target and its economic requirements and implications. All analyses are based on the improvement, application, comparison, and discussion of large-scale IAMs. The novel ''mitigation share'' metric allowed us to identify the relevance of specific technology groups for mitigation and to improve our understanding of the decarbonization patterns of different energy subsectors. It turned out that the power sector is decarbonized first and reaches lowest emissions, while the transport sector is slowest to decarbonize. For the power sector, non-biomass renewable energies contribute most to emission reductions, while the transport sector strongly relies on liquid fuels and therefore requires biomass in combination with carbon capture and sequestration (CCS) to reduce emissions. An in-depth investigation of the solar power

  18. Direct-to-physician and direct-to-consumer advertising: Time to have stringent regulations.

    Science.gov (United States)

    Kannan, S; Gowri, S; Tyagi, V; Kohli, S; Jain, R; Kapil, P; Bhardwaj, A

    2015-01-01

    the opinion regarding DTCA, 69.9% physicians had a patient discussing DTCA that was clinically inappropriate. One hundred (64.5%) out of 155 physicians opined that DTCA encourage patients to attend physicians regarding preventive healthcare. On the contrary, 82/155 (52.9%) physicians felt that DTCA would damage the same. Similarly, 69 out of the total 100 patients felt that drug advertisements aid them to have better discussions with their treating physicians. Surprisingly, a large majority (91/100) were of the opinion that only safe drugs are allowed to be advertised. To conclude, from the findings of this study both the physicians and patients should be cautious and not overzealous while dealing with drug advertisements or promotional literature. More stringent scrutiny and issue of WLs or blacklisting of indulging pharmaceutical companies are mandatory by the regulatory agency to contain the same.

  19. Security Flaws in an Efficient Pseudo-Random Number Generator for Low-Power Environments

    Science.gov (United States)

    Peris-Lopez, Pedro; Hernandez-Castro, Julio C.; Tapiador, Juan M. E.; Millán, Enrique San; van der Lubbe, Jan C. A.

    In 2004, Settharam and Rhee tackled the design of a lightweight Pseudo-Random Number Generator (PRNG) suitable for low-power environments (e.g. sensor networks, low-cost RFID tags). First, they explicitly fixed a set of requirements for this primitive. Then, they proposed a PRNG conforming to these requirements and using a free-running timer [9]. We analyze this primitive discovering important security faults. The proposed algorithm fails to pass even relatively non-stringent batteries of randomness such as ENT (i.e. a pseudorandom number sequence test program). We prove that their recommended PRNG has a very short period due to the flawed design of its core. The internal state can be easily revealed, compromising its backward and forward security. Additionally, the rekeying algorithm is defectively designed mainly related to the unpractical value proposed for this purpose.

  20. Strategic planning and security analysis

    International Nuclear Information System (INIS)

    DePasquale, S.

    1991-01-01

    Nuclear security master planning is a deliberative process, founded on the premise that the broad scope of security must be analyzed before any meaningful determinations may be reached on an individual security aspect. This paper examines the analytical process required in developing a Security Master Plan. It defines a four stage process concluding with the selection of security measures encompassing physical security, policy and procedure considerations and guard force deployment. The final product orchestrates each security measure in a complementary and supportive configuration

  1. Data security in genomics: A review of Australian privacy requirements and their relation to cryptography in data storage.

    Science.gov (United States)

    Schlosberg, Arran

    2016-01-01

    The advent of next-generation sequencing (NGS) brings with it a need to manage large volumes of patient data in a manner that is compliant with both privacy laws and long-term archival needs. Outside of the realm of genomics there is a need in the broader medical community to store data, and although radiology aside the volume may be less than that of NGS, the concepts discussed herein are similarly relevant. The relation of so-called "privacy principles" to data protection and cryptographic techniques is explored with regards to the archival and backup storage of health data in Australia, and an example implementation of secure management of genomic archives is proposed with regards to this relation. Readers are presented with sufficient detail to have informed discussions - when implementing laboratory data protocols - with experts in the fields.

  2. Leadership in organizations with high security and reliability requirements; Liderazgo en organizaciones con altos requisitos de seguridad y fiabilidad

    Energy Technology Data Exchange (ETDEWEB)

    Gonzalez, F.

    2013-07-01

    Developing leadership skills in organizations is the key to ensure the sustain ability of excellent results in industries with high requirements safety and reliability. In order to have a model of leadership development specific to this type of organizations, Tecnatom in 2011, we initiated a project internal, to find and adapt a competency model to these requirements.

  3. Synthetic Peptides to Target Stringent Response-Controlled Virulence in a Pseudomonas aeruginosa Murine Cutaneous Infection Model

    Directory of Open Access Journals (Sweden)

    Daniel Pletzer

    2017-09-01

    Full Text Available Microorganisms continuously monitor their surroundings and adaptively respond to environmental cues. One way to cope with various stress-related situations is through the activation of the stringent stress response pathway. In Pseudomonas aeruginosa this pathway is controlled and coordinated by the activity of the RelA and SpoT enzymes that metabolize the small nucleotide secondary messenger molecule (pppGpp. Intracellular ppGpp concentrations are crucial in mediating adaptive responses and virulence. Targeting this cellular stress response has recently been the focus of an alternative approach to fight antibiotic resistant bacteria. Here, we examined the role of the stringent response in the virulence of P. aeruginosa PAO1 and the Liverpool epidemic strain LESB58. A ΔrelA/ΔspoT double mutant showed decreased cytotoxicity toward human epithelial cells, exhibited reduced hemolytic activity, and caused down-regulation of the expression of the alkaline protease aprA gene in stringent response mutants grown on blood agar plates. Promoter fusions of relA or spoT to a bioluminescence reporter gene revealed that both genes were expressed during the formation of cutaneous abscesses in mice. Intriguingly, virulence was attenuated in vivo by the ΔrelA/ΔspoT double mutant, but not the relA mutant nor the ΔrelA/ΔspoT complemented with either gene. Treatment of a cutaneous P. aeruginosa PAO1 infection with anti-biofilm peptides increased animal welfare, decreased dermonecrotic lesion sizes, and reduced bacterial numbers recovered from abscesses, resembling the phenotype of the ΔrelA/ΔspoT infection. It was previously demonstrated by our lab that ppGpp could be targeted by synthetic peptides; here we demonstrated that spoT promoter activity was suppressed during cutaneous abscess formation by treatment with peptides DJK-5 and 1018, and that a peptide-treated relA complemented stringent response double mutant strain exhibited reduced peptide

  4. Biosurveillance capability requirements for the global health security agenda: lessons from the 2009 H1N1 pandemic.

    Science.gov (United States)

    Stoto, Michael A

    2014-01-01

    The biosurveillance capabilities needed to rapidly detect and characterize emerging biological threats are an essential part of the Global Health Security Agenda (GHSA). The analyses of the global public health system's functioning during the 2009 H1N1 pandemic suggest that while capacities such as those identified in the GHSA are essential building blocks, the global biosurveillance system must possess 3 critical capabilities: (1) the ability to detect outbreaks and determine whether they are of significant global concern, (2) the ability to describe the epidemiologic characteristics of the pathogen responsible, and (3) the ability to track the pathogen's spread through national populations and around the world and to measure the impact of control strategies. The GHSA capacities-laboratory and diagnostic capacity, reporting networks, and so on-were essential in 2009 and surely will be in future events. But the 2009 H1N1 experience reminds us that it is not just detection but epidemiologic characterization that is necessary. Similarly, real-time biosurveillance systems are important, but as the 2009 H1N1 experience shows, they may contain inaccurate information about epidemiologic risks. Rather, the ability of scientists in Mexico, the United States, and other countries to make sense of the emerging laboratory and epidemiologic information that was critical-an example of global social capital-enabled an effective global response. Thus, to ensure that it is meeting its goals, the GHSA must track capabilities as well as capacities.

  5. Learning Puppet security

    CERN Document Server

    Slagle, Jason

    2015-01-01

    If you are a security professional whose workload is increasing, or a Puppet professional looking to increase your knowledge of security, or even an experienced systems administrator, then this book is for you. This book will take you to the next level of security automation using Puppet. The book requires no prior knowledge of Puppet to get started.

  6. Microsoft Azure security

    CERN Document Server

    Freato, Roberto

    2015-01-01

    This book is intended for Azure administrators who want to understand the application of security principles in distributed environments and how to use Azure to its full capability to reduce the risks of security breaches. Only basic knowledge of the security processes and services of Microsoft Azure is required.

  7. Alternative security

    International Nuclear Information System (INIS)

    Weston, B.H.

    1990-01-01

    This book contains the following chapters: The Military and Alternative Security: New Missions for Stable Conventional Security; Technology and Alternative Security: A Cherished Myth Expires; Law and Alternative Security: Toward a Just World Peace; Politics and Alternative Security: Toward a More Democratic, Therefore More Peaceful, World; Economics and Alternative Security: Toward a Peacekeeping International Economy; Psychology and Alternative Security: Needs, Perceptions, and Misperceptions; Religion and Alternative Security: A Prophetic Vision; and Toward Post-Nuclear Global Security: An Overview

  8. Arguing Against Security Communitarianism

    DEFF Research Database (Denmark)

    Bilgin, Pinar

    2016-01-01

    Anthony Burke’s ‘security cosmopolitanism’ is a fresh and thought-provoking contribution to critical theorizing about security. In this discussion piece, I would like to join Burke’s call for ‘security cosmopolitanism’ by way of arguing against ‘security communitarianism’. I understand the latter...... as a particular approach that seeks to limit the scope of security to one’s community – be it the ‘nation-state’ or ‘civilization’. I will suggest that arguing against ‘security communitarianism’ requires paying further attention to the postcolonial critique of cosmopolitanism....

  9. Homeland Security

    Science.gov (United States)

    Provides an overview of EPA's homeland security roles and responsibilities, and links to specific homeland security issues: water security, research, emergency response, recovery, and waste management.

  10. Android application security essentials

    CERN Document Server

    Rai, Pragati

    2013-01-01

    Android Application Security Essentials is packed with examples, screenshots, illustrations, and real world use cases to secure your apps the right way.If you are looking for guidance and detailed instructions on how to secure app data, then this book is for you. Developers, architects, managers, and technologists who wish to enhance their knowledge of Android security will find this book interesting. Some prior knowledge of development on the Android stack is desirable but not required.

  11. Securing While Sampling in Wireless Body Area Networks With Application to Electrocardiography.

    Science.gov (United States)

    Dautov, Ruslan; Tsouri, Gill R

    2016-01-01

    Stringent resource constraints and broadcast transmission in wireless body area network raise serious security concerns when employed in biomedical applications. Protecting data transmission where any minor alteration is potentially harmful is of significant importance in healthcare. Traditional security methods based on public or private key infrastructure require considerable memory and computational resources, and present an implementation obstacle in compact sensor nodes. This paper proposes a lightweight encryption framework augmenting compressed sensing with wireless physical layer security. Augmenting compressed sensing to secure information is based on the use of the measurement matrix as an encryption key, and allows for incorporating security in addition to compression at the time of sampling an analog signal. The proposed approach eliminates the need for a separate encryption algorithm, as well as the predeployment of a key thereby conserving sensor node's limited resources. The proposed framework is evaluated using analysis, simulation, and experimentation applied to a wireless electrocardiogram setup consisting of a sensor node, an access point, and an eavesdropper performing a proximity attack. Results show that legitimate communication is reliable and secure given that the eavesdropper is located at a reasonable distance from the sensor node and the access point.

  12. Security Dilemma

    DEFF Research Database (Denmark)

    Wivel, Anders

    2011-01-01

    What is a security dilemma? What are the consequences of security dilemmas in international politics?......What is a security dilemma? What are the consequences of security dilemmas in international politics?...

  13. Relaxing Chosen-Ciphertext Security

    DEFF Research Database (Denmark)

    Canetti, Ran; Krawczyk, Hugo; Nielsen, Jesper Buus

    2003-01-01

    Security against adaptive chosen ciphertext attacks (or, CCA security) has been accepted as the standard requirement from encryption schemes that need to withstand active attacks. In particular, it is regarded as the appropriate security notion for encryption schemes used as components within...... general protocols and applications. Indeed, CCA security was shown to suffice in a large variety of contexts. However, CCA security often appears to be somewhat too strong: there exist encryption schemes (some of which come up naturally in practice) that are not CCA secure, but seem sufficiently secure...... “for most practical purposes.” We propose a relaxed variant of CCA security, called Replayable CCA (RCCA) security. RCCA security accepts as secure the non-CCA (yet arguably secure) schemes mentioned above; furthermore, it suffices for most existing applications of CCA security. We provide three...

  14. Non-proliferation of nuclear weapons and nuclear security. Overview of Safeguards requirements for States with limited nuclear material and activities

    International Nuclear Information System (INIS)

    Lodding, J.; Ribeiro, B.

    2006-06-01

    This booklet provides an overview of safeguards obligations that apply to States which are parties to the Nuclear Non-Proliferation Treaty (NPT) that have no nuclear facilities and only limited quantities of nuclear material. Most State parties to the NPT have no nuclear facilities and only limited quantities of nuclear material. For such States, safeguards implementation is expected to be simple and straightforward. This booklet provides an overview of the safeguards obligations that apply to such States. It is hoped that a better understanding of these requirements will facilitate the conclusion and implementation of safeguards agreements and additional protocols, and thereby contribute to the strengthening of the IAEA?s safeguards system and of collective security

  15. Non-proliferation of nuclear weapons and nuclear security. Overview of safeguards requirements for States with limited nuclear material and activities

    International Nuclear Information System (INIS)

    Lodding, J.; Ribeiro, B.

    2006-06-01

    This booklet provides an overview of safeguards obligations that apply to States which are parties to the Nuclear Non-Proliferation Treaty (NPT) that have no nuclear facilities and only limited quantities of nuclear material. Most State parties to the NPT have no nuclear facilities and only limited quantities of nuclear material. For such States, safeguards implementation is expected to be simple and straightforward. This booklet provides an overview of the safeguards obligations that apply to such States. It is hoped that a better understanding of these requirements will facilitate the conclusion and implementation of safeguards agreements and additional protocols, and thereby contribute to the strengthening of the IAEA?s safeguards system and of collective security

  16. Legal and security requirements for the air transportation of cyanotoxins and toxigenic cyanobacterial cells for legitimate research and analytical purposes.

    Science.gov (United States)

    Metcalf, J S; Meriluoto, J A O; Codd, G A

    2006-05-25

    Cyanotoxins are now recognised by international and national health and environment agencies as significant health hazards. These toxins, and the cells which produce them, are also vulnerable to exploitation for illegitimate purposes. Cyanotoxins are increasingly being subjected to national and international guidelines and regulations governing their production, storage, packaging and transportation. In all of these respects, cyanotoxins are coming under the types of controls imposed on a wide range of chemicals and other biotoxins of microbial, plant and animal origin. These controls apply whether cyanotoxins are supplied on a commercial basis, or stored and transported in non-commercial research collaborations and programmes. Included are requirements concerning the transportation of these toxins as documented by the United Nations, the International Air Transport Association (IATA) and national government regulations. The transportation regulations for "dangerous goods", which by definition include cyanotoxins, cover air mail, air freight, and goods checked in and carried on flights. Substances include those of determined toxicity and others of suspected or undetermined toxicity, covering purified cyanotoxins, cyanotoxin-producing laboratory strains and environmental samples of cyanobacteria. Implications of the regulations for the packaging and air-transport of dangerous goods, as they apply to cyanotoxins and toxigenic cyanobacteria, are discussed.

  17. Present state and problems of the measures for securing stable supply of uranium resources

    International Nuclear Information System (INIS)

    Yoneda, Fumishige

    1982-01-01

    The long-term stable supply of uranium resources must be secured in order to accelerate the development and utilization of nuclear power in Japan. All uranium required in Japan is imported from foreign countries, and depends on small number of suppliers. On the use of uranium, various restrictions have been imposed by bilateral agreements from the viewpoint of nuclear non-proliferation policy. At present, the demand-supply relation in uranium market is not stringent, but in the latter half of 1980s, it is feared that it will be stringent. The prospect of the demand and supply of uranium resources, the state of securing uranium resources, the present policy on uranium resources, the necessity of establishing the new policy, and the active promotion of uranium resource measures are described. The measures to be taken are the promotion of exploration and development of mines, the participation in the management of such foreign projects, the promotion of diversifying the supply sources, the establishment of the structure to accept uranium resources, the promotion of the storage of uranium, and the rearrangement of general coordination and promotion functions for uranium resource procurement. (Kako, I.)

  18. Enhancing implementation security of QKD

    Science.gov (United States)

    Tamaki, Kiyoshi

    2017-10-01

    Quantum key distribution (QKD) can achieve information-theoretic security, which is a provable security against any eavesdropping, given that all the devices the sender and the receiver employ operate exactly as the theory of security requires. Unfortunately, however, it is difficult for practical devices to meet all such requirements, and therefore more works have to be done toward guaranteeing information-theoretic security in practice, i.e., implementation security. In this paper, we review our recent efforts to enhance implementation security. We also have a brief look at a flaw in security proofs and present how to fix it.

  19. Secure Transportation Management

    International Nuclear Information System (INIS)

    Gibbs, P. W.

    2014-01-01

    Secure Transport Management Course (STMC) course provides managers with information related to procedures and equipment used to successfully transport special nuclear material. This workshop outlines these procedures and reinforces the information presented with the aid of numerous practical examples. The course focuses on understanding the regulatory framework for secure transportation of special nuclear materials, identifying the insider and outsider threat(s) to secure transportation, organization of a secure transportation unit, management and supervision of secure transportation units, equipment and facilities required, training and qualification needed.

  20. Secure Transportation Management

    Energy Technology Data Exchange (ETDEWEB)

    Gibbs, P. W. [Brookhaven National Lab. (BNL), Upton, NY (United States)

    2014-10-15

    Secure Transport Management Course (STMC) course provides managers with information related to procedures and equipment used to successfully transport special nuclear material. This workshop outlines these procedures and reinforces the information presented with the aid of numerous practical examples. The course focuses on understanding the regulatory framework for secure transportation of special nuclear materials, identifying the insider and outsider threat(s) to secure transportation, organization of a secure transportation unit, management and supervision of secure transportation units, equipment and facilities required, training and qualification needed.

  1. Federal technology transfer requirements :a focused study of principal agencies approaches with implications for the Department of Homeland Security.

    Energy Technology Data Exchange (ETDEWEB)

    Koker, Denise; Micheau, Jill M.

    2006-07-01

    This report provides relevant information and analysis to the Department of Homeland Security (DHS) that will assist DHS in determining how to meet the requirements of federal technology transfer legislation. These legal requirements are grouped into five categories: (1) establishing an Office of Research and Technology Applications, or providing the functions thereof; (2) information management; (3) enabling agreements with non-federal partners; (4) royalty sharing; and (5) invention ownership/obligations. These five categories provide the organizing framework for this study, which benchmarks other federal agencies/laboratories engaged in technology transfer/transition Four key agencies--the Department of Health & Human Services (HHS), the U.S. Department of Agriculture (USDA), the Department of Energy (DOE), and the Department of Defense (DoD)--and several of their laboratories have been surveyed. An analysis of DHS's mission needs for commercializing R&D compared to those agencies/laboratories is presented with implications and next steps for DHS's consideration. Federal technology transfer legislation, requirements, and practices have evolved over the decades as agencies and laboratories have grown more knowledgeable and sophisticated in their efforts to conduct technology transfer and as needs and opinions in the federal sector have changed with regards to what is appropriate. The need to address requirements in a fairly thorough manner has, therefore, resulted in a lengthy paper. There are two ways to find summary information. Each chapter concludes with a summary, and there is an overall ''Summary and Next Steps'' chapter on pages 57-60. For those readers who are unable to read the entire document, we recommend referring to these pages.

  2. Operating System Security

    CERN Document Server

    Jaeger, Trent

    2008-01-01

    Operating systems provide the fundamental mechanisms for securing computer processing. Since the 1960s, operating systems designers have explored how to build "secure" operating systems - operating systems whose mechanisms protect the system against a motivated adversary. Recently, the importance of ensuring such security has become a mainstream issue for all operating systems. In this book, we examine past research that outlines the requirements for a secure operating system and research that implements example systems that aim for such requirements. For system designs that aimed to

  3. The implementation of modern digital technology in x-ray medical diagnosis in Republic of Moldova - a stringent necessity

    International Nuclear Information System (INIS)

    Rosca, Andrei

    2011-01-01

    The study includes analyses of current technical state of radiodiagnostic equipment from the Public Medico-Sanitary Institution of Ministry of Health of Republic of Moldova (IMSP MS RM). The traditional radiodiagnostic apparatuses were morally and physically outrun at 96,6% (in regional MSPI - 93,5%), inclusive the dental one - 92,0% (in raional MSPI - 97,2%), X-Ray exam -100%, mobile - 84,1% etc. The exploitation of the traditional radiodiagnostic apparatuses with high degree of physical and moral wear essentially diminished the quality of profile investigation, creates premises for diagnostic error perpetrating, increase the collective ionizing irradiation of population etc. In recent years the subvention of MSPI HM RM with digital radiodiagnostic equipment was started. This process is very hard unfold because of grave socio-economic crises in Republic of Moldova. Despite these obstacles the subvention of MSPI HM RM with digital equipment represents a stringent necessity and a time request.

  4. The mechanism of heterogeneous beta-lactam resistance in MRSA: key role of the stringent stress response.

    Directory of Open Access Journals (Sweden)

    Choonkeun Kim

    Full Text Available All methicillin resistant S. aureus (MRSA strains carry an acquired genetic determinant--mecA or mecC--which encode for a low affinity penicillin binding protein -PBP2A or PBP2A'--that can continue the catalysis of peptidoglycan transpeptidation in the presence of high concentrations of beta-lactam antibiotics which would inhibit the native PBPs normally involved with the synthesis of staphylococcal cell wall peptidoglycan. In contrast to this common genetic and biochemical mechanism carried by all MRSA strains, the level of beta-lactam antibiotic resistance shows a very wide strain to strain variation, the mechanism of which has remained poorly understood. The overwhelming majority of MRSA strains produce a unique--heterogeneous--phenotype in which the great majority of the bacteria exhibit very poor resistance often close to the MIC value of susceptible S. aureus strains. However, cultures of such heterogeneously resistant MRSA strains also contain subpopulations of bacteria with extremely high beta-lactam MIC values and the resistance level and frequency of the highly resistant cells in such strain is a characteristic of the particular MRSA clone. In the study described in this communication, we used a variety of experimental models to understand the mechanism of heterogeneous beta-lactam resistance. Methicillin-susceptible S. aureus (MSSA that received the mecA determinant in the laboratory either on a plasmid or in the form of a chromosomal SCCmec cassette, generated heterogeneously resistant cultures and the highly resistant subpopulations that emerged in these models had increased levels of PBP2A and were composed of bacteria in which the stringent stress response was induced. Each of the major heterogeneously resistant clones of MRSA clinical isolates could be converted to express high level and homogeneous resistance if the growth medium contained an inducer of the stringent stress response.

  5. Global energy scenarios meeting stringent CO2 constraints - cost-effective fuel choices in the transportation sector

    International Nuclear Information System (INIS)

    Azar, Christian; Lindgren, Kristian; Andersson, B.A.

    2003-01-01

    The purpose of this paper is to assess fuel choices in the transportation sector under stringent global carbon constraints. Three key questions are asked: (i) when is it cost-effective to carry out the transition away from gasoline/diesel; (ii) to which fuel is it cost-effective to shift; and (iii) in which sector is biomass most cost-effectively used? These questions are analyzed using a global energy systems model (GET 1.0), with a transportation module, where vehicle costs (fuel cell, reformer and storage tank), infrastructure and primary energy availability are treated explicitly. The model is run under the assumption that atmospheric concentrations of CO 2 should be stabilized at 400 ppm. Three main results emerge: (i) despite the stringent CO 2 constraints, oil-based fuels remain dominant in the transportation sector over the next 50 years; and (ii) once a transition towards alternative fuels takes place, the preferred choice of fuel is hydrogen, even if we assume that hydrogen fuel cell vehicles are substantially more costly than methanol fuel cell vehicles. There may, under some circumstances, be a transient period of several decades with a significant share of methanol in the transportation sector. (iii) Biomass is most cost-effectively used in the heat and process heat sectors. If carbon sequestration from biomass is allowed, biomass is primarily used for hydrogen generation since small-scale heat applications are not suitable for carbon sequestration. Detailed sensitivity analyses show that these results are robust with respect to several parameters. Some policy conclusions are drawn

  6. a survey of security vulnerabilities in wireless sensor networks

    African Journals Online (AJOL)

    user

    Sensor networks offer a powerful combination of distributed sensing, computing and communications. They lend themselves to countless applications and at the same time offer numerous challenges due to their peculiar nature which primarily are their stringent energy constraints to which sensing nodes typify and security ...

  7. Nuclear controls are stringent

    International Nuclear Information System (INIS)

    Sonnekus, D.

    1983-01-01

    The peace-time application of nuclear power in South Africa, the organisations concerned and certain provisions laid down by the Act on Nuclear Energy, aimed at safeguarding the general public, are discussed

  8. Impact of a More Stringent Blood Lead Level Recommendation for Children (Ages 1-5): Vulnerabilities Related to Housing, Food Security, Vitamins, and Environmental Toxicants

    Science.gov (United States)

    The adverse health effects of lead (Pb) exposure in young children are well known. Non-Hispanic black children historically have higher blood Pb levels (BLL) compared to Mexican-Americans and non- Hispanic white children (CDC-MMWR). In the past, BLL tests below 10 µg/dL m...

  9. Financial security

    NARCIS (Netherlands)

    de Goede, M.; Burgess, J.P.

    2010-01-01

    1. Introduction J. Peter Burgess Part 1: New Security Concepts 2. Civilizational Security Brett Bowden 3. Risk Oliver Kessler 4. Small Arms Keith Krause 5. Critical Human Security Taylor Owen 6. Critical Geopolitics Simon Dalby Part 2: New Security Subjects 7. Biopolitics Michael Dillon 8. Gendered

  10. Cyber security

    CERN Document Server

    Voeller, John G

    2014-01-01

    Cyber Security features articles from the Wiley Handbook of Science and Technology for Homeland Security covering topics related to cyber security metrics and measure  and related technologies that meet security needs. Specific applications to web services, the banking and the finance sector, and industrial process control systems are discussed.

  11. WARM JUPITERS NEED CLOSE ''FRIENDS'' FOR HIGH-ECCENTRICITY MIGRATION—A STRINGENT UPPER LIMIT ON THE PERTURBER'S SEPARATION

    Energy Technology Data Exchange (ETDEWEB)

    Dong, Subo [Kavli Institute for Astronomy and Astrophysics, Peking University, Yi He Yuan Road 5, Hai Dian District, Beijing 100871 (China); Katz, Boaz; Socrates, Aristotle [Institute for Advanced Study, 1 Einstein Dr., Princeton, NJ 08540 (United States)

    2014-01-20

    We propose a stringent observational test on the formation of warm Jupiters (gas-giant planets with 10 days ≲ P ≲ 100 days) by high-eccentricity (high-e) migration mechanisms. Unlike hot Jupiters, the majority of observed warm Jupiters have pericenter distances too large to allow efficient tidal dissipation to induce migration. To access the close pericenter required for migration during a Kozai-Lidov cycle, they must be accompanied by a strong enough perturber to overcome the precession caused by general relativity, placing a strong upper limit on the perturber's separation. For a warm Jupiter at a ∼ 0.2 AU, a Jupiter-mass (solar-mass) perturber is required to be ≲ 3 AU (≲ 30 AU) and can be identified observationally. Among warm Jupiters detected by radial velocities (RVs), ≳ 50% (5 out of 9) with large eccentricities (e ≳ 0.4) have known Jovian companions satisfying this necessary condition for high-e migration. In contrast, ≲ 20% (3 out of 17) of the low-e (e ≲ 0.2) warm Jupiters have detected additional Jovian companions, suggesting that high-e migration with planetary perturbers may not be the dominant formation channel. Complete, long-term RV follow-ups of the warm-Jupiter population will allow a firm upper limit to be put on the fraction of these planets formed by high-e migration. Transiting warm Jupiters showing spin-orbit misalignments will be interesting to apply our test. If the misalignments are solely due to high-e migration as commonly suggested, we expect that the majority of warm Jupiters with low-e (e ≲ 0.2) are not misaligned, in contrast with low-e hot Jupiters.

  12. Information security management with ITIL V3

    CERN Document Server

    Cazemier, Jacques A; Peters, Louk

    2010-01-01

    This groundbreaking new title looks at Information Security from defining what security measures positively support the business, to implementation to maintaining the required level and anticipating required changes. It covers:Fundamentals of information security ? providing readers insight and give background about what is going to be managed. Topics covered include: types of security controls, business benefits and the perspectives of business, customers, partners, service providers, and auditors.Fundamentals of management of information security - explains what information security manageme

  13. 7 CFR 1942.114 - Security.

    Science.gov (United States)

    2010-01-01

    ... 7 Agriculture 13 2010-01-01 2009-01-01 true Security. 1942.114 Section 1942.114 Agriculture... Security. Specific requirements for security for each loan will be included in the letter of conditions. Loans must be secured by the best security position practicable, in a manner which will adequately...

  14. 25 CFR 101.13 - Security.

    Science.gov (United States)

    2010-04-01

    ... 25 Indians 1 2010-04-01 2010-04-01 false Security. 101.13 Section 101.13 Indians BUREAU OF INDIAN... § 101.13 Security. (a) United States direct loans shall be secured by such security as the Commissioner may require. A lack of security will not preclude the making of a loan if the proposed use of the...

  15. Are Dutch residents ready for a more stringent policy to enhance the energy performance of their homes?

    International Nuclear Information System (INIS)

    Middelkoop, Manon van; Vringer, Kees; Visser, Hans

    2017-01-01

    Investments in the energy performance of houses offer good prospects for reducing energy consumption and CO 2 emissions. However, people are not easily convinced of the need to take measures to improve the energy performance of their houses, even when financial benefits outweigh the costs. This article analyses the factors that influence the decision for improving the energy performance of existing homes, including policy instruments. Subsequently, the article provides policy suggestions on how to stimulate energy performance improvements. Both owners and tenants (50–70%) support government policy on energy performance improvements to existing homes. Nevertheless, people also have strong feelings of autonomy regarding their homes. Our results underline the importance of well-informed and competent decision-makers. Introducing the use of Energy Performance Certificates (EPCs) into the tax system for energy and residential buildings might therefore be an effective way to increase the interest of owners in the EPC, improve the use and effect of this informative instrument, and make the first step towards bridging the tension between autonomy and more stringent instruments.

  16. Oil Dependence, Climate Change and Energy Security: Will Constraints on Oil Shape our Climate Future or Vice Versa?

    Science.gov (United States)

    Mignone, B. K.

    2008-12-01

    Threats to US and global energy security take several forms. First, the overwhelming dependence on oil in the transport sector leaves the US economy (and others) vulnerable to supply shocks and price volatility. Secondly, the global dependence on oil inflates prices and enhances the transfer of wealth to authoritarian regimes. Finally, the global reliance on fossil fuels more generally jeopardizes the stability of the climate system. These three threats - economic, strategic and environmental - can only be mitigated through a gradual substitution away from fossil fuels (both coal and oil) on a global scale. Such large-scale substitution could occur in response to potential resource constraints or in response to coordinated government policies in which these externalities are explicitly internalized. Here, I make use of a well-known integrated assessment model (MERGE) to examine both possibilities. When resource limits are considered alone, global fuel use tends to shift toward even more carbon-intensive resources, like oil shale or liquids derived from coal. On the other hand, when explicit carbon constraints are imposed, the fuel sector response is more complex. Generally, less stringent climate targets can be satisfied entirely through reductions in global coal consumption, while more stringent targets require simultaneous reductions in both coal and oil consumption. Taken together, these model results suggest that resource constraints alone will only exacerbate the climate problem, while a subset of policy-driven carbon constraints may yield tangible security benefits (in the form of reduced global oil consumption) in addition to the intended environmental outcome.

  17. SecurID

    CERN Multimedia

    Now called RSA SecurID, SecurID is a mechanism developed by Security Dynamics that allows two-factor authentication for a user on a network resource. It works on the principle of the unique password mode, based on a shared secret. Every sixty seconds, the component generates a new six-digit token on the screen. The latter comes from the current time (internal clock) and the seed (SecurID private key that is available on the component, and is also from the SecurID server). During an authentication request, the SecurID server will check the entered token by performing exactly the same calculation as that performed by your component. The server knows the two information required for this calculation: the current time and the seed of your component. Access is allowed if the token calculated by the server matches the token you specified.

  18. Managing for Enterprise Security

    National Research Council Canada - National Science Library

    Caralli, Richard A; Allen, Julia H; Stevens, James F; Willke, Bradford J; Wilson, William R

    2004-01-01

    Security has become one of the most urgent issues for many organizations. It is an essential requirement for doing business in a globally networked economy and for achieving organizational goals and mission...

  19. Mobile IP: Security & application

    NARCIS (Netherlands)

    Tuquerres, G.; Salvador, M.R.; Sprenkels, Ron

    1999-01-01

    As required in the TGS Mobile IP Advanced Module, this paper presents a survey of common security threats which mobile IP networks are exposed to as well as some proposed solutions to deal with such threats.

  20. Security Expertise

    DEFF Research Database (Denmark)

    This volume brings together scholars from different fields to explore the power, consequences and everyday practices of security expertise. Expertise mediates between different forms of knowledge: scientific and technological, legal, economic and political knowledge. This book offers the first...... systematic study of security expertise and opens up a productive dialogue between science and technology studies and security studies to investigate the character and consequences of this expertise. In security theory, the study of expertise is crucial to understanding whose knowledge informs security making...... and to reflect on the impact and responsibility of security analysis. In science and technology studies, the study of security politics adds a challenging new case to the agenda of research on expertise and policy. The contributors investigate cases such as academic security studies, security think tanks...

  1. Optical security based on near-field processes at the nanoscale

    International Nuclear Information System (INIS)

    Naruse, Makoto; Tate, Naoya; Ohtsu, Motoichi

    2012-01-01

    Optics has been playing crucial roles in security applications ranging from authentication and watermarks to anti-counterfeiting. However, since the fundamental physical principle involves optical far-fields, or propagating light, diffraction of light causes severe difficulties, for example in device scaling and system integration. Moreover, conventional security technologies in use today have been facing increasingly stringent demands to safeguard against threats such as counterfeiting of holograms, requiring innovative physical principles and technologies to overcome their limitations. Nanophotonics, which utilizes interactions between light and matter at the nanometer scale via optical near-field interactions, can break through the diffraction limit of conventional propagating light. Moreover, nanophotonics has some unique physical attributes, such as localized optical energy transfer and the hierarchical nature of optical near-field interactions, which pave the way for novel security functionalities. This paper reviews the physical principles and describes some experimental demonstrations of systems based on nanophotonics with respect to security applications such as tamper resistance against non-invasive and invasive attacks, hierarchical information retrieval, hierarchical holograms, authentication, and traceability. (paper)

  2. Stringently Defined Otitis Prone Children Demonstrate Deficient Naturally Induced Mucosal Antibody Response toMoraxella catarrhalisProteins.

    Science.gov (United States)

    Ren, Dabin; Murphy, Timothy F; Lafontaine, Eric R; Pichichero, Michael E

    2017-01-01

    Moraxella catarrhalis ( Mcat ) is a prominent mucosal pathogen causing acute otitis media (AOM). We studied Mcat nasopharyngeal (NP) colonization, AOM frequency and mucosal antibody responses to four vaccine candidate Mcat proteins: outer membrane protein (OMP) CD, oligopeptide permease (Opp) A, hemagglutinin (Hag), and Pilin A clade 2 (PilA2) from stringently defined otitis prone (sOP) children, who experience the greatest burden of disease, compared to non-otitis prone (NOP) children. sOP children had higher NP colonization of Mcat (30 vs. 22%, P  = 0.0003) and Mcat -caused AOM rates (49 vs. 24%, P  P  P  = 0.018), Hag (IgG and IgA, both P  P  P  = 0.039) and PilA2 ( P  = 0.0076), and IgA to OMP CD ( P  = 0.010), OppA ( P  = 0.030), and PilA2 ( P  = 0.043) were associated with lower carriage of Mcat in NOP but not sOP children. Higher levels of mucosal IgG to OMP CD ( P  = 0.0070) and Hag ( P  = 0.0003), and IgA to Hag ( P  = 0.0067) at asymptomatic colonization than those at onset of AOM were associated with significantly lower rate of Mcat NP colonization progressing to AOM in NOP compared to sOP children (3 vs. 26%, P  NP colonization and NP colonization progressing to Mcat -caused AOM. Enhancing Mcat antigen-specific mucosal immune responses to levels higher than achieved by natural exposure will be necessary to prevent AOM in sOP children.

  3. Stringent constraints on the dark matter annihilation cross section from subhalo searches with the Fermi Gamma-Ray Space Telescope

    Energy Technology Data Exchange (ETDEWEB)

    Berlin, Asher; Hooper, Dan

    2014-01-01

    The dark matter halo of the Milky Way is predicted to contain a very large number of smaller subhalos. As a result of the dark matter annihilations taking place within such objects, the most nearby and massive subhalos could appear as point-like or spatially extended gamma-ray sources, without observable counterparts at other wavelengths. In this paper, we use the results of the Aquarius simulation to predict the distribution of nearby subhalos, and compare this to the characteristics of the unidentified gamma-ray sources observed by the Fermi Gamma-Ray Space Telescope. Focusing on the brightest high latitude sources, we use this comparison to derive limits on the dark matter annihilation cross section. For dark matter particles lighter than ~200 GeV, the resulting limits are the strongest obtained to date, being modestly more stringent than those derived from observations of dwarf galaxies or the Galactic Center. We also derive independent limits based on the lack of unidentified gamma-ray sources with discernible spatial extension, but these limits are a factor of ~2-10 weaker than those based on point-like subhalos. Lastly, we note that four of the ten brightest high-latitude sources exhibit a similar spectral shape, consistent with 30-60 GeV dark matter particles annihilating to b quarks with an annihilation cross section on the order of sigma v ~ (5-10) x 10^-27 cm^3/s, or 8-10 GeV dark matter particles annihilating to taus with sigma v ~ (2.0-2.5) x 10^-27 cm^3/s.

  4. Surviving security how to integrate people, process, and technology

    CERN Document Server

    Andress, Amanda

    2003-01-01

    WHY DO I NEED SECURITY? Introduction The Importance of an Effective Security Infrastructure People, Process, and Technology What Are You Protecting Against? Types of Attacks Types of Attackers Security as a Competitive Advantage Choosing a Solution Finding Security Employees The Layered Approach UNDERSTANDING REQUIREMENTS AND RISK What Is Risk? Embracing Risk Information Security Risk Assessment Assessing Risk Insurance SECURITY POLICIES AND PROCEDURES Internal Focus Is Key Security Awareness and Education Policy Life Cycle Developing Policies Components of a Security Policy Sample Security Po

  5. Watermarking security

    CERN Document Server

    Bas, Patrick; Cayre, François; Doërr, Gwenaël; Mathon, Benjamin

    2016-01-01

    This book explains how to measure the security of a watermarking scheme, how to design secure schemes but also how to attack popular watermarking schemes. This book gathers the most recent achievements in the field of watermarking security by considering both parts of this cat and mouse game. This book is useful to industrial practitioners who would like to increase the security of their watermarking applications and for academics to quickly master this fascinating domain.

  6. Security Locks

    Science.gov (United States)

    Hart, Kevin

    2010-01-01

    According to a 2008 "Year in Review" report by Educational Security Incidents, an online repository that collects data on higher education security issues, the total number of security incidents reported at universities and colleges worldwide rose to 173 in 2008, a 24.5 percent increase over 2007. The number of institutions…

  7. SMS security system for smart home detectors

    OpenAIRE

    Cekova, Katerina; Gelev, Saso

    2016-01-01

    Security has always been an important problem everywhere. Home security has been a major issue where crime is increasing and everybody wants home security to protect the home. Safety from theft and flame are the most important requirements of a home security system for people. A remote home security system offers many benefits from keeping homeowners, and their property safe. This paper present controlling of the home security system remotely from Android Application. Owners can turn on or...

  8. Four Phase Methodology for Developing Secure Software

    OpenAIRE

    Carlos Gonzalez-Flores; Ernesto Liñan-García

    2016-01-01

    A simple and robust approach for developing secure software. A Four Phase methodology consists in developing the non-secure software in phase one, and for the next three phases, one phase for each of the secure developing types (i.e. self-protected software, secure code transformation, and the secure shield). Our methodology requires first the determination and understanding of the type of security level needed for the software. The methodology proposes the use of several teams to accomplish ...

  9. Moving towards Cloud Security

    Directory of Open Access Journals (Sweden)

    Edit Szilvia Rubóczki

    2015-01-01

    Full Text Available Cloud computing hosts and delivers many different services via Internet. There are a lot of reasons why people opt for using cloud resources. Cloud development is increasing fast while a lot of related services drop behind, for example the mass awareness of cloud security. However the new generation upload videos and pictures without reason to a cloud storage, but only few know about data privacy, data management and the proprietary of stored data in the cloud. In an enterprise environment the users have to know the rule of cloud usage, however they have little knowledge about traditional IT security. It is important to measure the level of their knowledge, and evolve the training system to develop the security awareness. The article proves the importance of suggesting new metrics and algorithms for measuring security awareness of corporate users and employees to include the requirements of emerging cloud security.

  10. Ultra Secure High Reliability Wireless Radiation Monitor

    International Nuclear Information System (INIS)

    Cordaro, J.; Shull, D.; Farrar, M.; Reeves, G.

    2011-01-01

    Radiation monitoring in nuclear facilities is essential to safe operation of the equipment as well as protecting personnel. In specific, typical air monitoring of radioactive gases or particulate involves complex systems of valves, pumps, piping and electronics. The challenge is to measure a representative sample in areas that are radioactively contaminated. Running cables and piping to these locations is very expensive due to the containment requirements. Penetration into and out of an airborne or containment area is complex and costly. The process rooms are built with thick rebar-enforced concrete walls with glove box containment chambers inside. Figure 1 shows high temperature radiation resistance cabling entering the top of a typical glove box. In some case, the entire processing area must be contained in a 'hot cell' where the only access into the chamber is via manipulators. An example is shown in Figure 2. A short range wireless network provides an ideal communication link for transmitting the data from the radiation sensor to a 'clean area', or area absent of any radiation fields or radioactive contamination. Radiation monitoring systems that protect personnel and equipment must meet stringent codes and standards due to the consequences of failure. At first glance a wired system would seem more desirable. Concerns with wireless communication include latency, jamming, spoofing, man in the middle attacks, and hacking. The Department of Energy's Savannah River National Laboratory (SRNL) has developed a prototype wireless radiation air monitoring system that address many of the concerns with wireless and allows quick deployment in radiation and contamination areas. It is stand alone and only requires a standard 120 VAC, 60 Hz power source. It is designed to be mounted or portable. The wireless link uses a National Security Agency (NSA) Suite B compliant wireless network from Fortress Technologies that is considered robust enough to be used for classified data

  11. ULTRA SECURE HIGH RELIABILITY WIRELESS RADIATION MONITOR

    Energy Technology Data Exchange (ETDEWEB)

    Cordaro, J.; Shull, D.; Farrar, M.; Reeves, G.

    2011-08-03

    Radiation monitoring in nuclear facilities is essential to safe operation of the equipment as well as protecting personnel. In specific, typical air monitoring of radioactive gases or particulate involves complex systems of valves, pumps, piping and electronics. The challenge is to measure a representative sample in areas that are radioactively contaminated. Running cables and piping to these locations is very expensive due to the containment requirements. Penetration into and out of an airborne or containment area is complex and costly. The process rooms are built with thick rebar-enforced concrete walls with glove box containment chambers inside. Figure 1 shows high temperature radiation resistance cabling entering the top of a typical glove box. In some case, the entire processing area must be contained in a 'hot cell' where the only access into the chamber is via manipulators. An example is shown in Figure 2. A short range wireless network provides an ideal communication link for transmitting the data from the radiation sensor to a 'clean area', or area absent of any radiation fields or radioactive contamination. Radiation monitoring systems that protect personnel and equipment must meet stringent codes and standards due to the consequences of failure. At first glance a wired system would seem more desirable. Concerns with wireless communication include latency, jamming, spoofing, man in the middle attacks, and hacking. The Department of Energy's Savannah River National Laboratory (SRNL) has developed a prototype wireless radiation air monitoring system that address many of the concerns with wireless and allows quick deployment in radiation and contamination areas. It is stand alone and only requires a standard 120 VAC, 60 Hz power source. It is designed to be mounted or portable. The wireless link uses a National Security Agency (NSA) Suite B compliant wireless network from Fortress Technologies that is considered robust enough to be

  12. The Johnson Space Center Management Information Systems (JSCMIS). 1: Requirements Definition and Design Specifications for Versions 2.1 and 2.1.1. 2: Documented Test Scenario Environments. 3: Security Design and Specifications

    Science.gov (United States)

    1986-01-01

    The Johnson Space Center Management Information System (JSCMIS) is an interface to computer data bases at NASA Johnson which allows an authorized user to browse and retrieve information from a variety of sources with minimum effort. This issue gives requirements definition and design specifications for versions 2.1 and 2.1.1, along with documented test scenario environments, and security object design and specifications.

  13. Securing Chinese nuclear power development: further strengthening nuclear security

    International Nuclear Information System (INIS)

    Zhang Hui

    2014-01-01

    Chinese President Xi Jinping addresses China's new concept of nuclear security with four 'equal emphasis' at the third Nuclear Security Summit, and makes four commitments to strengthen nuclear security in the future. To convert President Xi's political commitments into practical, sustainable reality, China should take further steps to install a complete, reliable, and effective security system to ensure that all its nuclear materials and nuclear facilities are effectively protected against the full spectrum of plausible terrorist and criminal threats. This paper suggests the following measures be taken to improve China's existing nuclear security system, including updating and clarifying the requirements for a national level DBT; updating and enforcing existing regulations; further promoting nuclear security culture; balancing the costs of nuclear security, and further strengthening international cooperation on nuclear security. (author)

  14. Designing security holograms

    Science.gov (United States)

    James, Randy; Long, Michael; Newcomb, Diana

    2004-06-01

    Over the years, holograms have evolved from purely decorative images to bona fide security devices. During this evolution, highly secure technologies have been developed specifically for product and document protection. To maximize the security potential of these hologram technologies requires a holistic approach. A hologram alone is not enough. To be effective it must be part of a security program and that security program needs to inform the design and development of the actual hologram. In the most elementary case the security program can be as simple as applying a tamper evident label for a one-day event. In a complex implementation it would include multi-level technologies and corresponding verification methods. A holistic approach is accomplished with good planning and articulation of the problem to be solved, and then meeting the defined security objectives. Excellent communication among all the stakeholders in a particular project is critical to the success of the project. The results of this dialogue inform the design of the security hologram.

  15. Global gene expression during stringent response in Corynebacterium glutamicum in presence and absence of the rel gene encoding (pppGpp synthase

    Directory of Open Access Journals (Sweden)

    Kalinowski Jörn

    2006-09-01

    Full Text Available Background The stringent response is the initial reaction of microorganisms to nutritional stress. During stringent response the small nucleotides (pppGpp act as global regulators and reprogram bacterial transcription. In this work, the genetic network controlled by the stringent response was characterized in the amino acid-producing Corynebacterium glutamicum. Results The transcriptome of a C. glutamicum rel gene deletion mutant, unable to synthesize (pppGpp and to induce the stringent response, was compared with that of its rel-proficient parent strain by microarray analysis. A total of 357 genes were found to be transcribed differentially in the rel-deficient mutant strain. In a second experiment, the stringent response was induced by addition of DL-serine hydroxamate (SHX in early exponential growth phase. The time point of the maximal effect on transcription was determined by real-time RT-PCR using the histidine and serine biosynthetic genes. Transcription of all of these genes reached a maximum at 10 minutes after SHX addition. Microarray experiments were performed comparing the transcriptomes of SHX-induced cultures of the rel-proficient strain and the rel mutant. The differentially expressed genes were grouped into three classes. Class A comprises genes which are differentially regulated only in the presence of an intact rel gene. This class includes the non-essential sigma factor gene sigB which was upregulated and a large number of genes involved in nitrogen metabolism which were downregulated. Class B comprises genes which were differentially regulated in response to SHX in both strains, independent of the rel gene. A large number of genes encoding ribosomal proteins fall into this class, all being downregulated. Class C comprises genes which were differentially regulated in response to SHX only in the rel mutant. This class includes genes encoding putative stress proteins and global transcriptional regulators that might be

  16. 33 CFR 104.275 - Security measures for handling cargo.

    Science.gov (United States)

    2010-07-01

    ... SECURITY MARITIME SECURITY MARITIME SECURITY: VESSELS Vessel Security Requirements § 104.275 Security...) Maritime Security (MARSEC) Level 1. At MARSEC Level 1, the vessel owner or operator must ensure the..., container, or other cargo transport units are loaded; (3) Intensifying screening of vehicles to be loaded on...

  17. Demarcation of Security in Authentication Protocols

    DEFF Research Database (Denmark)

    Ahmed, Naveed; Jensen, Christian D.

    2011-01-01

    Security analysis of communication protocols is a slippery business; many “secure” protocols later turn out to be insecure. Among many, two complains are more frequent: inadequate definition of security and unstated assumptions in the security model. In our experience, one principal cause...... for such state of affairs is an apparent overlap of security and correctness, which may lead to many sloppy security definitions and security models. Although there is no inherent need to separate security and correctness requirements, practically, such separation is significant. It makes security analysis...... easier, and enables us to define security goals with a fine granularity. We present one such separation, by introducing the notion of binding sequence as a security primitive. A binding sequence, roughly speaking, is the only required security property of an authentication protocol. All other...

  18. Grid Security

    CERN Multimedia

    CERN. Geneva

    2004-01-01

    The aim of Grid computing is to enable the easy and open sharing of resources between large and highly distributed communities of scientists and institutes across many independent administrative domains. Convincing site security officers and computer centre managers to allow this to happen in view of today's ever-increasing Internet security problems is a major challenge. Convincing users and application developers to take security seriously is equally difficult. This paper will describe the main Grid security issues, both in terms of technology and policy, that have been tackled over recent years in LCG and related Grid projects. Achievements to date will be described and opportunities for future improvements will be addressed.

  19. Securing Hadoop

    CERN Document Server

    Narayanan, Sudheesh

    2013-01-01

    This book is a step-by-step tutorial filled with practical examples which will focus mainly on the key security tools and implementation techniques of Hadoop security.This book is great for Hadoop practitioners (solution architects, Hadoop administrators, developers, and Hadoop project managers) who are looking to get a good grounding in what Kerberos is all about and who wish to learn how to implement end-to-end Hadoop security within an enterprise setup. It's assumed that you will have some basic understanding of Hadoop as well as be familiar with some basic security concepts.

  20. Implementation-Oriented Secure Architectures

    National Research Council Canada - National Science Library

    Conte de Leon, Daniel; Alves-Foss, Jim; Oman, Paul W

    2006-01-01

    ... functional and security requirements, and no other. Furthermore, the framework enables the verification and validation of system correctness by enforcing traceability of final system components to their corresponding design, architecture, and requirement work products.

  1. 7 CFR 1780.14 - Security.

    Science.gov (United States)

    2010-01-01

    ... 7 Agriculture 12 2010-01-01 2010-01-01 false Security. 1780.14 Section 1780.14 Agriculture... (CONTINUED) WATER AND WASTE LOANS AND GRANTS General Policies and Requirements § 1780.14 Security. Loans will be secured by the best security position practicable in a manner which will adequately protect the...

  2. 9 CFR 121.11 - Security.

    Science.gov (United States)

    2010-01-01

    ... 9 Animals and Animal Products 1 2010-01-01 2010-01-01 false Security. 121.11 Section 121.11... AGENTS AND TOXINS § 121.11 Security. (a) An individual or entity required to register under this part must develop and implement a written security plan. The security plan must be sufficient to safeguard...

  3. 42 CFR 73.11 - Security.

    Science.gov (United States)

    2010-10-01

    ... 42 Public Health 1 2010-10-01 2010-10-01 false Security. 73.11 Section 73.11 Public Health PUBLIC... AND TOXINS § 73.11 Security. (a) An individual or entity required to register under this part must develop and implement a written security plan. The security plan must be sufficient to safeguard the...

  4. Lemnos Interoperable Security Program

    Energy Technology Data Exchange (ETDEWEB)

    Stewart, John [Tennessee Valley Authority, Knoxville, TN (United States); Halbgewachs, Ron [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Chavez, Adrian [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Smith, Rhett [Schweitzer Engineering Laboratories, Chattanooga, TN (United States); Teumim, David [Teumim Technical, Allentown, PA (United States)

    2012-01-31

    The manner in which the control systems are being designed and operated in the energy sector is undergoing some of the most significant changes in history due to the evolution of technology and the increasing number of interconnections to other system. With these changes however come two significant challenges that the energy sector must face; 1) Cyber security is more important than ever before, and 2) Cyber security is more complicated than ever before. A key requirement in helping utilities and vendors alike in meeting these challenges is interoperability. While interoperability has been present in much of the discussions relating to technology utilized within the energy sector and especially the Smart Grid, it has been absent in the context of cyber security. The Lemnos project addresses these challenges by focusing on the interoperability of devices utilized within utility control systems which support critical cyber security functions. In theory, interoperability is possible with many of the cyber security solutions available to utilities today. The reality is that the effort required to achieve cyber security interoperability is often a barrier for utilities. For example, consider IPSec, a widely-used Internet Protocol to define Virtual Private Networks, or tunnels , to communicate securely through untrusted public and private networks. The IPSec protocol suite has a significant number of configuration options and encryption parameters to choose from, which must be agreed upon and adopted by both parties establishing the tunnel. The exercise in getting software or devices from different vendors to interoperate is labor intensive and requires a significant amount of security expertise by the end user. Scale this effort to a significant number of devices operating over a large geographical area and the challenge becomes so overwhelming that it often leads utilities to pursue solutions from a single vendor. These single vendor solutions may inadvertently lock

  5. Redefining security.

    Science.gov (United States)

    Mathews, J T

    1989-01-01

    The concept of US national security was redefined in the 1970s to include international economics, and lately environmental degradation has also become a factor, as pollution transcends boundaries. By 2100 another 5-6 billion people may be added to the world's population requiring dramatic production and technology transformation with the resultant expanded energy use, emissions, and waste impacting the ecosystem. Climate change through global warming is in the offing. The exponential growth of the population in the developing world poses a crucial challenge for food production, housing, and employment. At a 1% growth rate population doubles in 72 years, while at 3% it doubles in 24 years. Africa's growth rate is almost 3%, it is close to 2% in Latin America, and it is somewhat less in Asia. Renewable resources such as overfished fishing grounds can become nonrenewable, and vanished species can never be resurrected. Deforestation leads to soil erosion, damage to water resources through floods and silting of irrigation networks, and accelerated loss of species. 20% of species could disappear by 2000 thereby losing genetic resources for chemicals, drugs, and food sources. Overcultivation has caused major erosion and decline of agricultural productivity in Haiti, Guatemala, Turkey, and India. Lopsided land ownership in Latin America requires land reform for sustainable agricultural production in the face of the majority of people cultivating plots for bare subsistence. Human practices that have caused environmental damage include concessions granted to logging companies in the Philippines, mismanagement of natural resources in sub-Saharan Africa, the ozone hole, and the greenhouse effect with potential climate changes. Solutions include family planning, efficient energy use, sustainable agroforestry techniques, and environmental accounting of goods and services.

  6. The Fundamental Right to Public Security and the Untermassverbot Principle: A Required Review of The Article #152 of the Brazilian Procedural Criminal Code

    Directory of Open Access Journals (Sweden)

    Marcial Duarte Coêlho

    2017-02-01

    Full Text Available The increasing of violence in Brazil affects the fundamental right to public security. When the State does not sufficiently protects a fundamental right there is a violation of the so-called untermassverbot principle. This paper aims to explore the interpretation of the article #152 of the brazilian procedural criminal code under the untermassverbot principle. The traditional interpretation understands that the criminal procedure will be stopped, but the prescription penal period is not equally interrupted. It is proposed a new reading of that article, under the approaches of the proportionality principle and the integral penal guaranteeism.

  7. INFORMATION SYSTEM SECURITY (CYBER SECURITY

    Directory of Open Access Journals (Sweden)

    Muhammad Siddique Ansari

    2016-03-01

    Full Text Available Abstract - Business Organizations and Government unequivocally relies on upon data to deal with their business operations. The most unfavorable impact on association is disappointment of friendship, goodness, trustworthiness, legitimacy and probability of data and administrations. There is an approach to ensure data and to deal with the IT framework's Security inside association. Each time the new innovation is made, it presents some new difficulties for the insurance of information and data. To secure the information and data in association is imperative on the grounds that association nowadays inside and remotely joined with systems of IT frameworks. IT structures are inclined to dissatisfaction and security infringement because of slips and vulnerabilities. These slips and vulnerabilities can be brought on by different variables, for example, quickly creating headway, human slip, poor key particulars, poor movement schedules or censuring the threat. Likewise, framework changes, new deserts and new strikes are a huge piece of the time displayed, which helpers augmented vulnerabilities, disappointments and security infringement all through the IT structure life cycle. The business went to the confirmation that it is essentially difficult to ensure a slip free, risk free and secure IT structure in perspective of the disfigurement of the disavowing security parts, human pass or oversight, and part or supplies frustration. Totally secure IT frameworks don't exist; just those in which the holders may have changing degrees of certainty that security needs of a framework are fulfilled do. The key viewpoints identified with security of data outlining are examined in this paper. From the start, the paper recommends pertinent legitimate structure and their duties including open association obligation, and afterward it returns to present and future time, system limits, structure security in business division. At long last, two key inadequacy markers

  8. European Climate - Energy Security Nexus. A model based scenario analysis

    International Nuclear Information System (INIS)

    Criqui, Patrick; Mima, Silvana

    2011-01-01

    In this research, we have provided an overview of the climate-security nexus in the European sector through a model based scenario analysis with POLES model. The analysis underline that under stringent climate policies, Europe take advantage of a double dividend in its capacity to develop a new cleaner energy model and in lower vulnerability to potential shocks on the international energy markets. (authors)

  9. European Climate - Energy Security Nexus. A model based scenario analysis

    Energy Technology Data Exchange (ETDEWEB)

    Criqui, Patrick; Mima, Silvana

    2011-01-15

    In this research, we have provided an overview of the climate-security nexus in the European sector through a model based scenario analysis with POLES model. The analysis underline that under stringent climate policies, Europe take advantage of a double dividend in its capacity to develop a new cleaner energy model and in lower vulnerability to potential shocks on the international energy markets. (authors)

  10. Information security management handbook

    CERN Document Server

    Tipton, Harold F

    2006-01-01

    Access Control Systems and Methodology. Telecommunications and Network Security. Security Management Practices. Application Program Security. Cryptography. Computer, System, and Security Architecture. Operations Security. Business Continuity Planning and Disaster Recovery Planning. Law, Investigation and Ethics. Physical Security.

  11. Secure Objectives for School Security

    Science.gov (United States)

    Dalton-Noblitt, April

    2012-01-01

    In a study conducted among more than 980 American four-year and two-year colleges and universities, including institutions such as the University of Michigan, MIT, UCLA and Columbia, security staff and other administrators identified the five leading goals for their security systems: (1) Preventing unauthorized people from entering their…

  12. Security Bingo

    CERN Multimedia

    Computer Security Team

    2011-01-01

    Want to check your security awareness and win one of three marvellous books on computer security? Just print out this page, mark which of the 25 good practices below you already follow, and send the sheet back to us by 31 October 2011 at either Computer.Security@cern.ch or P.O. Box G19710.   Winners[1] must show that they fulfil at least five good practices in a continuous vertical, horizontal or diagonal row. For details on CERN Computer Security, please consult http://cern.ch/security. I personally…   …am concerned about computer security. …run my computer with an anti-virus software and up-to-date signature files. …lock my computer screen whenever I leave my office. …have chosen a reasonably complex password. …have restricted access to all my files and data. …am aware of the security risks and threats to CERN’s computing facilities. &hell...

  13. Computer security

    CERN Document Server

    Gollmann, Dieter

    2011-01-01

    A completely up-to-date resource on computer security Assuming no previous experience in the field of computer security, this must-have book walks you through the many essential aspects of this vast topic, from the newest advances in software and technology to the most recent information on Web applications security. This new edition includes sections on Windows NT, CORBA, and Java and discusses cross-site scripting and JavaScript hacking as well as SQL injection. Serving as a helpful introduction, this self-study guide is a wonderful starting point for examining the variety of competing sec

  14. Secure PVM

    Energy Technology Data Exchange (ETDEWEB)

    Dunigan, T.H.; Venugopal, N.

    1996-09-01

    This research investigates techniques for providing privacy, authentication, and data integrity to PVM (Parallel Virtual Machine). PVM is extended to provide secure message passing with no changes to the user`s PVM application, or, optionally, security can be provided on a message-by message basis. Diffe-Hellman is used for key distribution of a single session key for n-party communication. Keyed MD5 is used for message authentication, and the user may select from various secret-key encryption algorithms for message privacy. The modifications to PVM are described, and the performance of secure PVM is evaluated.

  15. Social security for seafarers globally

    DEFF Research Database (Denmark)

    Jensen, Olaf; Canals, Luisa; Haarløv, Erik

    2013-01-01

    Social security for seafarers globally Background: Social security protection is one of the essential elements of decent work. The issue is complex and no previous epidemiological studies of the coverage among seafarers have yet been performed. Objectives: The aim was to overcome the gap...... of knowledge to promote the discussion and planning of the implementation of social security for all seafarers. Methods: The seafarers completed a short questionnaire concerning their knowledge about their social security status. Results: Significant disparities of coverage of social security were pointed out...... comes from poorer countries without substantial social security systems. The solutions suggested are to implement the minimum requirements as recommended by the ILO 2006 Convention, to survey the implementation and in the long term to struggle for global social equality. Key words: Social security...

  16. Improving Supervisor and Coworker Reporting of Information of Security Concern

    National Research Council Canada - National Science Library

    Wood, Suzanne

    2003-01-01

    PERSEREC examined government requirements that cleared supervisors and employees report to security managers behavior they observe among subordinates and coworkers that they believe to be security-relevant...

  17. Specifying Information Security Needs for the Delivery of High Quality Security Services

    NARCIS (Netherlands)

    Su, X.; Bolzoni, D.; van Eck, Pascal

    In this paper we present an approach for specifying and prioritizing information security requirements in organizations. We propose to explicitly link security requirements with the organizations' business vision, i.e. to provide business rationale for security requirements. The rationale is then

  18. Infrastructure Plan for Home Security System

    OpenAIRE

    Tong, Yao

    2011-01-01

    Tong, Yao. 2011. Infrastructure Plan for Home Security System. Bachelor’s Thesis. Kemi-Tornio University of Applied Sciences. Business and Culture. Pages 53. Appendix 1. The aims of this research were to design an infrastructure plan for home security system, analyze the most mature and emerging technologies, connect the security services through different types of interfaces, and assign different security levels for home security system based on the user requirements. The whole infrastru...

  19. European Security

    DEFF Research Database (Denmark)

    Møller, Bjørn

    Theoretical chapters on "Security", "Organisations" and "Regions," Historical Chapters on "Europe and Its Distinguishing Features" and on "The United Nations," "NATO," "The CSCE/OSCE and the Council of Europe" and "The European Union"......Theoretical chapters on "Security", "Organisations" and "Regions," Historical Chapters on "Europe and Its Distinguishing Features" and on "The United Nations," "NATO," "The CSCE/OSCE and the Council of Europe" and "The European Union"...

  20. Security Studies

    OpenAIRE

    ,

    2005-01-01

    Security Studies has firmly established itself as a leading journal on international security issues. The journal publishes theoretical, historical and policy-oriented articles on the causes and consequences of war, and the sources and conditions of peace. The journal has published articles on balancing vs. bandwagoning, deterrence in enduring rivalries, the Domino theory, nuclear weapons proliferation, civil-military relations, political reforms in China, strategic culture in Asia and the P...

  1. 75 FR 29404 - Contract Reporting Requirements of Intrastate Natural Gas Companies

    Science.gov (United States)

    2010-05-26

    ... Analysis 109 X. Regulatory Flexibility Act 110 XI. Document Availability 112 XII. Effective Date and... less stringent transactional reporting requirements for NGPA section 311 intrastate pipelines and... transactional reporting requirements for intrastate and Hinshaw pipelines in order to increase market...

  2. Use of Evaluation Criteria in Security Education

    National Research Council Canada - National Science Library

    Nguyen, Thuy D; Irvine, Cynthia E

    2008-01-01

    .... A cornerstone of this success will be the ability of Information Assurance professionals to develop sound security requirements and determine the suitability of evaluated security products for mission-specific systems...

  3. Secure Java For Web Application Development

    CERN Document Server

    Bhargav, Abhay

    2010-01-01

    As the Internet has evolved, so have the various vulnerabilities, which largely stem from the fact that developers are unaware of the importance of a robust application security program. This book aims to educate readers on application security and building secure web applications using the new Java Platform. The text details a secure web application development process from the risk assessment phase to the proof of concept phase. The authors detail such concepts as application risk assessment, secure SDLC, security compliance requirements, web application vulnerabilities and threats, security

  4. Security an introduction

    CERN Document Server

    Purpura, Philip P

    2011-01-01

    Section I The History and Profession of SecurityDefinition, Role, and History of Security Security Defined The Contexts of Security The Roles of Security The History of Security Security in an Environment of Threats, Terrorism, and All-Hazards Threats and Hazards Terrorism National Strategies The Profession and Business of Security The Business of Security Professionalism and Security Associations Ethics Regulation of the Security Industry Security Training Higher Education Careers Section II Protecting People and AssetsSecurity Methodology Methodology Defined Security Business Proposals Secur

  5. [Food security in Mexico].

    Science.gov (United States)

    Urquía-Fernández, Nuria

    2014-01-01

    An overview of food security and nutrition in Mexico is presented, based on the analysis of the four pillars of food security: availability, access, utilization of food, and stability of the food supply. In addition, the two faces of malnutrition in Mexico were analyzed: obesity and undernourishment. Data were gathered from the food security indicators of the United Nations's Food and Agriculture Organization, from the Mexican Scale of Food Security, and from the National Health and Nutrition Survey. Mexico presents an index of availability of 3 145 kilocalories per person per day, one of the highest indexes in the world, including both food production and imports. In contrast, Mexico is affected by a double burden of malnutrition: whereas children under five present 14% of stunt, 30% of the adult population is obese. Also, more than 18% of the population cannot afford the basic food basket (food poverty). Using perception surveys, people reports important levels of food insecurity, which concentrates in seven states of the Mexican Federation. The production structure underlying these indicators shows a very heterogeneous landscape, which translates in to a low productivity growth across the last years. Food security being a multidimensional concept, to ensure food security for the Mexican population requires a revision and redesign of public productive and social policies, placing a particular focus on strengthening the mechanisms of institutional governance.

  6. A coastal perspective on security.

    Science.gov (United States)

    Emerson, Steven D; Nadeau, John

    2003-11-14

    This paper examines security issues from the unique perspective of our nation's coastlines and associated infrastructure. It surveys ongoing efforts to secure offshore shipping lanes, as well as the transportation systems and huge capital investments on the narrow strip of land intersecting with coastal waters. The paper recounts the extraordinary demands recently placed on the Coast Guard, port authorities and other agencies charged with offshore security. New federal requirements such as port assessments continue to be mandated, while solutions to finding are still unfolding. An up-to-date summary of maritime security functions is provided. Those requirements are compared and contrasted with security guidelines and regulatory demands placed upon mobile and fixed assets of the Chemical Process Industry (CPI) in coastal environs. These span the gamut from recommendations by industry groups and professional organizations, to federal and state requirements, to insurance demands, to general duty obligations.

  7. Process Control/SCADA system vendor security awareness and security posture.

    NARCIS (Netherlands)

    Luiijf, H.A.M.; Lüders, S.

    2009-01-01

    A starting point for the adequate security of process control/SCADA systems is the security awareness and security posture by the manufacturers, vendors, system integrators, and service organisations. The results of a short set of questions indicate that major security improvements are required in

  8. Legal status and source of offenders' firearms in states with the least stringent criteria for gun ownership.

    Science.gov (United States)

    Vittes, Katherine A; Vernick, Jon S; Webster, Daniel W

    2013-02-01

    Gun possession by high-risk individuals presents a serious threat to public safety. U.S. federal law establishes minimum criteria for legal purchase and possession of firearms; many states have laws disqualifying additional categories for illegal possession. We used data from a national survey of state prison inmates to calculate: 1) the proportion of offenders, incarcerated for crimes committed with firearms in 13 states with the least restrictive firearm purchase and possession laws, who would have been prohibited if their states had stricter gun laws; and 2) the source of gun acquisition for offenders who were and were not legally permitted to purchase and possess firearms. Nearly three of ten gun offenders (73 of 253 or 28.9%) were legal gun possessors but would have been prohibited from purchasing or possessing firearms when committing their most recent offense if their states had stricter prohibitions. Offenders who were already prohibited under current law acquired their gun from a licensed dealer, where a background check is required, five times less often than offenders who were not prohibited (3.9% vs. 19.9%; χ(2)=13.31; p≤0.001). Nearly all (96.1%) offenders who were legally prohibited, acquired their gun from a supplier not required to conduct a background check. Stricter gun ownership laws would have made firearm possession illegal for many state prison inmates who used a gun to commit a crime. Requiring all gun sales to be subject to a background check would make it more difficult for these offenders to obtain guns.

  9. Privacy and security in teleradiology

    Energy Technology Data Exchange (ETDEWEB)

    Ruotsalainen, Pekka [National Institute for Health and Welfare, Helsinki (Finland)], E-mail: pekka.ruotsalainen@THL.fi

    2010-01-15

    Teleradiology is probably the most successful eHealth service available today. Its business model is based on the remote transmission of radiological images (e.g. X-ray and CT-images) over electronic networks, and on the interpretation of the transmitted images for diagnostic purpose. Two basic service models are commonly used teleradiology today. The most common approach is based on the message paradigm (off-line model), but more developed teleradiology systems are based on the interactive use of PACS/RIS systems. Modern teleradiology is also more and more cross-organisational or even cross-border service between service providers having different jurisdictions and security policies. This paper defines the requirements needed to make different teleradiology models trusted. Those requirements include a common security policy that covers all partners and entities, common security and privacy protection principles and requirements, controlled contracts between partners, and the use of security controls and tools that supporting the common security policy. The security and privacy protection of any teleradiology system must be planned in advance, and the necessary security and privacy enhancing tools should be selected (e.g. strong authentication, data encryption, non-repudiation services and audit-logs) based on the risk analysis and requirements set by the legislation. In any case the teleradiology system should fulfil ethical and regulatory requirements. Certification of the whole teleradiology service system including security and privacy is also proposed. In the future, teleradiology services will be an integrated part of pervasive eHealth. Security requirements for this environment including dynamic and context aware security services are also discussed in this paper.

  10. Privacy and security in teleradiology

    International Nuclear Information System (INIS)

    Ruotsalainen, Pekka

    2010-01-01

    Teleradiology is probably the most successful eHealth service available today. Its business model is based on the remote transmission of radiological images (e.g. X-ray and CT-images) over electronic networks, and on the interpretation of the transmitted images for diagnostic purpose. Two basic service models are commonly used teleradiology today. The most common approach is based on the message paradigm (off-line model), but more developed teleradiology systems are based on the interactive use of PACS/RIS systems. Modern teleradiology is also more and more cross-organisational or even cross-border service between service providers having different jurisdictions and security policies. This paper defines the requirements needed to make different teleradiology models trusted. Those requirements include a common security policy that covers all partners and entities, common security and privacy protection principles and requirements, controlled contracts between partners, and the use of security controls and tools that supporting the common security policy. The security and privacy protection of any teleradiology system must be planned in advance, and the necessary security and privacy enhancing tools should be selected (e.g. strong authentication, data encryption, non-repudiation services and audit-logs) based on the risk analysis and requirements set by the legislation. In any case the teleradiology system should fulfil ethical and regulatory requirements. Certification of the whole teleradiology service system including security and privacy is also proposed. In the future, teleradiology services will be an integrated part of pervasive eHealth. Security requirements for this environment including dynamic and context aware security services are also discussed in this paper.

  11. Site security personnel training manual

    International Nuclear Information System (INIS)

    1978-10-01

    As required by 10 CFR Part 73, this training manual provides guidance to assist licensees in the development of security personnel training and qualifications programs. The information contained in the manual typifies the level and scope of training for personnel assigned to perform security related tasks and job duties associated with the protection of nuclear fuel cycle facilities and nuclear power reactors

  12. The Key to School Security.

    Science.gov (United States)

    Hotle, Dan

    1993-01-01

    In addition to legislative accessibility requirements, other security issues facing school administrators who select a security system include the following: access control; user friendliness; durability or serviceability; life safety precautions; possibility of vandalism, theft, and tampering; and key control. Offers steps to take in considering…

  13. 33 CFR 105.265 - Security measures for handling cargo.

    Science.gov (United States)

    2010-07-01

    ... SECURITY MARITIME SECURITY MARITIME SECURITY: FACILITIES Facility Security Requirements § 105.265 Security... to do so, routinely check cargo, cargo transport units, and cargo storage areas within the facility..., containers, or other cargo transport units entering the facility match the delivery note or equivalent cargo...

  14. 49 CFR 1552.23 - Security awareness training programs.

    Science.gov (United States)

    2010-10-01

    ... employee to identify— (i) Uniforms and other identification, if any are required at the flight school, for... SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY FLIGHT SCHOOLS Flight School Security Awareness Training § 1552.23 Security awareness training programs. (a) General. A flight...

  15. Strategy for IT Security

    Science.gov (United States)

    Santiago, S. Scott; Moyles, Thomas J. (Technical Monitor)

    2001-01-01

    This viewgraph presentation provides information on the importance of information technology (IT) security (ITS) to NASA's mission. Several points are made concerning the subject. In order for ITS to be successful, it must be supported by management. NASA, while required by law to keep the public informed of its pursuits, must take precautions due to possible IT-based incursions by computer hackers and other malignant persons. Fear is an excellent motivation for establishing and maintaining a robust ITS policy. The ways in which NASA ITS personnel continually increase security are manifold, however a great deal relies upon the active involvement of the entire NASA community.

  16. Safety, Security and Multicore

    Science.gov (United States)

    Parkinson, Paul

    Historically many safety-related and security-critical systems have been developed and qualified using single-core processors. These platforms could easily meet their increases in system performance requirements through higher processor clock speeds. However, the industry is now approaching the limit of relatively simple upgrade path, and there is an increasing trend towards the adoption of multicore processor architectures in critical systems to address higher performance demands. In this paper, we will review the challenges involved in migration to multicore processor architectures and the specific challenges related to their use in safety-critical and security-sensitive systems.

  17. Nuclear security officer training

    International Nuclear Information System (INIS)

    Harrington, W.F.

    1981-01-01

    Training has become complex and precise in today's world of critical review and responsibility. Entrusted to a security officer is the success or demise of large business. In more critical environments the security officer is entrusted with the monitoring and protection of life sensitive systems and devices. The awareness of this high visibility training requirement has been addressed by a limited few. Those involved in the nuclear power industry through dedication and commitment to the American public have without a doubt become leading pioneers in demanding training excellence

  18. Privatising Security

    Directory of Open Access Journals (Sweden)

    Irina Mindova-Docheva

    2016-06-01

    Full Text Available The article proposes an analysis of the different approaches towards employing the international legal framework in the regulation and oversight of private military and security companies’ operation in armed conflicts and in peace time security systems. It proposes a partnership-based approach for public and private actors aiming at creating and sharing common values under the principles of solidarity, protection of human rights and rule of law. A focus of further research should be the process of shaping those common values.

  19. Cloud Computing Security: A Survey

    Directory of Open Access Journals (Sweden)

    Issa M. Khalil

    2014-02-01

    Full Text Available Cloud computing is an emerging technology paradigm that migrates current technological and computing concepts into utility-like solutions similar to electricity and water systems. Clouds bring out a wide range of benefits including configurable computing resources, economic savings, and service flexibility. However, security and privacy concerns are shown to be the primary obstacles to a wide adoption of clouds. The new concepts that clouds introduce, such as multi-tenancy, resource sharing and outsourcing, create new challenges to the security community. Addressing these challenges requires, in addition to the ability to cultivate and tune the security measures developed for traditional computing systems, proposing new security policies, models, and protocols to address the unique cloud security challenges. In this work, we provide a comprehensive study of cloud computing security and privacy concerns. We identify cloud vulnerabilities, classify known security threats and attacks, and present the state-of-the-art practices to control the vulnerabilities, neutralize the threats, and calibrate the attacks. Additionally, we investigate and identify the limitations of the current solutions and provide insights of the future security perspectives. Finally, we provide a cloud security framework in which we present the various lines of defense and identify the dependency levels among them. We identify 28 cloud security threats which we classify into five categories. We also present nine general cloud attacks along with various attack incidents, and provide effectiveness analysis of the proposed countermeasures.

  20. COMPUTER SECURITY AND SECURITY TECHNOLOGIES

    Directory of Open Access Journals (Sweden)

    Lazar Stošić

    2013-01-01

    Full Text Available With the increasing development of computer and communications technology growth and increasing needs and development of information systems security. The problem of security must be approached with greater caution. With the development of computer and communication technologies have developed numerous tools to protect files and other information. A set of tools, procedures, policies and solutions to defend against attacks are collectively referred to as computer network security. It is necessary above all to define and learn about the concepts of attack, risk, threat, vulnerability and asset value. During the design and implementation of information systems should primarily take into account a set of measures to increase security and maintenance at an acceptable level of risk. In any case, there is a need to know the risks in the information system. Sources of potential security problems are challenges and attacks, while the risk relates to the probable outcome and its associated costs due to occurrence of certain events. There are numerous techniques help protect your computer: cryptography, authentication, checked the software, licenses and certificates, valid authorization... This paper explains some of the procedures and potential threats to break into the network and computers as well as potential programs that are used. Guidance and explanation of these programs is not to cause a break-in at someone else's computer, but to highlight the vulnerability of the computer's capabilities.

  1. Transportation security personnel training manual

    International Nuclear Information System (INIS)

    1978-11-01

    Objective of this manual is to train security personnel to protect special nuclear materials and nuclear facilities against theft and sabotage as required by 10 CFR Part 73. This volume contains the introduction and rationale

  2. Food security under climate change

    Science.gov (United States)

    Hertel, Thomas W.

    2016-01-01

    Using food prices to assess climate change impacts on food security is misleading. Differential impacts on income require a broader measure of household well-being, such as changes in absolute poverty.

  3. Options for Meeting U.S. Navy Foreign Language and Cultural Expertise Requirements in the Post 9/11 Security Environment

    Science.gov (United States)

    2009-06-01

    Enlisted Management Community EPA Enlisted Program Authorizations ESL English as a Second Language FAO Foreign Area Officer FLPB...DLAB). The DLAB tests the applicant’s ability to learn a foreign language by testing the applicant in a made-up language after first teaching basic...graduation requirements (DLFFLC General Catalogue, 2006–2007, pp. 2–4). At present, DLIFLC can teach 23 resident languages and several dialects

  4. Arctic Security

    DEFF Research Database (Denmark)

    Wang, Nils

    2013-01-01

    of the general security situation and to identify both the explicit and the implicit agendas of the primary state actors. The region contains all the ingredients for confrontation and conflict but the economical potential for all the parties concerned creates a general interest in dialogue and cooperation...

  5. Information Security

    NARCIS (Netherlands)

    Hartel, Pieter H.; Suryana Herman, Nanna; Leukfeldt, E.R.; Stol, W.Ph.

    2012-01-01

    Information security is all about the protection of digital assets, such as digital content, personal health records, state secrets etc. These assets can be handled by a party who is authorised to access and control the asset or a party who is not authorised to do so. Authorisation determines who is

  6. Understanding and Specifying Information Security Needs to Support the Delivery of High Quality Security Services

    NARCIS (Netherlands)

    Su, X.; Bolzoni, D.; van Eck, Pascal

    2007-01-01

    In this paper we present an approach for specifying and prioritizing information security requirements in organizations. It is important to prioritize security requirements since hundred per cent security is not achievable and the limited resources available should be directed to satisfy the most

  7. Understanding and Specifying Information Security Needs to Support the Delivery of High Quality Security Services

    NARCIS (Netherlands)

    Su, X.; Bolzoni, D.; van Eck, Pascal

    2006-01-01

    In this paper we present an approach for specifying and prioritizing information security requirements in organizations. It is important to prioritize security requirements since hundred per cent security is not achievable and the limited resources available should be directed to satisfy the most

  8. Radiological protection, safety and security issues in the industrial and medical applications of radiation sources

    International Nuclear Information System (INIS)

    Vaz, Pedro

    2015-01-01

    The use of radiation sources, namely radioactive sealed or unsealed sources and particle accelerators and beams is ubiquitous in the industrial and medical applications of ionizing radiation. Besides radiological protection of the workers, members of the public and patients in routine situations, the use of radiation sources involves several aspects associated to the mitigation of radiological or nuclear accidents and associated emergency situations. On the other hand, during the last decade security issues became burning issues due to the potential malevolent uses of radioactive sources for the perpetration of terrorist acts using RDD (Radiological Dispersal Devices), RED (Radiation Exposure Devices) or IND (Improvised Nuclear Devices). A stringent set of international legally and non-legally binding instruments, regulations, conventions and treaties regulate nowadays the use of radioactive sources. In this paper, a review of the radiological protection issues associated to the use of radiation sources in the industrial and medical applications of ionizing radiation is performed. The associated radiation safety issues and the prevention and mitigation of incidents and accidents are discussed. A comprehensive discussion of the security issues associated to the global use of radiation sources for the aforementioned applications and the inherent radiation detection requirements will be presented. Scientific, technical, legal, ethical, socio-economic issues are put forward and discussed. - Highlights: • The hazards associated to the use of radioactive sources must be taken into account. • Security issues are of paramount importance in the use of radioactive sources. • Radiation sources can be used to perpetrate terrorist acts (RDDs, INDs, REDs). • DSRS and orphan sources trigger radiological protection, safety and security concerns. • Regulatory control, from cradle to grave, of radioactive sources is mandatory.

  9. Radiological protection, safety and security issues in the industrial and medical applications of radiation sources

    Science.gov (United States)

    Vaz, Pedro

    2015-11-01

    The use of radiation sources, namely radioactive sealed or unsealed sources and particle accelerators and beams is ubiquitous in the industrial and medical applications of ionizing radiation. Besides radiological protection of the workers, members of the public and patients in routine situations, the use of radiation sources involves several aspects associated to the mitigation of radiological or nuclear accidents and associated emergency situations. On the other hand, during the last decade security issues became burning issues due to the potential malevolent uses of radioactive sources for the perpetration of terrorist acts using RDD (Radiological Dispersal Devices), RED (Radiation Exposure Devices) or IND (Improvised Nuclear Devices). A stringent set of international legally and non-legally binding instruments, regulations, conventions and treaties regulate nowadays the use of radioactive sources. In this paper, a review of the radiological protection issues associated to the use of radiation sources in the industrial and medical applications of ionizing radiation is performed. The associated radiation safety issues and the prevention and mitigation of incidents and accidents are discussed. A comprehensive discussion of the security issues associated to the global use of radiation sources for the aforementioned applications and the inherent radiation detection requirements will be presented. Scientific, technical, legal, ethical, socio-economic issues are put forward and discussed.

  10. Access Point Security Service for wireless ad-hoc communication

    NARCIS (Netherlands)

    Scholten, Johan; Nijdam, M.

    2006-01-01

    This paper describes the design and implementation of a security solution for ad-hoc peer-to-peer communication. The security solution is based on a scenario where two wireless devices require secure communication, but share no security relationship a priori. The necessary requirements for the

  11. Global nuclear security engagement

    International Nuclear Information System (INIS)

    Kulp, W.D. III

    2012-01-01

    Full text: The Nuclear Security Summits in Washington (2010) and Seoul (2012) were convened with the goal of reducing the threat of nuclear terrorism. These meetings have engaged States with established nuclear fuel cycle activities and encouraged their commitment to nuclear security. The participating States have reaffirmed that it is a fundamental responsibility of nations to maintain effective nuclear security in order to prevent unauthorized actors from acquiring nuclear materials. To that end, the participants have identified important areas for improvement and have committed to further progress. Yet, a broader message has emerged from the Summits: effective nuclear security requires both global and regional engagement. Universal commitment to domestic nuclear security is essential, if only because the peaceful use of nuclear energy remains a right of all States: Nations may someday adopt nuclear energy, even if they are not currently developing nuclear technology. However, the need for nuclear security extends beyond domestic power production. To harvest natural resources and to develop part of a nuclear fuel cycle, a State should embrace a nuclear security culture. Nuclear materials may be used to produce isotopes for medicine and industry. These materials are transported worldwide, potentially crossing a nation's borders or passing by its shores. Regrettably, measures to prevent the loss of control may not be sufficient against an adversary committed to using nuclear or other radioactive materials for malicious acts. Nuclear security extends beyond prevention measures, encompassing efforts to detect illicit activities and respond to nuclear emergencies. The Seoul Communique introduces the concept of a Global Nuclear Security Architecture, which includes multilateral instruments, national legislation, best practices, and review mechanisms to promote adoption of these components. Key multilateral instruments include the Convention on Physical Protection of

  12. Stringent and reproducible tetracycline-regulated transgene expression by site-specific insertion at chromosomal loci with pre-characterised induction characteristics

    Directory of Open Access Journals (Sweden)

    Papanastasiou Antigoni M

    2007-05-01

    Full Text Available Abstract Background The ability to regulate transgene expression has many applications, mostly concerning the analysis of gene function. Desirable induction characteristics, such as low un-induced expression, high induced expression and limited cellular heterogeneity, can be seriously impaired by chromosomal position effects at the site of transgene integration. Many clones may therefore need to be screened before one with optimal induction characteristics is identified. Furthermore, such screens must be repeated for each new transgene investigated, and comparisons between clones with different transgenes is complicated by their different integration sites. Results To circumvent these problems we have developed a "screen and insert" strategy in which clones carrying a transgene for a fluorescent reporter are first screened for those with optimal induction characteristics. Site-specific recombination (SSR is then be used repeatedly to insert any new transgene at the reporter transgene locus of such clones so that optimal induction characteristics are conferred upon it. Here we have tested in a human fibrosarcoma cell line (HT1080 two of many possible implementations of this approach. Clones (e.g. Rht14-10 in which a GFP reporter gene is very stringently regulated by the tetracycline (tet transactivator (tTA protein were first identified flow-cytometrically. Transgenes encoding luciferase, I-SceI endonuclease or Rad52 were then inserted by SSR at a LoxP site adjacent to the GFP gene resulting stringent tet-regulated transgene expression. In clone Rht14-10, increases in expression from essentially background levels (+tet to more than 104-fold above background (-tet were reproducibly detected after Cre-mediated insertion of either the luciferase or the I-SceI transgenes. Conclusion Although previous methods have made use of SSR to integrate transgenes at defined sites, none has effectively combined this with a pre-selection step to identify

  13. 40 CFR 264.14 - Security.

    Science.gov (United States)

    2010-07-01

    ... 40 Protection of Environment 25 2010-07-01 2010-07-01 false Security. 264.14 Section 264.14... Standards § 264.14 Security. (a) The owner or operator must prevent the unknowing entry, and minimize the...) for discussion of security requirements at disposal facilities during the post-closure care period...

  14. 10 CFR 39.71 - Security.

    Science.gov (United States)

    2010-01-01

    ... 10 Energy 1 2010-01-01 2010-01-01 false Security. 39.71 Section 39.71 Energy NUCLEAR REGULATORY COMMISSION LICENSES AND RADIATION SAFETY REQUIREMENTS FOR WELL LOGGING Security, Records, Notifications § 39.71 Security. (a) A logging supervisor must be physically present at a temporary jobsite whenever...

  15. 14 CFR 460.53 - Security.

    Science.gov (United States)

    2010-01-01

    ... 14 Aeronautics and Space 4 2010-01-01 2010-01-01 false Security. 460.53 Section 460.53 Aeronautics and Space COMMERCIAL SPACE TRANSPORTATION, FEDERAL AVIATION ADMINISTRATION, DEPARTMENT OF....53 Security. An operator must implement security requirements to prevent any space flight participant...

  16. 40 CFR 265.14 - Security.

    Science.gov (United States)

    2010-07-01

    ... 40 Protection of Environment 25 2010-07-01 2010-07-01 false Security. 265.14 Section 265.14... Facility Standards § 265.14 Security. (a) The owner or operator must prevent the unknowing entry, and...) for discussion of security requirements at disposal facilities during the post-closure care period...

  17. 14 CFR 129.25 - Airplane security.

    Science.gov (United States)

    2010-01-01

    ... 14 Aeronautics and Space 3 2010-01-01 2010-01-01 false Airplane security. 129.25 Section 129.25... security. Foreign air carriers conducting operations under this part must comply with the applicable security requirements in 49 CFR chapter XII. [67 FR 8350, Feb. 22, 2002] ...

  18. 14 CFR 135.125 - Aircraft security.

    Science.gov (United States)

    2010-01-01

    ... 14 Aeronautics and Space 3 2010-01-01 2010-01-01 false Aircraft security. 135.125 Section 135.125....125 Aircraft security. Certificate holders conducting operators conducting operations under this part must comply with the applicable security requirements in 49 CFR chapter XII. [67 FR 8350, Feb. 22, 2002] ...

  19. 7 CFR 1951.866 - Security.

    Science.gov (United States)

    2010-01-01

    ... 7 Agriculture 14 2010-01-01 2009-01-01 true Security. 1951.866 Section 1951.866 Agriculture... REGULATIONS (CONTINUED) SERVICING AND COLLECTIONS Rural Development Loan Servicing § 1951.866 Security. (a) Loans from RDLF intermediaries to ultimate recipients. Security requirements for loans from...

  20. 7 CFR 331.11 - Security.

    Science.gov (United States)

    2010-01-01

    ... 7 Agriculture 5 2010-01-01 2010-01-01 false Security. 331.11 Section 331.11 Agriculture..., DEPARTMENT OF AGRICULTURE POSSESSION, USE, AND TRANSFER OF SELECT AGENTS AND TOXINS § 331.11 Security. (a) An individual or entity required to register under this part must develop and implement a written security plan...

  1. 14 CFR 121.538 - Aircraft security.

    Science.gov (United States)

    2010-01-01

    ... 14 Aeronautics and Space 3 2010-01-01 2010-01-01 false Aircraft security. 121.538 Section 121.538..., FLAG, AND SUPPLEMENTAL OPERATIONS Flight Operations § 121.538 Aircraft security. Certificate holders conducting operations under this part must comply with the applicable security requirements in 49 CFR chapter...

  2. 46 CFR 10.214 - Security Check.

    Science.gov (United States)

    2010-10-01

    ... 46 Shipping 1 2010-10-01 2010-10-01 false Security Check. 10.214 Section 10.214 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MERCHANT MARINE OFFICERS AND SEAMEN MERCHANT MARINER CREDENTIAL General Requirements for All Merchant Mariner Credentials § 10.214 Security Check. Until April 15, 2009...

  3. 12 CFR 703.11 - Valuing securities.

    Science.gov (United States)

    2010-01-01

    ...) At least monthly, a Federal credit union must determine the fair value of each security it holds. It... external auditor must follow generally accepted auditing standards, which require either re-computation or... by this section for a particular security, then it may obtain a quotation for a security with...

  4. 31 CFR 202.6 - Collateral security.

    Science.gov (United States)

    2010-07-01

    ... 31 Money and Finance: Treasury 2 2010-07-01 2010-07-01 false Collateral security. 202.6 Section... GOVERNMENT 1 § 202.6 Collateral security. (a) Requirement. Prior to receiving deposits of public money, a depositary authorized to perform services under § 202.3(b) must pledge collateral security in the amount...

  5. Multi sensor national cyber security data fusion

    CSIR Research Space (South Africa)

    Swart, I

    2015-03-01

    Full Text Available information security posture and to improve on it. The potential attack surface of a nation is extremely large however and no single source of cyber security data provides all the required information to accurately describe the cyber security readiness of a...

  6. The Extended Concept of Security and the Czech Security Practice

    Directory of Open Access Journals (Sweden)

    Libor Stejskal

    2008-12-01

    Full Text Available According to the extended concept of security, the nation state is no longer the sole privileged reference object of security. The traditional model of national security is developing from military terms to a broader concept which embraces the international, economic, social, environmental, and human rights dimensions of security. The meaning and relevance of the concept is being extended “upwards”, to international organisations, and “downwards”, to regional and local authorities, non-governmental organisations, communities, and individual citizens. This has immediate bearing on the everyday security reality of the Czech Republic. In international context, the “security frontier” of the Czech Republic is expanding, e.g. through the country’s involvement in UN and NATO security missions in conflict-ridden regions of Europe and the world. The country also helps enhance the internal security of the European Union, whose strength depends on its Member States’ willingness to “harmonise” the pursuit of their respective national security interests. This approach is especially important with regard to the principal security threats Europe faces and will continue to face in the future: terrorism and organised crime. It is vital that the Czech Republic have a well-working security system capable of responding effectively to a broad range of threats. This requirement applies first and foremost to the Police, the Fire and Rescue Service, and intelligence services. Unfortunately, with the present effectiveness of the Czech security system, much remains wishful thinking and, due to the lack of a comprehensive framework, a comparatively low level of protection against emergencies exists. Fight against crime is hampered by inefficient operation of the Police and judiciary. A thorough analysis of the aforementioned problems could provide basis for a broader public debate over the priorities and goals of Czech security policy, which should

  7. The Informatics Security Cost of Distributed Applications

    Directory of Open Access Journals (Sweden)

    Ion IVAN

    2010-01-01

    Full Text Available The objective, necessity, means and estimated efficiency of information security cost modeling are presented. The security requirements of distributed informatics applications are determined. Aspects regarding design, development and implementation are established. Influence factors for informatics security are presented and their correlation is analyzed. The costs associated to security processes are studied. Optimal criteria for informatics security are established. The security cost of the informatics application for validating organizational identifiers is determined using theoretical assumptions made for cost models. The conclusions highlight the validity of research results and offer perspectives for future research.

  8. Computer Security: the security marathon

    CERN Multimedia

    Computer Security Team

    2014-01-01

    If you believe that “security” is a sprint, that a quick hack is invulnerable, that quick bug fixing is sufficient, that plugging security measures on top of existing structures is good, that once you are secure your life will be easy... then let me convince you otherwise.   An excellent example of this is when the summer students join us at CERN. As the summer period is short, software projects must be accomplished quickly, like a sprint. Rush, rush! But often, this sprint ends with aching muscles. Regularly, these summer students approach us to have their project or web server made visible to the Internet. Regularly, quick security reviews of those web servers diagnose severe underperformance with regards to security: the web applications are flawed or use insecure protocols; the employed software tools, databases or web frameworks are sub-optimal and not adequately chosen for that project; the operating system is non-standard and has never been brought up-to-date; and ...

  9. Security Investigation Database (SID)

    Data.gov (United States)

    US Agency for International Development — Security Investigation & Personnel Security Clearance - COTS personnel security application in a USAID virtualized environement that can support USAID's business...

  10. Security Administration Reports Application

    Data.gov (United States)

    Social Security Administration — Contains SSA Security Reports that allow Information Security Officers (ISOs) to access, review and take appropriate action based on the information contained in the...

  11. Model-Based Security Testing

    Directory of Open Access Journals (Sweden)

    Ina Schieferdecker

    2012-02-01

    Full Text Available Security testing aims at validating software system requirements related to security properties like confidentiality, integrity, authentication, authorization, availability, and non-repudiation. Although security testing techniques are available for many years, there has been little approaches that allow for specification of test cases at a higher level of abstraction, for enabling guidance on test identification and specification as well as for automated test generation. Model-based security testing (MBST is a relatively new field and especially dedicated to the systematic and efficient specification and documentation of security test objectives, security test cases and test suites, as well as to their automated or semi-automated generation. In particular, the combination of security modelling and test generation approaches is still a challenge in research and of high interest for industrial applications. MBST includes e.g. security functional testing, model-based fuzzing, risk- and threat-oriented testing, and the usage of security test patterns. This paper provides a survey on MBST techniques and the related models as well as samples of new methods and tools that are under development in the European ITEA2-project DIAMONDS.

  12. Secure DBMS.

    Science.gov (United States)

    1982-02-01

    F30602-80-C- 0235 9. PERFORMING ORGANIZATION NAME AND ADDRESS I0. PROGRAM ELEMENT. PROJECT. TASK HARRIS CORPORATION AREA & WORK UNIT NUMBERS Government...performed for the Rome Air Development Center under Contract F30602-80-C- 0235 . The study was performed by the staff of the Hprris Corporation...processors from making TM - HP 6-31 simultaneous incompatable changes to the data base. However, the simple security rule prohibits a lower level

  13. Security system

    Science.gov (United States)

    Baumann, Mark J.; Kuca, Michal; Aragon, Mona L.

    2016-02-02

    A security system includes a structure having a structural surface. The structure is sized to contain an asset therein and configured to provide a forceful breaching delay. The structure has an opening formed therein to permit predetermined access to the asset contained within the structure. The structure includes intrusion detection features within or associated with the structure that are activated in response to at least a partial breach of the structure.

  14. Security seal

    Science.gov (United States)

    Gobeli, Garth W.

    1985-01-01

    Security for a package or verifying seal in plastic material is provided by a print seal with unique thermally produced imprints in the plastic. If tampering is attempted, the material is irreparably damaged and thus detectable. The pattern of the imprints, similar to "fingerprints" are recorded as a positive identification for the seal, and corresponding recordings made to allow comparison. The integrity of the seal is proved by the comparison of imprint identification records made by laser beam projection.

  15. Security Engineering

    Science.gov (United States)

    2012-01-31

    Clarkson, Chong, and Myers, 2008; Fujioka and Okamoto, 1992] across a diverse set of redundant components. For example, an automobile brake control...e.g., a radio frequency spectrum analyzer embedded in a subsystem’s hardware chassis , and listening for a wireless triggering command at the time of...S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, and S. Savage, Experimental security analysis of a modern automobile , IEEE Symposium on

  16. Protective force legal issues: the security perspective

    International Nuclear Information System (INIS)

    Rich, B.L.

    1984-01-01

    There has been much discussion and some controversy on the legal issues faced by the Department of Energy's (DOE) protective forces in the performance of their security duties. These include the observance of legal proprieties in the arrest of non-violent demonstrators, the use of lethal weapons, and the extent of protective forces' authority to carry weapons and protect DOE's security interests offsite. In brief, the need to protect DOE's security interests may be in nominal conflict with other requirements. When faced with a potential conflict in requirements, we in the DOE security community must place first attention to the security mission -- to deter and prevent hostile acts

  17. Historic and future trends of vehicle emissions in Beijing, 1998-2020: A policy assessment for the most stringent vehicle emission control program in China

    Science.gov (United States)

    Zhang, Shaojun; Wu, Ye; Wu, Xiaomeng; Li, Mengliang; Ge, Yunshan; Liang, Bin; Xu, Yueyun; Zhou, Yu; Liu, Huan; Fu, Lixin; Hao, Jiming

    2014-06-01

    As a pioneer in controlling vehicle emissions within China, Beijing released the Clean Air Action Plan 2013-2017 document in August 2013 to improve its urban air quality. It has put forward this plan containing the most stringent emission control policies and strategies to be adopted for on-road vehicles of Beijing. This paper estimates the historic and future trends and uncertainties in vehicle emissions of Beijing from 1998 to 2020 by applying a new emission factor model for the Beijing vehicle fleet (EMBEV). Our updated results show that total emissions of CO, THC, NOx and PM2.5 from the Beijing vehicle fleet are 507 (395-819) kt, 59.1 (41.2-90.5) kt, 74.7 (54.9-103.9) kt and 2.69 (1.91-4.17) kt, respectively, at a 95% confidence level. This represents significant reductions of 58%, 59%, 31% and 62%, respectively, relative to the total vehicle emissions in 1998. The past trends clearly posed a challenge to NOx emission mitigation for the Beijing vehicle fleet, especially in light of those increasing NOx emissions from heavy-duty diesel vehicles (HDDVs) which have partly offset the reduction benefit from light-duty gasoline vehicles (LDGVs). Because of recently announced vehicle emission controls to be adopted in Beijing, including tighter emissions standards, limitations on vehicle growth by more stringent license control, promotion of alternative fuel technologies (e.g., natural gas) and the scrappage of older vehicles, estimated vehicle emissions in Beijing will continue to be mitigated by 74% of CO, 68% of THC, 56% of NOx and 72% of PM2.5 in 2020 compared to 2010 levels. Considering that many of the megacities in China are facing tremendous pressures to mitigate emissions from on-road vehicles, our assessment will provide a timely case study of significance for policy-makers in China.

  18. Nuclear energy technology transfer: the security barriers

    International Nuclear Information System (INIS)

    Rinne, R.L.

    1975-08-01

    The problems presented by security considerations to the transfer of nuclear energy technology are examined. In the case of fusion, the national security barrier associated with the laser and E-beam approaches is discussed; for fission, the international security requirements, due to the possibility of the theft or diversion of special nuclear materials or sabotage of nuclear facilities, are highlighted. The paper outlines the nuclear fuel cycle and terrorist threat, examples of security barriers, and the current approaches to transferring technology. (auth)

  19. THz and Security Applications

    CERN Document Server

    Sizov, Fedir; Detectors, Sources and Associated Electronics for THz Applications

    2014-01-01

    These proceedings comprise invited papers from highly experienced researchers in THz technology and security applications. THz detection of explosives represents one of the most appealing technologies to have recently emerged in dealing with terrorist attacks encountered by civil security and military forces throughout the world. Discussed are the most advanced technologies and developments, the various points of operational strength and weaknesses as well as are suggestions and predictions the best technological solutions to  overcome current operational limits.  The current status of various levels of cooling in THz detectors, sources and associated electronics are also addressed. The goal was to provide a clear view on the current technologies available and the required advances needed in order to achieve more efficient systems. This goal was outlined in part by establishing the baseline of current uncertainty estimations in physics-based modelling and the identification of key areas which require additi...

  20. The security twin peaks

    OpenAIRE

    Heyman, Thomas; Yskout, Koen; Scandariato, Riccardo; Schmidt, Holger; Yu, Yijun

    2011-01-01

    The feedback from architectural decisions to the elaboration of requirements is an established concept in the software engineering community. However, pinpointing the nature of this feedback in a precise way is a largely open problem. Often, the feedback is generically characterized as additional qualities that might be affected by an architect’s choice. This paper provides a practical perspective on this problem by leveraging architectural security patterns. The contribution of this pap...

  1. National Cyber Security Policy

    Indian Academy of Sciences (India)

    National Cyber Security Policy. Salient Features: Caters to ... Creating a secure cyber ecosystem. Creating an assurance framework. Encouraging Open Standards. Strengthening the Regulatory framework. Creating mechanisms for security threat early warning, vulnerability management and response to security threats.

  2. Usable SPACE: Security, Privacy, and Context for the Mobile User

    Science.gov (United States)

    Jutla, Dawn

    Users breach the security of data within many financial applications daily as human and/or business expediency to access and use information wins over corporate security policy guidelines. Recognizing that changing user context often requires different security mechanisms, we discuss end-to-end solutions combining several security and context mechanisms for relevant security control and information presentation in various mobile user situations. We illustrate key concepts using Dimitri Kanevskys (IBM Research) early 2000s patented inventions for voice security and classification.

  3. Information Security

    OpenAIRE

    2005-01-01

    Information security is all about the protection of digital assets, such as digital content, personal health records, state secrets etc. These assets can be handled by a party who is authorised to access and control the asset or a party who is not authorised to do so. Authorisation determines who is trusted to actually handle an asset. Two concepts complement authorisation. Authentication deter-mines who makes a request to handle an asset. To decide who is authorised, a system needs to au-the...

  4. Arctic Security

    DEFF Research Database (Denmark)

    Wang, Nils

    2013-01-01

    The inclusion of China, India, Japan, Singapore and Italy as permanent observers in the Arctic Council has increased the international status of this forum significantly. This chapter aims to explain the background for the increased international interest in the Arctic region through an analysis...... of the general security situation and to identify both the explicit and the implicit agendas of the primary state actors. The region contains all the ingredients for confrontation and conflict but the economical potential for all the parties concerned creates a general interest in dialogue and cooperation...

  5. Network security

    CERN Document Server

    Perez, André

    2014-01-01

    This book introduces the security mechanisms deployed in Ethernet, Wireless-Fidelity (Wi-Fi), Internet Protocol (IP) and MultiProtocol Label Switching (MPLS) networks. These mechanisms are grouped throughout the book according to the following four functions: data protection, access control, network isolation, and data monitoring. Data protection is supplied by data confidentiality and integrity control services. Access control is provided by a third-party authentication service. Network isolation is supplied by the Virtual Private Network (VPN) service. Data monitoring consists of applying

  6. Collective Security

    DEFF Research Database (Denmark)

    Galster, Kjeld

    and real defence of the country’s neutrality let alone a capability to support possible League of Nations action, should such need arise. The anti-militarist ideology of one party, led to regarding the armed services as harmful to designs for developing civic society and a waste of resources generally...... disinclination to accept that the collective security concept and international treaties and accords signed by Denmark should necessitate credible and real defence of the country’s neutrality let alone a capability to support possible League of Nations action, should such need arise. The anti-militarist ideology...

  7. Metric-Aware Secure Service Orchestration

    Directory of Open Access Journals (Sweden)

    Gabriele Costa

    2012-12-01

    Full Text Available Secure orchestration is an important concern in the internet of service. Next to providing the required functionality the composite services must also provide a reasonable level of security in order to protect sensitive data. Thus, the orchestrator has a need to check whether the complex service is able to satisfy certain properties. Some properties are expressed with metrics for precise definition of requirements. Thus, the problem is to analyse the values of metrics for a complex business process. In this paper we extend our previous work on analysis of secure orchestration with quantifiable properties. We show how to define, verify and enforce quantitative security requirements in one framework with other security properties. The proposed approach should help to select the most suitable service architecture and guarantee fulfilment of the declared security requirements.

  8. 17 CFR 41.45 - Required margin.

    Science.gov (United States)

    2010-04-01

    ... 17 Commodity and Securities Exchanges 1 2010-04-01 2010-04-01 false Required margin. 41.45 Section... PRODUCTS Customer Accounts and Margin Requirements § 41.45 Required margin. (a) Applicability. Each security futures intermediary shall determine the required margin for the security futures and related...

  9. Extremely secure identification documents

    Energy Technology Data Exchange (ETDEWEB)

    Tolk, K.M. [Sandia National Labs., Albuquerque, NM (United States); Bell, M. [Sandia National Labs., Livermore, CA (United States)

    1997-09-01

    The technology developed in this project uses biometric information printed on the document and public key cryptography to ensure that an adversary cannot issue identification documents to unauthorized individuals or alter existing documents to allow their use by unauthorized individuals. This process can be used to produce many types of identification documents with much higher security than any currently in use. The system is demonstrated using a security badge as an example. This project focused on the technologies requiring development in order to make the approach viable with existing badge printing and laminating technologies. By far the most difficult was the image processing required to verify that the picture on the badge had not been altered. Another area that required considerable work was the high density printed data storage required to get sufficient data on the badge for verification of the picture. The image processing process was successfully tested, and recommendations are included to refine the badge system to ensure high reliability. A two dimensional data array suitable for printing the required data on the badge was proposed, but testing of the readability of the array had to be abandoned due to reallocation of the budgeted funds by the LDRD office.

  10. Extremely secure identification documents

    International Nuclear Information System (INIS)

    Tolk, K.M.; Bell, M.

    1997-09-01

    The technology developed in this project uses biometric information printed on the document and public key cryptography to ensure that an adversary cannot issue identification documents to unauthorized individuals or alter existing documents to allow their use by unauthorized individuals. This process can be used to produce many types of identification documents with much higher security than any currently in use. The system is demonstrated using a security badge as an example. This project focused on the technologies requiring development in order to make the approach viable with existing badge printing and laminating technologies. By far the most difficult was the image processing required to verify that the picture on the badge had not been altered. Another area that required considerable work was the high density printed data storage required to get sufficient data on the badge for verification of the picture. The image processing process was successfully tested, and recommendations are included to refine the badge system to ensure high reliability. A two dimensional data array suitable for printing the required data on the badge was proposed, but testing of the readability of the array had to be abandoned due to reallocation of the budgeted funds by the LDRD office

  11. Secure computing on reconfigurable systems

    OpenAIRE

    Fernandes Chaves, R.J.

    2007-01-01

    This thesis proposes a Secure Computing Module (SCM) for reconfigurable computing systems. SC provides a protected and reliable computational environment, where data security and protection against malicious attacks to the system is assured. SC is strongly based on encryption algorithms and on the attestation of the executed functions. The use of SC on reconfigurable devices has the advantage of being highly adaptable to the application and the user requirements, while providing high performa...

  12. Cyber security of critical infrastructures

    Directory of Open Access Journals (Sweden)

    Leandros A. Maglaras

    2018-03-01

    Full Text Available Modern Supervisory Control and Data Acquisition (SCADA systems are essential for monitoring and managing electric power generation, transmission and distribution. In the age of the Internet of Things, SCADA has evolved into big, complex and distributed systems that are prone to be conventional in addition to new threats. Many security methods can be applied to such systems, having in mind that both high efficiency, real time intrusion identification and low overhead are required. Keywords: SCADA systems, Security

  13. INFORMATION SECURITY IN LOGISTICS COOPERATION

    Directory of Open Access Journals (Sweden)

    Tomasz Małkus

    2015-03-01

    Full Text Available Cooperation of suppliers of raw materials, semi-finished products, finished products, wholesalers, retailers in the form of the supply chain, as well as outsourcing of specialized logistics service require ensuring adequate support of information. It concerns the use of appropriate computer tools. The security of information in such conditions of collaboration becomes the important problem for parties of contract. The objective of the paper is to characterize main issues relating to security of information in logistics cooperation.

  14. Secure Middleware for Defence Applications

    Science.gov (United States)

    2006-12-01

    Therefore, requirements for such a large, complex distributed system are manifold, and include interoperability, flexibility, modularity, rapid...tackle complexity , the Achilles heel of system vulnerabilities. These demanding requirements, the need to cope with increased uncertainty and...currently consists of the CCM implementation Qedo (Quality of Service enabled distributed objects), MICO as the underlying ORB, with enhanced security

  15. Usable security and e-banking

    DEFF Research Database (Denmark)

    Hertzum, Morten; Jørgensen, Niels; Nørgaard, Mie

    2004-01-01

    Electronic banking must be secure and easy to use. An evaluation of six Danish web-based electronic banking systems indicates that the systems have serious weaknesses with respect to ease of use. Our analysis of the weaknesses suggests that security requirements are among their causes...... and that the weaknesses may in turn cause decreased security. We view the conflict between ease of use and security in the context of usable security, a concept that is intended to match security principles and demands against user knowledge and motivation. Automation, instruction, and understanding can be identified...... as different approaches to usable security. Instruction is the main approach of the systems evaluated; automation relieves the user from involvement in security, as far as possible; and understanding goes beyond step-by-step instructions, to enable users to act competently and safely in situations...

  16. Usable Security and E-Banking

    DEFF Research Database (Denmark)

    Hertzum, Morten; Juul, Niels Christian; Jørgensen, Niels Henrik

    2004-01-01

    Electronic banking must be secure and easy to use. An evaluation of six Danish web-based electronic banking systems indicates that the systems have serious weaknesses with respect to ease of use. Analysis of the weaknesses suggests that security requirements are among their causes...... and that the weaknesses may in turn cause decreased security. Conceptually we view the conflict between ease of use and security in the context of usable security, intended to match security principles and demands against user knowledge and motivation. Automation, instruction, and understanding can be identified...... as different approaches to usable security. Instruction is the main approach of the systems evaluated; automation relieves the user from involvement in security, as far as possible; and understanding goes beyond step-by-step instructions, to enable users to act competently and safely in situations...

  17. IAEA Nuclear Security Human Resource Development Program

    International Nuclear Information System (INIS)

    Braunegger-Guelich, A.

    2009-01-01

    The IAEA is at the forefront of international efforts to strengthen the world's nuclear security framework. The current Nuclear Security Plan for 2006-2009 was approved by the IAEA Board of Governors in September 2005. This Plan has three main points of focus: needs assessment, prevention, detection and response. Its overall objective is to achieve improved worldwide security of nuclear and other radioactive material in use, storage and transport, and of their associated facilities. This will be achieved, in particular, through the provision of guidelines and recommendations, human resource development, nuclear security advisory services and assistance for the implementation of the framework in States, upon request. The presentation provides an overview of the IAEA nuclear security human resource development program that is divided into two parts: training and education. Whereas the training program focuses on filling gaps between the actual performance of personnel working in the area of nuclear security and the required competencies and skills needed to meet the international requirements and recommendations described in UN and IAEA documents relating to nuclear security, the Educational Program in Nuclear Security aims at developing nuclear security experts and specialists, at fostering a nuclear security culture and at establishing in this way sustainable knowledge in this field within a State. The presentation also elaborates on the nuclear security computer based learning component and provides insights into the use of human resource development as a tool in achieving the IAEA's long term goal of improving sustainable nuclear security in States. (author)

  18. 76 FR 4079 - Information Technology (IT) Security

    Science.gov (United States)

    2011-01-24

    ...: NASA is revising the NASA FAR Supplement (NFS) to update requirements related to Information Technology... Security clause. However, due to the critical importance of protecting the Agency's Information Technology...) Insert the clause at 1852.204-76, Security Requirements for Unclassified Information Technology Resources...

  19. 78 FR 48076 - Facility Security Clearance and Safeguarding of National Security Information and Restricted Data

    Science.gov (United States)

    2013-08-07

    ... required security education training for employees of NRC licensees possessing security clearances so that... and methods for providing this training. This action would establish uniformity in the frequency of... education. All cleared employees must be provided with security training and briefings commensurate with...

  20. Future consumer mobile phone security: A case study using the data-centric security model

    NARCIS (Netherlands)

    van Cleeff, A.

    Consumer mobile phone security requires more attention, now that their data storage capacity is increasing. At the same time, much effort is spent on data-centric security for large enterprises. In this article we try to apply data-centric security to consumer mobile phones. We show a maturity model

  1. Overcoming the Illusion of Security: Creating a New Spacefaring Security Strategy Paradigm

    Science.gov (United States)

    2014-03-01

    Integration of the security architectures creates a global capability more robust than any individual security mechanism. It enables rapid detection ...if the security company detects an intruder, the police are dispatched to protect the homeowner, the family, and potentially the home itself...requires this type of multilayered, multiuser approach. Tactics, Techniques, and Procedures (TTP) To execute effective spacefaring protection actions

  2. Collective Security

    DEFF Research Database (Denmark)

    Galster, Kjeld

    of Europe, in the early 1920s the prospects for peace looked promising. Under these circumstances, buttressed by pacifism as the logical reaction to the carnage of the Great War, many a Danish politician on the Left believed that the provisions of the Covenant calling for nations to disarm should...... of the Great War, many a Danish politician on the Left believed that the provisions of the Covenant calling for nations to disarm should be implemented, the sooner the better. In order to accelerate peaceful development, and because their armed forces were seen rather as harmful than conducive to security...... to the international milieu and to the European trend towards reconciliation. New issues assumed prominence as a consequence of the post-war quest for peace and prosperity. Reconstruction of society and increased emphasis on welfare measures brought economy into focus of political canvassing. The League of Nations...

  3. 42 CFR 3.106 - Security requirements.

    Science.gov (United States)

    2010-10-01

    ..., whether in electronic or other media, through either physical separation from non-patient safety work... of the media, whether in electronic, paper, or other media or format, that contain patient safety... Health PUBLIC HEALTH SERVICE, DEPARTMENT OF HEALTH AND HUMAN SERVICES GENERAL PROVISIONS PATIENT SAFETY...

  4. 45 CFR 164.306 - Security standards: General rules.

    Science.gov (United States)

    2010-10-01

    ... entity. (ii) The covered entity's technical infrastructure, hardware, and software security capabilities... 45 Public Welfare 1 2010-10-01 2010-10-01 false Security standards: General rules. 164.306 Section... RELATED REQUIREMENTS SECURITY AND PRIVACY Security Standards for the Protection of Electronic Protected...

  5. Securing energy equity

    International Nuclear Information System (INIS)

    Grimsby, Lars Kare

    2011-01-01

    Addressing energy poverty rather than energy equity conveniently evades the problem of the gap in energy consumption per capita in the developed and developing world. For energy security policies to adequately address energy poverty it requires a widening of scope from national to global. This is a comment to the forthcoming presentation of IEA's proposition for a new architecture for financing universal modern energy access to be presented at the conference 'Energy for all-Financing access for the poor' held in Oslo in October 2011. - Highlights: → Addressing energy poverty may elude the disparity in energy consumption between rich and poor. → A minimum threshold of energy for the poor does not itself address inequity in energy consumption. → Energy equity may be secured by widening scope from national to global, from the poorest to us all.

  6. A Secure Communication Framework for ECUs

    Directory of Open Access Journals (Sweden)

    Ali Shuja Siddiqui

    2017-08-01

    Full Text Available Electronic Control Units (ECUs generate diagnostic and telemetric data that is communicated over the internal vehicular network. ECUs are resource constraint devices and have limited resources to devote for data security. In recent times, threats against vehicular networks have emerged that require attention of the research community. In this paper, we demonstrate data security threats in automobile, and present a hardware based security framework that provides real time secure communication using lightweight cryptographic primitives and propose hardware based authentication protocol. Implementation details, performance and security analysis of proposed framework are presented.

  7. Embedding security messages in existing processes: a pragmatic and effective approach to information security culture change

    CERN Document Server

    Lopienski, Sebastian

    Companies and organizations world-wide depend more and more on IT infrastructure and operations. Computer systems store vital information and sensitive data; computing services are essential for main business processes. This high dependency comes with a number of security risks, which have to be managed correctly on technological, organizational and human levels. Addressing the human aspects of information security often boils down just to procedures, training and awareness raising. On the other hand, employees and collaborators do not adopt security attitude and habits simply when told to do so – a real change in behaviour requires an established security culture. But how to introduce a security culture? This thesis outlines the need of developing or improving security culture, and discusses how this can be done. The proposed approach is to gradually build security knowledge and awareness, and influence behaviours. The way to achieve this is to make security communication pervasive by embedding security me...

  8. Computer Security: the security marathon, part 2

    CERN Multimedia

    Computer Security Team

    2014-01-01

    Do you recall our latest article on the “Security Marathon” (see here) and why it’s wrong to believe that computer security is a sprint, that a quick hack is invulnerable, that quick bug-fixing is sufficient, that plugging security measures on top of existing structures is a good idea, that once you are secure, your life is cosy?   In fact, security is a marathon for us too. Again and again, we have felt comfortable with the security situation at CERN, with dedicated protections deployed on individual hosts, with the security measures deployed by individual service managers, with the attentiveness and vigilance of our users, and with the responsiveness of the Management. Again and again, however, we subsequently detect or receive reports that this is wrong, that protections are incomplete, that security measures are incomplete, that security awareness has dropped. Thus, unfortunately, we often have to go back to square one and address similar issues over and over...

  9. Aviation Security: Background and Policy Options for Screening and Securing Air Cargo

    Science.gov (United States)

    2008-02-25

    today, employees with unescorted access privileges to security identification display areas ( SIDAs ) may access secured areas and aircraft without...that the results of these pilot tests will be provided to the TSA in FY2009 to aid in decisions regarding the technology approach to be taken to meet...where all-cargo aircraft are loaded and unloaded, as security identification display areas ( SIDAs ). This effectively elevates the required security

  10. Information Security: Past, Present and Future - Impact of Developments in Information Technology on Security

    OpenAIRE

    Overbeek, P.L.

    1991-01-01

    The development of information security is addressed in relation to the development of information technology. The leading question is: how has information security developed itself so far, and how should it progress to address tomorrow's security needs. An overwiew is given of the use of information technology in the past, present and expectations for the future. For each period, the security requirements and solutions are discussed, It is made clear that the developments in information tech...

  11. Securing the Global Airspace System Via Identity-Based Security

    Science.gov (United States)

    Ivancic, William D.

    2015-01-01

    Current telecommunications systems have very good security architectures that include authentication and authorization as well as accounting. These three features enable an edge system to obtain access into a radio communication network, request specific Quality-of-Service (QoS) requirements and ensure proper billing for service. Furthermore, the links are secure. Widely used telecommunication technologies are Long Term Evolution (LTE) and Worldwide Interoperability for Microwave Access (WiMAX) This paper provides a system-level view of network-centric operations for the global airspace system and the problems and issues with deploying new technologies into the system. The paper then focuses on applying the basic security architectures of commercial telecommunication systems and deployment of federated Authentication, Authorization and Accounting systems to provide a scalable, evolvable reliable and maintainable solution to enable a globally deployable identity-based secure airspace system.

  12. Securing India's energy future

    International Nuclear Information System (INIS)

    Raghuraman, V.

    2009-01-01

    India's development aspirations are challenged by energy security and climate change considerations. The integrated energy policy clearly deliberates the need to intensify all energy options with emphasis on maximizing indigenous coal production, harnessing hydropower, increasing adoption of renewables, intensifying hydrocarbon exploration and production and anchoring nuclear power development to meet the long-term requirements. The report also emphasizes the need to secure overseas hydrocarbon and coal assets. Subsequently the National Action Plan on climate change has underscored the need to wean away from fossil fuels, the ambitious National Solar Mission is a case in point. Ultimately securing India's energy future lies in clean coal, safe nuclear and innovative solar. Coal is the key energy option in the foreseeable future. Initiatives are needed to take lead role in clean coal technologies, in-situ coal gasification, tapping coal bed methane, coal to liquids and coal to gas technologies. There is need to intensify oil exploration by laying the road-map to open acreage to unlock the hydrocarbon potential. Pursue alternate routes based on shale, methane from marginal fields. Effectively to use oil diplomacy to secure and diversify sources of supply including trans-national pipelines and engage with friendly countries to augment strategic resources. Technologies to be accessed and developed with international co-operation and financial assistance. Public-Private Partnerships, in collaborative R and D projects need to be accelerated. Nuclear share of electricity generation capacity to be increased 6 to 7% of 63000 MW by 2031-32 and further to 25% (300000 MW) capacity by 2050 is to be realized by operationalizing the country's thorium programme. Nuclear renaissance has opened up opportunities for the Indian industry to meet not only India's requirements but also participate in the global nuclear commerce; India has the potential to emerge as a manufacturing hub

  13. Information Systems Security Audit

    OpenAIRE

    Gheorghe Popescu; Veronica Adriana Popescu; Cristina Raluca Popescu

    2007-01-01

    The article covers:Defining an information system; benefits obtained by introducing new information technologies; IT management;Defining prerequisites, analysis, design, implementation of IS; Information security management system; aspects regarding IS security policy; Conceptual model of a security system; Auditing information security systems and network infrastructure security.

  14. Information security management handbook, v.7

    CERN Document Server

    O'Hanley, Richard

    2013-01-01

    Updated annually, the Information Security Management Handbook, Sixth Edition, Volume 7 is the most comprehensive and up-to-date reference available on information security and assurance. Bringing together the knowledge, skills, techniques, and tools required of IT security professionals, it facilitates the up-to-date understanding required to stay one step ahead of evolving threats, standards, and regulations. Reporting on the latest developments in information security and recent changes to the (ISC)2(R) CISSP Common Body of Knowledge (CBK(R)), this volume features 27 new chapters on topics

  15. Information security becoming a priority for utilities

    Energy Technology Data Exchange (ETDEWEB)

    Nicolaides, S. [Numerex, Atlanta, GA (United States)

    2009-10-15

    As part of North America's national critical infrastructure, utilities are finding themselves at the forefront of a security issue. In October 2007, a leading security service provider reported a 90 per cent increase in the number of hackers attempting to attack its utility clients in just one year. Utilities are vulnerable to cyber attacks that could disrupt power production and the transmission system. This article discussed the need for intelligent technologies in securely enabling resource management and operational efficiency of the utilities market. It discussed the unique security challenges that utilities face at a time of greater regulatory activity, heightened environmental concerns, tighter data security requirements and an increasing need for remote monitoring and control. A new tool has emerged for cyber security in the form of an international standard that may offer a strong guideline to work toward 11 security domains. These include security policy; organization of information security; asset management; human resources security; physical and environmental security; communications and operations management; access control; information systems acquisition; development and maintenance; information security incident management; business continuity management; and compliance. 2 figs.

  16. Security, Fraud Detection

    Indian Academy of Sciences (India)

    First page Back Continue Last page Overview Graphics. Secure. Secure. Server – Intruder prevention/detection; Network – Encryption, PKI; Client - Secure. Fraud detection based on audit trails. Automatic alerts like credit-card alerts based on suspicious patterns.

  17. Transportation Security Administration

    Science.gov (United States)

    ... content Official website of the Department of Homeland Security Transportation Security Administration A - Z Index Blog What Can I ... Search form Search the Site Main menu Travel Security Screening Special Procedures TSA Pre✓® Passenger Support Travel ...

  18. Design Principles for Security

    National Research Council Canada - National Science Library

    Benzel, Terry V; Irvine, Cynthia E; Levin, Timothy E; Bhaskara, Ganesha; Nguyen, Thuy D; Clark, Paul C

    2005-01-01

    As a prelude to the clean-slate design for the SecureCore project, the fundamental security principles from more than four decades of research and development in information security technology were reviewed...

  19. Social Security Bulletin

    Data.gov (United States)

    Social Security Administration — The Social Security Bulletin (ISSN 1937-4666) is published quarterly by the Social Security Administration. The Bulletin is prepared in the Office of Retirement and...

  20. Transforming Homeland Security [video

    OpenAIRE

    McIntyre, David; Center for Homeland Defense and Security Naval Postgraduate School

    2011-01-01

    A pioneer in homeland security, and homeland security education, David McIntyre discusses the complexities in transforming homeland security from a national program in its inception, to also include state and local agencies and other public and private parties.

  1. Inducible Expression of Agrobacterium Virulence Gene VirE2 for Stringent Regulation of T-DNA Transfer in Plant Transient Expression Systems.

    Science.gov (United States)

    Denkovskienė, Erna; Paškevičius, Šarūnas; Werner, Stefan; Gleba, Yuri; Ražanskienė, Aušra

    2015-11-01

    Agrotransfection with viral vectors is an effective solution for the transient production of valuable proteins in plants grown in contained facilities. Transfection methods suitable for field applications are desirable for the production of high-volume products and for the transient molecular reprogramming of plants. The use of genetically modified (GM) Agrobacterium strains for plant transfections faces substantial biosafety issues. The environmental biosafety of GM Agrobacterium strains could be improved by regulating their T-DNA transfer via chemically inducible expression of virE2, one of the essential Agrobacterium virulence genes. In order to identify strong and stringently regulated promoters in Agrobacterium strains, we evaluated isopropyl-β-d-thiogalactoside-inducible promoters Plac, Ptac, PT7/lacO, and PT5/lacOlacO and cumic acid-inducible promoters PlacUV5/CuO, Ptac/CuO, PT5/CuO, and PvirE/CuO. Nicotiana benthamiana plants were transfected with a virE2-deficient A. tumefaciens strain containing transient expression vectors harboring inducible virE2 expression cassettes and containing a marker green fluorescent protein (GFP) gene in their T-DNA region. Evaluation of T-DNA transfer was achieved by counting GFP expression foci on plant leaves. The virE2 expression from cumic acid-induced promoters resulted in 47 to 72% of wild-type T-DNA transfer. Here, we present efficient and tightly regulated promoters for gene expression in A. tumefaciens and a novel approach to address environmental biosafety concerns in agrobiotechnology.

  2. Cyberspace security system

    Science.gov (United States)

    Abercrombie, Robert K; Sheldon, Frederick T; Ferragut, Erik M

    2014-06-24

    A system evaluates reliability, performance and/or safety by automatically assessing the targeted system's requirements. A cost metric quantifies the impact of failures as a function of failure cost per unit of time. The metrics or measurements may render real-time (or near real-time) outcomes by initiating active response against one or more high ranked threats. The system may support or may be executed in many domains including physical domains, cyber security domains, cyber-physical domains, infrastructure domains, etc. or any other domains that are subject to a threat or a loss.

  3. Enhancing Critical Infrastructure and Key Resources (CIKR) Level-0 Physical Process Security Using Field Device Distinct Native Attribute Features

    Energy Technology Data Exchange (ETDEWEB)

    Lopez, Juan [Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States); Liefer, Nathan C. [Wright-Patterson AFB, Dayton, OH (United States); Busho, Colin R. [Wright-Patterson AFB, Dayton, OH (United States); Temple, Michael A. [Wright-Patterson AFB, Dayton, OH (United States)

    2017-12-04

    Here, the need for improved Critical Infrastructure and Key Resource (CIKR) security is unquestioned and there has been minimal emphasis on Level-0 (PHY Process) improvements. Wired Signal Distinct Native Attribute (WS-DNA) Fingerprinting is investigated here as a non-intrusive PHY-based security augmentation to support an envisioned layered security strategy. Results are based on experimental response collections from Highway Addressable Remote Transducer (HART) Differential Pressure Transmitter (DPT) devices from three manufacturers (Yokogawa, Honeywell, Endress+Hauer) installed in an automated process control system. Device discrimination is assessed using Time Domain (TD) and Slope-Based FSK (SB-FSK) fingerprints input to Multiple Discriminant Analysis, Maximum Likelihood (MDA/ML) and Random Forest (RndF) classifiers. For 12 different classes (two devices per manufacturer at two distinct set points), both classifiers performed reliably and achieved an arbitrary performance benchmark of average cross-class percent correct of %C > 90%. The least challenging cross-manufacturer results included near-perfect %C ≈ 100%, while the more challenging like-model (serial number) discrimination results included 90%< %C < 100%, with TD Fingerprinting marginally outperforming SB-FSK Fingerprinting; SB-FSK benefits from having less stringent response alignment and registration requirements. The RndF classifier was most beneficial and enabled reliable selection of dimensionally reduced fingerprint subsets that minimize data storage and computational requirements. The RndF selected feature sets contained 15% of the full-dimensional feature sets and only suffered a worst case %CΔ = 3% to 4% performance degradation.

  4. Knowledge-based computer security advisor

    International Nuclear Information System (INIS)

    Hunteman, W.J.; Squire, M.B.

    1991-01-01

    The rapid expansion of computer security information and technology has included little support to help the security officer identify the safeguards needed to comply with a policy and to secure a computing system. This paper reports that Los Alamos is developing a knowledge-based computer security system to provide expert knowledge to the security officer. This system includes a model for expressing the complex requirements in computer security policy statements. The model is part of an expert system that allows a security officer to describe a computer system and then determine compliance with the policy. The model contains a generic representation that contains network relationships among the policy concepts to support inferencing based on information represented in the generic policy description

  5. Foundational aspects of security

    DEFF Research Database (Denmark)

    Chatzikokolakis, Konstantinos; Mödersheim, Sebastian Alexander; Palamidessi, Catuscia

    2014-01-01

    This Special Issue of the Journal of Computer Security focuses on foundational aspects of security, which in recent years have helped change much of the way we think about and approach system security.......This Special Issue of the Journal of Computer Security focuses on foundational aspects of security, which in recent years have helped change much of the way we think about and approach system security....

  6. Security guide for subcontractors

    Energy Technology Data Exchange (ETDEWEB)

    Adams, R.C.

    1991-01-01

    This security guide of the Department of Energy covers contractor and subcontractor access to DOE and Mound facilities. The topics of the security guide include responsibilities, physical barriers, personnel identification system, personnel and vehicular access controls, classified document control, protecting classified matter in use, storing classified matter repository combinations, violations, security education clearance terminations, security infractions, classified information nondisclosure agreement, personnel security clearances, visitor control, travel to communist-controlled or sensitive countries, shipment security, and surreptitious listening devices.

  7. 78 FR 38851 - Electric Reliability Organization Proposal To Retire Requirements in Reliability Standards

    Science.gov (United States)

    2013-06-28

    ..., and R3.3--Cyber Security--Security Management Controls CIP-003-3, -4, Requirement R4.2--Cyber Security--Security Management Controls CIP-005-3a, -4a, Requirement R2.6--Cyber Security--Electronic Security Perimeter(s) CIP-007-3, -4, Requirement R7.3--Cyber Security--Systems Security Management EOP-005-2...

  8. 7 CFR 273.6 - Social security numbers.

    Science.gov (United States)

    2010-01-01

    ... 7 Agriculture 4 2010-01-01 2010-01-01 false Social security numbers. 273.6 Section 273.6... normally uses the Receipt of Application for a Social Security Number, Form SSA-5028, as evidence that an... security numbers. (a) Requirements for participation. The State agency shall require that a household...

  9. Personnel Security Investigations -

    Data.gov (United States)

    Department of Transportation — This data set contains the types of background investigations, decisions, level of security clearance, date of security clearance training, and credentials issued to...

  10. Design and realization of a network security model

    OpenAIRE

    WANG, Jiahai; HAN, Fangxi; Tang, Zheng; TAMURA, Hiroki; Ishii, Masahiro

    2002-01-01

    The security of information is a key problem in the development of network technology. The basic requirements of security of information clearly include confidentiality, integrity, authentication and non-repudiation. This paper proposes a network security model that is composed of security system, security connection and communication, and key management. The model carries out encrypting, decrypting, signature and ensures confidentiality, integrity, authentication and non-repudiation. Finally...

  11. RFID Based Security Access Control System with GSM Technology

    OpenAIRE

    Peter Adole; Joseph M. Môm; Gabriel A. Igwue

    2016-01-01

    The security challenges being encountered in many places today require electronic means of controlling access to secured premises in addition to the available security personnel. Various technologies were used in different forms to solve these challenges. The Radio Frequency Identification (RFID) Based Access Control Security system with GSM technology presented in this work helps to prevent unauthorized access to controlled environments (secured premises). This is achieved mainly...

  12. A Research Agenda for Security Engineering

    Directory of Open Access Journals (Sweden)

    Rich Goyette

    2013-08-01

    Full Text Available Despite nearly 30 years of research and application, the practice of information system security engineering has not yet begun to exhibit the traits of a rigorous scientific discipline. As cyberadversaries have become more mature, sophisticated, and disciplined in their tradecraft, the science of security engineering has not kept pace. The evidence of the erosion of our digital security – upon which society is increasingly dependent – appears in the news almost daily. In this article, we outline a research agenda designed to begin addressing this deficit and to move information system security engineering toward a mature engineering discipline. Our experience suggests that there are two key areas in which this movement should begin. First, a threat model that is actionable from the perspectives of risk management and security engineering should be developed. Second, a practical and relevant security-measurement framework should be developed to adequately inform security-engineering and risk-management processes. Advances in these areas will particularly benefit business/government risk assessors as well as security engineers performing security design work, leading to more accurate, meaningful, and quantitative risk analyses and more consistent and coherent security design decisions. Threat modelling and security measurement are challenging activities to get right – especially when they need to be applied in a general context. However, these are decisive starting points because they constitute the foundation of a scientific security-engineering practice. Addressing these challenges will require stronger and more coherent integration between the sub-disciplines of risk assessment and security engineering, including new tools to facilitate that integration. More generally, changes will be required in the way security engineering is both taught and practiced to take into account the holistic approach necessary from a mature, scientific

  13. Security 2020 Reduce Security Risks This Decade

    CERN Document Server

    Howard, Doug; Schneier, Bruce

    2010-01-01

    Identify real security risks and skip the hype After years of focusing on IT security, we find that hackers are as active and effective as ever. This book gives application developers, networking and security professionals, those that create standards, and CIOs a straightforward look at the reality of today's IT security and a sobering forecast of what to expect in the next decade. It debunks the media hype and unnecessary concerns while focusing on the knowledge you need to combat and prioritize the actual risks of today and beyond.IT security needs are constantly evolving; this guide examine

  14. SPION: Secure Protocols in OSI Networks

    OpenAIRE

    Ahlgren, Bengt; Lindgren, Per; Sirotkin, Teet

    1989-01-01

    SPION: Secure Protocols in OSI Networks This report describes how security services can be realized in a computer network using the protocols of the Open Systems Interconnection (OSI) reference model for communication. The report starts with defining security requirements for a "typical" local area network in a company, university or similar organization. It is assumed that the organization does not use the network for transfer of extremely sensitive information, such a...

  15. CAR SECURITY ENHANCEMENT IN PARKING AREAS

    OpenAIRE

    NANYONGA BERINDA; AYESIGA LINDSEY PATRA; BYEKWASO FAISAL; NATULINDA LADAN

    2017-01-01

    Over time, car thefts have been reported within Kampala parking areas. This has been majorly due to inefficient security measures of the available parking systems which focus mainly on the car and not the driver, making parking management a challenge. The focus of this survey was to explore the requirements of a new system called Car to Driver Matching Security System to enhance security of cars in Kampala, in particular, from the experience of 15 people. The data collected was then analyzed ...

  16. Technologies to counter aviation security threats

    Science.gov (United States)

    Karoly, Steve

    2017-11-01

    The Aviation and Transportation Security Act (ATSA) makes TSA responsible for security in all modes of transportation, and requires that TSA assess threats to transportation, enforce security-related regulations and requirements, and ensure the adequacy of security measures at airports and other transportation facilities. Today, TSA faces a significant challenge and must address a wide range of commercial, military grade, and homemade explosives and these can be presented in an infinite number of configurations and from multiple vectors. TSA screens 2 million passengers and crew, and screens almost 5 million carry-on items and 1.2 million checked bags daily. As TSA explores new technologies for improving efficiency and security, those on the forefront of research and development can help identify unique and advanced methods to combat terrorism. Research and Development (R&D) drives the development of future technology investments that can address an evolving adversary and aviation threat. The goal is to rethink the aviation security regime in its entirety, and rather than focusing security at particular points in the enterprise, distribute security from the time a reservation is made to the time a passenger boards the aircraft. The ultimate objective is to reengineer aviation security from top to bottom with a continued focus on increasing security throughout the system.

  17. The corporate security professional

    DEFF Research Database (Denmark)

    Petersen, Karen Lund

    2013-01-01

    In our age of globalization and complex threat environments, every business is called upon to manage security. This tendency is reflected in the fact that a wide range of businesses increasingly think about security in broad terms and strive to translate national security concerns into corporate...... speech. This article argues that the profession of the security manager has become central for understanding how the relationship between national and corporate security is currently negotiated. The national security background of most private sector security managers makes the corporate security...... professional inside the company a powerful hybrid agent. By zooming in on the profession and the practice of national security inside companies, the article raises questions about where to draw the line between corporate security and national security along with the political consequences of the constitution...

  18. Security guide for subcontractors

    Energy Technology Data Exchange (ETDEWEB)

    Adams, R.C.

    1993-06-01

    This guide is provided to aid in the achievement of security objectives in the Department of Energy (DOE) contractor/subcontractor program. The objectives of security are to protect information that, if released, would endanger the common defense and security of the nation and to safeguard plants and installations of the DOE and its contractors to prevent the interruption of research and production programs. The security objective and means of achieving the objective are described. Specific security measures discussed in this guide include physical barriers, personnel identification systems, personnel and vehicular access control, classified document control, protection of classified matter in use, storing classified matter, and repository combinations. Means of dealing with security violations and security infractions are described. Maintenance of a security education program is discussed. Also discussed are methods of handling clearance terminations, visitor control, travel to sensitive countries, and shipment security. The Technical Surveillance Countermeasures Program (TSCM), the Computer Security Program, and the Operations Security Plan (OPSEC) are examined.

  19. AP1000 Design for Security

    International Nuclear Information System (INIS)

    Long, L.B.; Cummins, W.E.; Winters, J.W.

    2006-01-01

    Nuclear power plants are protected from potential security threats through a combination of robust structures around the primary system and other vital equipment, security systems and equipment, and defensive strategy. The overall objective for nuclear power plant security is to protect public health and safety by ensuring that attacks or sabotage do not challenge the ability to safely shutdown the plant or protect from radiological releases. In addition, plants have systems, features and operational strategies to cope with external conditions, such as loss of offsite power, which could be created as part of an attack. Westinghouse considered potential security threats during design of the AP1000 PWR. The differences in plant configuration, safety system design, and safe shutdown equipment between existing plants and AP1000 affect potential vulnerabilities. This paper provides an evaluation of AP1000 with respect to vulnerabilities to security threats. The AP1000 design differs from the design of operating PWRs in the US in the configuration and the functional requirements for safety systems. These differences are intentional departures from conventional PWR designs which simplify plant design and enhance overall safety. The differences between the AP1000 PWR and conventional PWRs can impact vulnerabilities to security threats. The NRC addressed security concerns as part of their reviews for AP1000 Design Certification, and did not identify any security issues of concern. However, much of the detailed security design information for the AP1000 was deferred to the combined Construction and Operating License (COL) phase as many of the security issues are site-specific. Therefore, NRC review of security issues related to the AP1000 is not necessarily complete. Further, since the AP1000 plant design differs from existing PWRs, it is not obvious that the analyses and assessments prepared for existing plants also apply to the AP1000. We conclude that, overall, the AP1000

  20. Reconciling food security and bioenergy : Priorities for action

    NARCIS (Netherlands)

    Kline, Keith L.; Msangi, Siwa; Dale, Virginia H.; Woods, Jeremy; Souza, Glaucia m.; Osseweijer, P.; Clancy, Joy S.; Hilbert, Jorge A.; Johnson, Francis X.; Mcdonnell, Patrick C.; Mugera, Harriet K.

    Understanding the complex interactions among food security, bioenergy sustainability, and resource management requires a focus on specific contextual problems and opportunities. The United Nations' 2030 Sustainable Development Goals place a high priority on food and energy security; bioenergy

  1. User Requirements for Wireless

    DEFF Research Database (Denmark)

    In most IT system development processes, the identification or elicitation of user requirements is recognized as a key building block. In practice, the identification of user needs and wants is a challenge and inadequate or faulty identifications in this step of an IT system development can cause...... involvement and requirements elicitation Usable security requirements for design of privacy...

  2. Security enhancement of color image cryptosystem by optical interference principle and spiral phase encoding.

    Science.gov (United States)

    Abuturab, Muhammad Rafiq

    2013-03-10

    A color information cryptosystem based on optical interference principle and spiral phase encoding is proposed. A spiral phase mask (SPM) is used instead of a conventional random phase mask because it contains multiple storing keys in a single phase mask. The color image is decomposed into RGB channels. The decomposed three RGB channels can avoid the interference of crosstalks efficiently. Each channel is encoded into an SPM and analytically generates two spiral phase-only masks (SPOMs). The two SPOMs are then phase-truncated to get two encrypted images and amplitude-truncated to produce two asymmetric phase keys. The two SPOMs and the two asymmetric phase keys can be allocated to four different authorized users. The order, the wavelength, the focal length, and the radius are construction parameters of the SPM (or third SPOM) that can also be assigned to the four other different authorized users. The proposed technique can be used for a highly secure verification system, so an unauthorized user cannot retrieve the original image if only one key out of eight keys is missing. The proposed method does not require iterative encoding or postprocessing of SPOMs to overcome inherent silhouette problems, and its optical setup alleviates stringent alignment of SOPMs. The validity and feasibility of the proposed method are supported by numerical simulation results.

  3. The nature of international health security.

    Science.gov (United States)

    Chiu, Ya-Wen; Weng, Yi-Hao; Su, Yi-Yuan; Huang, Ching-Yi; Chang, Ya-Chen; Kuo, Ken N

    2009-01-01

    Health issues occasionally intersect security issues. Health security has been viewed as an essential part of human security. Policymakers and health professionals, however, do not share a common definition of health security. This article aims to characterize the notions of health security in order to clarify what constitutes the nexus of health and security. The concept of health security has evolved over time so that it encompasses many entities. Analyzing the health reports of four multilateral organizations (the United Nations, World Health Organization, Asia-Pacific Economic Cooperation, and the European Union) produced eight categories of most significant relevance to contemporary health security, allowing comparison of the definitions. The four categories are: emerging diseases; global infectious disease; deliberate release of chemical and biological materials; violence, conflict, and humanitarian emergencies. Two other categories of common concern are natural disasters and environmental change, as well as chemical and radioactive accidents. The final two categories, food insecurity and poverty, are discussed less frequently. Nevertheless, food security is emerging as an increasingly important issue in public health. Health security is the first line of defence against health emergencies. As globalization brings more complexities, dealing with the increased scale and extent of health security will require greater international effort and political support.

  4. Soil Security Assessment of Tasmania

    Science.gov (United States)

    Field, Damien; Kidd, Darren; McBratney, Alex

    2017-04-01

    The concept of soil security aligns well with the aspirational and marketing policies of the Tasmanian Government, where increased agricultural expansion through new irrigation schemes and multiple-use State managed production forests co-exists beside pristine World Heritage conservation land, a major drawcard of the economically important tourism industry . Regarding the Sustainable Development Gaols (SDG's) this could be seen as a exemplar of the emerging tool for quantification of spatial soil security to effectively protect our soil resource in terms of food (SDG 2.4, 3.9) and water security (SDG 6.4, 6.6), biodiversity maintenance and safeguarding fragile ecosystems (SDG 15.3, 15.9). The recent development and application of Digital Soil Mapping and Assessment capacities in Tasmania to stimulate agricultural production and better target appropriate soil resources has formed the foundational systems that can enable the first efforts in quantifying and mapping Tasmanian Soil Security, in particular the five Soil Security dimensions (Capability, Condition, Capital, Codification and Connectivity). However, to provide a measure of overall soil security, it was necessary to separately assess the State's three major soil uses; Agriculture, Conservation and Forestry. These products will provide an indication of where different activities are sustainable or at risk, where more soil data is needed, and provide a tool to better plan for a State requiring optimal food and fibre production, without depleting its natural soil resources and impacting on the fragile ecosystems supporting environmental benefits and the tourism industry.

  5. Motorola Secure Software Development Model

    Directory of Open Access Journals (Sweden)

    Francis Mahendran

    2008-08-01

    Full Text Available In today's world, the key to meeting the demand for improved security is to implement repeatable processes that reliably deliver measurably improved security. While many organizations have announced efforts to institutionalize a secure software development process, there is little or no industry acceptance for a common process improvement framework for secure software development. Motorola has taken the initiative to develop such a framework, and plans to share this with the Software Engineering Institute for possible inclusion into its Capability Maturity Model Integration (CMMI®. This paper will go into the details of how Motorola is addressing this issue. The model that is being developed is designed as an extension of the existing CMMI structure. The assumption is that the audience will have a basic understanding of the SEI CMM® / CMMI® process framework. The paper will not describe implementation details of a security process model or improvement framework, but will address WHAT security practices are required for a company with many organizations operating at different maturity levels. It is left to the implementing organization to answer the HOW, WHEN, WHO and WHERE aspects. The paper will discuss how the model is being implemented in the Motorola Software Group.

  6. Secure Storage Architectures

    Energy Technology Data Exchange (ETDEWEB)

    Aderholdt, Ferrol [Tennessee Technological University; Caldwell, Blake A [ORNL; Hicks, Susan Elaine [ORNL; Koch, Scott M [ORNL; Naughton, III, Thomas J [ORNL; Pogge, James R [Tennessee Technological University; Scott, Stephen L [Tennessee Technological University; Shipman, Galen M [ORNL; Sorrillo, Lawrence [ORNL

    2015-01-01

    help with this issue, which are a particular instances of the more general challenge of efficient host/guest IO that is the focus of interfaces like virtio. A collection of bridging technologies have been identified in Chapter 4, which can be helpful to overcome the limitations and challenges of supporting efficient storage for secure enclaves. The synthesis of native filesystem security mechanisms and bridging technologies led to an isolation-centric storage architecture that is proposed in Chapter 5, which leverages isolation mechanisms from different layers to facilitate secure storage for an enclave. Recommendations: The following highlights recommendations from the investigations done thus far. - The Lustre filesystem offers excellent performance but does not support some security related features, e.g., encryption, that are included in GPFS. If encryption is of paramount importance, then GPFS may be a more suitable choice. - There are several possible Lustre related enhancements that may provide functionality of use for secure-enclaves. However, since these features are not currently integrated, the use of Lustre as a secure storage system may require more direct involvement (support). (*The network that connects the storage subsystem and users, e.g., Lustre s LNET.) - The use of OpenStack with GPFS will be more streamlined than with Lustre, as there are available drivers for GPFS. - The Manilla project offers Filesystem as a Service for OpenStack and is worth further investigation. Manilla has some support for GPFS. - The proposed Lustre enhancement of Dynamic-LNET should be further investigated to provide more dynamic changes to the storage network which could be used to isolate hosts and their tenants. - The Linux namespaces offer a good solution for creating efficient restrictions to shared HPC filesystems. However, we still need to conduct a thorough round of storage/filesystem benchmarks. - Vendor products should be more closely reviewed, possibly to

  7. Home-Network Security Model in Ubiquitous Environment

    OpenAIRE

    Dong-Young Yoo; Jong-Whoi Shin; Jin-Young Choi

    2007-01-01

    Social interest and demand on Home-Network has been increasing greatly. Although various services are being introduced to respond to such demands, they can cause serious security problems when linked to the open network such as Internet. This paper reviews the security requirements to protect the service users with assumption that the Home-Network environment is connected to Internet and then proposes the security model based on the requirement. The proposed security mode...

  8. Security Technologies for Open Networking Environments (STONE)

    Energy Technology Data Exchange (ETDEWEB)

    Muftic, Sead

    2005-03-31

    -domain scenarios is supported by a set of security engines that represent the core of the Federated Identities Management Server, which is also an extension of the Domain Security Server. The Federated Identity Management server allows users to federate their identities or terminate the federation between the service provider and the identity provider. At the service provider web site, the users are offered a list of identity providers to which they can choose to federate their identities. After users federate their identity, they can perform Single Sign-On protocol in an environment of federated domains. The group security system consists of a number of security technologies under a unified architecture, which supports creation of secure groups and execution of secure group transactions and applications in an open networking environment. The system is based on extensions of the GSAKMP standard for group key distribution and management. The Top layer is the Security Infrastructure with the Security Management and Administration System components and protocols that provide security functions common to all secure network applications The Middle layer is the Secure Group Protocols and Applications layer, consisting of the Policy and Group Key Distribution Server and Web-based (thin) Client. The Bottom layer is the supporting Middleware Security Platform, the cryptographic platform already described above. The group security system is designed to perform the functions necessary to create secure groups and enable secure group applications. Specifically, the system can manage group roles, create and disseminate a group security policy, perform authentication and authorization of users using PKI certificates and Web services security, generate group keys, and recover from compromises. In accordance with the GSAKMP standard, the group security system must perform all the required group life-cycle functions: group definition, group establishment, group maintenance, and group removal. The

  9. Using the safety/security interface to the security manager's advantage

    International Nuclear Information System (INIS)

    Stapleton, B.W.

    1993-01-01

    Two aspects of the safety/security interface are discussed: (1) the personal safety of nuclear security officers; and (2) how the security manager can effectively deal with the safety/security interface in solving today's requirements yet supporting the overall mission of the facility. The basis of this presentation is the result of interviews, document analyses, and observations. The conclusion is that proper planning and communication between the players involved in the security/safety interface can benefit the two programs and help achieve overall system integration, ultimately contributing to the bottom line. This is especially important in today's cost conscious environment

  10. 77 FR 35336 - Privacy and Security of Information Stored on Mobile Communications Devices

    Science.gov (United States)

    2012-06-13

    ... Security of Information Stored on Mobile Communications Devices AGENCY: Federal Communications Commission...' mobile communications devices and the application of existing privacy and security requirements to that..., integrating, and updating the device's operating system, preinstalled software, and security capabilities; the...

  11. 76 FR 78009 - Information Collection; Implementation of Information Technology Security Provision

    Science.gov (United States)

    2011-12-15

    ...] Information Collection; Implementation of Information Technology Security Provision AGENCY: General Services... collection requirement regarding Implementation of Information Technology Security Provision. Public comments... Information Collection 3090- 0294, Implementation of Information Technology Security Provision, by any of the...

  12. Physical security of nuclear facilities

    International Nuclear Information System (INIS)

    Dixon, H.

    1987-01-01

    A serious problem with present security systems at nuclear facilities is that the threats and standards prepared by the NRC and DOE are general, and the field offices are required to develop their own local threats and, on that basis, to prepared detailed specifications for security systems at sites in their jurisdiction. As a result, the capabilities of the systems vary across facilities. Five steps in particular are strongly recommended as corrective measures: 1. Those agencies responsible for civil nuclear facilities should jointly prepare detailed threat definitions, operational requirements, and equipment specifications to protect generic nuclear facilities, and these matters should be issued as policy. The agencies should provide sufficient detail to guide the design of specific security systems and to identify candidate components. 2. The DOE, NRC, and DOD should explain to Congress why government-developed security and other military equipment are not used to upgrade existing security systems and to stock future ones. 3. Each DOE and NRC facility should be assessed to determine the impact on the size of the guard force and on warning time when personnel-detecting radars and ground point sensors are installed. 4. All security guards and technicians should be investigated for the highest security clearance, with reinvestigations every four years. 5. The processes and vehicles used in intrafacility transport of nuclear materials should be evaluated against a range of threats and attack scenarios, including violent air and vehicle assaults. All of these recommendations are feasible and cost-effective. The appropriate congressional subcommittees should direct that they be implemented as soon as possible

  13. Untangle network security

    CERN Document Server

    El-Bawab, Abd El-Monem A

    2014-01-01

    If you are a security engineer or a system administrator and want to secure your server infrastructure with the feature-rich Untangle, this book is for you. For individuals who want to start their career in the network security field, this book would serve as a perfect companion to learn the basics of network security and how to implement it using Untangle NGFW.

  14. Chapter 3: Energy Security

    Energy Technology Data Exchange (ETDEWEB)

    Foust, Thomas D.; Arent, Doug; de Carvalho Macedo, Isaias; Goldemberg, Jose; Hoysala, Chanakya; Filho, Rubens Maciel; Nigro, Francisco E. B.; Richard, Tom L.; Saddler, Jack; Samseth, Jon; Somerville, Chris R.

    2015-04-01

    This chapter considers the energy security implications and impacts of bioenergy. We provide an assessment to answer the following questions: What are the implications for bioenergy and energy security within the broader policy environment that includes food and water security, development, economic productivity, and multiple foreign policy aspects? What are the conditions under which bioenergy contributes positively to energy security?

  15. Energy Security is National Security

    Science.gov (United States)

    2011-03-11

    coming crisis: wheat- 68%, corn- 96%, coffee - 101%, cotton-:- 156%, gold- 24%, silver- 99% and unleaded gas- 22%.27 One of the underlying causes of...alcohol fuels, biodiesel and natural gas. Second, CAFE standards must.be . . proactively raised to increase efficiency. Third, all government vehicles...in the U.S. would be removed. 10% Biodiesel would be required in all gas stations in the U.S. with a plan to incrementally increase its use with an

  16. Synthesis of securement device options and strategies

    Science.gov (United States)

    2002-03-01

    The Americans with Disabilities Act of 1990 (ADA) requires that public transit vehicles be equipped with securement location(s) and device(s) that are able to secure common wheelchairs," as defined in the ADA regulations. The definition and size spec...

  17. 27 CFR 18.19 - Security.

    Science.gov (United States)

    2010-04-01

    ... 27 Alcohol, Tobacco Products and Firearms 1 2010-04-01 2010-04-01 false Security. 18.19 Section 18.19 Alcohol, Tobacco Products and Firearms ALCOHOL AND TOBACCO TAX AND TRADE BUREAU, DEPARTMENT OF THE... Provisions Document Requirements § 18.19 Security. The concentrate plant and equipment will be so constructed...

  18. Cyber Security--Are You Prepared?

    Science.gov (United States)

    Newman, Scott

    2007-01-01

    During the summer 2002 term, Oklahoma State University-Okmulgee's Information Technologies Division offered a one credit-hour network security course--which barely had adequate student interest to meet the institution's enrollment requirements. Today, OSU-Okmulgee boasts one of the nation's premier cyber security programs. Many prospective…

  19. Critical Perspective on ASEAN's Security Policy Under ASEAN Political and Security Community

    Directory of Open Access Journals (Sweden)

    Irawan Jati

    2016-03-01

    Full Text Available   Despite economic integration challenges, ASEAN faces greater security challenges. It is obvious to assert that a stable economic development requires a secure regional atmosphere. The most probable threats against ASEAN are ranging from hostile foreign entities infiltration, intra and inter states disputes, radical religious movements, human trafficking, drugs and narcotics smuggling, cybercrimes and environmental disasters. In 2009, ASEAN established the ASEAN Political and Security Community as the umbrella of ASEAN’s political and security initiatives. APSC slots in some significant fora; ASEAN Intergovernmental Commission on Human Rights (AICHR, ASEAN Foreign Ministers Meeting (AMM,  ASEAN Regional Forum (ARF, ASEAN Defense Minister’s Meeting (ADMM, ASEAN Law Ministers Meeting (ALAWMM, and ASEAN Ministerial Meeting on Transnational Crimes (AMMTC. The wide array of these forums signify ASEAN efforts to confront double features of security; the traditional and nontraditional or critical security. The traditional security considers state security as the primary object security. While the critical security tends to focus on non-state aspects such as individual human being as its referent object. Even though some argue that APSC has been able to preserve the stability in the region, it still lack of confidence in solving critical issues such as territorial disputes and irregular migrants problems.Therefore, this piece would examine the fundamental questions: How does ASEAN address beyond state security issues in its security policy through APSC? To search for the answer this paper would apply critical security studies approach. Critical security posits that threats are not always for the states but in many cases for the people. Based on the examination of ASEAN security policies, this paper argues that ASEAN’s security policy has touched the non-traditional security issues but showing slow progress on its development and application. 

  20. Professional Cocoa Application Security

    CERN Document Server

    Lee, Graham J

    2010-01-01

    The first comprehensive security resource for Mac and iPhone developers. The Mac platform is legendary for security, but consequently, Apple developers have little appropriate security information available to help them assure that their applications are equally secure. This Wrox guide provides the first comprehensive go-to resource for Apple developers on the available frameworks and features that support secure application development.: While Macs are noted for security, developers still need to design applications for the Mac and the iPhone with security in mind; this guide offers the first

  1. IAEA nuclear security program

    Energy Technology Data Exchange (ETDEWEB)

    Ek, D. [International Atomic Energy Agency, Vienna (Austria)

    2006-07-01

    Although nuclear security is a State responsibility, it is nevertheless an international concern, as the consequences of a nuclear security incident would have worldwide impact. These concerns have resulted in the development of numerous international instruments on nuclear security since the terrorist events in the USA on September 11, 2001. The IAEA Office of Nuclear Security has been charged to assist Member States to improvement their nuclear security and to meet the intent of these international obligations in order to ensure a cohesive thread of nuclear security protects the global community. The programs underway and planned by the Office of Nuclear Security will be discussed in this paper. (author)

  2. IAEA nuclear security program

    International Nuclear Information System (INIS)

    Ek, D.

    2006-01-01

    Although nuclear security is a State responsibility, it is nevertheless an international concern, as the consequences of a nuclear security incident would have worldwide impact. These concerns have resulted in the development of numerous international instruments on nuclear security since the terrorist events in the USA on September 11, 2001. The IAEA Office of Nuclear Security has been charged to assist Member States to improvement their nuclear security and to meet the intent of these international obligations in order to ensure a cohesive thread of nuclear security protects the global community. The programs underway and planned by the Office of Nuclear Security will be discussed in this paper. (author)

  3. Lecture 2: Software Security

    CERN Multimedia

    CERN. Geneva

    2013-01-01

    Computer security has been an increasing concern for IT professionals for a number of years, yet despite all the efforts, computer systems and networks remain highly vulnerable to attacks of different kinds. Design flaws and security bugs in the underlying software are among the main reasons for this. This lecture addresses the following question: how to create secure software? The lecture starts with a definition of computer security and an explanation of why it is so difficult to achieve. It then introduces the main security principles (like least-privilege, or defense-in-depth) and discusses security in different phases of the software development cycle. The emphasis is put on the implementation part: most common pitfalls and security bugs are listed, followed by advice on best practice for security development, testing and deployment. Sebastian Lopienski is CERN’s deputy Computer Security Officer. He works on security strategy and policies; offers internal consultancy and audit services; develops and ...

  4. Safety versus Security in the Quality Calculus

    DEFF Research Database (Denmark)

    Nielson, Hanne Riis; Nielson, Flemming

    2013-01-01

    Safety and security are both needed for ensuring that cyber-physical systems live up to expectations, but often an intelligent trade-off is called for, because sometimes it is impossible to obtain optimal safety at the same time as optimal security. In the context of the Quality Calculus we develop...... a type system for checking the extent to which safety and security goals have been met. Safety goals include showing that certain error configurations are in fact not reachable and hence do not require intelligent error handling. Security goals include showing that highly trusted communications can only...

  5. Improved verification methods for OVI security ink

    Science.gov (United States)

    Coombs, Paul G.; Markantes, Tom

    2000-04-01

    Together, OVP Security Pigment in OVI Security Ink, provide an excellent method of overt banknote protection. The effective use of overt security feature requires an educated public. The rapid rise in computer-generated counterfeits indicates that consumers are not as educate das to banknote security features as they should be. To counter the education issue, new methodologies have been developed to improve the validation of banknotes using the OVI ink feature itself. One of the new methods takes advantage of the overt nature of the product's optically variable effect. Another method utilizes the unique optical interference characteristics provided by the OVP platelets.

  6. Security for multi-hop wireless networks

    CERN Document Server

    Mahmoud, Mohamed M E A

    2014-01-01

    This Springer Brief discusses efficient security protocols and schemes for multi-hop wireless networks. It presents an overview of security requirements for these networks, explores challenges in securing networks and presents system models. The authors introduce mechanisms to reduce the overhead and identify malicious nodes that drop packets intentionally. Also included is a new, efficient cooperation incentive scheme to stimulate the selfish nodes to relay information packets and enforce fairness. Many examples are provided, along with predictions for future directions of the field. Security

  7. A Container-based Trusted Multi-level Security Mechanism

    Directory of Open Access Journals (Sweden)

    Li Xiao-Yong

    2017-01-01

    Full Text Available Multi-level security mechanism has been widely applied in the military, government, defense and other domains in which information is required to be divided by security-level. Through this type of security mechanism, users at different security levels are provided with information at corresponding security levels. Traditional multi-level security mechanism which depends on the safety of operating system finally proved to be not practical. We propose a container-based trusted multi-level security mechanism in this paper to improve the applicability of the multi-level mechanism. It guarantees multi-level security of the system through a set of multi-level security policy rules and trusted techniques. The technical feasibility and application scenarios are also discussed. The ease of realization, strong practical significance and low cost of our method will largely expand the application of multi-level security mechanism in real life.

  8. Combining security risk assessment and security testing

    OpenAIRE

    Großmann, Jürgen; Seehusen, Fredrik

    2014-01-01

    Complex networked systems have become an integral part of our supply infrastructure. Mobile devices, home automation, smart grids and even vehicles are connected via the Internet and becoming accessible and thus vulnerable to hacker attacks. While the number of security incidents drastically increases, we are more than ever dependent on a secure and mature ICT infrastructure. One of the keys to maintain such a secure and dependable infrastructure are mature, systematic and capable proactive m...

  9. Quality of Protection Evaluation of Security Mechanisms

    Science.gov (United States)

    Ksiezopolski, Bogdan; Zurek, Tomasz; Mokkas, Michail

    2014-01-01

    Recent research indicates that during the design of teleinformatic system the tradeoff between the systems performance and the system protection should be made. The traditional approach assumes that the best way is to apply the strongest possible security measures. Unfortunately, the overestimation of security measures can lead to the unreasonable increase of system load. This is especially important in multimedia systems where the performance has critical character. In many cases determination of the required level of protection and adjustment of some security measures to these requirements increase system efficiency. Such an approach is achieved by means of the quality of protection models where the security measures are evaluated according to their influence on the system security. In the paper, we propose a model for QoP evaluation of security mechanisms. Owing to this model, one can quantify the influence of particular security mechanisms on ensuring security attributes. The methodology of our model preparation is described and based on it the case study analysis is presented. We support our method by the tool where the models can be defined and QoP evaluation can be performed. Finally, we have modelled TLS cryptographic protocol and presented the QoP security mechanisms evaluation for the selected versions of this protocol. PMID:25136683

  10. 17 CFR 242.403 - Required margin.

    Science.gov (United States)

    2010-04-01

    ...) REGULATIONS M, SHO, ATS, AC, AND NMS AND CUSTOMER MARGIN REQUIREMENTS FOR SECURITY FUTURES Customer Margin... of a customer in a securities account or futures account as set forth in this section. (b) Required... be twenty (20) percent of the current market value of such security future. (2) Offsetting positions...

  11. International Legal Framework for Nuclear Security

    International Nuclear Information System (INIS)

    Moore, G.M.

    2010-01-01

    The responsibility for nuclear security rests entirely with each State. There is no single international instrument that addresses nuclear security in a comprehensive manner. The legal foundation for nuclear security comprises international instruments and recognized principles that are implemented by national authorities. Security systems at the national level will contribute to a strengthened and more universal system of nuclear security at the international level. The binding security treaties are; Convention on the Physical Protection of Nuclear Material, the 2005 amendment thereto, Safeguards Agreements between the Agency and states required in Connection with the Treaty on the Non-Proliferation of Nuclear Weapons. Model Protocol additional to agreement(s) between State(s) and the Agency for the application of Safeguards Convention on Early Notification of a Nuclear Accident, Convention on Assistance in the Case of a Nuclear Accident or Radiological Emergency, Convention on Nuclear Safety, Joint Convention on the Safety of Spent Fuel Management and on the Safety of Radioactive Waste Management

  12. Distributed security in closed distributed systems

    DEFF Research Database (Denmark)

    Hernandez, Alejandro Mario

    in their design. There should always exist techniques for ensuring that the required security properties are met. This has been thoroughly investigated through the years, and many varied methodologies have come through. In the case of distributed systems, there are even harder issues to deal with. Many approaches...... have been taken towards solving security problems, yet many questions remain unanswered. Most of these problems are related to some of the following facts: distributed systems do not usually have any central controller providing security to the entire system; the system heterogeneity is usually...... reflected in heterogeneous security aims; the software life cycle entails evolution and this includes security expectations; the distribution is useful if the entire system is “open” to new (a priori unknown) interactions; the distribution itself poses intrinsically more complex security-related problems...

  13. Radioactive source security: the cultural challenges

    International Nuclear Information System (INIS)

    Englefield, Chris

    2015-01-01

    Radioactive source security is an essential part of radiation protection. Sources can be abandoned, lost or stolen. If they are stolen, they could be used to cause deliberate harm and the risks are varied and significant. There is a need for a global security protection system and enhanced capability to achieve this. The establishment of radioactive source security requires 'cultural exchanges'. These exchanges include collaboration between: radiation protection specialists and security specialists; the nuclear industry and users of radioactive sources; training providers and regulators/users. This collaboration will facilitate knowledge and experience exchange for the various stakeholder groups, beyond those already provided. This will promote best practice in both physical and information security and heighten security awareness generally. Only if all groups involved are prepared to open their minds to listen to and learn from, each other will a suitable global level of control be achieved. (authors)

  14. Bioethics and the national security state.

    Science.gov (United States)

    Moreno, Jonathan D

    2004-01-01

    In previous work, I have described the history and ethics of human experiments for national security purposes during he cold war and developed the bioethical issues that will be apparent in the "war on terror". This paper is an attempt to bring these two previous lines of work together under the rubric of the "national security state," a concept familiar to Cold War historians and political scientists. The founding of the national security state was associated with the first articulations of informed consent requirements by national security agencies. My analysis indicates that strengthened consent standards, though conventionally thought to be antithetical crisis, can be seen as an attempt by the postwar national security state to protect itself from critics of expanded governmental power. During the coming years the renewed mission of the national security state in the war on terror should impel students of bioethics to consider its implications for the field.

  15. Developing security protocols in χ-Spaces

    DEFF Research Database (Denmark)

    Crazzolara, Federico; Milicia, Giuseppe

    2002-01-01

    It is of paramount importance that a security protocol effectively enforces the desired security requirements. The apparent simplicity of informal protocol descriptions hides the inherent complexity of their interactions which, often, invalidate informal correctness arguments and justify the effort...... of formal protocol verification. Verification, however, is usually carried out on an abstract model not at all related with a protocol’s implementation. Experience shows that security breaches introduced in implementations of successfully verified models are rather common. The χ-Spaces framework...... is an implementation of SPL (Security Protocol Language), a formal model for studying security protocols. In this paper we discuss the use of χ-Spaces as a tool for developing robust security protocol implementations. To make the case, we take a family of key-translation protocols due to Woo and Lam and show how χ...

  16. Incorporating User-oriented Security into CC

    DEFF Research Database (Denmark)

    Sharp, Robin

    2009-01-01

    in an environment which contains not only other computer systems, but also human users. A case study involving the design of a secure medical instrumentation system will be used to illustrate the problems involved in incorporating user requirements into a secure design, so that system, when implemented, will help......Current versions of the Common Criteria concentrate very heavily on technical security issues which are relevant for the design of secure systems. This approach largely ignores a number of questions which can have great significance for whether or not the system can be operated securely...... users to understand whether they are operating the system in a secure manner, thus avoiding user-related pitfalls such as leaking of confidential data as a result of inappropriate input, loss of patient privacy, inappropriate user reactions due to slow system response, or other similar threats...

  17. Security model for VM in cloud

    Science.gov (United States)

    Kanaparti, Venkataramana; Naveen K., R.; Rajani, S.; Padmvathamma, M.; Anitha, C.

    2013-03-01

    Cloud computing is a new approach emerged to meet ever-increasing demand for computing resources and to reduce operational costs and Capital Expenditure for IT services. As this new way of computation allows data and applications to be stored away from own corporate server, it brings more issues in security such as virtualization security, distributed computing, application security, identity management, access control and authentication. Even though Virtualization forms the basis for cloud computing it poses many threats in securing cloud. As most of Security threats lies at Virtualization layer in cloud we proposed this new Security Model for Virtual Machine in Cloud (SMVC) in which every process is authenticated by Trusted-Agent (TA) in Hypervisor as well as in VM. Our proposed model is designed to with-stand attacks by unauthorized process that pose threat to applications related to Data Mining, OLAP systems, Image processing which requires huge resources in cloud deployed on one or more VM's.

  18. Information security protecting the global enterprise

    CERN Document Server

    Pipkin, Donald L

    2000-01-01

    In this book, IT security expert Donald Pipkin addresses every aspect of information security: the business issues, the technical process issues, and the legal issues. Pipkin starts by reviewing the key business issues: estimating the value of information assets, evaluating the cost to the organization if they are lost or disclosed, and determining the appropriate levels of protection and response to security incidents. Next, he walks through the technical processes required to build a consistent, reasonable information security system, with appropriate intrusion detection and reporting features. Finally, Pipkin reviews the legal issues associated with information security, including corporate officers' personal liability for taking care that information is protected. The book's coverage is applicable to businesses of any size, from 50 employees to 50,000 or more, and ideal for everyone who needs at least a basic understanding of information security: network/system administrators, managers, planners, archite...

  19. 49 CFR 1562.25 - Fixed base operator requirements.

    Science.gov (United States)

    2010-10-01

    ... ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY OPERATIONS IN THE WASHINGTON, DC... Operations § 1562.25 Fixed base operator requirements. (a) Security program. Each FBO must adopt and carry out an FBO Security Program. (b) Screening and other duties. Each FBO must— (1) Designate a security...

  20. Securities and Exchange Commission Semiannual Regulatory Agenda

    Science.gov (United States)

    2010-12-20

    ... Agency Contact: Ira Brandriss, Division of Trading and Markets, Securities and Exchange Commission, 100 F... require the establishment of book- entry accounts in connection with reorganization events and would give...

  1. Strategy to Enhance International Supply Chain Security

    National Research Council Canada - National Science Library

    2007-01-01

    .... at 1901, 1903, October 13, 2006) which require the development of a strategic plan to enhance the security of the international supply chain, including protocols for the expeditious resumption of the flow of trade following...

  2. The Maritime Dimension of International Security: Terrorism, Piracy, and Challenges for the United States

    Science.gov (United States)

    2008-01-01

    Cyprus, or Bermuda because their registration requirements are neither expensive nor stringent. See, for example, Catherine Meldrum, “Murky Waters...Luzon–Hong Kong terror triangle .32 More recently, similar problems have beset ter- minals in Bangladesh, Nigeria, Indonesia, and the Horn of Africa.33

  3. Macro Security Methodology for Conducting Facility Security and Sustainability Assessments

    International Nuclear Information System (INIS)

    Herdes, Greg A.; Freier, Keith D.; Wright, Kyle A.

    2007-01-01

    Pacific Northwest National Laboratory (PNNL) has developed a macro security strategy that not only addresses traditional physical protection systems, but also focuses on sustainability as part of the security assessment and management process. This approach is designed to meet the needs of virtually any industry or environment requiring critical asset protection. PNNL has successfully demonstrated the utility of this macro security strategy through its support to the NNSA Office of Global Threat Reduction implementing security upgrades at international facilities possessing high activity radioactive sources that could be used in the assembly of a radiological dispersal device, commonly referred to as a 'dirty bomb'. Traditional vulnerability assessments provide a snap shot in time of the effectiveness of a physical protection system without significant consideration to the sustainability of the component elements that make up the system. This paper describes the approach and tools used to integrate technology, plans and procedures, training, and sustainability into a simple, quick, and easy-to-use security assessment and management tool.

  4. Defining Information Security.

    Science.gov (United States)

    Lundgren, Björn; Möller, Niklas

    2017-11-15

    This article proposes a new definition of information security, the 'Appropriate Access' definition. Apart from providing the basic criteria for a definition-correct demarcation and meaning concerning the state of security-it also aims at being a definition suitable for any information security perspective. As such, it bridges the conceptual divide between so-called 'soft issues' of information security (those including, e.g., humans, organizations, culture, ethics, policies, and law) and more technical issues. Because of this it is also suitable for various analytical purposes, such as analysing possible security breaches, or for studying conflicting attitudes on security in an organization. The need for a new definition is demonstrated by pointing to a number of problems for the standard definition type of information security-the so-called CIA definition. Besides being too broad as well as too narrow, it cannot properly handle the soft issues of information security, nor recognize the contextual and normative nature of security.

  5. Managing Cisco network security

    CERN Document Server

    Knipp, Eric

    2002-01-01

    An in-depth knowledge of how to configure Cisco IP network security is a MUST for anyone working in today''s internetworked world"There''s no question that attacks on enterprise networks are increasing in frequency and sophistication..."-Mike Fuhrman, Cisco Systems Manager, Security ConsultingManaging Cisco Network Security, Second Edition offers updated and revised information covering many of Cisco''s security products that provide protection from threats, detection of network security incidents, measurement of vulnerability and policy compliance and management of security policy across an extended organization. These are the tools that network administrators have to mount defenses against threats. Chapters also cover the improved functionality and ease of the Cisco Secure Policy Manger software used by thousands of small-to-midsized businesses and a special section on the Cisco Aironet Wireless Security Solutions.Security from a real-world perspectiveKey coverage of the new technologies offered by the Cisc...

  6. Analysis of Security Protocols in Embedded Systems

    DEFF Research Database (Denmark)

    Bruni, Alessandro

    .e., protecting the system from the external world). With increased connectivity of these systems to external networks the attack surface has grown, and consequently there is a need for securing the system from external attacks. Introducing security protocols in safety critical systems requires careful......Embedded real-time systems have been adopted in a wide range of safety-critical applications—including automotive, avionics, and train control systems—where the focus has long been on safety (i.e., protecting the external world from the potential damage caused by the system) rather than security (i...... considerations on the available resources, especially in meeting real-time and resource constraints, as well as cost and reliability requirements. For this reason many proposed security protocols in this domain have peculiar features, not present in traditional security literature. In this thesis we tackle...

  7. On Invertible Sampling and Adaptive Security

    DEFF Research Database (Denmark)

    Ishai, Yuval; Kumarasubramanian, Abishek; Orlandi, Claudio

    2011-01-01

    Secure multiparty computation (MPC) is one of the most general and well studied problems in cryptography. We focus on MPC protocols that are required to be secure even when the adversary can adaptively corrupt parties during the protocol, and under the assumption that honest parties cannot reliably...... erase their secrets prior to corruption. Previous feasibility results for adaptively secure MPC in this setting applied either to deterministic functionalities or to randomized functionalities which satisfy a certain technical requirement. The question whether adaptive security is possible for all...... functionalities was left open. We provide the first convincing evidence that the answer to this question is negative, namely that some (randomized) functionalities cannot be realized with adaptive security. We obtain this result by studying the following related invertible sampling problem: given an efficient...

  8. Almaraz ovation control system security

    Energy Technology Data Exchange (ETDEWEB)

    Madronal Rodriguez, E.; Anderson, E.; Jimenez Diaz, J.; Carrasco Mateos, J. A.

    2013-07-01

    Improving the security of a plant's Distributed Control System (DCS) is an important consideration for plant safety and profitability, as well as the necessity to comply with the regulation. The U.S. Nuclear Regulatory Commission has produced Regulatory Guide (RG) 5.71, and the Nuclear Energy Institute (NEI) has produced NEI 08-09 to assist plants in meeting 10 CFR 73.54, Protection of digital computer and communication systems and networks. These requirements, which address the establishment, implementation and maintenance of a cyber security program, present challenges to ensure that safety, security and emergency preparedness functions of nuclear facilities are not negatively impacted by the vulnerability scanning and testing process.

  9. Do you write secure code?

    CERN Multimedia

    Computer Security Team

    2011-01-01

    At CERN, we are excellent at producing software, such as complex analysis jobs, sophisticated control programs, extensive monitoring tools, interactive web applications, etc. This software is usually highly functional, and fulfils the needs and requirements as defined by its author. However, due to time constraints or unintentional ignorance, security aspects are often neglected. Subsequently, it was even more embarrassing for the author to find out that his code flawed and was used to break into CERN computers, web pages or to steal data…   Thus, if you have the pleasure or task of producing software applications, take some time before and familiarize yourself with good programming practices. They should not only prevent basic security flaws in your code, but also improve its readability, maintainability and efficiency. Basic rules for good programming, as well as essential books on proper software development, can be found in the section for software developers on our security we...

  10. Physical security in multinational nuclear-fuel-cycle operations

    International Nuclear Information System (INIS)

    Willrich, M.

    1977-01-01

    Whether or not multinationalization will reduce or increase risks of theft or sabotage will depend on the form and location of the enterprise, the precise nature of the physical security arrangements applied to the enterprise, and the future course of crime and terrorism in the nuclear age. If nuclear operations are multinationalized, the host government is likely to insist on physical security measures that are at least as stringent as those for a national or private enterprise subject to its jurisdiction. At the same time, the other participants will want to be sure the host government, as well as criminal groups, do not steal nuclear material from the facility. If designed to be reasonably effective, the physical security arrangements at a multinational nuclear enterprise seem likely to reduce the risk that any participating government will seek to divert material from the facility for use in a nuclear weapons program. Hence, multinationalization and physical security will both contribute to reducing the risks of nuclear weapons proliferation to additional governments. If economic considerations dominate the timing, scale and location of fuel-cycle facilities, the worldwide nuclear power industry is likely to develop along lines where the problems of physical security will be manageable. If, however, nuclear nationalism prevails, and numerous small-scale facilities become widely dispersed, the problem of security against theft and sabotage may prove to be unmanageable. It is ironic, although true, that in attempting to strengthen its security by pursuing self-sufficiency in nuclear power, a nation may be reducing its internal security against criminal terrorists

  11. Establishing a National Nuclear Security Support Centre

    International Nuclear Information System (INIS)

    2014-02-01

    The responsibility for creating and sustaining a nuclear security regime for the protection of nuclear and other radiological material clearly belongs to the State. The nuclear security regime resembles the layers of an onion, with the equipment and personnel securing the borders and ports representing the outer layer, and nuclear power, research reactors and nuclear medicine facilities representing the inner layers, and the actual target material representing the core. Components of any nuclear security regime include not only technological systems, but the human resources needed to manage, operate, administer and maintain equipment, including hardware and software. This publication provides practical guidance on the establishment and maintenance of a national nuclear security support centre (NSSC) as a means to ensure nuclear security sustainability in a State. An NSSC's basic purpose is to provide a national focal point for passing ownership of nuclear security knowledge and associated technical skills to the competent authorities involved in nuclear security. It describes processes and methodologies that can be used by a State to analyse the essential elements of information in a manner that allows several aspects of long term, systemic sustainability of nuclear security to be addressed. Processes such as the systematic approach to training, sometimes referred to as instructional system design, are the cornerstone of the NSSC concept. Proper analysis can provide States with data on the number of personnel requiring training and instructors needed, scale and scope of training, technical and scientific support venues, and details on the type and number of training aids or simulators required so that operational systems are not compromised in any way. Specific regulatory guidance, equipment or technology lists, or specifications/design of protection systems are not included in this publication. For such details, the following IAEA publications should be consulted

  12. Security classification of information

    Energy Technology Data Exchange (ETDEWEB)

    Quist, A.S.

    1993-04-01

    This document is the second of a planned four-volume work that comprehensively discusses the security classification of information. The main focus of Volume 2 is on the principles for classification of information. Included herein are descriptions of the two major types of information that governments classify for national security reasons (subjective and objective information), guidance to use when determining whether information under consideration for classification is controlled by the government (a necessary requirement for classification to be effective), information disclosure risks and benefits (the benefits and costs of classification), standards to use when balancing information disclosure risks and benefits, guidance for assigning classification levels (Top Secret, Secret, or Confidential) to classified information, guidance for determining how long information should be classified (classification duration), classification of associations of information, classification of compilations of information, and principles for declassifying and downgrading information. Rules or principles of certain areas of our legal system (e.g., trade secret law) are sometimes mentioned to .provide added support to some of those classification principles.

  13. Security for safety critical space borne systems

    Science.gov (United States)

    Legrand, Sue

    1987-01-01

    The Space Station contains safety critical computer software components in systems that can affect life and vital property. These components require a multilevel secure system that provides dynamic access control of the data and processes involved. A study is under way to define requirements for a security model providing access control through level B3 of the Orange Book. The model will be prototyped at NASA-Johnson Space Center.

  14. Cyber Security and Resilient Systems

    International Nuclear Information System (INIS)

    Anderson, Robert S.

    2009-01-01

    The Department of Energy (DOE) Idaho National Laboratory (INL) has become a center of excellence for critical infrastructure protection, particularly in the field of cyber security. It is one of only a few national laboratories that have enhanced the nation's cyber security posture by performing industrial control system (ICS) vendor assessments as well as user on-site assessments. Not only are vulnerabilities discovered, but described actions for enhancing security are suggested - both on a system-specific basis and from a general perspective of identifying common weaknesses and their corresponding corrective actions. These cyber security programs have performed over 40 assessments to date which have led to more robust, secure, and resilient monitoring and control systems for the US electrical grid, oil and gas, chemical, transportation, and many other sectors. In addition to cyber assessments themselves, the INL has been engaged in outreach to the ICS community through vendor forums, technical conferences, vendor user groups, and other special engagements as requested. Training programs have been created to help educate all levels of management and worker alike with an emphasis towards real everyday cyber hacking methods and techniques including typical exploits that are used. The asset owner or end user has many products available for its use created from these programs. One outstanding product is the US Department of Homeland Security (DHS) Cyber Security Procurement Language for Control Systems document that provides insight to the user when specifying a new monitoring and control system, particularly concerning security requirements. Employing some of the top cyber researchers in the nation, the INL can leverage this talent towards many applications other than critical infrastructure. Monitoring and control systems are used throughout the world to perform simple tasks such as cooking in a microwave to complex ones such as the monitoring and control of the

  15. Cyber Security and Resilient Systems

    Energy Technology Data Exchange (ETDEWEB)

    Robert S. Anderson

    2009-07-01

    The Department of Energy (DOE) Idaho National Laboratory (INL) has become a center of excellence for critical infrastructure protection, particularly in the field of cyber security. It is one of only a few national laboratories that have enhanced the nation’s cyber security posture by performing industrial control system (ICS) vendor assessments as well as user on-site assessments. Not only are vulnerabilities discovered, but described actions for enhancing security are suggested – both on a system-specific basis and from a general perspective of identifying common weaknesses and their corresponding corrective actions. These cyber security programs have performed over 40 assessments to date which have led to more robust, secure, and resilient monitoring and control systems for the US electrical grid, oil and gas, chemical, transportation, and many other sectors. In addition to cyber assessments themselves, the INL has been engaged in outreach to the ICS community through vendor forums, technical conferences, vendor user groups, and other special engagements as requested. Training programs have been created to help educate all levels of management and worker alike with an emphasis towards real everyday cyber hacking methods and techniques including typical exploits that are used. The asset owner or end user has many products available for its use created from these programs. One outstanding product is the US Department of Homeland Security (DHS) Cyber Security Procurement Language for Control Systems document that provides insight to the user when specifying a new monitoring and control system, particularly concerning security requirements. Employing some of the top cyber researchers in the nation, the INL can leverage this talent towards many applications other than critical infrastructure. Monitoring and control systems are used throughout the world to perform simple tasks such as cooking in a microwave to complex ones such as the monitoring and control of the

  16. Securing the Vista Environment

    CERN Document Server

    Gregory, Peter

    2007-01-01

    "Securing the Vista Environment" takes you on a quick tour of the most significant security features in Vista, Microsoft's first revision of Windows in almost six years. You'll get background on threats and vulnerabilities that will make you think differently about security. Security is more than just the technology and configurations--it's about how we use the system that makes it secure or not. Then we'll cover Vista's security features, from user privileges to Windows Defender, User Account Control, and BitLocker, as well as strategies for protecting your information from unwanted disclo

  17. Digital security technology simplified.

    Science.gov (United States)

    Scaglione, Bernard J

    2007-01-01

    Digital security technology is making great strides in replacing analog and other traditional security systems including CCTV card access, personal identification and alarm monitoring applications. Like any new technology, the author says, it is important to understand its benefits and limitations before purchasing and installing, to ensure its proper operation and effectiveness. This article is a primer for security directors on how digital technology works. It provides an understanding of the key components which make up the foundation for digital security systems, focusing on three key aspects of the digital security world: the security network, IP cameras and IP recorders.

  18. Smart security proven practices

    CERN Document Server

    Quilter, J David

    2014-01-01

    Smart Security: Understanding and Contributing to the Business is a video presentation. Length: 68 minutes. In Smart Security: Understanding and Contributing to the Business, presenter J. David Quilter demonstrates the benefits of how a fully integrated security program increases business profits and delivers smart security practices at the same time. The presentation does away with the misconception that security is only an expense. In fact, a well-integrated security program can protect business interests, thereby enhancing productivity and net income. Quilter covers cost analysis and secu

  19. Android apps security

    CERN Document Server

    Gunasekera, Sheran

    2012-01-01

    Android Apps Security provides guiding principles for how to best design and develop Android apps with security in mind. It explores concepts that can be used to secure apps and how developers can use and incorporate these security features into their apps. This book will provide developers with the information they need to design useful, high-performing, and secure apps that expose end-users to as little risk as possible.  Overview of Android OS versions, features, architecture and security.  Detailed examination of areas where attacks on applications can take place and what controls should b

  20. Nation State as Security Provider in Human Security Issue

    OpenAIRE

    Maya Padmi, Made Fitri

    2015-01-01

    Human Security notion is emphasizing on human as the central of security studies, challenging the position of state as the core of security. Some studies are tried to separate the state security and human security, however there are strong connection between these two notions. State has important role in establishing and maintaining the security of its own citizens. Through social contract and social security protection, state are oblige to set the security of its own people as their security...

  1. Embedded Java security security for mobile devices

    CERN Document Server

    Debbabi, Mourad; Talhi, Chamseddine

    2007-01-01

    Java brings more functionality and versatility to the world of mobile devices, but it also introduces new security threats. This book contains a presentation of embedded Java security and presents the main components of embedded Java. It gives an idea of the platform architecture and is useful for researchers and practitioners.

  2. Securing abundance : The politics of energy security

    NARCIS (Netherlands)

    Kester, Johannes

    2016-01-01

    Energy Security is a concept that is known in the literature for its ‘slippery’ nature and subsequent wide range of definitions. Instead of another attempt at grasping the essence of this concept, Securing Abundance reformulates the problem and moves away from a definitional problem to a theoretical

  3. Social security for seafarers globally.

    Science.gov (United States)

    Jensen, Olaf C; Lucero-Prisno, Don Eliseo; Haarløv, Erik; Sucre, Rimsky; Flores, Agnes; Canals, M Luisa

    2013-01-01

    The social security protection is one of the essential elements of decent work. The issue is complexand no previous epidemiological studies of the coverage among the seafarers have yet been performed. The aim was to overcome the gap of knowledge to promote the further discussion and plan the implementationof the social security for all the seafarers. The seafarers completed a short questionnaire concerning their knowledge abouttheir social security status. The significant disparities in the social security coverage were pointed out among the nationalities.Especially it is worth mentioning that more than half of the respondents believe they are economicallyuncovered for disability from an injury on board and from a work-related disease. The results confirm the ILO (Convention No. 143) statements that the significant part of theseafarers comes from the poorer countries without the substantial social security systems. The solutionssuggested are to implement the minimum requirements as recommended by the ILO 2006 Convention, tosurvey the implementation and - in the long term - to struggle for a global social equality.

  4. Secure and Efficient Routable Control Systems

    Energy Technology Data Exchange (ETDEWEB)

    Edgar, Thomas W.; Hadley, Mark D.; Manz, David O.; Winn, Jennifer D.

    2010-05-01

    This document provides the methods to secure routable control system communication in the electric sector. The approach of this document yields a long-term vision for a future of secure communication, while also providing near term steps and a roadmap. The requirements for the future secure control system environment were spelled out to provide a final target. Additionally a survey and evaluation of current protocols was used to determine if any existing technology could achieve this goal. In the end a four-step path was described that brought about increasing requirement completion and culminates in the realization of the long term vision.

  5. 48 CFR 1339.107-70 - Information security.

    Science.gov (United States)

    2010-10-01

    ... 48 Federal Acquisition Regulations System 5 2010-10-01 2010-10-01 false Information security. 1339... CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 1339.107-70 Information security. (a... Clause 1352.239-73, Security Requirements for Information Technology Resources, is needed, contracting...

  6. Disaster at a University: A Case Study in Information Security

    Science.gov (United States)

    Ayyagari, Ramakrishna; Tyks, Jonathan

    2012-01-01

    Security and disaster training is identified as a top Information Technology (IT) required skill that needs to be taught in Information Systems (IS) curriculums. Accordingly, information security and privacy have become core concepts in information system education. Providing IT security on a shoestring budget is always difficult and many small…

  7. Constructing Secure Mobile Agent Systems Using the Agent Operating System

    NARCIS (Netherlands)

    van t Noordende, G.J.; Overeinder, B.J.; Timmer, R.J.; Brazier, F.M.; Tanenbaum, A.S.

    2009-01-01

    Designing a secure and reliable mobile agent system is a difficult task. The agent operating system (AOS) is a building block that simplifies this task. AOS provides common primitives required by most mobile agent middleware systems, such as primitives for secure communication, secure and

  8. The chief information security officer insights, tools and survival skills

    CERN Document Server

    Kouns, Barry

    2011-01-01

    Chief Information Security Officers are bombarded with huge challenges every day, from recommending security applications to strategic thinking and business innovation. This guide describes the hard and soft skills that a successful CISO requires: not just a good knowledge of information security, but also attributes such as flexibility and communication skills.

  9. 48 CFR 606.302-6 - National security.

    Science.gov (United States)

    2010-10-01

    ... 48 Federal Acquisition Regulations System 4 2010-10-01 2010-10-01 false National security. 606.302... ACQUISITION PLANNING COMPETITION REQUIREMENTS Other Than Full and Open Competition 606.302-6 National security. (b) This subsection applies to all acquisitions involving national security information, regardless...

  10. 48 CFR 6.302-6 - National security.

    Science.gov (United States)

    2010-10-01

    ... 48 Federal Acquisition Regulations System 1 2010-10-01 2010-10-01 false National security. 6.302-6... COMPETITION REQUIREMENTS Other Than Full and Open Competition 6.302-6 National security. (a) Authority. (1... for when the disclosure of the agency's needs would compromise the national security unless the agency...

  11. 12 CFR 12.7 - Securities trading policies and procedures.

    Science.gov (United States)

    2010-01-01

    ... 12 Banks and Banking 1 2010-01-01 2010-01-01 false Securities trading policies and procedures. 12.7 Section 12.7 Banks and Banking COMPTROLLER OF THE CURRENCY, DEPARTMENT OF THE TREASURY RECORDKEEPING AND CONFIRMATION REQUIREMENTS FOR SECURITIES TRANSACTIONS § 12.7 Securities trading policies and...

  12. An Empirical Evaluation of Cryptool in Teaching Computer Security

    OpenAIRE

    Mabroka Maeref; Fatma Algali

    2015-01-01

    In the area of network security, the fundamental se curity principles and security practice skills are both required for students’ understanding. Inst ructors have to emphasize both; the theoretical part and practices of security. However , this is a challenging task for instructors’ teaching and students’ learning. For this reason, r esearchers are eager to support the lecture lessons by using interactive visualization ...

  13. A layered approach to user-centered security

    DEFF Research Database (Denmark)

    Bødker, Susanne

    2008-01-01

    The workshop will explore the possibilities of a user-centered perspective on security. With exceptions, existing research may be criticized for being highly system-centered, focusing on how one may change user behavior to deal with the requirements of security, or on how security aspects can...

  14. 76 FR 5232 - Small Business Information Security Task Force

    Science.gov (United States)

    2011-01-28

    ... card security issues for small businesses. The group then engaged in an open discussion regarding the... the Payment Card Industry Security Standards, which lay out the requirements for protecting credit... business website dedicated to online credit card security. Before concluding the meeting, the group...

  15. Ways to Improve DoD 8570 IY Security Certification

    Science.gov (United States)

    Bates, Justin D.

    2017-01-01

    The goal of this research was to discover a list of changes that can be applied to IT security certifications to enhance the day-to-day capabilities of IT security professionals. Background: IT security professionals are often required to obtain certifications that do not adequately prepare them for the full scope of work that will be necessary…

  16. 14 CFR 1212.604 - Social security numbers.

    Science.gov (United States)

    2010-01-01

    ... 14 Aeronautics and Space 5 2010-01-01 2010-01-01 false Social security numbers. 1212.604 Section... REGULATIONS Instructions for NASA Employees § 1212.604 Social security numbers. (a) It is unlawful for NASA to...' refusal to disclose their social security numbers, except where: (1) The disclosure is required by law; or...

  17. 49 CFR 10.29 - Social Security numbers.

    Science.gov (United States)

    2010-10-01

    ... 49 Transportation 1 2010-10-01 2010-10-01 false Social Security numbers. 10.29 Section 10.29... INDIVIDUALS Maintenance of Records § 10.29 Social Security numbers. (a) No individual is denied any right... which is required by Federal statute; or (2) The disclosure of a Social Security number when such...

  18. 4 CFR 83.9 - Social Security number.

    Science.gov (United States)

    2010-01-01

    ... 4 Accounts 1 2010-01-01 2010-01-01 false Social Security number. 83.9 Section 83.9 Accounts GOVERNMENT ACCOUNTABILITY OFFICE RECORDS PRIVACY PROCEDURES FOR PERSONNEL RECORDS § 83.9 Social Security number. (a) GAO may not require individuals to disclose their Social Security Number (SSN) unless...

  19. Security in Computer Applications

    CERN Multimedia

    CERN. Geneva

    2004-01-01

    Computer security has been an increasing concern for IT professionals for a number of years, yet despite all the efforts, computer systems and networks remain highly vulnerable to attacks of different kinds. Design flaws and security bugs in the underlying software are among the main reasons for this. This lecture addresses the following question: how to create secure software? The lecture starts with a definition of computer security and an explanation of why it is so difficult to achieve. It then introduces the main security principles (like least-privilege, or defense-in-depth) and discusses security in different phases of the software development cycle. The emphasis is put on the implementation part: most common pitfalls and security bugs are listed, followed by advice on best practice for security development. The last part of the lecture covers some miscellaneous issues like the use of cryptography, rules for networking applications, and social engineering threats. This lecture was first given on Thursd...

  20. Social Security Administration

    Science.gov (United States)

    ... a my Social Security account. Newsroom Social Security's Fiscal Year (FY) 2017 Agency Financial Report (AFR) Our ... Us Accessibility FOIA Open Government Glossary Privacy Report Fraud, Waste or Abuse Site Map Other Government Websites: ...

  1. While Working Around Security

    DEFF Research Database (Denmark)

    Mathiasen, Niels Raabjerg

    Users of technology encounter various IT security mechanisms in their everyday lives. If these mechanisms fail to support everyday activities, they either get in the way, or the users find a way to work around them. Even though users manage to carry out everyday activities by using substandard......’ experiences of security influence the way they make sense of, assess, and handle IT security mechanisms. Moreover, I studied cases in which the users handled IT security sensitive technology in a secure way, but still had unwanted experiences of security. Through the developed design methods I was able...... to activate and access study participants’ prior experiences of making sense of IT security sensitive technology. Moreover, the methods helped clarify users’ immediate experience in an encounter with IT security sensitive technology. The findings were integrated into the design of a digital signature solution...

  2. Privatising security and war

    Directory of Open Access Journals (Sweden)

    José L Gómez del Prado

    2011-03-01

    Full Text Available State security functions normally carried out by national armies or police forces are being outsourced to private military and security companies in countries where conflict is displacing many people....

  3. Privatising security and war

    OpenAIRE

    José L Gómez del Prado

    2011-01-01

    State security functions normally carried out by national armies or police forces are being outsourced to private military and security companies in countries where conflict is displacing many people....

  4. Wireshark network security

    CERN Document Server

    Verma, Piyush

    2015-01-01

    If you are network administrator or a security analyst with an interest in using Wireshark for security analysis, then this is the book for you. Basic familiarity with common network and application services terms and technologies is assumed.

  5. Institutionalizing Security Force Assistance

    National Research Council Canada - National Science Library

    Binetti, Michael R

    2008-01-01

    .... It looks at the manner in which security assistance guidance is developed and executed. An examination of national level policy and the guidance from senior military and civilian leaders highlights the important role of Security Force Assistance...

  6. Security of Dependable Systems

    DEFF Research Database (Denmark)

    Ahmed, Naveed; Jensen, Christian D.

    2011-01-01

    Security and dependability are crucial for designing trustworthy systems. The approach “security as an add-on” is not satisfactory, yet the integration of security in the development process is still an open problem. Especially, a common framework for specifying dependability and security is very...... much needed. There are many pressing challenges however; here, we address some of them. Firstly, security for dependable systems is a broad concept and traditional view of security, e.g., in terms of confidentiality, integrity and availability, does not suffice. Secondly, a clear definition of security...... in the dependability context is not agreed upon. Thirdly, security attacks cannot be modeled as a stochastic process, because the adversary’s strategy is often carefully planned. In this chapter, we explore these challenges and provide some directions toward their solutions....

  7. Secure DTN Communications Project

    Data.gov (United States)

    National Aeronautics and Space Administration — Innoflight proposes to implement and perform an on-orbit demonstration of a Secure DTN communications suite on the SCaN Testbed aboard the ISS. Secure DTN is a...

  8. Cloud security mechanisms

    OpenAIRE

    2014-01-01

    Cloud computing has brought great benefits in cost and flexibility for provisioning services. The greatest challenge of cloud computing remains however the question of security. The current standard tools in access control mechanisms and cryptography can only partly solve the security challenges of cloud infrastructures. In the recent years of research in security and cryptography, novel mechanisms, protocols and algorithms have emerged that offer new ways to create secure services atop cloud...

  9. Hybrid Security Policies

    Directory of Open Access Journals (Sweden)

    Radu CONSTANTINESCU

    2006-01-01

    Full Text Available Policy is defined as the rules and regulations set by the organization. They are laid down by management in compliance with industry regulations, law and internal decisions. Policies are mandatory. Security policies rules how the information is protected against security vulnerabilities and they are the basis for security awareness, training and vital for security audits. Policies are focused on desired results. The means of achieving the goals are defined on controls, standards and procedures.

  10. Mobile platform security

    CERN Document Server

    Asokan, N; Dmitrienko, Alexandra

    2013-01-01

    Recently, mobile security has garnered considerable interest in both the research community and industry due to the popularity of smartphones. The current smartphone platforms are open systems that allow application development, also for malicious parties. To protect the mobile device, its user, and other mobile ecosystem stakeholders such as network operators, application execution is controlled by a platform security architecture. This book explores how such mobile platform security architectures work. We present a generic model for mobile platform security architectures: the model illustrat

  11. Security system signal supervision

    International Nuclear Information System (INIS)

    Chritton, M.R.; Matter, J.C.

    1991-09-01

    This purpose of this NUREG is to present technical information that should be useful to NRC licensees for understanding and applying line supervision techniques to security communication links. A review of security communication links is followed by detailed discussions of link physical protection and DC/AC static supervision and dynamic supervision techniques. Material is also presented on security for atmospheric transmission and video line supervision. A glossary of security communication line supervision terms is appended. 16 figs

  12. Introduction to Hardware Security

    OpenAIRE

    Yier Jin

    2015-01-01

    Hardware security has become a hot topic recently with more and more researchers from related research domains joining this area. However, the understanding of hardware security is often mixed with cybersecurity and cryptography, especially cryptographic hardware. For the same reason, the research scope of hardware security has never been clearly defined. To help researchers who have recently joined in this area better understand the challenges and tasks within the hardware security domain an...

  13. Medical Information Security

    OpenAIRE

    William C. Figg, Ph.D.; Hwee Joo Kam, M.S.

    2011-01-01

    Modern medicine is facing a complex environment, not from medical technology but rather government regulations and information vulnerability. HIPPA is the government’s attempt to protect patient’s information yet this only addresses traditional record handling. The main threat is from the evolving security issues. Many medical offices and facilities have multiple areas of information security concerns. Physical security is often weak, office personnel are not always aware of security needs an...

  14. Electronic healthcare information security

    CERN Document Server

    Dube, Kudakwashe; Shoniregun, Charles A

    2010-01-01

    The ever-increasing healthcare expenditure and pressing demand for improved quality and efficiency of patient care services are driving innovation in healthcare information management. The domain of healthcare has become a challenging testing ground for information security due to the complex nature of healthcare information and individual privacy. ""Electronic Healthcare Information Security"" explores the challenges of e-healthcare information and security policy technologies. It evaluates the effectiveness of security and privacy implementation systems for anonymization methods and techniqu

  15. Web Security Testing Cookbook

    CERN Document Server

    Hope, Paco

    2008-01-01

    Among the tests you perform on web applications, security testing is perhaps the most important, yet it's often the most neglected. The recipes in the Web Security Testing Cookbook demonstrate how developers and testers can check for the most common web security issues, while conducting unit tests, regression tests, or exploratory tests. Unlike ad hoc security assessments, these recipes are repeatable, concise, and systematic-perfect for integrating into your regular test suite.

  16. Physical security at research reactors

    International Nuclear Information System (INIS)

    Clark, R.A.

    1977-01-01

    Of the 84 non-power research facilities licensed under 10 CFR Part 50, 73 are active (two test reactors, 68 research reactors and three critical facilities) and are required by 10 CFR Part 73.40 to provide physical protection against theft of SNM and against industrial sabotage. Each licensee has developed a security plan required by 10 CFR Part 50.34(c) to demonstrate the means of compliance with the applicable requirements of 10 CFR Part 73. In 1974, the Commission provided interim guidance for the organization and content of security plans for (a) test reactors, (b) medium power research and training reactors, and (c) low power research and training reactors. Eleven TRIGA reactors, with power levels greater than 250 kW and all other research and training reactors with power levels greater than 100 kW and less than or equal to 5,000 kW are designated as medium power research and training reactors. Thirteen TRIGA reactors with authorized power levels less than 250 kW are considered to be low power research and training reactors. Additional guidance for complying with the requirements of 73.50 and 73.60, if applicable, is provided in the Commission's Regulatory Guides. The Commission's Office of Inspection and Enforcement inspects each licensed facility to assure that an approved security plan is properly implemented with appropriate procedures and physical protection systems

  17. Formal policies for flexible EHR security.

    Science.gov (United States)

    Blobel, Bernd; Pharow, Peter

    2006-01-01

    State of the Art methodologies for establishing requirements and solutions to securing applications are based on narrative descriptions about the use of available system, sometimes also dedicated to system components. Even nowadays new developments to ruling application security services by the use of predicate logic suffer from being administered manually. Therefore, security and privacy requirements cannot be properly met resulting in restrictions and fears for allowing the use of sensitive data and functions. Because of the sensitivity of personal health information and especially of genetic data with its wider implications beyond the original subject of care, weaknesses in guaranteeing fine-grained security and privacy rules lead to less acceptance or even the avoidance of essential information transfer and use. To overcome the problem, security and privacy have to become properties of the architectural components of the respective health information system. Embedding security into the systems architecture allows for negotiating and enforcing any security and privacy services related to principals, their roles, their relationships, further contextual information as well as other regulations summarized in formally modeled policies. The paper introduces the evolving paradigm of the model-driven architecture, first time also comprehensively deployed for security and privacy services in bio-genetic and health information systems.

  18. Educational Programme in Nuclear Security (Chinese Version)

    International Nuclear Information System (INIS)

    2012-01-01

    Higher education plays an essential role in nuclear security capacity building. It ensures the availability of experts able to provide the necessary competencies for the effective national nuclear security oversight of nuclear and other radioactive material and to establish and maintain an appropriate nuclear regime in a State. This guide provides both the theoretical knowledge and the practical skills necessary to meet the requirements described in the international framework for nuclear security. Emphasis is placed on the implementation of these requirements and recommendations in States. On the basis of this guide, each university should be able to develop its own academic programme tailored to suit the State's educational needs in the area of nuclear security and to meet national requirements.

  19. Mobile communication security

    NARCIS (Netherlands)

    Broek, F.M.J. van den

    2016-01-01

    Security of the mobile network Fabian van den Broek We looked at the security of the wireless connection between mobile phone and cell towers and suggested possible improvements. The security was analysed on a design level, by looking at the protocols and encryption techniques, but also on an

  20. Selecting Security Technology Providers

    Science.gov (United States)

    Schneider, Tod

    2009-01-01

    The world of security technology holds great promise, but it is fraught with opportunities for expensive missteps and misapplications. The quality of the security technology consultants and system integrators one uses will have a direct bearing on how well his school masters this complex subject. Security technology consultants help determine…

  1. Secure pairing with biometrics

    NARCIS (Netherlands)

    Buhan, I.R.; Boom, B.J.; Doumen, J.M.; Hartel, Pieter H.; Veldhuis, Raymond N.J.

    Secure pairing enables two devices that share no prior context with each other to agree upon a security association, which they can use to protect their subsequent communication. Secure pairing offers guarantees of the association partner identity and it should be resistant to eavesdropping and to a

  2. Educational Programme in Nuclear Security

    International Nuclear Information System (INIS)

    2010-01-01

    The potential of a malicious act involving nuclear or other radioactive material is a continuing worldwide threat. Available data indicate circumstances in which nuclear and other radioactive material are vulnerable to theft, are uncontrolled, or are in unauthorized circulation. States must establish sustainable security measures to prevent such acts and to protect society from nuclear terrorism. Appropriate training and education at all levels and in all relevant organizations and facilities can play a major role in this process. There is increased interest in nuclear applications. Many States have expressed interest in expanding or introducing nuclear power in their country as a result of their own assessment of their energy supply needs, because of climate change, and development requirements. The projected increase in the demand for nuclear energy will increase the number of nuclear reactors worldwide and, consequently, the amount of nuclear material in use. Possible malicious acts involving nuclear or other radioactive material are a real threat. These developments are mirrored by an increase in the use of nuclear techniques in non-power applications. As a result, the need for experts in the area of nuclear security has become of great importance, and both universities and students have shown an increasing interest in nuclear security specialities. In September 2005, the Board of Governors approved a Nuclear Security Plan covering the period 2006-2009. This emphasized, inter alia, the importance of human resource development to assist States in building capacity to establish and maintain appropriate nuclear security to prevent, detect and respond to malicious acts involving nuclear and other radioactive material. The Nuclear Security Plan envisages the development of guidance for an educational programme in nuclear security that could be used by all States. In pursuit of this goal, this publication has been developed to provide advice and assistance to

  3. Core software security security at the source

    CERN Document Server

    Ransome, James

    2013-01-01

    First and foremost, Ransome and Misra have made an engaging book that will empower readers in both large and small software development and engineering organizations to build security into their products. This book clarifies to executives the decisions to be made on software security and then provides guidance to managers and developers on process and procedure. Readers are armed with firm solutions for the fight against cyber threats.-Dr. Dena Haritos Tsamitis. Carnegie Mellon UniversityIn the wake of cloud computing and mobile apps, the issue of software security has never been more importan

  4. Restricted access processor - An application of computer security technology

    Science.gov (United States)

    Mcmahon, E. M.

    1985-01-01

    This paper describes a security guard device that is currently being developed by Computer Sciences Corporation (CSC). The methods used to provide assurance that the system meets its security requirements include the system architecture, a system security evaluation, and the application of formal and informal verification techniques. The combination of state-of-the-art technology and the incorporation of new verification procedures results in a demonstration of the feasibility of computer security technology for operational applications.

  5. Effective Methodology for Security Risk Assessment of Computer Systems

    OpenAIRE

    Daniel F. García; Adrián Fernández

    2013-01-01

    Today, computer systems are more and more complex and support growing security risks. The security managers need to find effective security risk assessment methodologies that allow modeling well the increasing complexity of current computer systems but also maintaining low the complexity of the assessment procedure. This paper provides a brief analysis of common security risk assessment methodologies leading to the selection of a proper methodology to fulfill these requirements. Then, a detai...

  6. Cyber security best practices for the nuclear industry

    International Nuclear Information System (INIS)

    Badr, I.

    2012-01-01

    When deploying software based systems, such as, digital instrumentation and controls for the nuclear industry, it is vital to include cyber security assessment as part of architecture and development process. When integrating and delivering software-intensive systems for the nuclear industry, engineering teams should make use of a secure, requirements driven, software development life cycle, ensuring security compliance and optimum return on investment. Reliability protections, data loss prevention, and privacy enforcement provide a strong case for installing strict cyber security policies. (authors)

  7. Privacy and security of patient data in the pathology laboratory

    OpenAIRE

    Cucoranu, Ioan C.; Parwani, Anil V.; West, Andrew J.; Romero-Lauro, Gonzalo; Nauman, Kevin; Carter, Alexis B.; Balis, Ulysses J.; Tuthill, Mark J.; Pantanowitz, Liron

    2013-01-01

    Data protection and security are critical components of routine pathology practice because laboratories are legally required to securely store and transmit electronic patient data. With increasing connectivity of information systems, laboratory work-stations, and instruments themselves to the Internet, the demand to continuously protect and secure laboratory information can become a daunting task. This review addresses informatics security issues in the pathology laboratory related to passwor...

  8. A Model Based Security Testing Method for Protocol Implementation

    Directory of Open Access Journals (Sweden)

    Yu Long Fu

    2014-01-01

    Full Text Available The security of protocol implementation is important and hard to be verified. Since the penetration testing is usually based on the experience of the security tester and the specific protocol specifications, a formal and automatic verification method is always required. In this paper, we propose an extended model of IOLTS to describe the legal roles and intruders of security protocol implementations, and then combine them together to generate the suitable test cases to verify the security of protocol implementation.

  9. A methodology for performing computer security reviews

    International Nuclear Information System (INIS)

    Hunteman, W.J.

    1991-01-01

    DOE Order 5637.1, ''Classified Computer Security,'' requires regular reviews of the computer security activities for an ADP system and for a site. Based on experiences gained in the Los Alamos computer security program through interactions with DOE facilities, we have developed a methodology to aid a site or security officer in performing a comprehensive computer security review. The methodology is designed to aid a reviewer in defining goals of the review (e.g., preparation for inspection), determining security requirements based on DOE policies, determining threats/vulnerabilities based on DOE and local threat guidance, and identifying critical system components to be reviewed. Application of the methodology will result in review procedures and checklists oriented to the review goals, the target system, and DOE policy requirements. The review methodology can be used to prepare for an audit or inspection and as a periodic self-check tool to determine the status of the computer security program for a site or specific ADP system. 1 tab

  10. Global Security Program Management Plan

    Energy Technology Data Exchange (ETDEWEB)

    Bretzke, John C. [Los Alamos National Lab. (LANL), Los Alamos, NM (United States)

    2014-03-25

    The Global Security Directorate mission is to protect against proliferant and unconventional nuclear threats –regardless of origin - and emerging new threats. This mission is accomplished as the Los Alamos National Laboratory staff completes projects for our numerous sponsors. The purpose of this Program Management Plan is to establish and clearly describe the GS program management requirements including instructions that are essential for the successful management of projects in accordance with our sponsor requirements. The detailed information provided in this document applies to all LANL staff and their subcontractors that are performing GS portfolio work. GS management is committed to a culture that ensures effective planning, execution, and achievement of measurable results in accordance with the GS mission. Outcomes of such a culture result in better communication, delegated authority, accountability, and increased emphasis on safely and securely achieving GS objectives.

  11. Android security cookbook

    CERN Document Server

    Makan, Keith

    2013-01-01

    Android Security Cookbook' breaks down and enumerates the processes used to exploit and remediate Android app security vulnerabilities in the form of detailed recipes and walkthroughs.""Android Security Cookbook"" is aimed at anyone who is curious about Android app security and wants to be able to take the necessary practical measures to protect themselves; this means that Android application developers, security researchers and analysts, penetration testers, and generally any CIO, CTO, or IT managers facing the impeding onslaught of mobile devices in the business environment will benefit from

  12. Pro Spring security

    CERN Document Server

    Scarioni, Carlo

    2013-01-01

    Security is a key element in the development of any non-trivial application. The Spring Security Framework provides a comprehensive set of functionalities to implement industry-standard authentication and authorization mechanisms for Java applications. Pro Spring Security will be a reference and advanced tutorial that will do the following: Guides you through the implementation of the security features for a Java web application by presenting consistent examples built from the ground-up. Demonstrates the different authentication and authorization methods to secure enterprise-level applications

  13. Information security management handbook

    CERN Document Server

    2002-01-01

    The Information Security Management Handbook continues its tradition of consistently communicating the fundamental concepts of security needed to be a true CISSP. In response to new developments, Volume 4 supplements the previous volumes with new information covering topics such as wireless, HIPAA, the latest hacker attacks and defenses, intrusion detection, and provides expanded coverage on security management issues and applications security. Even those that don't plan on sitting for the CISSP exam will find that this handbook is a great information security reference.The changes in the tech

  14. Parliamentary control of security information agency in terms of security culture: State and problems

    Directory of Open Access Journals (Sweden)

    Radivojević Nenad

    2013-01-01

    Full Text Available Even though security services have the same function as before, today they have different tasks and significantly more work than before. Modern security problems of the late 20th and early 21st century require states to reorganize their security services, adapting them to the new changes. The reorganization involves, among other things, giving wider powers of the security services, in order to effectively counter the growing and sophisticated security threats, which may also lead to violations of human rights and freedoms. It is therefore necessary to define the right competence, organization, authority and control of these services. In democratic countries, there are several institutions with different levels of control of security services. Parliament is certainly one of the most important institutions in that control, both in the world and in our country. Powers, finance, the use of special measures and the nature and scope of work of the Security Information Agency are certainly object of the control of the National Assembly. What seems to be the problem is achieving a balance between the need for control of security services and security services to have effective methods for combating modern security problems. This paper presents the legal framework related to the National Assembly control of the Security Intelligence Agency, as well as the practical problems associated with this type of control. We analyzed the role of security culture as one of the factors of that control. In this regard, it provides guidance for the practical work of the members of parliament who control the Security Intelligence Agency, noting in particular the importance of and the need for continuous improvement of security culture representatives.

  15. European [Security] Union

    DEFF Research Database (Denmark)

    Manners, Ian James

    2013-01-01

    The past 20 years, since the 1992 Treaty on European Union, have seen the gradual creation of both an “Area of Freedom, Security and Justice” and a “Common Foreign and Security Policy”. More recent is the development of a “European Neighbourhood Policy” over the past 10 years. All three of these ......The past 20 years, since the 1992 Treaty on European Union, have seen the gradual creation of both an “Area of Freedom, Security and Justice” and a “Common Foreign and Security Policy”. More recent is the development of a “European Neighbourhood Policy” over the past 10 years. All three...... of these policies involved the navigation and negotiation of security, borders and governance in and by the European Union (EU). This article analyses these practices of bordering and governance through a five-fold security framework. The article argues that a richer understanding of EU security discourses can...

  16. Information security cost management

    CERN Document Server

    Bazavan, Ioana V

    2006-01-01

    While information security is an ever-present challenge for all types of organizations today, most focus on providing security without addressing the necessities of staff, time, or budget in a practical manner.Information Security Cost Management offers a pragmatic approach to implementing information security, taking budgetary and real-world constraints into consideration. By providing frameworks, step-by-step processes, and project management breakdowns, this book demonstrates how to design the best security strategy with the resources you have available. Organized into five sections, the book-Focuses on setting the right road map so that you can be most effective in your information security implementationsDiscusses cost-effective staffing, the single biggest expense to the security organizationPresents practical ways to build and manage the documentation that details strategy, provides resources for operating annual audits, and illustrates how to advertise accomplishments to senior management effectivelyI...

  17. Introduction to Hardware Security

    Directory of Open Access Journals (Sweden)

    Yier Jin

    2015-10-01

    Full Text Available Hardware security has become a hot topic recently with more and more researchers from related research domains joining this area. However, the understanding of hardware security is often mixed with cybersecurity and cryptography, especially cryptographic hardware. For the same reason, the research scope of hardware security has never been clearly defined. To help researchers who have recently joined in this area better understand the challenges and tasks within the hardware security domain and to help both academia and industry investigate countermeasures and solutions to solve hardware security problems, we will introduce the key concepts of hardware security as well as its relations to related research topics in this survey paper. Emerging hardware security topics will also be clearly depicted through which the future trend will be elaborated, making this survey paper a good reference for the continuing research efforts in this area.

  18. DNS security management

    CERN Document Server

    Dooley, Michael

    2017-01-01

    An advanced Domain Name System (DNS) security resource that explores the operation of DNS, its vulnerabilities, basic security approaches, and mitigation strategies DNS Security Management offers an overall role-based security approach and discusses the various threats to the Domain Name Systems (DNS). This vital resource is filled with proven strategies for detecting and mitigating these all too frequent threats. The authors—noted experts on the topic—offer an introduction to the role of DNS and explore the operation of DNS. They cover a myriad of DNS vulnerabilities and include preventative strategies that can be implemented. Comprehensive in scope, the text shows how to secure DNS resolution with the Domain Name System Security Extensions (DNSSEC), DNS firewall, server controls, and much more. In addition, the text includes discussions on security applications facilitated by DNS, such as anti-spam, SFP, and DANE.

  19. Network security with openSSL cryptography for secure communications

    CERN Document Server

    Viega, John; Chandra, Pravir

    2002-01-01

    Most applications these days are at least somewhat network aware, but how do you protect those applications against common network security threats? Many developers are turning to OpenSSL, an open source version of SSL/TLS, which is the most widely used protocol for secure network communications.The OpenSSL library is seeing widespread adoption for web sites that require cryptographic functions to protect a broad range of sensitive information, such as credit card numbers and other financial transactions. The library is the only free, full-featured SSL implementation for C and C++, and it can be used programmatically or from the command line to secure most TCP-based network protocols.Network Security with OpenSSL enables developers to use this protocol much more effectively. Traditionally, getting something simple done in OpenSSL could easily take weeks. This concise book gives you the guidance you need to avoid pitfalls, while allowing you to take advantage of the library?s advanced features. And, inst...

  20. Aspects with Program Analysis for Security Policies

    DEFF Research Database (Denmark)

    Yang, Fan

    . This dissertation explores the principles of adding challenging security policies to existing systems with great flexibility and modularity. The policies concerned cover both classical access control and explicit information flow policies. We built our solution by combining aspect-oriented programming techniques......Enforcing security policies to IT systems, especially for a mobile distributed system, is challenging. As society becomes more IT-savvy, our expectations about security and privacy evolve. This is usually followed by changes in regulation in the form of standards and legislation. In many cases......, small modification of the security requirement might lead to substantial changes in a number of modules within a large mobile distributed system. Indeed, security is a crosscutting concern which can spread to many business modules within a system, and is difficult to be integrated in a modular way...