WorldWideScience

Sample records for stringent security requirements

  1. Flight Hardware Packaging Design for Stringent EMC Radiated Emission Requirements

    Science.gov (United States)

    Lortz, Charlene L.; Huang, Chi-Chien N.; Ravich, Joshua A.; Steiner, Carl N.

    2013-01-01

    This packaging design approach can help heritage hardware meet a flight project's stringent EMC radiated emissions requirement. The approach requires only minor modifications to a hardware's chassis and mainly concentrates on its connector interfaces. The solution is to raise the surface area where the connector is mounted by a few millimeters using a pedestal, and then wrapping with conductive tape from the cable backshell down to the surface-mounted connector. This design approach has been applied to JPL flight project subsystems. The EMC radiated emissions requirements for flight projects can vary from benign to mission critical. If the project's EMC requirements are stringent, the best approach to meet EMC requirements would be to design an EMC control program for the project early on and implement EMC design techniques starting with the circuit board layout. This is the ideal scenario for hardware that is built from scratch. Implementation of EMC radiated emissions mitigation techniques can mature as the design progresses, with minimal impact to the design cycle. The real challenge exists for hardware that is planned to be flown following a built-to-print approach, in which heritage hardware from a past project with a different set of requirements is expected to perform satisfactorily for a new project. With acceptance of heritage, the design would already be established (circuit board layout and components have already been pre-determined), and hence any radiated emissions mitigation techniques would only be applicable at the packaging level. The key is to take a heritage design with its known radiated emissions spectrum and repackage, or modify its chassis design so that it would have a better chance of meeting the new project s radiated emissions requirements.

  2. The rapidly evolving centromere-specific histone has stringent functional requirements in Arabidopsis thaliana.

    Science.gov (United States)

    Ravi, Maruthachalam; Kwong, Pak N; Menorca, Ron M G; Valencia, Joel T; Ramahi, Joseph S; Stewart, Jodi L; Tran, Robert K; Sundaresan, Venkatesan; Comai, Luca; Chan, Simon W-L

    2010-10-01

    Centromeres control chromosome inheritance in eukaryotes, yet their DNA structure and primary sequence are hypervariable. Most animals and plants have megabases of tandem repeats at their centromeres, unlike yeast with unique centromere sequences. Centromere function requires the centromere-specific histone CENH3 (CENP-A in human), which replaces histone H3 in centromeric nucleosomes. CENH3 evolves rapidly, particularly in its N-terminal tail domain. A portion of the CENH3 histone-fold domain, the CENP-A targeting domain (CATD), has been previously shown to confer kinetochore localization and centromere function when swapped into human H3. Furthermore, CENP-A in human cells can be functionally replaced by CENH3 from distantly related organisms including Saccharomyces cerevisiae. We have used cenh3-1 (a null mutant in Arabidopsis thaliana) to replace endogenous CENH3 with GFP-tagged variants. A H3.3 tail domain-CENH3 histone-fold domain chimera rescued viability of cenh3-1, but CENH3's lacking a tail domain were nonfunctional. In contrast to human results, H3 containing the A. thaliana CATD cannot complement cenh3-1. GFP-CENH3 from the sister species A. arenosa functionally replaces A. thaliana CENH3. GFP-CENH3 from the close relative Brassica rapa was targeted to centromeres, but did not complement cenh3-1, indicating that kinetochore localization and centromere function can be uncoupled. We conclude that CENH3 function in A. thaliana, an organism with large tandem repeat centromeres, has stringent requirements for functional complementation in mitosis.

  3. Waste management from reprocessing: a stringent regulatory requirements for high quality conditioned residues

    International Nuclear Information System (INIS)

    Bordier, J. C.; Greneche, D.; Devezeaux, J. G.; Dalcorso, J.

    2000-01-01

    Nuclear waste production and management in France is governed by safety requirements imposed to all operators. French nuclear safety relies on two basic principles: · Responsibility of the nuclear operator, which expands to waste generated, · Safety basic objectives issued by national Safety Authority. For a long time the regulatory framework for waste production and management has been satisfactorily applied and has benefited to each actor of the process. LLW/MLW and HLW nuclear waste are currently conditioned in safe matrices or packages either likely to be disposed in surface repositories or designed with the intention to be disposed underground according to their radioactive content. France is looking into the case of VLLW and has already carried out a design for future disposal, the design being in the pipe. Other types of waste (i. e. radium bearing waste, graphite, and tritium content waste) are also considered in the whole framework of French waste management. (author)

  4. Windows Security patch required

    CERN Multimedia

    3004-01-01

    This concerns Windows PCs (XP, 2000, NT) which are NOT centrally managed at CERN for security patches, e.g. home PCs, experiment PCs, portables,... A security hole which can give full privileges on Windows systems needs to be URGENTLY patched. Details of the security hole and hotfix are at: http://cern.ch/it-div/news/hotfix-MS03-026.asp http://www.microsoft.com/technet/security/bulletin/MS03-026.asp

  5. Security and trust requirements engineering

    NARCIS (Netherlands)

    Giorgini, P.; Massacci, F.; Zannone, N.; Aldini, A.; Gorrieri, R.; Martinelli, F.

    2005-01-01

    Integrating security concerns throughout the whole software development process is one of today’s challenges in software and requirements engineering research. A challenge that so far has proved difficult to meet. The major difficulty is that providing security does not only require to solve

  6. Capturing security requirements for software systems.

    Science.gov (United States)

    El-Hadary, Hassan; El-Kassas, Sherif

    2014-07-01

    Security is often an afterthought during software development. Realizing security early, especially in the requirement phase, is important so that security problems can be tackled early enough before going further in the process and avoid rework. A more effective approach for security requirement engineering is needed to provide a more systematic way for eliciting adequate security requirements. This paper proposes a methodology for security requirement elicitation based on problem frames. The methodology aims at early integration of security with software development. The main goal of the methodology is to assist developers elicit adequate security requirements in a more systematic way during the requirement engineering process. A security catalog, based on the problem frames, is constructed in order to help identifying security requirements with the aid of previous security knowledge. Abuse frames are used to model threats while security problem frames are used to model security requirements. We have made use of evaluation criteria to evaluate the resulting security requirements concentrating on conflicts identification among requirements. We have shown that more complete security requirements can be elicited by such methodology in addition to the assistance offered to developers to elicit security requirements in a more systematic way.

  7. Capturing security requirements for software systems

    Directory of Open Access Journals (Sweden)

    Hassan El-Hadary

    2014-07-01

    Full Text Available Security is often an afterthought during software development. Realizing security early, especially in the requirement phase, is important so that security problems can be tackled early enough before going further in the process and avoid rework. A more effective approach for security requirement engineering is needed to provide a more systematic way for eliciting adequate security requirements. This paper proposes a methodology for security requirement elicitation based on problem frames. The methodology aims at early integration of security with software development. The main goal of the methodology is to assist developers elicit adequate security requirements in a more systematic way during the requirement engineering process. A security catalog, based on the problem frames, is constructed in order to help identifying security requirements with the aid of previous security knowledge. Abuse frames are used to model threats while security problem frames are used to model security requirements. We have made use of evaluation criteria to evaluate the resulting security requirements concentrating on conflicts identification among requirements. We have shown that more complete security requirements can be elicited by such methodology in addition to the assistance offered to developers to elicit security requirements in a more systematic way.

  8. Capturing security requirements for software systems

    Science.gov (United States)

    El-Hadary, Hassan; El-Kassas, Sherif

    2014-01-01

    Security is often an afterthought during software development. Realizing security early, especially in the requirement phase, is important so that security problems can be tackled early enough before going further in the process and avoid rework. A more effective approach for security requirement engineering is needed to provide a more systematic way for eliciting adequate security requirements. This paper proposes a methodology for security requirement elicitation based on problem frames. The methodology aims at early integration of security with software development. The main goal of the methodology is to assist developers elicit adequate security requirements in a more systematic way during the requirement engineering process. A security catalog, based on the problem frames, is constructed in order to help identifying security requirements with the aid of previous security knowledge. Abuse frames are used to model threats while security problem frames are used to model security requirements. We have made use of evaluation criteria to evaluate the resulting security requirements concentrating on conflicts identification among requirements. We have shown that more complete security requirements can be elicited by such methodology in addition to the assistance offered to developers to elicit security requirements in a more systematic way. PMID:25685514

  9. 42 CFR 3.106 - Security requirements.

    Science.gov (United States)

    2010-10-01

    ... ORGANIZATIONS AND PATIENT SAFETY WORK PRODUCT PSO Requirements and Agency Procedures § 3.106 Security requirements. (a) Application. A PSO must secure patient safety work product in conformance with the security... the confidentiality and security of patient safety work product. (2) Distinguishing patient safety...

  10. Security measures required for HIPAA privacy.

    Science.gov (United States)

    Amatayakul, M

    2000-01-01

    HIPAA security requirements include administrative, physical, and technical services and mechanisms to safeguard confidentiality, availability, and integrity of health information. Security measures, however, must be implemented in the context of an organization's privacy policies. Because HIPAA's proposed privacy rules are flexible and scalable to account for the nature of each organization's business, size, and resources, each organization will be determining its own privacy policies within the context of the HIPAA requirements and its security capabilities. Security measures cannot be implemented in a vacuum.

  11. Information technology - Security techniques - Information security management systems - Requirements

    CERN Document Server

    International Organization for Standardization. Geneva

    2005-01-01

    ISO/IEC 27001:2005 covers all types of organizations (e.g. commercial enterprises, government agencies, not-for profit organizations). ISO/IEC 27001:2005 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization's overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof. ISO/IEC 27001:2005 is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties. ISO/IEC 27001:2005 is intended to be suitable for several different types of use, including the following: use within organizations to formulate security requirements and objectives; use within organizations as a way to ensure that security risks are cost effectively managed; use within organizations to ensure comp...

  12. Getting Grip on Security Requirements Elicitation by Structuring and Reusing Security Requirements Sources

    Directory of Open Access Journals (Sweden)

    Christian Schmitt

    2015-07-01

    Full Text Available This paper presents a model for structuring and reusing security requirements sources. The model serves as blueprint for the development of an organization-specific repository, which provides relevant security requirements sources, such as security information and knowledge sources and relevant compliance obligations, in a structured and reusable form. The resulting repository is intended to be used by development teams during the elicitation and analysis of security requirements with the goal to understand the security problem space, incorporate all relevant requirements sources, and to avoid unnecessary effort for identifying, understanding, and correlating applicable security requirements sources on a project-wise basis. We start with an overview and categorization of important security requirements sources, followed by the description of the generic model. To demonstrate the applicability and benefits of the model, the instantiation approach and details of the resulting repository of security requirements sources are presented.

  13. Cloud Security Requirements - A checklist with security and privacy requirements for public cloud services

    OpenAIRE

    Bernsmed, Karin; Meland, Per Håkon; Jaatun, Martin Gilje

    2015-01-01

    - This document contains a checklist that can be used to develop or evaluate security and privacy requirements for Cloud computing services. The content has been gathered from established industry standards and best practices, supplemented with requirements from European data protection legislation, and taking into account security issues identified in recent research on Cloud security. The document is intended to be used by potential cloud customers that need to assess the security of a c...

  14. Security Requirements – Analysis of the Issue

    Directory of Open Access Journals (Sweden)

    Jhon Vincent

    2013-12-01

    Full Text Available Needs about security are matters little taken into account when managing requirements engineering , and when considered in the life cycle of the system , they tend to become a general list of functions, as password of protection , firewalls , virus detection tools , and other similar. But in fact, they cannot be considered as requirements of security, because they are implementation mechanisms to try to meet unspecified requirements, as an authenticated access. As a result, the security requirements for the system are ignored, which are required to protect essential services and assets, besides, when are specified, is not considered the prospect of future attacks. This paper describes the need for a systematic approach to managing security requirements engineering, in order to help avoid the problem of generic lists and take into account the future perspective. Several related approaches are described and also are provided references additional material that can help requirements engineers to ensure that their products be taken into account, effectively , the security requirements.

  15. Cloud computing security requirements: a systematic review

    NARCIS (Netherlands)

    Iankoulova, Iliana; Daneva, Maia; Rolland, C; Castro, J.; Pastor, O

    Many publications have dealt with various types of security requirements in cloud computing but not all types have been explored in sufficient depth. It is also hard to understand which types of requirements have been under-researched and which are most investigated. This paper's goal is to provide

  16. Argumentation-Based Security Requirements Elicitation: The Next Round

    NARCIS (Netherlands)

    Ionita, Dan; Bullee, Jan-Willem; Wieringa, Roelf J.

    2014-01-01

    Information Security Risk Assessment can be viewed as part of requirements engineering because it is used to translate security goals into security requirements, where security requirements are the desired system properties that mitigate threats to security goals. To improve the defensibility of

  17. Security Requirements Management in Software Product Line Engineering

    Science.gov (United States)

    Mellado, Daniel; Fernández-Medina, Eduardo; Piattini, Mario

    Security requirements engineering is both a central task and a critical success factor in product line development due to the complexity and extensive nature of product lines. However, most of the current product line practices in requirements engineering do not adequately address security requirements engineering. Therefore, in this chapter we will propose a security requirements engineering process (SREPPLine) driven by security standards and based on a security requirements decision model along with a security variability model to manage the variability of the artefacts related to security requirements. The aim of this approach is to deal with security requirements from the early stages of the product line development in a systematic way, in order to facilitate conformance with the most relevant security standards with regard to the management of security requirements, such as ISO/IEC 27001 and ISO/IEC 15408.

  18. 48 CFR 52.204-2 - Security Requirements.

    Science.gov (United States)

    2010-10-01

    ... Agreement (DD Form 441), including the National Industrial Security Program Operating Manual (DOD 5220.22-M... 48 Federal Acquisition Regulations System 2 2010-10-01 2010-10-01 false Security Requirements. 52....204-2 Security Requirements. As prescribed in 4.404(a), insert the following clauses: Security...

  19. 49 CFR 236.1033 - Communications and security requirements.

    Science.gov (United States)

    2010-10-01

    ... Train Control Systems § 236.1033 Communications and security requirements. (a) All wireless... 49 Transportation 4 2010-10-01 2010-10-01 false Communications and security requirements. 236.1033... exceeding the security strength required to protect the data as defined in the railroad's PTCSP and required...

  20. 49 CFR 659.21 - System security plan: general requirements.

    Science.gov (United States)

    2010-10-01

    ... 49 Transportation 7 2010-10-01 2010-10-01 false System security plan: general requirements. 659.21... State Oversight Agency § 659.21 System security plan: general requirements. (a) The oversight agency shall require the rail transit agency to implement a system security plan that, at a minimum, complies...

  1. Pattern and security requirements engineering-based establishment of security standards

    CERN Document Server

    Beckers, Kristian

    2015-01-01

    Security threats are a significant problem for information technology companies today. This book focuses on how to mitigate these threats by using security standards and provides ways to address associated problems faced by engineers caused by ambiguities in the standards. The security standards are analysed, fundamental concepts of the security standards presented, and the relations to the elementary concepts of security requirements engineering (SRE) methods explored. Using this knowledge, engineers can build customised methods that support the establishment of security standards. Standard

  2. General Approaches and Requirements on Safety and Security of Radioactive Materials Transport in Russian Federation

    International Nuclear Information System (INIS)

    Ershov, V.N.; Buchel'nikov, A.E.; Komarov, S.V.

    2016-01-01

    Development and implementation of safety and security requirements for transport of radioactive materials in the Russian Federation are addressed. At the outset it is worth noting that the transport safety requirements implemented are in full accordance with the IAEA's ''Regulations for the Safe Transport of Radioactive Material (2009 Edition)''. However, with respect to security requirements for radioactive material transport in some cases the Russian Federation requirements for nuclear material are more stringent compared to IAEA recommendations. The fundamental principles of safety and security of RM managements, recommended by IAEA documents (publications No. SF-1 and GOV/41/2001) are compared. Its correlation and differences concerning transport matters, the current level and the possibility of harmonization are analysed. In addition a reflection of the general approaches and concrete transport requirements is being evaluated. Problems of compliance assessment, including administrative and state control problems for safety and security provided at internal and international shipments are considered and compared. (author)

  3. 20 CFR 209.3 - Social security number required.

    Science.gov (United States)

    2010-04-01

    ... 20 Employees' Benefits 1 2010-04-01 2010-04-01 false Social security number required. 209.3... RAILROAD EMPLOYERS' REPORTS AND RESPONSIBILITIES § 209.3 Social security number required. Each employer shall furnish to the Board a social security number for each employee for whom any report is submitted...

  4. SecureCore Software Architecture: Trusted Path Application (TPA) Requirements

    National Research Council Canada - National Science Library

    Clark, Paul C; Irvine, Cynthia E; Levin, Timothy E; Nguyen, Thuy D; Vidas, Timothy M

    2007-01-01

    .... The purpose of the SecureCore research project is to investigate fundamental architectural features required for the trusted operation of mobile computing devices so the security is built-in, transparent and flexible...

  5. 48 CFR 1352.237-72 - Security processing requirements-national security contracts.

    Science.gov (United States)

    2010-10-01

    ... requirements-national security contracts. 1352.237-72 Section 1352.237-72 Federal Acquisition Regulations... Provisions and Clauses 1352.237-72 Security processing requirements—national security contracts. As prescribed in 48 CFR 1337.110-70(d), use the following clause: Security Processing Requirements—National...

  6. 7 CFR 764.355 - Security requirements.

    Science.gov (United States)

    2010-01-01

    ... through the use of marketing contracts, hedging, options, or other revenue protection mechanisms, and includes a marketing plan or similar risk management practice; (3) The applicant has had positive net cash... applicant has pledged as security for the loan all available personal and business security, except as...

  7. 48 CFR 1337.110-70 - Personnel security processing requirements.

    Science.gov (United States)

    2010-10-01

    ... information technology (IT) system, as required by the Department of Commerce Security Manual and Department of Commerce Security Program Policy and Minimum Implementation Standards. (b) Insert clause 1352.237... as National Security Contracts that will be performed on or within a Department of Commerce facility...

  8. A vulnerability-centric requirements engineering framework : Analyzing security attacks, countermeasures, and requirements based on vulnerabilities

    NARCIS (Netherlands)

    Elahi, G.; Yu, E.; Zannone, N.

    2010-01-01

    Many security breaches occur because of exploitation of vulnerabilities within the system. Vulnerabilities are weaknesses in the requirements, design, and implementation, which attackers exploit to compromise the system. This paper proposes a methodological framework for security requirements

  9. Security requirements engineering : the SI* modeling language and the Secure Tropos methodology

    NARCIS (Netherlands)

    Massacci, F.; Mylopoulos, J.; Zannone, N.; Ras, Z.W.; Tsay, L.-S.

    2010-01-01

    Security Requirements Engineering is an emerging field which lies at the crossroads of Security and Software Engineering. Much research has focused on this field in recent years, spurred by the realization that security must be dealt with in the earliest phases of the software development process as

  10. Core security requirements of DRM systems

    NARCIS (Netherlands)

    Jonker, H.L.; Mauw, S.; Satish, D.

    2008-01-01

    The use of Digital Rights Management (DRM) systems involves several stakeholders, such as the content provider, the license provider and the user, each having their own incentives to use the system. Proper use of the system implies that these incentives can only be met if certain security

  11. 7 CFR 3550.108 - Security requirements (loans only).

    Science.gov (United States)

    2010-01-01

    ... 7 Agriculture 15 2010-01-01 2010-01-01 false Security requirements (loans only). 3550.108 Section..., DEPARTMENT OF AGRICULTURE DIRECT SINGLE FAMILY HOUSING LOANS AND GRANTS Section 504 Origination and Section 306C Water and Waste Disposal Grants § 3550.108 Security requirements (loans only). When the total...

  12. Security and Privacy in Video Surveillance: Requirements and Challenges

    DEFF Research Database (Denmark)

    Mahmood Rajpoot, Qasim; Jensen, Christian D.

    2014-01-01

    observed by the system. Several techniques to protect the privacy of individuals have therefore been proposed, but very little research work has focused on the specific security requirements of video surveillance data (in transit or in storage) and on authorizing access to this data. In this paper, we...... present a general model of video surveillance systems that will help identify the major security and privacy requirements for a video surveillance system and we use this model to identify practical challenges in ensuring the security of video surveillance data in all stages (in transit and at rest). Our...... study shows a gap between the identified security requirements and the proposed security solutions where future research efforts may focus in this domain....

  13. Analyzing and Specifying Reusable Security Requirements

    Science.gov (United States)

    2003-09-01

    avionics applications and ecommerce applications need to specify levels of identification, authentication, authorization, integrity, privacy , etc. At...sections specifying functional requirements. Thus, the functional requirements for an embedded avionics application and an ecommerce website may have... Privacy (a.k.a., confidentiality), which is the degree to which sensitive data and communications are kept private from unauthorized individuals and

  14. Information security requirements in patient-centred healthcare support systems.

    Science.gov (United States)

    Alsalamah, Shada; Gray, W Alex; Hilton, Jeremy; Alsalamah, Hessah

    2013-01-01

    Enabling Patient-Centred (PC) care in modern healthcare requires the flow of medical information with the patient between different healthcare providers as they follow the patient's treatment plan. However, PC care threatens the stability of the balance of information security in the support systems since legacy systems fall short of attaining a security balance when sharing their information due to compromises made between its availability, integrity, and confidentiality. Results show that the main reason for this is that information security implementation in discrete legacy systems focused mainly on information confidentiality and integrity leaving availability a challenge in collaboration. Through an empirical study using domain analysis, observations, and interviews, this paper identifies a need for six information security requirements in legacy systems to cope with this situation in order to attain the security balance in systems supporting PC care implementation in modern healthcare.

  15. How to Compare the Security Quality Requirements Engineering (SQUARE) Method with Other Methods

    National Research Council Canada - National Science Library

    Mead, Nancy R

    2007-01-01

    The Security Quality Requirements Engineering (SQUARE) method, developed at the Carnegie Mellon Software Engineering Institute, provides a systematic way to identify security requirements in a software development project...

  16. 21 CFR 1301.71 - Security requirements generally.

    Science.gov (United States)

    2010-04-01

    ... 21 Food and Drugs 9 2010-04-01 2010-04-01 false Security requirements generally. 1301.71 Section 1301.71 Food and Drugs DRUG ENFORCEMENT ADMINISTRATION, DEPARTMENT OF JUSTICE REGISTRATION OF..., cooperative buying, etc.); (2) The type and form of controlled substances handled (e.g., bulk liquids or...

  17. 31 CFR 203.21 - Collateral security requirements.

    Science.gov (United States)

    2010-07-01

    ... 31 Money and Finance: Treasury 2 2010-07-01 2010-07-01 false Collateral security requirements. 203.21 Section 203.21 Money and Finance: Treasury Regulations Relating to Money and Finance (Continued... hereunder; or (iv) The depositary is closed for business by regulatory action or by proper corporate action...

  18. Security Requirements for New Threats at International Airports

    Directory of Open Access Journals (Sweden)

    Gabriel Nowacki

    2018-03-01

    Full Text Available The paper refers to security requirements for new threats international airports, taking specifically into consideration current challenges within processing of passengers, in light of types of current major threats, in a way ensuring positive passenger experience within their journey. In addition, within the scope of this paper, presented initial outcome of study research among professional aviation stakeholder?s environment, on current threats in the area of security and protection of airport infrastructure. The airports are a very demanding environment: seasonal traffic, fluctuating passenger volumes and last minute changes mean there is a lot of flexibility required in order to meet specific needs of airport authorities and their clients or the passengers (Dolnik, 2009. Therefore, security in aviation sector has been a big issue for civil aviation authorities, as airports are susceptible targets for terrorist attacks. The list of incidents is extensive and gets longer every year despite strict security measures. Within decades, aviation has become the backbone of our global economy bringing people to business, tourists to vacation destinations and products to markets. Statistically flying remains the safest mode of travelling compared to other modes of transportation. However, simultaneously terrorists and criminals continue in their quest to explore new ways of disrupting air transportation and the challenge to secure airports and airline assets remain real. This calls for greater awareness of security concerns in the aviation sector. The key element, how to protects against terrorist modus operandi, is to stay ahead of recent threats, incidents and breaches occurring worldwide. It requires implementation of effective data sharing systems, in order to proactively monitor potential risks and vulnerabilities within different type of aviation ecosystems.

  19. 77 FR 63849 - Facility Security Officer Training Requirements; Correction

    Science.gov (United States)

    2012-10-17

    ... DEPARTMENT OF HOMELAND SECURITY Coast Guard [Docket No. USCG-2012-0908] Facility Security Officer... comments on the development of a Facility Security Officer training program. The notice contains an inaccurate Internet link to RSVP for the public meeting. DATES: The notice of public meeting; request for...

  20. 77 FR 61771 - Facility Security Officer Training Requirements

    Science.gov (United States)

    2012-10-11

    ... following: (1) Draft model FSO training course; (2) Computer-based training and distance learning; (3... DEPARTMENT OF HOMELAND SECURITY Coast Guard [Docket No. USCG-2012-0908] Facility Security Officer... Security Officer training program, with the primary focus on developing the curriculum for such a program...

  1. 17 CFR 41.21 - Requirements for underlying securities.

    Science.gov (United States)

    2010-04-01

    ... underlying security is: (i) Common stock, (ii) Such other equity security as the Commission and the SEC jointly deem appropriate, or (iii) A note, bond, debenture, or evidence of indebtedness; and (3) The... Exchange Act of 1934; (3) The securities in the index are: (i) Common stock, (ii) Such other equity...

  2. What Isn't Working and New Requirements. The Need to Harmonize Safety and Security Requirements

    International Nuclear Information System (INIS)

    Flory, D.

    2011-01-01

    The year 2011 marks the 50th anniversary of the first IAEA regulations governing the transport of radioactive material. However transport safety at the IAEA obviously predates this, since the regulations took time to develop. In 1957, GC. 1/1 already states: 'The Agency should undertake studies with a view to the establishment of regulations relating to the international transportation of radioactive materials. ...'. And goes further: 'The transport of radioisotopes and radiation sources has brought to light many problems and involves the need for uniform packaging and shipping regulations ... facilitate the acceptance of such materials by sea and air carriers'. This conference reiterates the challenge given then through the sub-title 'The next fifty years - Creating a Safe, Secure and Sustainable Framework'. Looking back, we can see that the sustainable framework was a goal in 1957, where radioactive material could be transported should it be desired. Since these early days we have added to safety the need to ensure security. However we still see the same calls today to eradicate denial of shipment, which might suggest we have not progressed. But the picture today is very different - we have today well established requirements for safe transport of radioactive material, and the recommendations for security in transport are coming of age for all radioactive materials. The outstanding issue would seem to be harmonisation, not just between safety and security in IAEA documents, but also harmonisation between Member States.

  3. A Business Goal Driven Approach for Understanding and Specifying Information Security Requirements

    NARCIS (Netherlands)

    Su, X.; Bolzoni, D.; van Eck, Pascal

    In this paper we present an approach for specifying and prioritizing information security requirements in organizations. It is important to prioritize security requirements since hundred per cent security is not achievable and the limited resources available should be directed to satisfy the most

  4. 19 CFR 113.1 - Authority to require security or execution of bond.

    Science.gov (United States)

    2010-04-01

    ... 19 Customs Duties 1 2010-04-01 2010-04-01 false Authority to require security or execution of bond. 113.1 Section 113.1 Customs Duties U.S. CUSTOMS AND BORDER PROTECTION, DEPARTMENT OF HOMELAND SECURITY; DEPARTMENT OF THE TREASURY CUSTOMS BONDS General Provisions § 113.1 Authority to require security or...

  5. What Isn’t Working and New Requirements. The Need to Harmonize Safety and Security Requirements

    International Nuclear Information System (INIS)

    Flory, D.

    2016-01-01

    This paper sets out the key issues for consideration at the transport conference. It will introduce each of the aspects of the framework for safe, secure and sustainable transport, building on the description of the existing situation presented in Session 1A. It will discuss purpose of the IAEA framework, and examine the scientific basis, the IAEA recommendations and requirements, the UN interface, the use of conventions, national implementation, industry compliance, communication and information, response and restoration. It will also look at the activities and related requirements outside of transport which could influence the transport frameworks either in a positive or negative manner. (author)

  6. On Business-Driven IT Security Management and Mismatches between Security Requirements in Firms, Industry Standards and Research Work

    Science.gov (United States)

    Frühwirth, Christian

    Industry managers have long recognized the vital importance of information security for their businesses, but at the same time they perceived security as a technology-driven rather then a business-driven field. Today, this notion is changing and security management is shifting from technology- to business-oriented approaches. Whereas there is evidence of this shift in the literature, this paper argues that security standards and academic work have not yet taken it fully into account. We examine whether this disconnect has lead to a misalignment of IT security requirements in businesses versus industry standards and academic research. We conducted 13 interviews with practitioners from 9 different firms to investigate this question. The results present evidence for a significant gap between security requirements in industry standards and actually reported security vulnerabilities. We further find mismatches between the prioritization of security factors in businesses, standards and real-world threats. We conclude that security in companies serves the business need of protecting information availability to keep the business running at all times.

  7. Risk and business goal based security requirement and countermeasure prioritization

    NARCIS (Netherlands)

    Herrmann, A.; Morali, A.; Etalle, S.; Wieringa, R.J.; Niedrite, L.; Strazdina, R.; Wangler, B.

    2012-01-01

    Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement "good-enough security" but need to be able to justify their security investment plans. Currently companies achieve this by means of

  8. 33 CFR 105.305 - Facility Security Assessment (FSA) requirements.

    Science.gov (United States)

    2010-07-01

    ... evacuation routes and assembly stations; and (viii) Existing security and safety equipment for protection of... protection systems; (iv) Procedural policies; (v) Radio and telecommunication systems, including computer... 33 Navigation and Navigable Waters 1 2010-07-01 2010-07-01 false Facility Security Assessment (FSA...

  9. 78 FR 77606 - Security Requirements for Facilities Storing Spent Nuclear Fuel

    Science.gov (United States)

    2013-12-24

    ... NUCLEAR REGULATORY COMMISSION 10 CFR Parts 72 and 73 [NRC-2009-0558] RIN 3150-AI78 Security... rulemaking that would revise the security requirements for storing spent nuclear fuel (SNF) in an independent... Nuclear Security and Incident Response, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001...

  10. 75 FR 65881 - Ownership Limitations and Governance Requirements for Security-Based Swap Clearing Agencies...

    Science.gov (United States)

    2010-10-26

    ... it determines they are necessary or appropriate to improve the governance of, or to mitigate systemic... Part IV Securities and Exchange Commission 17 CFR Part 242 Ownership Limitations and Governance... Ownership Limitations and Governance Requirements for Security- Based Swap Clearing Agencies, Security-Based...

  11. RiskREP: Risk-Based Security Requirements Elicitation and Prioritization (extended version)

    NARCIS (Netherlands)

    Herrmann, Andrea; Morali, A.

    2010-01-01

    Today, companies are required to be in control of the security of their IT assets. This is especially challenging in the presence of limited budgets and conflicting requirements. Here, we present Risk-Based Requirements Elicitation and Prioritization (RiskREP), a method for managing IT security

  12. Risk and Business Goal Based Security Requirement and Countermeasure Prioritization

    OpenAIRE

    Herrmann, Andrea; Morali, A.; Etalle, Sandro; Wieringa, Roelf J.; Niedrite, Laila; Strazdina, Renate; Wangler, Benkt

    2012-01-01

    Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement “good-enough security‿ but need to be able to justify their security investment plans. Currently companies achieve this by means of checklist-based security assessments, but these methods are a way to achieve consensus without being able to provide justifications of countermeasures in terms of business goals. But such justificat...

  13. The Arctic Region: A Requirement for New Security Architecture?

    Science.gov (United States)

    2013-03-01

    cooperation and mutually beneficial partnerships . Denmark’s security policy states that existing international law and established forums of cooperation...increase leadership in multinational forum and, develop comprehensive partnerships without the need to create a new security organization. Figure 3...Arctic region. Endnotes 1 Government of Canada, “Canada’s Arctic foreign policy” (Ottawa, Canada, 2007), 2. 2 WWF Global, “Arctic oil and gas”, http

  14. How to integrate legal requirements into a requirements engineering methodology for the development of security and privacy patterns

    NARCIS (Netherlands)

    Compagna, L.; El Khoury, P.; Krausová, A.; Massacci, F.; Zannone, N.

    2009-01-01

    Laws set requirements that force organizations to assess the security and privacy of their IT systems and impose them to implement minimal precautionary security measures. Several IT solutions (e.g., Privacy Enhancing Technologies, Access Control Infrastructure, etc.) have been proposed to address

  15. Automated analysis of security requirements through risk-based argumentation

    NARCIS (Netherlands)

    Yu, Yijun; Nunes Leal Franqueira, V.; Tun, Thein Tan; Wieringa, Roelf J.; Nuseibeh, Bashar

    2015-01-01

    Computer-based systems are increasingly being exposed to evolving security threats, which often reveal new vulnerabilities. A formal analysis of the evolving threats is difficult due to a number of practical considerations such as incomplete knowledge about the design, limited information about

  16. Risk and Business Goal Based Security Requirement and Countermeasure Prioritization

    NARCIS (Netherlands)

    Herrmann, Andrea; Morali, A.; Etalle, Sandro; Wieringa, Roelf J.; Niedrite, Laila; Strazdina, Renate; Wangler, Benkt

    Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement “good-enough security‿ but need to be able to justify their security investment plans. Currently companies achieve this by means of

  17. 21 CFR 1309.71 - General security requirements.

    Science.gov (United States)

    2010-04-01

    ... I chemicals handled; (2) The location of the premises and the relationship such location bears on... employees having access to List I chemicals; (7) The procedures for handling business guests, visitors... materials and plans regarding the proposed security controls and procedures either to the Special Agent in...

  18. Security in transnational interoperable PPDR communications: Threats and requirements

    NARCIS (Netherlands)

    Ferrús, R.; Sallent, O.; Verkoelen, C.; Fransen, F.; Saijonmaa, J.; Olivieri, C.; Duits, M.; Galin, A.; Pangallo, F.; Modi, D.P.

    2015-01-01

    The relevance of cross border security operations has been identified as a priority at European level for a long time. A European network where Public Protection and Disaster Relief (PPDR) forces share communications processes and a legal framework would greatly enforce response to disaster recovery

  19. WIRELESS SENSOR NETWORKS – ARCHITECTURE, SECURITY REQUIREMENTS, SECURITY THREATS AND ITS COUNTERMEASURES

    OpenAIRE

    Ranjit Panigrahi; Kalpana Sharma; M.K. Ghose

    2013-01-01

    Wireless Sensor Network (WSN) has a huge range of applications such as battlefield, surveillance, emergency rescue operation and smart home technology etc. Apart from its inherent constraints such as limited memory and energy resources, when deployed in hostile environmental conditions, the sensor nodes are vulnerable to physical capture and other security constraints. These constraints put security as a major challenge for the researchers in the field of computer networking. T...

  20. 14 CFR 1274.937 - Security requirements for unclassified information technology resources.

    Science.gov (United States)

    2010-01-01

    ... information technology resources. 1274.937 Section 1274.937 Aeronautics and Space NATIONAL AERONAUTICS AND... Conditions § 1274.937 Security requirements for unclassified information technology resources. Security Requirements for Unclassified Information Technology Resources July 2002 (a) The Recipient shall be responsible...

  1. 48 CFR 1804.470 - Security requirements for unclassified information technology (IT) resources.

    Science.gov (United States)

    2010-10-01

    ... 48 Federal Acquisition Regulations System 6 2010-10-01 2010-10-01 true Security requirements for unclassified information technology (IT) resources. 1804.470 Section 1804.470 Federal Acquisition Regulations... Classified Information Within Industry 1804.470 Security requirements for unclassified information technology...

  2. 7 CFR 771.9 - Interest rates, terms, security requirements, and repayment.

    Science.gov (United States)

    2010-01-01

    ... 7 Agriculture 7 2010-01-01 2010-01-01 false Interest rates, terms, security requirements, and... Interest rates, terms, security requirements, and repayment. (a) Interest rate. The interest rate will be fixed for the term of the loan. The rate will be established by FSA, based upon the cost of Government...

  3. 7 CFR 773.19 - Interest rate, terms, security requirements, and repayment.

    Science.gov (United States)

    2010-01-01

    ... 7 Agriculture 7 2010-01-01 2010-01-01 false Interest rate, terms, security requirements, and... SERVICE AGENCY, DEPARTMENT OF AGRICULTURE SPECIAL PROGRAMS SPECIAL APPLE LOAN PROGRAM § 773.19 Interest rate, terms, security requirements, and repayment. (a) Interest rate. The interest rate will be fixed...

  4. 7 CFR 774.18 - Interest rate, terms and security requirements.

    Science.gov (United States)

    2010-01-01

    ... 7 Agriculture 7 2010-01-01 2010-01-01 false Interest rate, terms and security requirements. 774.18..., DEPARTMENT OF AGRICULTURE SPECIAL PROGRAMS EMERGENCY LOAN FOR SEED PRODUCERS PROGRAM § 774.18 Interest rate, terms and security requirements. (a) Interest rate. (1) The interest rate on the loan will be zero...

  5. 28 CFR 105.11 - Individuals not requiring a security risk assessment.

    Science.gov (United States)

    2010-07-01

    ... requiring a security risk assessment. (a) Citizens and nationals of the United States. A citizen or national... 28 Judicial Administration 2 2010-07-01 2010-07-01 false Individuals not requiring a security risk assessment. 105.11 Section 105.11 Judicial Administration DEPARTMENT OF JUSTICE (CONTINUED) CRIMINAL HISTORY...

  6. 12 CFR 208.35 - Qualification requirements for transactions in certain securities. [Reserved

    Science.gov (United States)

    2010-01-01

    ... requirements for transactions in certain securities. [Reserved] ... 12 Banks and Banking 2 2010-01-01 2010-01-01 false Qualification requirements for transactions in certain securities. [Reserved] 208.35 Section 208.35 Banks and Banking FEDERAL RESERVE SYSTEM BOARD OF...

  7. Implementing Cyber Security Requirements and Mechanisms in Microgrids

    OpenAIRE

    Mohan , Apurva; Khurana , Himanshu

    2015-01-01

    Part 4: INFRASTRUCTURE SECURITY; International audience; A microgrid is a collection of distributed energy resources, storage and loads under common coordination and control that provides a single functional interface to enable its management as a single unit. Microgrids provide several advantages such as power quality control, uninterrupted power supply and integration of renewable resources. However, microgrids are increasingly connected to the Internet for remote control and management, wh...

  8. The National Security Education Program and Its Service Requirement: An Exploratory Study of What Areas of Government and for What Duration National Security Education Program Recipients Have Worked

    Science.gov (United States)

    Comp, David J.

    2013-01-01

    The National Security Education Program, established under the National Security Education Act of 1991, has had a post-funding service requirement in the Federal Government for undergraduate scholarship and graduate fellowship recipients since its inception. The service requirement, along with the concern that the National Security Education…

  9. Critical water requirements for food, methodology and policy consequences for food security

    NARCIS (Netherlands)

    Gerbens-Leenes, P.W.; Nonhebel, S.

    2004-01-01

    Food security and increasing water scarcity have a dominant place on the food policy agenda. Food security requires sufficient water of adequate quality because water is a prerequisite for plant growth. Nowadays, agriculture accounts for 70% of the worldwide human fresh water use. The expected

  10. Leadership in organizations with high security and reliability requirements

    International Nuclear Information System (INIS)

    Gonzalez, F.

    2013-01-01

    Developing leadership skills in organizations is the key to ensure the sustainability of excellent results in industries with high requirements safety and reliability. In order to have a model of leadership development specific to this type of organizations, Tecnatom in 2011, we initiated a project internal, to find and adapt a competency model to these requirements.

  11. METHOD FOR SECURITY SPECIFICATION SOFTWARE REQUIREMENTS AS A MEANS FOR IMPLEMENTING A SOFTWARE DEVELOPMENT PROCESS SECURE - MERSEC

    Directory of Open Access Journals (Sweden)

    Castro Mecías, L.T.

    2015-06-01

    Full Text Available Often security incidents that have the object or use the software as a means of causing serious damage and legal, economic consequences, etc. Results of a survey by Kaspersky Lab reflectvulnerabilities in software are the main cause of security incidents in enterprises, the report shows that 85% of them have reported security incidents and vulnerabilities in software are the main reason is further estimated that incidents can cause significant losses estimated from 50,000 to $ 649.000. (1 In this regard academic and industry research focuses on proposals based on reducing vulnerabilities and failures of technology, with a positive influence on how the software is developed. A development process for improved safety practices and should include activities from the initial phases of the software; so that security needs are identified, manage risk and appropriate measures are implemented. This article discusses a method of analysis, acquisition and requirements specification of the software safety analysis on the basis of various proposals and deficiencies identified from participant observation in software development teams. Experiments performed using the proposed yields positive results regarding the reduction of security vulnerabilities and compliance with the safety objectives of the software.

  12. SecureCore Software Architecture: Trusted Path Application (TPA) Requirements

    National Research Council Canada - National Science Library

    Clark, Paul C; Irvine, Cynthia E; Levin, Timothy E; Nguyen, Thuy D; Vidas, Timothy M

    2007-01-01

    .... A high-level architecture is described to provide such features. In addition, a usage scenario is described for a potential use of the architecture, with emphasis on the trusted path, a non-spoofable user interface to the trusted components of the system. Detailed requirements for the trusted path are provided.

  13. Circuitry linking the Csr and stringent response global regulatory systems.

    Science.gov (United States)

    Edwards, Adrianne N; Patterson-Fortin, Laura M; Vakulskas, Christopher A; Mercante, Jeffrey W; Potrykus, Katarzyna; Vinella, Daniel; Camacho, Martha I; Fields, Joshua A; Thompson, Stuart A; Georgellis, Dimitris; Cashel, Michael; Babitzke, Paul; Romeo, Tony

    2011-06-01

    CsrA protein regulates important cellular processes by binding to target mRNAs and altering their translation and/or stability. In Escherichia coli, CsrA binds to sRNAs, CsrB and CsrC, which sequester CsrA and antagonize its activity. Here, mRNAs for relA, spoT and dksA of the stringent response system were found among 721 different transcripts that copurified with CsrA. Many of the transcripts that copurified with CsrA were previously determined to respond to ppGpp and/or DksA. We examined multiple regulatory interactions between the Csr and stringent response systems. Most importantly, DksA and ppGpp robustly activated csrB/C transcription (10-fold), while they modestly activated csrA expression. We propose that CsrA-mediated regulation is relieved during the stringent response. Gel shift assays confirmed high affinity binding of CsrA to relA mRNA leader and weaker interactions with dksA and spoT. Reporter fusions, qRT-PCR and immunoblotting showed that CsrA repressed relA expression, and (p)ppGpp accumulation during stringent response was enhanced in a csrA mutant. CsrA had modest to negligible effects on dksA and spoT expression. Transcription of dksA was negatively autoregulated via a feedback loop that tended to mask CsrA effects. We propose that the Csr system fine-tunes the stringent response and discuss biological implications of the composite circuitry. © Published 2011. This article is a US Government work and is in the public domain in the USA.

  14. Modeling the Non-functional Requirements in the Context of Usability, Performance, Safety and Security

    OpenAIRE

    Sadiq, Mazhar

    2007-01-01

    Requirement engineering is the most significant part of the software development life cycle. Until now great emphasis has been put on the maturity of the functional requirements. But with the passage of time it reveals that the success of software development does not only pertain to the functional requirements rather non-functional requirements should also be taken into consideration. Among the non-functional requirements usability, performance, safety and security are considered important. ...

  15. Privacy and data security in E-health: requirements from the user's perspective.

    Science.gov (United States)

    Wilkowska, Wiktoria; Ziefle, Martina

    2012-09-01

    In this study two currently relevant aspects of using medical assistive technologies were addressed-security and privacy. In a two-step empirical approach that used focus groups (n = 19) and a survey (n = 104), users' requirements for the use of medical technologies were collected and evaluated. Specifically, we focused on the perceived importance of data security and privacy issues. Outcomes showed that both security and privacy aspects play an important role in the successful adoption of medical assistive technologies in the home environment. In particular, analysis of data with respect to gender, health-status and age (young, middle-aged and old users) revealed that females and healthy adults require, and insist on, the highest security and privacy standards compared with males and the ailing elderly.

  16. Meeting the security requirements of electronic medical records in the ERA of high-speed computing.

    Science.gov (United States)

    Alanazi, H O; Zaidan, A A; Zaidan, B B; Kiah, M L Mat; Al-Bakri, S H

    2015-01-01

    This study has two objectives. First, it aims to develop a system with a highly secured approach to transmitting electronic medical records (EMRs), and second, it aims to identify entities that transmit private patient information without permission. The NTRU and the Advanced Encryption Standard (AES) cryptosystems are secured encryption methods. The AES is a tested technology that has already been utilized in several systems to secure sensitive data. The United States government has been using AES since June 2003 to protect sensitive and essential information. Meanwhile, NTRU protects sensitive data against attacks through the use of quantum computers, which can break the RSA cryptosystem and elliptic curve cryptography algorithms. A hybrid of AES and NTRU is developed in this work to improve EMR security. The proposed hybrid cryptography technique is implemented to secure the data transmission process of EMRs. The proposed security solution can provide protection for over 40 years and is resistant to quantum computers. Moreover, the technique provides the necessary evidence required by law to identify disclosure or misuse of patient records. The proposed solution can effectively secure EMR transmission and protect patient rights. It also identifies the source responsible for disclosing confidential patient records. The proposed hybrid technique for securing data managed by institutional websites must be improved in the future.

  17. Is ionizing radiation regulated more stringently than chemical carcinogens

    International Nuclear Information System (INIS)

    Travis, C.C.; Pack, S.R.; Hattemer-Frey, H.A.

    1989-01-01

    It is widely believed that United States government agencies regulate exposure to ionizing radiation more stringently than exposure to chemical carcinogens. It is difficult to verify this perception, however, because chemical carcinogens and ionizing radiation are regulated using vastly different strategies. Chemical carcinogens are generally regulated individually. Regulators consider the risk of exposure to one chemical rather than the cumulative radiation exposure from all sources. Moreover, standards for chemical carcinogens are generally set in terms of quantities released or resultant environmental concentrations, while standards for ionizing radiation are set in terms of dose to the human body. Since chemicals and ionizing radiation cannot be compared on the basis of equal dose to the exposed individual, standards regulating chemicals and ionizing radiation cannot be compared directly. It is feasible, however, to compare the two sets of standards on the basis of equal risk to the exposed individual, assuming that standards for chemicals and ionizing radiation are equivalent if estimated risk levels are equitable. This paper compares risk levels associated with current standards for ionizing radiation and chemical carcinogens. The authors do not attempt to determine whether either type of risk is regulated too stringently or not stringently enough but endeavor only to ascertain if ionizing radiation is actually regulated more strictly than chemical carcinogens

  18. 10 CFR 73.58 - Safety/security interface requirements for nuclear power reactors.

    Science.gov (United States)

    2010-01-01

    ... requirements for nuclear power reactors. (a) Each operating nuclear power reactor licensee with a license... 10 Energy 2 2010-01-01 2010-01-01 false Safety/security interface requirements for nuclear power reactors. 73.58 Section 73.58 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) PHYSICAL PROTECTION OF...

  19. Analysis of impact of noncompliance with physical-security requirements at nuclear facilities

    International Nuclear Information System (INIS)

    Green, J.N.

    1982-03-01

    Inspectors are required to analyze the impact of instances of noncompliance with physical security requirements at licensed nuclear facilities. A scoring procedure for components and a method for evaluating the effectiveness of the subsystems involved are proposed to reinforce an inspector's judgment about the remaining level of safeguards

  20. 78 FR 78470 - Registration and Financial Security Requirements for Freight Forwarders; International...

    Science.gov (United States)

    2013-12-26

    ...). See, e.g., Motor Carrier Financial Information Reporting Requirements-Request for Public Comments, 68...] Registration and Financial Security Requirements for Freight Forwarders; International Association of Movers... FURTHER INFORMATION CONTACT: Mr. Thomas Yager, Chief of Driver and Carrier Operations, (202) 366-4001 or...

  1. 13 CFR 107.1505 - Liquidity requirements for Licensees issuing Participating Securities.

    Science.gov (United States)

    2010-01-01

    ... 13 Business Credit and Assistance 1 2010-01-01 2010-01-01 false Liquidity requirements for... (Leverage) Participating Securities Leverage § 107.1505 Liquidity requirements for Licensees issuing... liquidity to avoid a condition of Liquidity Impairment. Such a condition will constitute noncompliance with...

  2. Using a security requirements engineering methodology in practice: The compliance with the Italian data protection legislation

    NARCIS (Netherlands)

    Massacci, F.; Prest, M.; Zannone, N.

    2005-01-01

    Extending Requirements Engineering modelling and formal analysis methodologies to cope with Security Requirements has been a major effort in the past decade. Yet, only few works describe complex case studies that show the ability of the informal and formal approaches to cope with the level

  3. Comparison of the Force Required for Dislodgement Between Secured and Unsecured Airways.

    Science.gov (United States)

    Davenport, Curtis; Martin-Gill, Christian; Wang, Henry E; Mayrose, James; Carlson, Jestin N

    2018-05-01

    Airway device placement and maintenance are of utmost importance when managing critically ill patients. The best method to secure airway devices is currently unknown. We sought to determine the force required to dislodge 4 types of airways with and without airway securing devices. We performed a prospective study using 4 commonly used airway devices (endotracheal tube [ETT], laryngeal mask airway [LMA], King laryngeal tube [King], and iGel) performed on 5 different mannequin models. All devices were removed twice per mannequin in random order, once unsecured and once secured as per manufacturers' recommendations; Thomas Tube Holder (Laerdal, Stavanger, Norway) for ETT, LMA, and King; custom tube holder for iGel. A digital force measuring device was attached to the exposed end of the airway device and gradually pulled vertically and perpendicular to the mannequin until the tube had been dislodged, defined as at least 4 cm of movement. Dislodgement force was reported as the maximum force recorded during dislodgement. We compared the relative difference in the secured and unsecured force for each device and between devices using a random-effects regression model accounting for variability in the manikins. The median dislodgment forces (interquartile range [IQR]) in pounds for each secured device were: ETT 13.3 (11.6, 14.1), LMA 16.6 (13.9, 18.3), King 21.7 (16.9, 25.1), and iGel 8 (6.8, 8.3). The median dislodgement forces for each unsecured device were: ETT 4.5 (4.3, 5), LMA 8.4 (6.8, 10.7), King 10.6 (8.2, 11.5), and iGel 3.9 (3.2, 4.2). The relative difference in dislodgement forces (95% confidence intervals) were higher for each device when secured: ETT 8.6 (6.2 to 11), LMA 8.8 (4.6 to 13), King 12.1 (7.2 to 16.6), iGel 4 (1.1 to 6.9). When compared to secured ETT, the King required greater dislodgement force (relative difference 8.6 [4.5-12.7]). The secured iGel required less force than the secured ETT (relative difference -4.8 [-8.9 to -0.8]). Compared with a

  4. Requirements model generation to support requirements elicitation: The Secure Tropos experience

    NARCIS (Netherlands)

    Kiyavitskaya, N.; Zannone, N.

    2008-01-01

    In recent years several efforts have been devoted by researchers in the Requirements Engineering community to the development of methodologies for supporting designers during requirements elicitation, modeling, and analysis. However, these methodologies often lack tool support to facilitate their

  5. Analysis of the security and privacy requirements of cloud-based electronic health records systems.

    Science.gov (United States)

    Rodrigues, Joel J P C; de la Torre, Isabel; Fernández, Gonzalo; López-Coronado, Miguel

    2013-08-21

    The Cloud Computing paradigm offers eHealth systems the opportunity to enhance the features and functionality that they offer. However, moving patients' medical information to the Cloud implies several risks in terms of the security and privacy of sensitive health records. In this paper, the risks of hosting Electronic Health Records (EHRs) on the servers of third-party Cloud service providers are reviewed. To protect the confidentiality of patient information and facilitate the process, some suggestions for health care providers are made. Moreover, security issues that Cloud service providers should address in their platforms are considered. To show that, before moving patient health records to the Cloud, security and privacy concerns must be considered by both health care providers and Cloud service providers. Security requirements of a generic Cloud service provider are analyzed. To study the latest in Cloud-based computing solutions, bibliographic material was obtained mainly from Medline sources. Furthermore, direct contact was made with several Cloud service providers. Some of the security issues that should be considered by both Cloud service providers and their health care customers are role-based access, network security mechanisms, data encryption, digital signatures, and access monitoring. Furthermore, to guarantee the safety of the information and comply with privacy policies, the Cloud service provider must be compliant with various certifications and third-party requirements, such as SAS70 Type II, PCI DSS Level 1, ISO 27001, and the US Federal Information Security Management Act (FISMA). Storing sensitive information such as EHRs in the Cloud means that precautions must be taken to ensure the safety and confidentiality of the data. A relationship built on trust with the Cloud service provider is essential to ensure a transparent process. Cloud service providers must make certain that all security mechanisms are in place to avoid unauthorized access

  6. Effective Electronic Security: Process for the Development and Validation from Requirements to Testing

    Science.gov (United States)

    2013-06-01

    ABBREVIATIONS ANSI American National Standards Institute ASIS American Society of Industrial Security CCTV Closed Circuit Television CONOPS...is globally recognized for the development and maintenance of standards. ASTM defines a specification as an explicit set of requirements...www.rkb.us/saver/. One of the SAVER reports titled CCTV Technology Handbook has a chapter on system design. The report uses terms like functional

  7. 77 FR 52692 - NIST Federal Information Processing Standard (FIPS) 140-3 (Second Draft), Security Requirements...

    Science.gov (United States)

    2012-08-30

    ...-03] NIST Federal Information Processing Standard (FIPS) 140-3 (Second Draft), Security Requirements....'' Authority: Federal Information Processing Standards (FIPS) are issued by the National Institute of Standards... Standards and Technology (NIST) seeks additional comments on specific sections of Federal Information...

  8. 48 CFR 1252.239-70 - Security requirements for unclassified information technology resources.

    Science.gov (United States)

    2010-10-01

    ... unclassified information technology resources. 1252.239-70 Section 1252.239-70 Federal Acquisition Regulations... of Provisions and Clauses 1252.239-70 Security requirements for unclassified information technology... Unclassified Information Technology Resources (APR 2005) (a) The Contractor shall be responsible for...

  9. 48 CFR 3052.204-70 - Security requirements for unclassified information technology resources.

    Science.gov (United States)

    2010-10-01

    ... unclassified information technology resources. 3052.204-70 Section 3052.204-70 Federal Acquisition Regulations... for unclassified information technology resources. As prescribed in (HSAR) 48 CFR 3004.470-3, insert a clause substantially the same as follows: Security Requirements for Unclassified Information Technology...

  10. Requirements for Secure Logging of Decentralized Cross-Organizational Workflow Executions

    NARCIS (Netherlands)

    Wombacher, Andreas; Wieringa, Roelf J.; Jonker, Willem; Knezevic, P.; Pokraev, S.; meersman, R; Tari, Z; herrero, p; Méndez, G.; Cavedon, L.; Martin, D.; Hinze, A.; Buchanan, G.

    2005-01-01

    The control of actions performed by parties involved in a decentralized cross-organizational workflow is done by several independent workflow engines. Due to the lack of a centralized coordination control, an auditing is required which supports a reliable and secure detection of malicious actions

  11. 20 CFR 703.203 - Application for security deposit determination; information to be submitted; other requirements.

    Science.gov (United States)

    2010-04-01

    ... 20 Employees' Benefits 3 2010-04-01 2010-04-01 false Application for security deposit determination; information to be submitted; other requirements. 703.203 Section 703.203 Employees' Benefits... each insurance rating service designated by the Branch and posted on the Internet at http://www.dol.gov...

  12. 75 FR 10973 - Hazardous Materials: Risk-Based Adjustment of Transportation Security Plan Requirements

    Science.gov (United States)

    2010-03-09

    ... (explosive) material; (3) More than 1 L (1.06 qt.) per package of a material poisonous by inhalation in... controlled; and 6.1 materials poisonous by inhalation. We also proposed to require security plans for any... happens very rapidly, and in the process, the propane combines readily with air to form fuel air mixtures...

  13. 76 FR 12645 - Ownership Limitations and Governance Requirements for Security-Based Swap Clearing Agencies...

    Science.gov (United States)

    2011-03-08

    ... 3235-AK74 Ownership Limitations and Governance Requirements for Security- Based Swap Clearing Agencies... the Dodd-Frank Act, the Commission shall adopt such rules if it determines that they are necessary or appropriate to improve the governance of, or to mitigate systemic risk, promote competition or mitigate...

  14. 76 FR 34579 - Beneficial Ownership Reporting Requirements and Security-Based Swaps

    Science.gov (United States)

    2011-06-14

    ... beneficial ownership of the equity securities underlying derivative securities exercisable or convertible... exercise or conversion of any derivative security, whether or not presently exercisable.'' \\40\\ ``Derivative securities'' are ``any option, warrant, convertible security, stock appreciation right, or similar...

  15. DOE Integrated Safeguards and Security (DISS) historical document archival and retrieval analysis, requirements and recommendations

    Energy Technology Data Exchange (ETDEWEB)

    Guyer, H.B.; McChesney, C.A.

    1994-10-07

    The overall primary Objective of HDAR is to create a repository of historical personnel security documents and provide the functionality needed for archival and retrieval use by other software modules and application users of the DISS/ET system. The software product to be produced from this specification is the Historical Document Archival and Retrieval Subsystem The product will provide the functionality to capture, retrieve and manage documents currently contained in the personnel security folders in DOE Operations Offices vaults at various locations across the United States. The long-term plan for DISS/ET includes the requirement to allow for capture and storage of arbitrary, currently undefined, clearance-related documents that fall outside the scope of the ``cradle-to-grave`` electronic processing provided by DISS/ET. However, this requirement is not within the scope of the requirements specified in this document.

  16. Theft of Virtual Property — Towards Security Requirements for Virtual Worlds

    Science.gov (United States)

    Beyer, Anja

    The article is focused to introduce the topic of information technology security for Virtual Worlds to a security experts’ audience. Virtual Worlds are Web 2.0 applications where the users cruise through the world with their individually shaped avatars to find either amusement, challenges or the next best business deal. People do invest a lot of time but beyond they invest in buying virtual assets like fantasy witcheries, wepaons, armour, houses, clothes,...etc with the power of real world money. Although it is called “virtual” (which is often put on the same level as “not existent”) there is a real value behind it. In November 2007 dutch police arrested a seventeen years old teenager who was suspicted to have stolen virtual items in a Virtual World called Habbo Hotel [Reuters07]. In order to successfully provide security mechanisms into Virtual Worlds it is necessarry to fully understand the domain for which the security mechansims are defined. As Virtual Worlds must be clasified into the domain of Social Software the article starts with an overview of how to understand Web 2.0 and gives a short introduction to Virtual Worlds. The article then provides a consideration of assets of Virtual Worlds participants, describes how these assets can be threatened and gives an overview of appopriate security requirements and completes with an outlook of possible countermeasures.

  17. Detecting conflicts between functional and security requirements with Secure Tropos: John Rusnak and the Allied Irish Bank (Chapter 9)

    NARCIS (Netherlands)

    Massacci, F.; Zannone, N.; Giorgini, P.; Maiden, N.; Mylopoulos, J.; Yu, E.

    2011-01-01

    The last years have seen a growing concern on the security of information systems and, consequently, a call to arms for including security aspects during the entire development process. Unfortunately, most proposals treat security in system-oriented terms and model information systems through the

  18. 77 FR 70213 - Capital, Margin, and Segregation Requirements for Security-Based Swap Dealers and Major Security...

    Science.gov (United States)

    2012-11-23

    ...-market value of the proprietary positions (e.g., securities, money market instruments, and commodities... the deductions for securities and money market positions as compared with the standardized haircuts... and Markets, Securities and Exchange Commission, 100 F Street, NE., Washington, DC 20549-7010...

  19. New safety and security requirements for the transport of nuclear and other radioactive materials in Hungary

    International Nuclear Information System (INIS)

    Katona, T.; Horvath, K.; Safar, J.

    2016-01-01

    In addition to the promulgation of mode-specific regulations of international transport of dangerous goods, some Hungarian governmental and ministerial decrees impose further conditions upon the transport of nuclear and other radioactive materials. One of these ministerial decrees on the transport, carriage and packaging of radioactive materials is under revision and it will require • approval of emergency response plan (including security and safety contingency plan); • report on transport incidents and accidents for classifying them in accordance with the INES scale; • the competent authority to request experts’ support for the approval of package designs, radioactive material designs and shipments. Regarding the security of the transport of nuclear and other radioactive materials a new Hungarian governmental decree and a related guidance are about to be published which will supply additional requirements in the field of the transport security especially concerning radioactive materials, implementing - among others - IAEA recommendations of the NSS No9 and No14. The main and relevant features of the Hungarian nuclear regulatory system and the details of both new decrees regarding the safety and security issues of transport of nuclear and other radioactive materials will be discussed. (author)

  20. Comparison of urine iodine/creatinine ratio between patients following stringent and less stringent low iodine diet for radioiodine remnant ablation of thyroid cancer

    International Nuclear Information System (INIS)

    Roh, Jee Ho; Kim, Byung Il; Ha, Ji Su; Chang, Sei Joong; Shin, Hye Young; Choi, Joon Hyuk; Kim, Do Min; Kim, Chong Soon

    2006-01-01

    A low iodine diet (LID) for 1 ∼ 2 weeks is recommended for patients who undergoing radioiodine remnant ablation. However, the LID educations for patients are different among centers because there is no concrete recommendation for protocol of LID. In this investigation, we compared two representative types of LID protocols performed in several centers in Korea using urine iodine to creatinine tatio (urine I/Cr). From 2006, April to June, patients referred to our center for radioiodine remnant ablation of thyroid cancer from several local hospitals which had different LID protocols were included. We divided into two groups, stringent LID for 1 week and less stringent LID for 2 weeks, then measured their urine I/Cr ratio with spot urine when patients were admitted to the hospital. Total 27 patients were included in this investigation (M:F = 1:26; 13 in one-week stringent LID; 14 in two-week less stringent LID). Average of urine I/Cr ratio was 127.87 ± 78.52 μ g/g in stringent LID for 1 week, and 289.75 ± 188.24 μ g/g in less stringent LID for 2 weeks. It was significantly lower in stringent LID for 1 week group (ρ = 0.008). The number of patients whose urine I/Cr ratios were below 100 μ g/g was 6 of 13 in stringent LID for 1 week group, and 3 of 14 in less stringent LID for 2 weeks group. Stringent LID for 1 week resulted in better urinary I/Cr ratio in our investigation compared with the other protocol. However it still resulted in plenty of inadequate range of I/Cr ratio, so more stringent protocol such as stringent LID for 2 weeks is expected more desirable

  1. Incorporating Security Quality Requirements Engineering (SQUARE) into Standard Life-Cycle Models

    National Research Council Canada - National Science Library

    Mead, Nancy R; Viswanathan, Venkatesh; Padmanabhan, Deepa; Raveendran, Anusha

    2008-01-01

    ...). This report is for information technology managers and security professionals, management personnel with technical and information security knowledge, and any personnel who manage security-critical...

  2. RiskREP: Risk-Based Security Requirements Elicitation and Prioritization

    OpenAIRE

    Herrmann, Andrea; Morali, A.; Etalle, Sandro; Wieringa, Roelf J.; Niedrite, Laila; Strazdina, Renate; Wangler, Benkt

    2011-01-01

    Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement “good-enough security‿ but need to be able to justify their security investment plans. In this paper, we present a Risk-Based Requirements Prioritization method (RiskREP) that extends misuse case-based methods with IT architecture based risk assessment and countermeasure definition and prioritization. Countermeasure prioritizati...

  3. Development of DSRC device and communication system performance measures recommendations for DSRC OBE performance and security requirements.

    Science.gov (United States)

    2016-05-22

    This report presents recommendations for minimum DSRC device communication performance and security : requirements to ensure effective operation of the DSRC system. The team identified recommended DSRC : communications requirements aligned to use cas...

  4. Design impacts of safeguards and security requirements for a US MOX fuel fabrication facility

    International Nuclear Information System (INIS)

    Erkkila, B.H.; Rinard, P.M.; Thomas, K.E.; Zack, N.R.; Jaeger, C.D.

    1998-01-01

    The disposition of plutonium that is no longer required for the nation's defense is being structured to mitigate risks associated with the material's availability. In the 1997 Record of Decision, the US Government endorsed a dual-track approach that could employ domestic commercial reactors to effect the disposition of a portion of the plutonium in the form of mixed oxide (MOX) reactor fuels. To support this decision, the Office of Materials Disposition requested preparation of a document that would review US requirements for safeguards and security and describe their impact on the design of a MOX fuel fabrication facility. The intended users are potential bidders for the construction and operation of the facility. The document emphasizes the relevant DOE Orders but also considers the Nuclear Regulatory Commission (NRC) requirements. Where they are significantly different, the authors have highlighted this difference and provided guidance on the impact to the facility design. Finally, the impacts of International Atomic Energy Agency (IAEA) safeguards on facility design are discussed. Security and materials control and accountability issues that influence facility design are emphasized in each area of discussion. This paper will discuss the prepared report and the issues associated with facility design for implementing practical, modern safeguards and security systems into a new MOX fuel fabrication facility

  5. 76 FR 15874 - Beneficial Ownership Reporting Requirements and Security-Based Swaps

    Science.gov (United States)

    2011-03-22

    ... conversion of any derivative security, whether or not presently exercisable.'' \\40\\ ``Derivative securities... ``any equity security or derivative security relating to an issuer, whether or not issued by that issuer... securities, except that the acquisition or disposition of any derivative security must be separately reported...

  6. NERSC Cyber Security Challenges That Require DOE Development andSupport

    Energy Technology Data Exchange (ETDEWEB)

    Draney, Brent; Campbell, Scott; Walter, Howard

    2007-01-16

    Traditional security approaches do not adequately addressall the requirements of open, scientific computing facilities. Many ofthe methods used for more restricted environments, including almost allcorporate/commercial systems, do not meet the needs of today's science.Use of only the available "state of the practice" commercial methods willhave adverse impact on the ability of DOE to accomplish its sciencegoals, and impacts the productivity of the DOE Science community. Inparticular, NERSC and other high performance computing (HPC) centers havespecial security challenges that are unlikely to be met unless DOE fundsdevelopment and support of reliable and effective tools designed to meetthe cyber security needs of High Performance Science. The securitychallenges facing NERSC can be collected into three basic problem sets:network performance and dynamics, application complexity and diversity,and a complex user community that can have transient affiliations withactual institutions. To address these problems, NERSC proposes thefollowing four general solutions: auditing user and system activityacross sites; firewall port configuration in real time;cross-site/virtual organization identity management and access control;and detecting security issues in application middleware. Solutions arealsoproposed for three general long term issues: data volume,application complexity, and information integration.

  7. An analysis of Technical Security Control Requirements For Digital I and C Systems in Nuclear Power Plants

    International Nuclear Information System (INIS)

    Song, Jaegu; Lee, Jungwoon; Park, Geeyong; Kwon, Keechoon; Lee, Dongyoung; Lee, Cheolkwon

    2013-01-01

    Instrumentation and control systems in nuclear power plants have been digitalized for the purpose of maintenance and precise operation. This digitalization, however, brings out issues related to cyber security. In the most recent past, international standard organizations, regulatory institutes, and research institutes have performed a number of studies addressing these systems cyber security. In order to provide information helpful to the system designers in their application of cyber security for the systems, this paper presents methods and considerations to define attack vectors in a target system, to review and select the requirements in the Regulatory Guide 5.71, and to integrate the results to identify applicable technical security control requirements. In this study, attack vectors are analyzed through the vulnerability analyses and penetration tests with a simplified safety system, and the elements of critical digital assets acting as attack vectors are identified. Among the security control requirements listed in Appendices B and C to Regulatory Guide 5.71, those that should be implemented into the systems are selected and classified in groups of technical security control requirements using the results of the attack vector analysis. For the attack vector elements of critical digital assets, all the technical security control requirements are evaluated to determine whether they are applicable and effective, and considerations in this evaluation are also discussed. The technical security control requirements in three important categories of access control, monitoring and logging, and encryption are derived and grouped according to the elements of attack vectors as results for the sample safety system

  8. An analysis of Technical Security Control Requirements For Digital I and C Systems in Nuclear Power Plants

    Energy Technology Data Exchange (ETDEWEB)

    Song, Jaegu; Lee, Jungwoon; Park, Geeyong; Kwon, Keechoon; Lee, Dongyoung; Lee, Cheolkwon [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of)

    2013-10-15

    Instrumentation and control systems in nuclear power plants have been digitalized for the purpose of maintenance and precise operation. This digitalization, however, brings out issues related to cyber security. In the most recent past, international standard organizations, regulatory institutes, and research institutes have performed a number of studies addressing these systems cyber security. In order to provide information helpful to the system designers in their application of cyber security for the systems, this paper presents methods and considerations to define attack vectors in a target system, to review and select the requirements in the Regulatory Guide 5.71, and to integrate the results to identify applicable technical security control requirements. In this study, attack vectors are analyzed through the vulnerability analyses and penetration tests with a simplified safety system, and the elements of critical digital assets acting as attack vectors are identified. Among the security control requirements listed in Appendices B and C to Regulatory Guide 5.71, those that should be implemented into the systems are selected and classified in groups of technical security control requirements using the results of the attack vector analysis. For the attack vector elements of critical digital assets, all the technical security control requirements are evaluated to determine whether they are applicable and effective, and considerations in this evaluation are also discussed. The technical security control requirements in three important categories of access control, monitoring and logging, and encryption are derived and grouped according to the elements of attack vectors as results for the sample safety system.

  9. Control Systems Security Center Comparison Study of Industrial Control System Standards against the Control Systems Protection Framework Cyber-Security Requirements

    Energy Technology Data Exchange (ETDEWEB)

    Robert P. Evans

    2005-09-01

    Cyber security standards, guidelines, and best practices for control systems are critical requirements that have been delineated and formally recognized by industry and government entities. Cyber security standards provide a common language within the industrial control system community, both national and international, to facilitate understanding of security awareness issues but, ultimately, they are intended to strengthen cyber security for control systems. This study and the preliminary findings outlined in this report are an initial attempt by the Control Systems Security Center (CSSC) Standard Awareness Team to better understand how existing and emerging industry standards, guidelines, and best practices address cyber security for industrial control systems. The Standard Awareness Team comprised subject matter experts in control systems and cyber security technologies and standards from several Department of Energy (DOE) National Laboratories, including Argonne National Laboratory, Idaho National Laboratory, Pacific Northwest National Laboratory, and Sandia National Laboratories. This study was conducted in two parts: a standard identification effort and a comparison analysis effort. During the standard identification effort, the Standard Awareness Team conducted a comprehensive open-source survey of existing control systems security standards, regulations, and guidelines in several of the critical infrastructure (CI) sectors, including the telecommunication, water, chemical, energy (electric power, petroleum and oil, natural gas), and transportation--rail sectors and sub-sectors. During the comparison analysis effort, the team compared the requirements contained in selected, identified, industry standards with the cyber security requirements in ''Cyber Security Protection Framework'', Version 0.9 (hereafter referred to as the ''Framework''). For each of the seven sector/sub-sectors listed above, one standard was

  10. Proposing a Holistic Model for Formulating the Security Requirements of e-learning based on Stakeholders’ Point of Veiw

    Directory of Open Access Journals (Sweden)

    Abouzar Arabsorkhi Mishabi

    2016-03-01

    Full Text Available Development of e-learning applications and services in the context of information and communication networks –beside qualitative and quantitative improvement in the scope and range of services they provide – has increased veriety of threats which are emerged from these networks and telecommunications infrastructure. This kind of issue have mad the effective and accurate analysing of security issues nessesary to managers and decision makers. Accordingly, in this study, using findings of other studies in the field of e-learning security, using methasyntesis, attempted to define a holistic model for classification and organization of security requirements. A structure that defines the origin of security requirements of e-learning and rolplays as a reference for formulating security requirements for this area.

  11. C2 Link Security for UAS: Technical Literature Study and Preliminary Functional Requirements. Version 0.9 (Working Draft)

    Science.gov (United States)

    2005-01-01

    This document provides a study of the technical literature related to Command and Control (C2) link security for Unmanned Aircraft Systems (UAS) for operation in the National Airspace System (NAS). Included is a preliminary set of functional requirements for C2 link security.

  12. Teaching Case: IS Security Requirements Identification from Conceptual Models in Systems Analysis and Design: The Fun & Fitness, Inc. Case

    Science.gov (United States)

    Spears, Janine L.; Parrish, James L., Jr.

    2013-01-01

    This teaching case introduces students to a relatively simple approach to identifying and documenting security requirements within conceptual models that are commonly taught in systems analysis and design courses. An introduction to information security is provided, followed by a classroom example of a fictitious company, "Fun &…

  13. Safeguards and security requirements for weapons plutonium disposition in light water reactors

    International Nuclear Information System (INIS)

    Thomas, L.L.; Strait, R.S.

    1994-10-01

    This paper explores the issues surrounding the safeguarding of the plutonium disposition process in support of the United States nuclear weapons dismantlement program. It focuses on the disposition of the plutonium by burning mixed oxide fuel in light water reactors (LWR) and addresses physical protection, material control and accountability, personnel security and international safeguards. The S and S system needs to meet the requirements of the DOE Orders, NRC Regulations and international safeguards agreements. Experience has shown that incorporating S and S measures into early facility designs and integrating them into operations provides S and S that is more effective, more economical, and less intrusive. The plutonium disposition safeguards requirements with which the US has the least experience are the implementation of international safeguards on plutonium metal; the large scale commercialization of the mixed oxide fuel fabrication; and the transportation to and loading in the LWRs of fresh mixed oxide fuel. It is in these areas where the effort needs to be concentrated if the US is to develop safeguards and security systems that are effective and efficient

  14. Competence Requirements of ISO/IEC Standards for Information Security Professionals

    Directory of Open Access Journals (Sweden)

    Natalia G. Miloslavskaya

    2017-11-01

    Full Text Available The rapid progress in the filed of information security (IS puts one in a need of periodic revision of professional competencies (formulated in the federal state educational standards –FSESs and working functions (formulated in the professional standards – PSs. Under these conditions, a timely reaction to everything new that emerges or will appear in modern regulatory documents (primarily in standards is extremely important. We make a forecast for the content of the ISO/IEC 27021 and ISO/IEC 19896 standards drafted by the International Organization for Standardization (ISO, which should contain the requirements for the competencies of IS management system professionals and the competence of IS testers and evaluators. Our forecast takes into account the requirements of the ISO/IEC 27000 standard group and the recommendations of the European e-Competence Framework e-CF 3.0.

  15. Maritime supply chain security: navigating through a sea of compliance requirements

    CSIR Research Space (South Africa)

    Maspero, EL

    2008-11-01

    Full Text Available MTSA Maritime Transportation Security Act RFID Radio Frequency Identification SAFE Security and Accountability For Every port SOLAS Safety Of Life At Sea SST Smart and Secure Tradelane UNCTAD United Nations Conference on Trade and Development... for increased security within maritime shipping and so the SOLAS (the Safety of Lives at Sea) Convention Chapter 11 was amended to provide for the inclusion of the International Ships and Port Facilities Security Code (ISPS Code), which was internationally...

  16. AN ANALYSIS OF TECHNICAL SECURITY CONTROL REQUIREMENTS FOR DIGITAL I&C SYSTEMS IN NUCLEAR POWER PLANTS

    Directory of Open Access Journals (Sweden)

    JAE-GU SONG

    2013-10-01

    Full Text Available Instrumentation and control systems in nuclear power plants have been digitalized for the purpose of maintenance and precise operation. This digitalization, however, brings out issues related to cyber security. In the most recent past, international standard organizations, regulatory institutes, and research institutes have performed a number of studies addressing these systems cyber security. In order to provide information helpful to the system designers in their application of cyber security for the systems, this paper presents methods and considerations to define attack vectors in a target system, to review and select the requirements in the Regulatory Guide 5.71, and to integrate the results to identify applicable technical security control requirements. In this study, attack vectors are analyzed through the vulnerability analyses and penetration tests with a simplified safety system, and the elements of critical digital assets acting as attack vectors are identified. Among the security control requirements listed in Appendices B and C to Regulatory Guide 5.71, those that should be implemented into the systems are selected and classified in groups of technical security control requirements using the results of the attack vector analysis. For the attack vector elements of critical digital assets, all the technical security control requirements are evaluated to determine whether they are applicable and effective, and considerations in this evaluation are also discussed. The technical security control requirements in three important categories of access control, monitoring and logging, and encryption are derived and grouped according to the elements of attack vectors as results for the sample safety system.

  17. a survey of security vulnerabilities in wireless sensor networks

    African Journals Online (AJOL)

    user

    which primarily are their stringent energy constraints to which sensing nodes typify and security vulnerabilities. Security concerns ... Keywords: Sensors, Wireless, Network, Vulnerabilities, Security. 1. .... If the node detects a transmission.

  18. Lowering social security's duration-of-marriage requirement: distributional effects for future female retirees.

    Science.gov (United States)

    Tamborini, Christopher R; Whitman, Kevin

    2010-01-01

    A number of alternatives to Social Security's auxiliary benefit system have been proposed in the context of changes in American family and work patterns. This article focuses on one modification therein-lowering the 10-year duration-of-marriage requirement for divorced spouses. Using a powerful microsimulation model (MINT), we examine the distributional effects of extending spouse and survivor benefit eligibility to 5- and 7-year marriages ending in divorce among female retirees in 2030, a population largely comprised of baby boomers. Results show that the options would increase benefits for a small share of female retirees, around 2 to 4%, and would not affect the vast majority of low-income divorced older women. However, of those affected, the options would substantially increase benefits and lower incidence of poverty and near poor. Low-income divorced retirees with marriages between 5 and 9 years in length and a deceased former spouse face the greatest potential gains.

  19. Security and privacy of EHR systems--ethical, social and legal requirements.

    Science.gov (United States)

    Kluge, Eike-Henner W

    2003-01-01

    This paper addresses social, ethical and legal concerns about security and privacy that arise in the development of international interoperable health information systems. The paper deals with these concerns under four rubrics: the ethical status of electronic health records, the social and legal embedding of interoperable health information systems, the overall information-requirements healthcare as such, and the role of health information professionals as facilitators. It argues that the concerns that arise can be met if the development of interoperability protocols is guided by the seven basic principles of information ethics that have been enunciated in the IMIA Code of Ethics for Health Information Professionals and that are central to the ethical treatment of electronic health records.

  20. 76 FR 10205 - Department of Homeland Security Implementation of OMB Guidance on Drug-Free Workplace Requirements

    Science.gov (United States)

    2011-02-24

    ... Flexibility Act, 5 U.S.C. 605(b), as amended by the Small Business Regulatory Enforcement and Fairness Act of... Guidance on Drug-Free Workplace Requirements AGENCY: Department of Homeland Security (DHS). ACTION: Final... consolidate all Federal regulations on drug-free workplace requirements for financial assistance into one...

  1. Knowledge Base for an Intelligent System in order to Identify Security Requirements for Government Agencies Software Projects

    Directory of Open Access Journals (Sweden)

    Adán Beltrán G.

    2016-01-01

    Full Text Available It has been evidenced that one of the most common causes in the failure of software security is the lack of identification and specification of requirements for information security, it is an activity with an insufficient importance in the software development or software acquisition We propose the knowledge base of CIBERREQ. CIBERREQ is an intelligent knowledge-based system used for the identification and specification of security requirements in the software development cycle or in the software acquisition. CIBERREQ receives functional software requirements written in natural language and produces non-functional security requirements through a semi-automatic process of risk management. The knowledge base built is formed by an ontology developed collaboratively by experts in information security. In this process has been identified six types of assets: electronic data, physical data, hardware, software, person and service; as well as six types of risk: competitive disadvantage, loss of credibility, economic risks, strategic risks, operational risks and legal sanctions. In addition there are defined 95 vulnerabilities, 24 threats, 230 controls, and 515 associations between concepts. Additionally, automatic expansion was used with Wikipedia for the asset types Software and Hardware, obtaining 7125 and 5894 software and hardware subtypes respectively, achieving thereby an improvement of 10% in the identification of the information assets candidates, one of the most important phases of the proposed system.

  2. Temperature impacts on economic growth warrant stringent mitigation policy

    Science.gov (United States)

    Moore, Frances C.; Diaz, Delavane B.

    2015-02-01

    Integrated assessment models compare the costs of greenhouse gas mitigation with damages from climate change to evaluate the social welfare implications of climate policy proposals and inform optimal emissions reduction trajectories. However, these models have been criticized for lacking a strong empirical basis for their damage functions, which do little to alter assumptions of sustained gross domestic product (GDP) growth, even under extreme temperature scenarios. We implement empirical estimates of temperature effects on GDP growth rates in the DICE model through two pathways, total factor productivity growth and capital depreciation. This damage specification, even under optimistic adaptation assumptions, substantially slows GDP growth in poor regions but has more modest effects in rich countries. Optimal climate policy in this model stabilizes global temperature change below 2 °C by eliminating emissions in the near future and implies a social cost of carbon several times larger than previous estimates. A sensitivity analysis shows that the magnitude of climate change impacts on economic growth, the rate of adaptation, and the dynamic interaction between damages and GDP are three critical uncertainties requiring further research. In particular, optimal mitigation rates are much lower if countries become less sensitive to climate change impacts as they develop, making this a major source of uncertainty and an important subject for future research.

  3. Food and nutritional security requires adequate protein as well as energy, delivered from whole-year crop production

    DEFF Research Database (Denmark)

    Coles, Graeme D; Wratten, Stephen D; Porter, John Roy

    2016-01-01

    Human food security requires the production of sufficient quantities of both high-quality protein and dietary energy. In a series of case-studies from New Zealand, we show that while production of food ingredients from crops on arable land can meet human dietary energy requirements effectively...... and nutritional security will largely be an outcome of national or regional agroeconomies addressing their own food needs. We hope that our model will be used for similar analyses of food production systems in other countries, agroecological zones and economies....

  4. Minimum Lateral Bone Coverage Required for Securing Fixation of Cementless Acetabular Components in Hip Dysplasia

    Directory of Open Access Journals (Sweden)

    Masanori Fujii

    2017-01-01

    Full Text Available Objectives. To determine the minimum lateral bone coverage required for securing stable fixation of the porous-coated acetabular components (cups in hip dysplasia. Methods. In total, 215 primary total hip arthroplasties in 199 patients were reviewed. The average follow-up period was 49 months (range: 24–77 months. The lateral bone coverage of the cups was assessed by determining the cup center-edge (cup-CE angle and the bone coverage index (BCI from anteroposterior pelvic radiographs. Further, cup fixation was determined using the modified DeLee and Charnley classification system. Results. All cups were judged to show stable fixation by bone ingrowth. The cup-CE angle was less than 0° in 7 hips (3.3% and the minimum cup-CE angle was −9.2° (BCI: 48.8%. Thin radiolucent lines were observed in 5 hips (2.3%, which were not associated with decreased lateral bone coverage. Loosening, osteolysis, dislocation, or revision was not observed in any of the cases during the follow-up period. Conclusion. A cup-CE angle greater than −10° (BCI > 50% was acceptable for stable bony fixation of the cup. Considering possible errors in manual implantation, we recommend that the cup position be planned such that the cup-CE angle is greater than 0° (BCI > 60%.

  5. RiskREP : risk-based security requirements elicitation and prioritization

    NARCIS (Netherlands)

    Herrmann, A.; Morali, A.; Etalle, S.; Wieringa, R.J.

    2011-01-01

    Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement "good-enough security" but need to be able to justify their security investment plans. In this paper, we present a Risk-Based

  6. 17 CFR 240.6h-1 - Settlement and regulatory halt requirements for security futures products.

    Science.gov (United States)

    2010-04-01

    ... investors and the public interest, taking into account such factors as fairness to buyers and sellers of the affected security futures product, the maintenance of a fair and orderly market in such security futures... with the protection of investors. An exemption granted pursuant to this paragraph shall not operate as...

  7. 48 CFR 1352.237-70 - Security processing requirements-high or moderate risk contracts.

    Science.gov (United States)

    2010-10-01

    ... background inquiries pertaining to verification of name, physical description, marital status, present and... undergo security processing by the Department's Office of Security before being eligible to work on the.... citizens must have: (1) Official legal status in the United States; (2) Continuously resided in the United...

  8. Strategic information security

    CERN Document Server

    Wylder, John

    2003-01-01

    Introduction to Strategic Information SecurityWhat Does It Mean to Be Strategic? Information Security Defined The Security Professional's View of Information Security The Business View of Information SecurityChanges Affecting Business and Risk Management Strategic Security Strategic Security or Security Strategy?Monitoring and MeasurementMoving Forward ORGANIZATIONAL ISSUESThe Life Cycles of Security ManagersIntroductionThe Information Security Manager's Responsibilities The Evolution of Data Security to Information SecurityThe Repository Concept Changing Job Requirements Business Life Cycles

  9. A rapid response air quality analysis system for use in projects having stringent quality assurance requirements

    International Nuclear Information System (INIS)

    Bowman, A.W.

    1990-01-01

    This paper describes an approach to solve air quality problems which frequently occur during iterations of the baseline change process. From a schedule standpoint, it is desirable to perform this evaluation in as short a time as possible while budgetary pressures limit the size of the staff available to do the work. Without a method in place to deal with baseline change proposal requests the environment analysts may not be able to produce the analysis results in the time frame expected. Using a concept called the Rapid Response Air Quality Analysis System (RAAS), the problems of timing and cost become tractable. The system could be adapted to assess other atmospheric pathway impacts, e.g., acoustics or visibility. The air quality analysis system used to perform the EA analysis (EA) for the Salt Repository Project (part of the Civilian Radioactive Waste Management Program), and later to evaluate the consequences of proposed baseline changes, consists of three components: Emission source data files; Emission rates contained in spreadsheets; Impact assessment model codes. The spreadsheets contain user-written codes (macros) that calculate emission rates from (1) emission source data (e.g., numbers and locations of sources, detailed operating schedules, and source specifications including horsepower, load factor, and duty cycle); (2) emission factors such as those published by the U.S. Environmental Protection Agency, and (3) control efficiencies

  10. Rapid species responses to changes in climate require stringent climate protection targets

    NARCIS (Netherlands)

    Vliet, van A.J.H.; Leemans, R.

    2006-01-01

    The Avoiding Dangerous Climate Change book consolidates the scientific findings of the Exeter conference and gives an account of the most recent developments on critical thresholds and key vulnerabilities of the climate system, impacts on human and natural systems, emission pathways and

  11. 41 CFR 102-72.95 - What are the requirements for obtaining a security delegation of authority from GSA?

    Science.gov (United States)

    2010-07-01

    ... the requirements for obtaining a security delegation of authority from GSA? An Executive agency may... PBS. The delegation may be granted where the requesting agency demonstrates a compelling need for the delegated authority and the delegation is not inconsistent with the authorities of any other law enforcement...

  12. Maritime supply chain security: Navigating through a sea of compliance requirements

    Directory of Open Access Journals (Sweden)

    Emma Maspero

    2008-11-01

    Full Text Available As a direct result of the 9-11 New York attack all modes of freight and passengertransportation were scrutinised for vulnerabilities. Over 90% of international trade takes place via sea transport for at least some part of the supply chain and as a result there has been a drive to better secure maritime transportation. This paper outlines the background to and the rationale behind the most important of the new security measures for maritime transportation and provides an overview of the likely implications for supply chain role-players. In addition the paper endeavours to create awareness of the importance of maritime supply chain security.

  13. The Requirement of a Positive Definite Covariance Matrix of Security Returns for Mean-Variance Portfolio Analysis: A Pedagogic Illustration

    Directory of Open Access Journals (Sweden)

    Clarence C. Y. Kwan

    2010-07-01

    Full Text Available This study considers, from a pedagogic perspective, a crucial requirement for the covariance matrix of security returns in mean-variance portfolio analysis. Although the requirement that the covariance matrix be positive definite is fundamental in modern finance, it has not received any attention in standard investment textbooks. Being unaware of the requirement could cause confusion for students over some strange portfolio results that are based on seemingly reasonable input parameters. This study considers the requirement both informally and analytically. Electronic spreadsheet tools for constrained optimization and basic matrix operations are utilized to illustrate the various concepts involved.

  14. Energy Security Requires Diversity: An Argument for The Defense Production Act Title III Biofuel Initiative

    Science.gov (United States)

    2013-06-19

    Media, Integrated Marketing Communications at Northwestern University, http://oilchangeproject.nationalsecurityzone.org/choke-points/chokepoints-map-2...23 Source: The National Security Reporting Project, Medill School of Journalism, Media, Integrated Marketing Communications at Northwestern

  15. 78 FR 54720 - Registration and Financial Security Requirements for Brokers of Property and Freight Forwarders

    Science.gov (United States)

    2013-09-05

    ... trustee previously filed Forms BMC-84 or BMC-85, do I need to file a new one reflecting the new $75,000... jurisdiction must file new BMC-84 or BMC-85 forms reflecting the new minimum financial security amount of $75,000 as of October 1, 2013. FMCSA will develop new BMC forms for use by surety bonding companies and...

  16. 27 CFR 70.281 - Form of bond and security required.

    Science.gov (United States)

    2010-04-01

    ..., express or telegraph money order; (v) Secured by corporate bonds or stocks, or by bonds issued by a State... of business or legal residence of the primary obligor is located; (ii) The surety must have property... which the principal place of business or legal residence of the primary obligor is located; (iv) The...

  17. 26 CFR 301.7101-1 - Form of bond and security required.

    Science.gov (United States)

    2010-04-01

    ..., bank, express or telegraph money order; (v) Secured by corporate bonds or stocks, or by bonds issued by... legal residence of the primary obligor is located; (ii) He must have property subject to execution of a... or legal residence of the primary obligor is located; (iv) He must agree not to mortgage, or...

  18. Technology transfer of dynamic IT outsourcing requires security measures in SLAs

    NARCIS (Netherlands)

    F. Dickmann (Frank); M. Brodhun (Maximilian); J. Falkner (Jürgen); T.A. Knoch (Tobias); U. Sax (Ulrich)

    2010-01-01

    textabstractFor the present efforts in dynamic IT outsourcing environments like Grid or Cloud computing security and trust are ongoing issues. SLAs are a proved remedy to build up trust in outsourcing relations. Therefore, it is necessary to determine whether SLAs can improve trust from the

  19. 17 CFR 402.2 - Capital requirements for registered government securities brokers and dealers.

    Science.gov (United States)

    2010-04-01

    ...)(B) of this title; (7) Loans to commercial banks for one business day of immediately available funds...; (3) Demand deposits in the case where the counterparty is a commercial bank; (4) Loans for one... made in the case where the counterparty is a commercial bank; (5) Custodial holdings of securities in...

  20. 48 CFR 1352.239-72 - Security requirements for information technology resources.

    Science.gov (United States)

    2010-10-01

    ... information, the loss, misuse, or unauthorized access to, or modification of which could adversely affect the... inspection, investigation, and audit to safeguard against threats and hazards to the integrity, availability... Official's written accreditation decision from the COR, maintain the approved level of system security as...

  1. RiskREP: Risk-Based Security Requirements Elicitation and Prioritization

    NARCIS (Netherlands)

    Herrmann, Andrea; Morali, A.; Etalle, Sandro; Wieringa, Roelf J.; Niedrite, Laila; Strazdina, Renate; Wangler, Benkt

    2011-01-01

    Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement “good-enough security‿ but need to be able to justify their security investment plans. In this paper, we present a Risk-Based

  2. 48 CFR 352.239-72 - Security requirements for Federal information technology resources.

    Science.gov (United States)

    2010-10-01

    ..., Security Self-Assessment Guide for Information Technology Systems and FIPS 200, on an annual basis. (C) HHS... basis, the Contractor shall provide to the Contracting Officer verification that the IT-SP remains valid... Contracting Officer verification that the IT-SC&A remains valid. Evidence of a valid system accreditation...

  3. Towards security requirements: Iconicity as a feature of an informal modeling language

    NARCIS (Netherlands)

    Vasenev, Alexandr; Ionita, Dan; Zoppi, Tomasso; Ceccarelli, Andrea; Wieringa, Roelf J.

    2017-01-01

    Self-adaptive systems need to be designed with respect to threats within their operating conditions. Identifying such threats during the design phase can benefit from the involvement of stakeholders. Using a system model, the stakeholders, who may neither be IT experts nor security experts, can

  4. Cyber security in nuclear power plants and its portability to other industrial infrastructures

    International Nuclear Information System (INIS)

    Champigny, Sebastien; Gupta, Deeksha; Watson, Venesa; Waedt, Karl

    2017-01-01

    Power generation increasingly relies on decentralised and interconnected computerised systems. Concepts like ''Industrial Internet of Things'' of the Industrial Internet Consortium (IIC), and ''Industry 4.0'' find their way in this strategic industry. Risk of targeted exploits of errors and vulnerabilities increases with complexity, interconnectivity and decentralization. Inherently stringent security requirements and features make nuclear computerised applications and systems a benchmark for industrial counterparts seeking to hedge against those risks. Consequently, this contribution presents usual cyber security regulations and practices for nuclear power plants. It shows how nuclear cyber security can be ported and used in an industrial context to protect critical infrastructures against cyber-attacks and industrial espionage.

  5. Human resources requirements for diabetic patients healthcare in primary care clinics of the Mexican Institute of Social Security

    Directory of Open Access Journals (Sweden)

    Svetlana V Doubova

    2013-11-01

    Full Text Available Objective. To estimate the requirements of human resources (HR of two models of care for diabetes patients: conventional and specific, also called DiabetIMSS, which are provided in primary care clinics of the Mexican Institute of Social Security (IMSS. Materials and methods. An evaluative research was conducted. An expert group identified the HR activities and time required to provide healthcare consistent with the best clinical practices for diabetic patients. HR were estimated by using the evidence-based adjusted service target approach for health workforce planning; then, comparisons between existing and estimated HRs were made. Results. To provide healthcare in accordance with the patients’ metabolic control, the conventional model required increasing the number of family doctors (1.2 times nutritionists (4.2 times and social workers (4.1 times. The DiabetIMSS model requires greater increase than the conventional model. Conclusions. Increasing HR is required to provide evidence-based healthcare to diabetes patients.

  6. Strong tobacco control program requirements and secure funding are not enough: lessons from Florida.

    Science.gov (United States)

    Kennedy, Allison; Sullivan, Sarah; Hendlin, Yogi; Barnes, Richard; Glantz, Stanton

    2012-05-01

    Florida's Tobacco Pilot Program (TPP; 1998-2003), with its edgy Truth media campaign, achieved unprecedented youth smoking reductions and became a model for tobacco control programming. In 2006, 3 years after the TPP was defunded, public health groups restored funding for tobacco control programming by convincing Florida voters to amend their constitution. Despite the new program's strong legal structure, Governor Charlie Crist's Department of Health implemented a low-impact program. Although they secured the program's strong structure and funding, Florida's nongovernmental public health organizations did not mobilize to demand a high-impact program. Implementation of Florida's Amendment 4 demonstrates that a strong programmatic structure and secure funding are insufficient to ensure a successful public health program, without external pressure from nongovernmental groups.

  7. Analysis of Marine Corps renewable energy planning to meet installation energy security requirements

    OpenAIRE

    Chisom, Christopher M.; Templenton, Jack C., II

    2013-01-01

    Approved for public release; distribution is unlimited. The purpose of this thesis is to analyze Marine Corps installation energy consumption and the pursuit of increased renewable energy generation goals across Marine Corps installations. The main objective of this report is to determine the cost of interruption and the net present value (NPV) of renewable energy generation needed to meet the Marine Corps energy security objectives. First, we determine installation-specific energy consump...

  8. Strengthening global health security by embedding the International Health Regulations requirements into national health systems.

    Science.gov (United States)

    Kluge, Hans; Martín-Moreno, Jose Maria; Emiroglu, Nedret; Rodier, Guenael; Kelley, Edward; Vujnovic, Melitta; Permanand, Govin

    2018-01-01

    The International Health Regulations (IHR) 2005, as the overarching instrument for global health security, are designed to prevent and cope with major international public health threats. But poor implementation in countries hampers their effectiveness. In the wake of a number of major international health crises, such as the 2014 Ebola and 2016 Zika outbreaks, and the findings of a number of high-level assessments of the global response to these crises, it has become clear that there is a need for more joined-up thinking between health system strengthening activities and health security efforts for prevention, alert and response. WHO is working directly with its Member States to promote this approach, more specifically around how to better embed the IHR (2005) core capacities into the main health system functions. This paper looks at how and where the intersections between the IHR and the health system can be best leveraged towards developing greater health system resilience. This merging of approaches is a key component in pursuit of Universal Health Coverage and strengthened global health security as two mutually reinforcing agendas.

  9. New security and privacy laws require basic changes in professional practice

    Science.gov (United States)

    Sykes, David M.

    2005-09-01

    Everybody knows about HIPAA-but what about GLBA? FIPA? The Patriot Act? Homeland Security? NCLB? FCRA? CASB1? PIPEDA? All of these are recent laws that impact acoustical design. Throw in the American Hospital Association/ASHE and AIA's about-to-be-released ``Guidelines for the Design of Healthcare Facilities'' as well as the redrafting of DCID 6/9 and it looks like time for careful examination of some professional practices relating to security and privacy. Should INCE members join with and endorse the ASA's recently formed Joint TCAA/TCN Subcommittee which aims to fill a policy vacuum in Washington and Ottawa relating to the fundamental protection of citizens' rights to privacy? This group will formulate consistent guidelines to enable federal and state agencies in the US and Canada to enforce and monitor their laws-will their guidelines affect INCE members? Those who advise or give expert testimony to government agencies, defense/security organizations, courts, and large institutions in financial services, healthcare or education likely find themselves in a rapidly shifting landscape and recognize the need to respond with new research and professional practices.

  10. Systems security and functional readiness

    International Nuclear Information System (INIS)

    Bruckner, D.G.

    1988-01-01

    In Protective Programming Planning, it is important that every facility or installation be configured to support the basic functions and mission of the using organization. This paper addresses the process of identifying the key functional operations of our facilities in Europe and providing the security necessary to keep them operating in natural and man-made threat environments. Functional Readiness is important since many of our existing facilities in Europe were not constructed to meet the demands of today's requirements. There are increased requirements for real-time systems with classified terminals and stringent access control, tempest and other electronic protection devices. One must prioritize the operations of these systems so that essential functions are provided even when the facilities are affected by overt or covert hostile activities

  11. Electricity versus hydrogen for passenger cars under stringent climate change control

    NARCIS (Netherlands)

    Rösler, H.; van der Zwaan, B.; Keppo, I.; Bruggink, J.

    2014-01-01

    In this article we analyze how passenger car transportation in Europe may change this century under permanent high oil prices and stringent climate control policy. We focus on electricity and hydrogen as principal candidate energy carriers, because these two options are increasingly believed to

  12. Structural characterization of the stringent response related exopolyphosphatase/guanosine pentaphosphate phosphohydrolase protein family

    DEFF Research Database (Denmark)

    Kristensen, Ole; Laurberg, Martin; Liljas, Anders

    2004-01-01

    Exopolyphosphatase/guanosine pentaphosphate phosphohydrolase (PPX/GPPA) enzymes play central roles in the bacterial stringent response induced by starvation. The high-resolution crystal structure of the putative Aquifex aeolicus PPX/GPPA phosphatase from the actin-like ATPase domain superfamily has...

  13. Provincial Reconstruction Teams (PRTs) Negotiation Skill Requirements in Afghanistan: Afghanistan Security Issues Final Research Paper

    Science.gov (United States)

    2010-01-01

    culture shock” that soldiers experienced as “the anxiety and physical and emotional discomfort that can occur when a person moves to an unfa- miliar...Afghanistan. Don‟t Believe it.” Newsweek, 14 December 2009, 48. Jalali, Ali A. “The Future of Security Institutions.” In Warfare Studies AY10 Coursebook ...62-69. Rubin, Barnett R. “The Transformation of the Afghan State.” In Warfare Studies AY10 Coursebook , edited by Sharon McBride, 351-356. Maxwell

  14. Food and nutritional security requires adequate protein as well as energy, delivered from whole-year crop production.

    Science.gov (United States)

    Coles, Graeme D; Wratten, Stephen D; Porter, John R

    2016-01-01

    Human food security requires the production of sufficient quantities of both high-quality protein and dietary energy. In a series of case-studies from New Zealand, we show that while production of food ingredients from crops on arable land can meet human dietary energy requirements effectively, requirements for high-quality protein are met more efficiently by animal production from such land. We present a model that can be used to assess dietary energy and quality-corrected protein production from various crop and crop/animal production systems, and demonstrate its utility. We extend our analysis with an accompanying economic analysis of commercially-available, pre-prepared or simply-cooked foods that can be produced from our case-study crop and animal products. We calculate the per-person, per-day cost of both quality-corrected protein and dietary energy as provided in the processed foods. We conclude that mixed dairy/cropping systems provide the greatest quantity of high-quality protein per unit price to the consumer, have the highest food energy production and can support the dietary requirements of the highest number of people, when assessed as all-year-round production systems. Global food and nutritional security will largely be an outcome of national or regional agroeconomies addressing their own food needs. We hope that our model will be used for similar analyses of food production systems in other countries, agroecological zones and economies.

  15. Execution of a self-directed risk assessment methodology to address HIPAA data security requirements

    Science.gov (United States)

    Coleman, Johnathan

    2003-05-01

    This paper analyzes the method and training of a self directed risk assessment methodology entitled OCTAVE (Operationally Critical Threat Asset and Vulnerability Evaluation) at over 170 DOD medical treatment facilities. It focuses specifically on how OCTAVE built interdisciplinary, inter-hierarchical consensus and enhanced local capabilities to perform Health Information Assurance. The Risk Assessment Methodology was developed by the Software Engineering Institute at Carnegie Mellon University as part of the Defense Health Information Assurance Program (DHIAP). The basis for its success is the combination of analysis of organizational practices and technological vulnerabilities. Together, these areas address the core implications behind the HIPAA Security Rule and can be used to develop Organizational Protection Strategies and Technological Mitigation Plans. A key component of OCTAVE is the inter-disciplinary composition of the analysis team (Patient Administration, IT staff and Clinician). It is this unique composition of analysis team members, along with organizational and technical analysis of business practices, assets and threats, which enables facilities to create sound and effective security policies. The Risk Assessment is conducted in-house, and therefore the process, results and knowledge remain within the organization, helping to build consensus in an environment of differing organizational and disciplinary perspectives on Health Information Assurance.

  16. Game Theory Meets Wireless Sensor Networks Security Requirements and Threats Mitigation: A Survey.

    Science.gov (United States)

    Abdalzaher, Mohamed S; Seddik, Karim; Elsabrouty, Maha; Muta, Osamu; Furukawa, Hiroshi; Abdel-Rahman, Adel

    2016-06-29

    We present a study of using game theory for protecting wireless sensor networks (WSNs) from selfish behavior or malicious nodes. Due to scalability, low complexity and disseminated nature of WSNs, malicious attacks can be modeled effectively using game theory. In this study, we survey the different game-theoretic defense strategies for WSNs. We present a taxonomy of the game theory approaches based on the nature of the attack, whether it is caused by an external attacker or it is the result of an internal node acting selfishly or maliciously. We also present a general trust model using game theory for decision making. We, finally, identify the significant role of evolutionary games for WSNs security against intelligent attacks; then, we list several prospect applications of game theory to enhance the data trustworthiness and node cooperation in different WSNs.

  17. Game Theory Meets Wireless Sensor Networks Security Requirements and Threats Mitigation: A Survey

    Directory of Open Access Journals (Sweden)

    Mohamed S. Abdalzaher

    2016-06-01

    Full Text Available We present a study of using game theory for protecting wireless sensor networks (WSNs from selfish behavior or malicious nodes. Due to scalability, low complexity and disseminated nature of WSNs, malicious attacks can be modeled effectively using game theory. In this study, we survey the different game-theoretic defense strategies for WSNs. We present a taxonomy of the game theory approaches based on the nature of the attack, whether it is caused by an external attacker or it is the result of an internal node acting selfishly or maliciously. We also present a general trust model using game theory for decision making. We, finally, identify the significant role of evolutionary games for WSNs security against intelligent attacks; then, we list several prospect applications of game theory to enhance the data trustworthiness and node cooperation in different WSNs.

  18. A modeling ontology for integrating vulnerabilities into security requirements conceptual foundations

    NARCIS (Netherlands)

    Elahi, G.; Yu, E.; Zannone, N.; Laender, A.H.F.; Castano, S.; Dayal, U.; Casati, F.; Palazzo Moreira de Oliveira, J.

    2009-01-01

    Vulnerabilities are weaknesses in the requirements, design, and implementation, which attackers exploit to compromise the system. This paper proposes a vulnerability-centric modeling ontology, which aims to integrate empirical knowledge of vulnerabilities into the system development process. In

  19. Improving Deterministic Reserve Requirements for Security Constrained Unit Commitment and Scheduling Problems in Power Systems

    Science.gov (United States)

    Wang, Fengyu

    Traditional deterministic reserve requirements rely on ad-hoc, rule of thumb methods to determine adequate reserve in order to ensure a reliable unit commitment. Since congestion and uncertainties exist in the system, both the quantity and the location of reserves are essential to ensure system reliability and market efficiency. The modeling of operating reserves in the existing deterministic reserve requirements acquire the operating reserves on a zonal basis and do not fully capture the impact of congestion. The purpose of a reserve zone is to ensure that operating reserves are spread across the network. Operating reserves are shared inside each reserve zone, but intra-zonal congestion may block the deliverability of operating reserves within a zone. Thus, improving reserve policies such as reserve zones may improve the location and deliverability of reserve. As more non-dispatchable renewable resources are integrated into the grid, it will become increasingly difficult to predict the transfer capabilities and the network congestion. At the same time, renewable resources require operators to acquire more operating reserves. With existing deterministic reserve requirements unable to ensure optimal reserve locations, the importance of reserve location and reserve deliverability will increase. While stochastic programming can be used to determine reserve by explicitly modelling uncertainties, there are still scalability as well as pricing issues. Therefore, new methods to improve existing deterministic reserve requirements are desired. One key barrier of improving existing deterministic reserve requirements is its potential market impacts. A metric, quality of service, is proposed in this thesis to evaluate the price signal and market impacts of proposed hourly reserve zones. Three main goals of this thesis are: 1) to develop a theoretical and mathematical model to better locate reserve while maintaining the deterministic unit commitment and economic dispatch

  20. Regional, national and international security requirements for the transport of nuclear cargo by sea

    International Nuclear Information System (INIS)

    Booker, P.A.; Barnwell, I.

    2004-01-01

    Since the beginning of the nuclear age in the 1940's, the world has focused on the immense possibilities of nuclear power with both its destructive and productive capabilities. The civil nuclear industry in the UK, as in most nuclear weapons states, grew from the military facilities built in the post war years under the political climate of the Cold War. In the early years of the industry, civil and defence nuclear facilities were inextricably linked both in public perceptions and the regulatory infrastructure under which they operated. The nuclear arms race and the spread of communism overshadowed people's perceptions of there being two separate uses of nuclear material. This was a double edged sword which initially allowed the industry to develop largely unhindered by public concerns but latterly meant the industry could not break away from its roots and to many is still perceived as a dangerous and destructive force. Regulatory frameworks governing all aspects of the industry have developed both nationally and internationally driven by valid public concerns, political agendas and an international consensus that the unregulated use of nuclear material has catastrophic possibilities on an international scale. With the internationalisation of the civil nuclear industry and the costs associated with developing facilities to fully support each stage of the fuel cycle, from enrichment, fuel manufacturing, reprocessing and waste remediation, it became inevitable that a transport infrastructure would develop to make best use of the facilities. Regulations, both national and international are implicit in ensuring the security of nuclear material in transit. Due to the physical size of many of the irradiated fuel packages and implications of the changes to transport safety regulations, international transports of nuclear material, other than within mainland Europe, is predominantly carried out by sea

  1. Regional, national and international security requirements for the transport of nuclear cargo by sea

    Energy Technology Data Exchange (ETDEWEB)

    Booker, P.A.; Barnwell, I. [Marine Operations, BNFL International Transport and British Nuclear Group Security (United Kingdom)

    2004-07-01

    Since the beginning of the nuclear age in the 1940's, the world has focused on the immense possibilities of nuclear power with both its destructive and productive capabilities. The civil nuclear industry in the UK, as in most nuclear weapons states, grew from the military facilities built in the post war years under the political climate of the Cold War. In the early years of the industry, civil and defence nuclear facilities were inextricably linked both in public perceptions and the regulatory infrastructure under which they operated. The nuclear arms race and the spread of communism overshadowed people's perceptions of there being two separate uses of nuclear material. This was a double edged sword which initially allowed the industry to develop largely unhindered by public concerns but latterly meant the industry could not break away from its roots and to many is still perceived as a dangerous and destructive force. Regulatory frameworks governing all aspects of the industry have developed both nationally and internationally driven by valid public concerns, political agendas and an international consensus that the unregulated use of nuclear material has catastrophic possibilities on an international scale. With the internationalisation of the civil nuclear industry and the costs associated with developing facilities to fully support each stage of the fuel cycle, from enrichment, fuel manufacturing, reprocessing and waste remediation, it became inevitable that a transport infrastructure would develop to make best use of the facilities. Regulations, both national and international are implicit in ensuring the security of nuclear material in transit. Due to the physical size of many of the irradiated fuel packages and implications of the changes to transport safety regulations, international transports of nuclear material, other than within mainland Europe, is predominantly carried out by sea.

  2. 78 FR 78472 - Registration and Financial Security Requirements for Brokers of Property and Freight Forwarders...

    Science.gov (United States)

    2013-12-26

    ... shippers from the abuse of market power or that the transaction or service is of limited scope; and Is in... protect shippers from the abuse of market power . . . and . . . is not in the public interest.'' AIPBA... abuse of market power.'' According to AIPBA, ``[t]he unnecessarily high $75,000 broker bond requirement...

  3. Securing Mobile Networks in an Operational Setting

    Science.gov (United States)

    Ivancic, William D.; Stewart, David H.; Bell, Terry L.; Paulsen, Phillip E.; Shell, Dan

    2004-01-01

    This paper describes a network demonstration and three month field trial of mobile networking using mobile-IPv4. The network was implemented as part of the US Coast Guard operational network which is a ".mil" network and requires stringent levels of security. The initial demonstrations took place in November 2002 and a three month field trial took place from July through September of 2003. The mobile network utilized encryptors capable of NSA-approved Type 1 algorithms, mobile router from Cisco Systems and 802.11 and satellite wireless links. This paper also describes a conceptual architecture for wide-scale deployment of secure mobile networking in operational environments where both private and public infrastructure is used. Additional issues presented include link costs, placement of encryptors and running routing protocols over layer-3 encryption devices.

  4. Basic requirements to be established in a norm of radiologic security for operation of measuring equipment

    International Nuclear Information System (INIS)

    Milagros Ruiz, M.; Cateriano, Miguel A.

    2001-01-01

    According to the requirements in Argentina, each user of radioactive material must have a specific Authorization and a person who acts as the responsible for these material. But there is not any specific norm for each one. Dew to what we said before, it is necessary to make a rule to Industrials Uses. That is why this paper tries to establish the basis to do it. (author)

  5. Orphan Toxin OrtT (YdcX) of Escherichia coli Reduces Growth during the Stringent Response

    Science.gov (United States)

    2015-01-29

    antimicrobials trimethoprim and sulfamethoxazole; these antimicrobials induce the stringent response by inhibiting tetrahydrofolate synthesis...in the presence of both antimicrobials trimethoprim and sulfamethoxazole; these antimicrobials induce the stringent response by inhibiting...level [20]. Toxins 2015, 7 301 Despite these difficulties in determining physiological roles, TA systems are clearly phage inhibition systems

  6. The Stringent Response Induced by Phosphate Limitation Promotes Purine Salvage in Agrobacterium fabrum.

    Science.gov (United States)

    Sivapragasam, Smitha; Deochand, Dinesh K; Meariman, Jacob K; Grove, Anne

    2017-10-31

    Agrobacterium fabrum induces tumor growth in susceptible plant species. The upregulation of virulence genes that occurs when the bacterium senses plant-derived compounds is enhanced by acidic pH and limiting inorganic phosphate. Nutrient starvation may also trigger the stringent response, and purine salvage is among the pathways expected to be favored under such conditions. We show here that phosphate limitation induces the stringent response, as evidenced by production of (p)ppGpp, and that the xdhCSML operon encoding the purine salvage enzyme xanthine dehydrogenase is upregulated ∼15-fold. The xdhCSML operon is under control of the TetR family transcription factor XdhR; direct binding of ppGpp to XdhR attenuates DNA binding, and the enhanced xdhCSML expression correlates with increased cellular levels of (p)ppGpp. Xanthine dehydrogenase may also divert purines away from salvage pathways to form urate, the ligand for the transcription factor PecS, which in the plant pathogen Dickeya dadantii is a key regulator of virulence gene expression. However, urate levels remain low under conditions that produce increased levels of xdhCSML expression, and neither acidic pH nor limiting phosphate results in induction of genes under control of PecS. Instead, expression of such genes is induced only by externally supplemented urate. Taken together, our data indicate that purine salvage is favored during the stringent response induced by phosphate starvation, suggesting that control of this pathway may constitute a novel approach to modulating virulence. Because bacterial purine catabolism appears to be unaffected, as evidenced by the absence of urate accumulation, we further propose that the PecS regulon is induced by only host-derived urate.

  7. Stringent or nonstringent complete remission and prognosis in acute myeloid leukemia

    DEFF Research Database (Denmark)

    Øvlisen, Andreas K; Oest, Anders; Bendtsen, Mette D

    2018-01-01

    Stringent complete remission (sCR) of acute myeloid leukemia is defined as normal hematopoiesis after therapy. Less sCR, including non-sCR, was introduced as insufficient blood platelet, neutrophil, or erythrocyte recovery. These latter characteristics were defined retrospectively as postremission...... transfusion dependency and were suggested to be of prognostic value. In the present report, we evaluated the prognostic impact of achieving sCR and non-sCR in the Danish National Acute Leukaemia Registry, including 769 patients registered with classical CR (ie,

  8. Method to control the persons permitted to enter plants with increased security requirements and personnel lock for such plants

    International Nuclear Information System (INIS)

    Blaser, E.; Eickhoff, H.; Tretschoks, W.

    1978-01-01

    The personnel lock for a plant with increased security requirements, e.g. a nuclear power plant, has got two lock gates. Only persons whose right to enter has been established by the control equipment will be admitted to the lock chamber. For this purpose an identification recess is built in front of the first access to the lock chamber, where size, weight and the contours of the persons wanting to enter are roughly measured and compared with a code card carried along. The weight is established by a balance forming part of the base of the recess. By means of contact surfaces in the region of knees, upper thigh, chest and shoulder an upright position of the person is guaranteed. Scanning of the physical dimensions is performed with laser, infrared and light barriers. (DG) [de

  9. Meeting current requirements. Data security in the smart metering; Den heutigen Anforderungen gerecht werden. Datensicherheit im Smart Metering

    Energy Technology Data Exchange (ETDEWEB)

    Zayer, Peter [VOLTARIS GmbH, Maxdorf (Germany); Wolf, Frank [VOLTARIS GmbH, Merzig (Germany)

    2012-09-15

    The requirements for the smart metering are extremely complex. On the one hand, the network operators and the suppliers need unadulterated data on consumption or supply. On the other hand, consumers see their privacy jeopardized because the individual user behavior can be read from the specific energy profile. Furthermore, according to the will of the legislator the smart meter or the measuring system is an active component of a smart grid and smart-market system. Right here it is important to eliminate the threat of hacker attacks. For the industry this results in the task of guaranteeing both the maximum data security as well as to provide a maximum nutritive value to the customer.

  10. It Security and EO Systems

    Science.gov (United States)

    Burnett, M.

    2010-12-01

    One topic that is beginning to influence the systems that support these goals is that of Information Technology (IT) Security. Unsecure systems are vulnerable to increasing attacks and other negative consequences; sponsoring agencies are correspondingly responding with more refined policies and more stringent security requirements. These affect how EO systems can meet the goals of data and service interoperability and harmonization through open access, transformation and visualization services. Contemporary systems, including the vision of a system-of-systems (such as GEOSS, the Global Earth Observation System of Systems), utilize technologies that support a distributed, global, net-centric environment. These types of systems have a high reliance on the open systems, web services, shared infrastructure and data standards. The broader IT industry has developed and used these technologies in their business and mission critical systems for many years. Unfortunately, the IT industry, and their customers have learned the importance of protecting their assets and resources (computing and information) as they have been forced to respond to an ever increasing number and more complex illegitimate “attackers”. This presentation will offer an overview of work done by the CEOS WGISS organization in summarizing security threats, the challenges to responding to them and capturing the current state of the practice within the EO community.

  11. 15 CFR 744.11 - License requirements that apply to entities acting contrary to the national security or foreign...

    Science.gov (United States)

    2010-01-01

    ... entities acting contrary to the national security or foreign policy interests of the United States. 744.11... national security or foreign policy interests of the United States. BIS may impose foreign policy export... of being or becoming involved in activities that are contrary to the national security or foreign...

  12. Augmenting the Genetic Toolbox for Sulfolobus islandicus with a Stringent Positive Selectable Marker for Agmatine Prototrophy

    Science.gov (United States)

    Cooper, Tara E.; Krause, David J.

    2013-01-01

    Sulfolobus species have become the model organisms for studying the unique biology of the crenarchaeal division of the archaeal domain. In particular, Sulfolobus islandicus provides a powerful opportunity to explore natural variation via experimental functional genomics. To support these efforts, we further expanded genetic tools for S. islandicus by developing a stringent positive selection for agmatine prototrophs in strains in which the argD gene, encoding arginine decarboxylase, has been deleted. Strains with deletions in argD were shown to be auxotrophic for agmatine even in nutrient-rich medium, but growth could be restored by either supplementation of exogenous agmatine or reintroduction of a functional copy of the argD gene from S. solfataricus P2 into the ΔargD host. Using this stringent selection, a robust targeted gene knockout system was established via an improved next generation of the MID (marker insertion and unmarked target gene deletion) method. Application of this novel system was validated by targeted knockout of the upsEF genes involved in UV-inducible cell aggregation formation. PMID:23835176

  13. Ten Year Study of the Stringently Defined Otitis Prone Child in Rochester, NY

    Science.gov (United States)

    Pichichero, Michael E.

    2016-01-01

    This review summarizes a prospective, longitudinal 10-year study in Rochester NY with virtually every clinically diagnosed acute otitis media (AOM) confirmed by bacterial culture of middle ear fluid. Children experiencing 3 episodes within 6 months or 4 episodes in 12 months were considered stringently-defined otitis prone (sOP). We found stringent diagnosis compared with clinical diagnosis reduced the frequency of children meeting the OP definition from 27% to 6% resulting in 14.8% and 2.4% receiving tympanostomy tubes, respectively. Significantly more often RSV infection led to AOM in sOP than non-otitis prone (NOP) children that correlated with diminished total RSV-specific serum IgG. sOP children produced low levels of antibody to Streptococcus pneumoniae and Haemophilus influenzae candidate vaccine protein antigens and to routine pediatric vaccines. sOP children generated significantly fewer memory B cells, functional and memory T cells to otopathogens following NP colonization and AOM than NOP children and they had defects in antigen presenting cells. PMID:27273691

  14. Whole-Genome Microarray and Gene Deletion Studies Reveal Regulation of the Polyhydroxyalkanoate Production Cycle by the Stringent Response in Ralstonia eutropha H16

    Energy Technology Data Exchange (ETDEWEB)

    Brigham, CJ; Speth, DR; Rha, C; Sinskey, AJ

    2012-10-22

    Poly(3-hydroxybutyrate) (PHB) production and mobilization in Ralstonia eutropha are well studied, but in only a few instances has PHB production been explored in relation to other cellular processes. We examined the global gene expression of wild-type R. eutropha throughout the PHB cycle: growth on fructose, PHB production using fructose following ammonium depletion, and PHB utilization in the absence of exogenous carbon after ammonium was resupplied. Our results confirm or lend support to previously reported results regarding the expression of PHB-related genes and enzymes. Additionally, genes for many different cellular processes, such as DNA replication, cell division, and translation, are selectively repressed during PHB production. In contrast, the expression levels of genes under the control of the alternative sigma factor sigma(54) increase sharply during PHB production and are repressed again during PHB utilization. Global gene regulation during PHB production is strongly reminiscent of the gene expression pattern observed during the stringent response in other species. Furthermore, a ppGpp synthase deletion mutant did not show an accumulation of PHB, and the chemical induction of the stringent response with DL-norvaline caused an increased accumulation of PHB in the presence of ammonium. These results indicate that the stringent response is required for PHB accumulation in R. eutropha, helping to elucidate a thus-far-unknown physiological basis for this process.

  15. Stringent limits on the ionized mass loss from A and F dwarfs

    International Nuclear Information System (INIS)

    Brown, A.; Veale, A.; Judge, P.; Bookbinder, J.A.; Hubeny, I.

    1990-01-01

    Following the suggestion of Willson et al. (1987) that A- and F-type main-sequence stars might undergo significant mass loss due to pulsationally driven winds, upper limits to the ionized mass loss from A and F dwarfs have been obtained using VLA observations. These stringent upper limits show that the level of ionized mass loss would have at most only a small effect on stellar evolution. Radiative-equilibrium atmospheric and wind models for early A dwarfs indicate that it is highly likely that a wind flowing from such stars would be significantly ionized. In addition, late A and early F dwarfs exhibit chromospheric emission indicative of significant nonradiative heating. The present mass-loss limits are thus representative of the total mass-loss rates for these stars. It is concluded that A and F dwarfs are not losing sufficient mass to cause A dwarfs to evolve into G dwarfs. 24 refs

  16. Security and privacy requirements for a multi-institutional cancer research data grid: an interview-based study.

    Science.gov (United States)

    Manion, Frank J; Robbins, Robert J; Weems, William A; Crowley, Rebecca S

    2009-06-15

    Data protection is important for all information systems that deal with human-subjects data. Grid-based systems--such as the cancer Biomedical Informatics Grid (caBIG)--seek to develop new mechanisms to facilitate real-time federation of cancer-relevant data sources, including sources protected under a variety of regulatory laws, such as HIPAA and 21CFR11. These systems embody new models for data sharing, and hence pose new challenges to the regulatory community, and to those who would develop or adopt them. These challenges must be understood by both systems developers and system adopters. In this paper, we describe our work collecting policy statements, expectations, and requirements from regulatory decision makers at academic cancer centers in the United States. We use these statements to examine fundamental assumptions regarding data sharing using data federations and grid computing. An interview-based study of key stakeholders from a sample of US cancer centers. Interviews were structured, and used an instrument that was developed for the purpose of this study. The instrument included a set of problem scenarios--difficult policy situations that were derived during a full-day discussion of potentially problematic issues by a set of project participants with diverse expertise. Each problem scenario included a set of open-ended questions that were designed to elucidate stakeholder opinions and concerns. Interviews were transcribed verbatim and used for both qualitative and quantitative analysis. For quantitative analysis, data was aggregated at the individual or institutional unit of analysis, depending on the specific interview question. Thirty-one (31) individuals at six cancer centers were contacted to participate. Twenty-four out of thirty-one (24/31) individuals responded to our request- yielding a total response rate of 77%. Respondents included IRB directors and policy-makers, privacy and security officers, directors of offices of research, information

  17. Security and privacy requirements for a multi-institutional cancer research data grid: an interview-based study

    Directory of Open Access Journals (Sweden)

    Weems William A

    2009-06-01

    security officers, directors of offices of research, information security officers and university legal counsel. Nineteen total interviews were conducted over a period of 16 weeks. Respondents provided answers for all four scenarios (a total of 87 questions. Results were grouped by broad themes, including among others: governance, legal and financial issues, partnership agreements, de-identification, institutional technical infrastructure for security and privacy protection, training, risk management, auditing, IRB issues, and patient/subject consent. Conclusion The findings suggest that with additional work, large scale federated sharing of data within a regulated environment is possible. A key challenge is developing suitable models for authentication and authorization practices within a federated environment. Authentication – the recognition and validation of a person's identity – is in fact a global property of such systems, while authorization – the permission to access data or resources – mimics data sharing agreements in being best served at a local level. Nine specific recommendations result from the work and are discussed in detail. These include: (1 the necessity to construct separate legal or corporate entities for governance of federated sharing initiatives on this scale; (2 consensus on the treatment of foreign and commercial partnerships; (3 the development of risk models and risk management processes; (4 development of technical infrastructure to support the credentialing process associated with research including human subjects; (5 exploring the feasibility of developing large-scale, federated honest broker approaches; (6 the development of suitable, federated identity provisioning processes to support federated authentication and authorization; (7 community development of requisite HIPAA and research ethics training modules by federation members; (8 the recognition of the need for central auditing requirements and authority, and; (9 use of two

  18. Security and privacy requirements for a multi-institutional cancer research data grid: an interview-based study

    Science.gov (United States)

    2009-01-01

    Background Data protection is important for all information systems that deal with human-subjects data. Grid-based systems – such as the cancer Biomedical Informatics Grid (caBIG) – seek to develop new mechanisms to facilitate real-time federation of cancer-relevant data sources, including sources protected under a variety of regulatory laws, such as HIPAA and 21CFR11. These systems embody new models for data sharing, and hence pose new challenges to the regulatory community, and to those who would develop or adopt them. These challenges must be understood by both systems developers and system adopters. In this paper, we describe our work collecting policy statements, expectations, and requirements from regulatory decision makers at academic cancer centers in the United States. We use these statements to examine fundamental assumptions regarding data sharing using data federations and grid computing. Methods An interview-based study of key stakeholders from a sample of US cancer centers. Interviews were structured, and used an instrument that was developed for the purpose of this study. The instrument included a set of problem scenarios – difficult policy situations that were derived during a full-day discussion of potentially problematic issues by a set of project participants with diverse expertise. Each problem scenario included a set of open-ended questions that were designed to elucidate stakeholder opinions and concerns. Interviews were transcribed verbatim and used for both qualitative and quantitative analysis. For quantitative analysis, data was aggregated at the individual or institutional unit of analysis, depending on the specific interview question. Results Thirty-one (31) individuals at six cancer centers were contacted to participate. Twenty-four out of thirty-one (24/31) individuals responded to our request- yielding a total response rate of 77%. Respondents included IRB directors and policy-makers, privacy and security officers, directors of

  19. Information security fundamentals

    CERN Document Server

    Peltier, Thomas R

    2013-01-01

    Developing an information security program that adheres to the principle of security as a business enabler must be the first step in an enterprise's effort to build an effective security program. Following in the footsteps of its bestselling predecessor, Information Security Fundamentals, Second Edition provides information security professionals with a clear understanding of the fundamentals of security required to address the range of issues they will experience in the field.The book examines the elements of computer security, employee roles and r

  20. Dual Regulation of Bacillus subtilis kinB Gene Encoding a Sporulation Trigger by SinR through Transcription Repression and Positive Stringent Transcription Control.

    Science.gov (United States)

    Fujita, Yasutaro; Ogura, Mitsuo; Nii, Satomi; Hirooka, Kazutake

    2017-01-01

    It is known that transcription of kinB encoding a trigger for Bacillus subtilis sporulation is under repression by SinR, a master repressor of biofilm formation, and under positive stringent transcription control depending on the adenine species at the transcription initiation nucleotide (nt). Deletion and base substitution analyses of the kinB promoter (P kinB ) region using lacZ fusions indicated that either a 5-nt deletion (Δ5, nt -61/-57, +1 is the transcription initiation nt) or the substitution of G at nt -45 with A (G-45A) relieved kinB repression. Thus, we found a pair of SinR-binding consensus sequences (GTTCTYT; Y is T or C) in an inverted orientation (SinR-1) between nt -57/-42, which is most likely a SinR-binding site for kinB repression. This relief from SinR repression likely requires SinI, an antagonist of SinR. Surprisingly, we found that SinR is essential for positive stringent transcription control of P kinB . Electrophoretic mobility shift assay (EMSA) analysis indicated that SinR bound not only to SinR-1 but also to SinR-2 (nt -29/-8) consisting of another pair of SinR consensus sequences in a tandem repeat arrangement; the two sequences partially overlap the '-35' and '-10' regions of P kinB . Introduction of base substitutions (T-27C C-26T) in the upstream consensus sequence of SinR-2 affected positive stringent transcription control of P kinB , suggesting that SinR binding to SinR-2 likely causes this positive control. EMSA also implied that RNA polymerase and SinR are possibly bound together to SinR-2 to form a transcription initiation complex for kinB transcription. Thus, it was suggested in this work that derepression of kinB from SinR repression by SinI induced by Spo0A∼P and occurrence of SinR-dependent positive stringent transcription control of kinB might induce effective sporulation cooperatively, implying an intimate interplay by stringent response, sporulation, and biofilm formation.

  1. Security for grids

    Energy Technology Data Exchange (ETDEWEB)

    Humphrey, Marty; Thompson, Mary R.; Jackson, Keith R.

    2005-08-14

    Securing a Grid environment presents a distinctive set of challenges. This paper groups the activities that need to be secured into four categories: naming and authentication; secure communication; trust, policy, and authorization; and enforcement of access control. It examines the current state of the art in securing these processes and introduces new technologies that promise to meet the security requirements of Grids more completely.

  2. 17 CFR 249.619 - Form TA-Y2K, information required of transfer agents pursuant to section 17 of the Securities...

    Science.gov (United States)

    2010-04-01

    ... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Form TA-Y2K, information... Certain Exchange Members, Brokers, and Dealers § 249.619 Form TA-Y2K, information required of transfer... affecting Form TA-Y2K, see the List of CFR Sections Affected, which appears in the Finding Aids section of...

  3. 17 CFR 249.618 - Form BD-Y2K, information required of broker-dealers pursuant to section 17 of the Securities...

    Science.gov (United States)

    2010-04-01

    ... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Form BD-Y2K, information... Exchange Members, Brokers, and Dealers § 249.618 Form BD-Y2K, information required of broker-dealers... FR 37674, July 13, 1998] Editorial Note: For Federal Register citations affecting Form BD-Y2K, see...

  4. Air Quality and Health Benefits of China's Recent Stringent Environmental Policy

    Science.gov (United States)

    Zheng, Y.; Xue, T.; Zhang, Q.; Geng, G.; He, K.

    2016-12-01

    Aggressive emission control measures were taken by China's central and local governments after the promulgation of the "Air Pollution Prevention and Control Action Plan" in 2013. We evaluated the air quality and health benefits of this ever most stringent air pollution control policy during 2013-2015 by utilizing a two-stage data fusion model and newly-developed cause-specific integrated exposure-response functions (IER) developed for the Global Burden of Disease (GBD). The two-stage data fusion model predicts spatiotemporal continuous PM2.5 (particulate matter with aerodynamic diameter less than 2.5 µm) concentrations by integrating satellite-derived aerosol optical depth (AOD) measurements, PM2.5 concentrations from measurement and air quality model, and other ancillary information. During the years of analysis, PM2.5 concentration dropped significantly on national average and over heavily polluted regions as identified by Mann-Kendall analysis. The national PM2.5-attributable mortality decreased by 72.8 (95% CI: 59.4, 85.2) thousand (6%) from 1.23 (95% CI: 1.06, 1.39) million in 2013 to 1.15 (95% CI: 0.98, 1.31) million in 2015 due to considerable reduction (i.e. 18%) of population-weighted PM2.5 from 61.4 to 50.5 µg/m3. Meteorological variations between 2013 and 2015 were estimated to raise the PM2.5 levels by 0.24 µg/m3 and national mortality by 2.1 (95% CI: 1.6, 2.6) thousand through sensitivity tests, which implies the dominant role of anthropogenic impacts on PM2.5 abatement and attributable mortality reduction. Our study affirms the effectiveness of China's recent air quality policy, however, due to the possible supralinear shape of C-R functions, health benefits induced by air quality improvement in these years are limited. We therefore appeal for continuous implementation of current policies and further stringent measures from both air quality improvement and public health protection perspectives.

  5. Security of Supply: A Pan-European Approach - The Opportunities and Requirements of Greater Cooperation Across European Electricity Markets

    International Nuclear Information System (INIS)

    Ulreich, S.

    2015-01-01

    reduce residual load could be realised, then less power plant capacity would have to be reserved. Storage to take in excess energy would be necessary only at a later date, if required. Both of these factors can result in cost reductions. Potential savings would need to be compared with the network expansion and transaction costs associated with collective generation adequacy assessment. Comprehensive assessment of the costs and benefits should however also take into consideration any gains in the efficiency of electricity generation arising from improved usage of power plants. The following requirements are necessary to achieve this potential: 1) Cross-border methods of generation adequacy assessment need to be further developed in addition to national approaches; 2) International harmonisation of generation adequacy assessment processes. This also impacts the legal and organisational aspects of ensuring generation adequacy; 3) Reliable cross border capacity to ensure domestic security of supply. Parties responsible for security of supply at a national level need a binding guarantee when securing domestic demand with cross-border capacity; 4) Development of grid infrastructure needed alongside the existing planning (e.g. TYNDP), while giving group effects even more consideration. In doing so, obstacles as well as transformation and transaction costs need to be considered. These can be difficult to quantify, but play an important role in practice. We have arrived at the following recommendations based on the study: 1) Harmonisation of standards and processes: Common definitions of security of supply, a coordinated process of generation adequacy assessment and a guarantee of cross-border generation adequacy can contribute to the realisation of a domestic market design, even if the actual costs savings and required costs are difficult to determine. We recommend that these factors be taken into account in electricity market design. 2) Review of the evaluation of wind power

  6. Employment of personnel of a security service company does not require the consent of the works council

    International Nuclear Information System (INIS)

    Anon.

    1992-01-01

    If a company or institution hires personnel of a security service company to protect its premises, this kind of employment does not mean the company carries on temporary employment business. Within the purview of section 99, sub-section 1 of the BetrVG (Works Constitution Act), the security service personnel is not 'employed' in the proper sense even if the security tasks fulfilled by them are done at other times by regular employees of the company or institution. The court decision also decided that the Works Council need not give consent to employment of foreign security personnel. Federal Labour Court, decision dated May 5, 1992 - 1 ABR 78/91. (orig./HP) [de

  7. Ribosome•RelA structures reveal the mechanism of stringent response activation

    Science.gov (United States)

    Loveland, Anna B; Bah, Eugene; Madireddy, Rohini; Zhang, Ying; Brilot, Axel F; Grigorieff, Nikolaus; Korostelev, Andrei A

    2016-01-01

    Stringent response is a conserved bacterial stress response underlying virulence and antibiotic resistance. RelA/SpoT-homolog proteins synthesize transcriptional modulators (p)ppGpp, allowing bacteria to adapt to stress. RelA is activated during amino-acid starvation, when cognate deacyl-tRNA binds to the ribosomal A (aminoacyl-tRNA) site. We report four cryo-EM structures of E. coli RelA bound to the 70S ribosome, in the absence and presence of deacyl-tRNA accommodating in the 30S A site. The boomerang-shaped RelA with a wingspan of more than 100 Å wraps around the A/R (30S A-site/RelA-bound) tRNA. The CCA end of the A/R tRNA pins the central TGS domain against the 30S subunit, presenting the (p)ppGpp-synthetase domain near the 30S spur. The ribosome and A/R tRNA are captured in three conformations, revealing hitherto elusive states of tRNA engagement with the ribosomal decoding center. Decoding-center rearrangements are coupled with the step-wise 30S-subunit 'closure', providing insights into the dynamics of high-fidelity tRNA decoding. DOI: http://dx.doi.org/10.7554/eLife.17029.001 PMID:27434674

  8. Does dishonesty really invite third-party punishment? Results of a more stringent test.

    Science.gov (United States)

    Konishi, Naoki; Ohtsubo, Yohsuke

    2015-05-01

    Many experiments have demonstrated that people are willing to incur cost to punish norm violators even when they are not directly harmed by the violation. Such altruistic third-party punishment is often considered an evolutionary underpinning of large-scale human cooperation. However, some scholars argue that previously demonstrated altruistic third-party punishment against fairness-norm violations may be an experimental artefact. For example, envy-driven retaliatory behaviour (i.e. spite) towards better-off unfair game players may be misidentified as altruistic punishment. Indeed, a recent experiment demonstrated that participants ceased to inflict third-party punishment against an unfair player once a series of key methodological problems were systematically controlled for. Noticing that a previous finding regarding apparently altruistic third-party punishment against honesty-norm violations may have been subject to methodological issues, we used a different and what we consider to be a more sound design to evaluate these findings. Third-party punishment against dishonest players withstood this more stringent test. © 2015 The Author(s) Published by the Royal Society. All rights reserved.

  9. Security during the Construction of New Nuclear Power Plants: Technical Basis for Access Authorization and Fitness-For-Duty Requirements

    Energy Technology Data Exchange (ETDEWEB)

    Branch, Kristi M.; Baker, Kathryn A.

    2009-09-01

    A technical letter report to the NRC summarizing the findings of a benchmarking study, literature review, and workshop with experts on current industry standards and expert judgments about needs for security during the construction phase of critical infrastructure facilities in the post-September 11 U.S. context, with a special focus on the construction phase of nuclear power plants and personnel security measures.

  10. Stringent DDI-based prediction of H. sapiens-M. tuberculosis H37Rv protein-protein interactions.

    Science.gov (United States)

    Zhou, Hufeng; Rezaei, Javad; Hugo, Willy; Gao, Shangzhi; Jin, Jingjing; Fan, Mengyuan; Yong, Chern-Han; Wozniak, Michal; Wong, Limsoon

    2013-01-01

    H. sapiens-M. tuberculosis H37Rv protein-protein interaction (PPI) data are very important information to illuminate the infection mechanism of M. tuberculosis H37Rv. But current H. sapiens-M. tuberculosis H37Rv PPI data are very scarce. This seriously limits the study of the interaction between this important pathogen and its host H. sapiens. Computational prediction of H. sapiens-M. tuberculosis H37Rv PPIs is an important strategy to fill in the gap. Domain-domain interaction (DDI) based prediction is one of the frequently used computational approaches in predicting both intra-species and inter-species PPIs. However, the performance of DDI-based host-pathogen PPI prediction has been rather limited. We develop a stringent DDI-based prediction approach with emphasis on (i) differences between the specific domain sequences on annotated regions of proteins under the same domain ID and (ii) calculation of the interaction strength of predicted PPIs based on the interacting residues in their interaction interfaces. We compare our stringent DDI-based approach to a conventional DDI-based approach for predicting PPIs based on gold standard intra-species PPIs and coherent informative Gene Ontology terms assessment. The assessment results show that our stringent DDI-based approach achieves much better performance in predicting PPIs than the conventional approach. Using our stringent DDI-based approach, we have predicted a small set of reliable H. sapiens-M. tuberculosis H37Rv PPIs which could be very useful for a variety of related studies. We also analyze the H. sapiens-M. tuberculosis H37Rv PPIs predicted by our stringent DDI-based approach using cellular compartment distribution analysis, functional category enrichment analysis and pathway enrichment analysis. The analyses support the validity of our prediction result. Also, based on an analysis of the H. sapiens-M. tuberculosis H37Rv PPI network predicted by our stringent DDI-based approach, we have discovered some

  11. Cyber Safety and Security for Reduced Crew Operations (RCO)

    Science.gov (United States)

    Driscoll, Kevin

    2017-01-01

    NASA and the Aviation Industry is looking into reduced crew operations (RCO) that would cut today's required two-person flight crews down to a single pilot with support from ground-based crews. Shared responsibility across air and ground personnel will require highly reliable and secure data communication and supporting automation, which will be safety-critical for passenger and cargo aircraft. This paper looks at the different types and degrees of authority delegation given from the air to the ground and the ramifications of each, including the safety and security hazards introduced, the mitigation mechanisms for these hazards, and other demands on an RCO system architecture which would be highly invasive into (almost) all safety-critical avionics. The adjacent fields of unmanned aerial systems and autonomous ground vehicles are viewed to find problems that RCO may face and related aviation accident scenarios are described. The paper explores possible data communication architectures to meet stringent performance and information security (INFOSEC) requirements of RCO. Subsequently, potential challenges for RCO data communication authentication, encryption and non-repudiation are identified. The approach includes a comprehensive safety-hazard analysis of the RCO system to determine top level INFOSEC requirements for RCO and proposes an option for effective RCO implementation. This paper concludes with questioning the economic viability of RCO in light of the expense of overcoming the operational safety and security hazards it would introduce.

  12. Security authentication using the reflective glass pattern imaging effect.

    Science.gov (United States)

    Zhu, Ji Cheng; Shen, Su; Wu, Jian Hong

    2015-11-01

    The reflective glass pattern imaging effect is investigated experimentally for the utility in forming a synthetic 3D image as a security authentication device in this Letter. An array of homogeneously randomly distributed reflective elements and a corresponding micropattern array are integrated onto a thin layer of polyester film aiming to create a vivid image floating over a substrate surface, which can be clearly visible to the naked eye. By using the reflective-type configuration, the micro-optic system can be realized on a thinner substrate and is immune to external stain due to its flat working plane. A novel gravure-like doctor blading technique can realize a resolution up to 12,000 dpi and a stringent 2D alignment requirement should be imposed. Such devices can find applications in document security and banknotes or other valuable items to protect them against forgery.

  13. Kyrgyzstan's security problems today

    OpenAIRE

    Abduvalieva, Ryskul

    2009-01-01

    Regional stability and security consist of two levels-the external security of each country at the regional level and the internal security of each of them individually. A state's external and internal security are closely interrelated concepts. It stands to reason that ensuring internal security and stability is the primary and most important task. But the external aspect also requires attention. This article takes a look at the most important problems of ensuring Kyrgyzstan's security.

  14. Information Security Maturity Model

    OpenAIRE

    Information Security Maturity Model

    2011-01-01

    To ensure security, it is important to build-in security in both the planning and the design phases andadapt a security architecture which makes sure that regular and security related tasks, are deployedcorrectly. Security requirements must be linked to the business goals. We identified four domains thataffect security at an organization namely, organization governance, organizational culture, thearchitecture of the systems, and service management. In order to identify and explore the strengt...

  15. Security By Design

    OpenAIRE

    Tanner, M. James

    2009-01-01

    Securing a computer from unwanted intrusion requires astute planning and effort to effectively minimize the security invasions computers are plagued with today. While all of the efforts to secure a computer are needed, it seems that the underlying issue of what is being secured has been overlooked. The operating system is at the core of the security issue. Many applications and devices have been put into place to add layers of protection to an already weak operating system. Security did not u...

  16. Quality of Security Service: Adaptive Security

    National Research Council Canada - National Science Library

    Levin, Timothy E; Irvine, Cynthia E; Spyropoulou, Evdoxia

    2004-01-01

    The premise of Quality of Security Service is that system and network management functions can be more effective if variable levels of security services and requirements can be presented to users or network tasks...

  17. Junos Security

    CERN Document Server

    Cameron, Rob; Giecco, Patricio; Eberhard, Timothy; Quinn, James

    2010-01-01

    Junos® Security is the complete and authorized introduction to the new Juniper Networks SRX hardware series. This book not only provides a practical, hands-on field guide to deploying, configuring, and operating SRX, it also serves as a reference to help you prepare for any of the Junos Security Certification examinations offered by Juniper Networks. Network administrators and security professionals will learn how to use SRX Junos services gateways to address an array of enterprise data network requirements -- including IP routing, intrusion detection, attack mitigation, unified threat manag

  18. Protecting America's economy, environment, health, and security against invasive species requires a strong federal program in systematic biology

    Science.gov (United States)

    Hilda Diaz-Soltero; Amy Y. Rossman

    2011-01-01

    Systematics is the science that identifies and groups organisms by understanding their origins, relationships, and distributions. It is fundamental to understanding life on earth, our crops, wildlife, and diseases, and it provides the scientific foundation to recognize and manage invasive species. Protecting America's economy, environment, health, and security...

  19. 75 FR 62718 - Disclosure for Asset-Backed Securities Required by Section 943 of the Dodd-Frank Wall Street...

    Science.gov (United States)

    2010-10-13

    ... Putting Banks in Hole,'' Wall Street Journal (Mar. 8, 2010) (noting that most mortgages put back to... Dodd-Frank Wall Street Reform and Consumer Protection Act AGENCY: Securities and Exchange Commission. ACTION: Proposed rule. SUMMARY: Pursuant to Section 943 of the Dodd-Frank Wall Street Reform and Consumer...

  20. Security and health protection while working with a computer. Survey into the knowledge of users about legal and other requirements.

    OpenAIRE

    Šmejkalová, Petra

    2005-01-01

    This bachelor thesis is aimed at the knowledge of general computer users with regards to work security and health protection. It summarizes the relevant legislation and recommendations of ergonomic specialists. The practical part analyses results of a survey, which examined the computer workplaces and user habits when working with a computer.

  1. Presentation of various types of electronic business available on the Internet, Advantages, Disadvantages, Key Requirements and Security, Implementation Model of an Electronic Business

    OpenAIRE

    Andreea A.S. Ionescu; Raul Serban

    2012-01-01

    This paper speaks about the advantages, disadvantages, key requirements necessary of an electronic business, the infrastructure of the Internet, the existing main networks on the Internet, standards used to develop electronic business and the security of an e-business environment. As we know in an organization the information is an asset that has value and should be protected and diversified. We also propose an implementation model of an electronic business that interconnects two concepts: ER...

  2. Computer security engineering management

    International Nuclear Information System (INIS)

    McDonald, G.W.

    1988-01-01

    For best results, computer security should be engineered into a system during its development rather than being appended later on. This paper addresses the implementation of computer security in eight stages through the life cycle of the system; starting with the definition of security policies and ending with continuing support for the security aspects of the system throughout its operational life cycle. Security policy is addressed relative to successive decomposition of security objectives (through policy, standard, and control stages) into system security requirements. This is followed by a discussion of computer security organization and responsibilities. Next the paper directs itself to analysis and management of security-related risks, followed by discussion of design and development of the system itself. Discussion of security test and evaluation preparations, and approval to operate (certification and accreditation), is followed by discussion of computer security training for users is followed by coverage of life cycle support for the security of the system

  3. Unix Security Cookbook

    Science.gov (United States)

    Rehan, S. C.

    This document has been written to help Site Managers secure their Unix hosts from being compromised by hackers. I have given brief introductions to the security tools along with downloading, configuring and running information. I have also included a section on my recommendations for installing these security tools starting from an absolute minimum security requirement.

  4. Achieving stringent climate targets. An analysis of the role of transport and variable renewable energies using energy-economy-climate models

    Energy Technology Data Exchange (ETDEWEB)

    Pietzcker, Robert Carl

    2014-07-01

    Anthropogenic climate change is threatening the welfare of mankind. Accordingly, policy makers have repeatedly stated the goal of slowing climate change and limiting the increase of global mean temperature to less than 2 C above pre-industrial times (the so-called ''two degree target''). Stabilizing the temperature requires drastic reductions of greenhouse gas (GHG) emissions to nearly zero. As the global system of energy supply currently relies on fossil fuels, reducing GHG emissions can only be achieved through a full-scale transformation of the energy system. This thesis investigates the economic requirements and implications of different scenarios that achieve stringent climate mitigation targets. It starts with the analysis of characteristic decarbonization patterns and identifies two particularly relevant aspects of mitigation scenarios: deployment of variable renewable energies (VRE) and decarbonization of the transport sector. After investigating these fields in detail, we turned towards one of the most relevant questions for policy makers and analyzed the trade-off between the stringency of a climate target and its economic requirements and implications. All analyses are based on the improvement, application, comparison, and discussion of large-scale IAMs. The novel ''mitigation share'' metric allowed us to identify the relevance of specific technology groups for mitigation and to improve our understanding of the decarbonization patterns of different energy subsectors. It turned out that the power sector is decarbonized first and reaches lowest emissions, while the transport sector is slowest to decarbonize. For the power sector, non-biomass renewable energies contribute most to emission reductions, while the transport sector strongly relies on liquid fuels and therefore requires biomass in combination with carbon capture and sequestration (CCS) to reduce emissions. An in-depth investigation of the solar power

  5. Security of radioactive sources in radiation facilities

    International Nuclear Information System (INIS)

    2011-03-01

    Safety codes and safety standards are formulated on the basis of internationally accepted safety criteria for design, construction and operation of specific equipment, systems, structures and components of nuclear and radiation facilities. Safety codes establish the objectives and set requirements that shall be fulfilled to provide adequate assurance for safety. Safety guides and guidelines elaborate various requirements and furnish approaches for their implementation. Safety manuals deal with specific topics and contain detailed scientific and technical information on the subject. These documents are prepared by experts in the relevant fields and are extensively reviewed by advisory committees of the Board before they are published. The documents are revised when necessary, in the light of experience and feedback from users as well as new developments in the field. In India, radiation sources are being widely used for societal benefits in industry, medical practices, research, training and agriculture. It has been reported from all over the world that unsecured radioactive sources caused serious radiological accidents involving radiation injuries and fatalities. Particular concern was expressed regarding radioactive sources that have become orphaned (not under regulatory control) or vulnerable (under weak regulatory control and about to be orphaned). There is a concern about safety and security of radioactive sources and hence the need of stringent regulatory control over the handling of the sources and their security. In view of this, this guide is prepared which gives provisions necessary to safeguard radiation installations against theft of radioactive sources and other malevolent acts that may result in radiological consequences. It is, therefore, required that the radiation sources are used safely and managed securely by only authorised personnel. This guide is intended to be used by users of radiation sources in developing the necessary security plan for

  6. Cyber security in nuclear power plants and its portability to other industrial infrastructures

    Energy Technology Data Exchange (ETDEWEB)

    Champigny, Sebastien; Gupta, Deeksha; Watson, Venesa; Waedt, Karl [AREVA GmbH, Erlangen (Germany)

    2017-06-15

    Power generation increasingly relies on decentralised and interconnected computerised systems. Concepts like ''Industrial Internet of Things'' of the Industrial Internet Consortium (IIC), and ''Industry 4.0'' find their way in this strategic industry. Risk of targeted exploits of errors and vulnerabilities increases with complexity, interconnectivity and decentralization. Inherently stringent security requirements and features make nuclear computerised applications and systems a benchmark for industrial counterparts seeking to hedge against those risks. Consequently, this contribution presents usual cyber security regulations and practices for nuclear power plants. It shows how nuclear cyber security can be ported and used in an industrial context to protect critical infrastructures against cyber-attacks and industrial espionage.

  7. Direct-to-physician and direct-to-consumer advertising: Time to have stringent regulations.

    Science.gov (United States)

    Kannan, S; Gowri, S; Tyagi, V; Kohli, S; Jain, R; Kapil, P; Bhardwaj, A

    2015-01-01

    the opinion regarding DTCA, 69.9% physicians had a patient discussing DTCA that was clinically inappropriate. One hundred (64.5%) out of 155 physicians opined that DTCA encourage patients to attend physicians regarding preventive healthcare. On the contrary, 82/155 (52.9%) physicians felt that DTCA would damage the same. Similarly, 69 out of the total 100 patients felt that drug advertisements aid them to have better discussions with their treating physicians. Surprisingly, a large majority (91/100) were of the opinion that only safe drugs are allowed to be advertised. To conclude, from the findings of this study both the physicians and patients should be cautious and not overzealous while dealing with drug advertisements or promotional literature. More stringent scrutiny and issue of WLs or blacklisting of indulging pharmaceutical companies are mandatory by the regulatory agency to contain the same.

  8. FOOD SECURITY

    Directory of Open Access Journals (Sweden)

    Dorina Ardelean

    2013-12-01

    Full Text Available The assurance of food security at the individual level doesn’t implicitly provide for the one at family level as the concepts of hunger, malnutrition and food insecurity are the steps of the same process of access restricted to a sufficient supply of food. In order to achieve food security at the individual level the following is necessary: ensuring food availability (production, reserve stocks; redistribution of food availability within the country or out through international exchanges; effective access of the population to purchase food consumer goods, by ensuring its effective demand as required. Food security of families (FFS is required for assuring individual food security (IFS, but it is not sufficient because the food available may be unevenly distributed between family members. National food security (NFS corresponds to the possibilities that different countries have to ensure both FFS and IFS without sacrificing other important objectives. Under the name of GAS is defined the global food security which represents permanent access for the entire population of the globe to the necessary food for a healthy and active life.

  9. EPICS: Channel Access security design

    International Nuclear Information System (INIS)

    Kraimer, M.; Hill, J.

    1994-05-01

    This document presents the design for implementing the requirements specified in: EPICS -- Channel Access Security -- functional requirements, Ned. D. Arnold, 03/09/92. Use of the access security system is described along with a summary of the functional requirements. The programmer's interface is given. Security protocol is described and finally aids for reading the access security code are provided

  10. Induction of a stringent metabolic response in intracellular stages of Leishmania mexicana leads to increased dependence on mitochondrial metabolism.

    Directory of Open Access Journals (Sweden)

    Eleanor C Saunders

    2014-01-01

    Full Text Available Leishmania parasites alternate between extracellular promastigote stages in the insect vector and an obligate intracellular amastigote stage that proliferates within the phagolysosomal compartment of macrophages in the mammalian host. Most enzymes involved in Leishmania central carbon metabolism are constitutively expressed and stage-specific changes in energy metabolism remain poorly defined. Using (13C-stable isotope resolved metabolomics and (2H2O labelling, we show that amastigote differentiation is associated with reduction in growth rate and induction of a distinct stringent metabolic state. This state is characterized by a global decrease in the uptake and utilization of glucose and amino acids, a reduced secretion of organic acids and increased fatty acid β-oxidation. Isotopomer analysis showed that catabolism of hexose and fatty acids provide C4 dicarboxylic acids (succinate/malate and acetyl-CoA for the synthesis of glutamate via a compartmentalized mitochondrial tricarboxylic acid (TCA cycle. In vitro cultivated and intracellular amastigotes are acutely sensitive to inhibitors of mitochondrial aconitase and glutamine synthetase, indicating that these anabolic pathways are essential for intracellular growth and virulence. Lesion-derived amastigotes exhibit a similar metabolism to in vitro differentiated amastigotes, indicating that this stringent response is coupled to differentiation signals rather than exogenous nutrient levels. Induction of a stringent metabolic response may facilitate amastigote survival in a nutrient-poor intracellular niche and underlie the increased dependence of this stage on hexose and mitochondrial metabolism.

  11. Security in the nuclear medicine department

    International Nuclear Information System (INIS)

    Bassingham, S.; Gane, J.; Chan, P.S.; Heenan, S.; Gulliver, N.; McVey, J.

    2005-01-01

    The current threat from terrorism highlights the need for awareness of adequate security of radioactive sources by health bodies to prevent the opportunistic access to, theft of. or accidental loss of sources, together with stringent security measures in place to prevent the international misuse of radioactive sources as a weapon by unauthorised access. This presentation discusses the processes undertaken to ensure the safety and security of radioactive materials within the nuclear medicine department in line with current regulations and guidelines. These include risk assessments, security systems, audit trails, restricted access and personnel background checks

  12. Stringent homology-based prediction of H. sapiens-M. tuberculosis H37Rv protein-protein interactions.

    Science.gov (United States)

    Zhou, Hufeng; Gao, Shangzhi; Nguyen, Nam Ninh; Fan, Mengyuan; Jin, Jingjing; Liu, Bing; Zhao, Liang; Xiong, Geng; Tan, Min; Li, Shijun; Wong, Limsoon

    2014-04-08

    H. sapiens-M. tuberculosis H37Rv protein-protein interaction (PPI) data are essential for understanding the infection mechanism of the formidable pathogen M. tuberculosis H37Rv. Computational prediction is an important strategy to fill the gap in experimental H. sapiens-M. tuberculosis H37Rv PPI data. Homology-based prediction is frequently used in predicting both intra-species and inter-species PPIs. However, some limitations are not properly resolved in several published works that predict eukaryote-prokaryote inter-species PPIs using intra-species template PPIs. We develop a stringent homology-based prediction approach by taking into account (i) differences between eukaryotic and prokaryotic proteins and (ii) differences between inter-species and intra-species PPI interfaces. We compare our stringent homology-based approach to a conventional homology-based approach for predicting host-pathogen PPIs, based on cellular compartment distribution analysis, disease gene list enrichment analysis, pathway enrichment analysis and functional category enrichment analysis. These analyses support the validity of our prediction result, and clearly show that our approach has better performance in predicting H. sapiens-M. tuberculosis H37Rv PPIs. Using our stringent homology-based approach, we have predicted a set of highly plausible H. sapiens-M. tuberculosis H37Rv PPIs which might be useful for many of related studies. Based on our analysis of the H. sapiens-M. tuberculosis H37Rv PPI network predicted by our stringent homology-based approach, we have discovered several interesting properties which are reported here for the first time. We find that both host proteins and pathogen proteins involved in the host-pathogen PPIs tend to be hubs in their own intra-species PPI network. Also, both host and pathogen proteins involved in host-pathogen PPIs tend to have longer primary sequence, tend to have more domains, tend to be more hydrophilic, etc. And the protein domains from both

  13. Synthetic Peptides to Target Stringent Response-Controlled Virulence in a Pseudomonas aeruginosa Murine Cutaneous Infection Model

    Directory of Open Access Journals (Sweden)

    Daniel Pletzer

    2017-09-01

    Full Text Available Microorganisms continuously monitor their surroundings and adaptively respond to environmental cues. One way to cope with various stress-related situations is through the activation of the stringent stress response pathway. In Pseudomonas aeruginosa this pathway is controlled and coordinated by the activity of the RelA and SpoT enzymes that metabolize the small nucleotide secondary messenger molecule (pppGpp. Intracellular ppGpp concentrations are crucial in mediating adaptive responses and virulence. Targeting this cellular stress response has recently been the focus of an alternative approach to fight antibiotic resistant bacteria. Here, we examined the role of the stringent response in the virulence of P. aeruginosa PAO1 and the Liverpool epidemic strain LESB58. A ΔrelA/ΔspoT double mutant showed decreased cytotoxicity toward human epithelial cells, exhibited reduced hemolytic activity, and caused down-regulation of the expression of the alkaline protease aprA gene in stringent response mutants grown on blood agar plates. Promoter fusions of relA or spoT to a bioluminescence reporter gene revealed that both genes were expressed during the formation of cutaneous abscesses in mice. Intriguingly, virulence was attenuated in vivo by the ΔrelA/ΔspoT double mutant, but not the relA mutant nor the ΔrelA/ΔspoT complemented with either gene. Treatment of a cutaneous P. aeruginosa PAO1 infection with anti-biofilm peptides increased animal welfare, decreased dermonecrotic lesion sizes, and reduced bacterial numbers recovered from abscesses, resembling the phenotype of the ΔrelA/ΔspoT infection. It was previously demonstrated by our lab that ppGpp could be targeted by synthetic peptides; here we demonstrated that spoT promoter activity was suppressed during cutaneous abscess formation by treatment with peptides DJK-5 and 1018, and that a peptide-treated relA complemented stringent response double mutant strain exhibited reduced peptide

  14. Data security in genomics: A review of Australian privacy requirements and their relation to cryptography in data storage.

    Science.gov (United States)

    Schlosberg, Arran

    2016-01-01

    The advent of next-generation sequencing (NGS) brings with it a need to manage large volumes of patient data in a manner that is compliant with both privacy laws and long-term archival needs. Outside of the realm of genomics there is a need in the broader medical community to store data, and although radiology aside the volume may be less than that of NGS, the concepts discussed herein are similarly relevant. The relation of so-called "privacy principles" to data protection and cryptographic techniques is explored with regards to the archival and backup storage of health data in Australia, and an example implementation of secure management of genomic archives is proposed with regards to this relation. Readers are presented with sufficient detail to have informed discussions - when implementing laboratory data protocols - with experts in the fields.

  15. Leadership in organizations with high security and reliability requirements; Liderazgo en organizaciones con altos requisitos de seguridad y fiabilidad

    Energy Technology Data Exchange (ETDEWEB)

    Gonzalez, F.

    2013-07-01

    Developing leadership skills in organizations is the key to ensure the sustain ability of excellent results in industries with high requirements safety and reliability. In order to have a model of leadership development specific to this type of organizations, Tecnatom in 2011, we initiated a project internal, to find and adapt a competency model to these requirements.

  16. Strategic planning and security analysis

    International Nuclear Information System (INIS)

    DePasquale, S.

    1991-01-01

    Nuclear security master planning is a deliberative process, founded on the premise that the broad scope of security must be analyzed before any meaningful determinations may be reached on an individual security aspect. This paper examines the analytical process required in developing a Security Master Plan. It defines a four stage process concluding with the selection of security measures encompassing physical security, policy and procedure considerations and guard force deployment. The final product orchestrates each security measure in a complementary and supportive configuration

  17. Security Flaws in an Efficient Pseudo-Random Number Generator for Low-Power Environments

    Science.gov (United States)

    Peris-Lopez, Pedro; Hernandez-Castro, Julio C.; Tapiador, Juan M. E.; Millán, Enrique San; van der Lubbe, Jan C. A.

    In 2004, Settharam and Rhee tackled the design of a lightweight Pseudo-Random Number Generator (PRNG) suitable for low-power environments (e.g. sensor networks, low-cost RFID tags). First, they explicitly fixed a set of requirements for this primitive. Then, they proposed a PRNG conforming to these requirements and using a free-running timer [9]. We analyze this primitive discovering important security faults. The proposed algorithm fails to pass even relatively non-stringent batteries of randomness such as ENT (i.e. a pseudorandom number sequence test program). We prove that their recommended PRNG has a very short period due to the flawed design of its core. The internal state can be easily revealed, compromising its backward and forward security. Additionally, the rekeying algorithm is defectively designed mainly related to the unpractical value proposed for this purpose.

  18. Indicators for energy security

    International Nuclear Information System (INIS)

    Kruyt, Bert; Van Vuuren, D.P.; De Vries, H.J.M.; Groenenberg, H.

    2009-01-01

    The concept of energy security is widely used, yet there is no consensus on its precise interpretation. In this research, we have provided an overview of available indicators for long-term security of supply (SOS). We distinguished four dimensions of energy security that relate to the availability, accessibility, affordability and acceptability of energy and classified indicators for energy security according to this taxonomy. There is no one ideal indicator, as the notion of energy security is highly context dependent. Rather, applying multiple indicators leads to a broader understanding. Incorporating these indicators in model-based scenario analysis showed accelerated depletion of currently known fossil resources due to increasing global demand. Coupled with increasing spatial discrepancy between consumption and production, international trade in energy carriers is projected to have increased by 142% in 2050 compared to 2008. Oil production is projected to become increasingly concentrated in a few countries up to 2030, after which production from other regions diversifies the market. Under stringent climate policies, this diversification may not occur due to reduced demand for oil. Possible benefits of climate policy include increased fuel diversity and slower depletion of fossil resources. (author)

  19. Criticality analysis of the EU gas infrastructure: heightened security requirements for gas control and management centres; Kritikalitaetsanalyse der EU-Gasinfrastruktur: Erhoehte Sicherheitsanforderungen an Gasleit- und -kontrollzentren

    Energy Technology Data Exchange (ETDEWEB)

    Nerlich, Uwe; Umbach, Frank [Centre for European Security Strategies (CESS), Muenchen/Berlin (Germany)

    2009-11-15

    Since the terror attacks of 2001 critical infrastructure objects have gained substantially in strategic importance in the eyes of the German government and EU authorities as well as the European industry. This has not only been due to the worldwide increase in terrorist attacks on energy infrastructure objects but also to the attacks of Madrid on 11 March 2004 and London on 7 July 2005, which have shown that Europe is no longer being spared from terrorism. Strategies for the abatement of these hazards and their repercussions are therefore more urgently needed than ever before. This requires a differentiated assessment of the situation, as has been carried out, for example, in raising the security requirements and investigating the vulnerability of the gas management and control centres of the EU's Octavio project.

  20. Microsoft Azure security

    CERN Document Server

    Freato, Roberto

    2015-01-01

    This book is intended for Azure administrators who want to understand the application of security principles in distributed environments and how to use Azure to its full capability to reduce the risks of security breaches. Only basic knowledge of the security processes and services of Microsoft Azure is required.

  1. Learning Puppet security

    CERN Document Server

    Slagle, Jason

    2015-01-01

    If you are a security professional whose workload is increasing, or a Puppet professional looking to increase your knowledge of security, or even an experienced systems administrator, then this book is for you. This book will take you to the next level of security automation using Puppet. The book requires no prior knowledge of Puppet to get started.

  2. Alternative security

    International Nuclear Information System (INIS)

    Weston, B.H.

    1990-01-01

    This book contains the following chapters: The Military and Alternative Security: New Missions for Stable Conventional Security; Technology and Alternative Security: A Cherished Myth Expires; Law and Alternative Security: Toward a Just World Peace; Politics and Alternative Security: Toward a More Democratic, Therefore More Peaceful, World; Economics and Alternative Security: Toward a Peacekeeping International Economy; Psychology and Alternative Security: Needs, Perceptions, and Misperceptions; Religion and Alternative Security: A Prophetic Vision; and Toward Post-Nuclear Global Security: An Overview

  3. Homeland Security

    Science.gov (United States)

    Provides an overview of EPA's homeland security roles and responsibilities, and links to specific homeland security issues: water security, research, emergency response, recovery, and waste management.

  4. City-specific vehicle emission control strategies to achieve stringent emission reduction targets in China's Yangtze River Delta region.

    Science.gov (United States)

    Zhang, Shaojun; Wu, Ye; Zhao, Bin; Wu, Xiaomeng; Shu, Jiawei; Hao, Jiming

    2017-01-01

    The Yangtze River Delta (YRD) region is one of the most prosperous and densely populated regions in China and is facing tremendous pressure to mitigate vehicle emissions and improve air quality. Our assessment has revealed that mitigating vehicle emissions of NOx would be more difficult than reducing the emissions of other major vehicular pollutants (e.g., CO, HC and PM 2.5 ) in the YRD region. Even in Shanghai, where the emission control implemented are more stringent than in Jiangsu and Zhejiang, we observed little to no reduction in NOx emissions from 2000 to 2010. Emission-reduction targets for HC, NOx and PM 2.5 are determined using a response surface modeling tool for better air quality. We design city-specific emission control strategies for three vehicle-populated cities in the YRD region: Shanghai and Nanjing and Wuxi in Jiangsu. Our results indicate that even if stringent emission control consisting of the Euro 6/VI standards, the limitation of vehicle population and usage, and the scrappage of older vehicles is applied, Nanjing and Wuxi will not be able to meet the NOx emissions target by 2020. Therefore, additional control measures are proposed for Nanjing and Wuxi to further mitigate NOx emissions from heavy-duty diesel vehicles. Copyright © 2016. Published by Elsevier B.V.

  5. Android application security essentials

    CERN Document Server

    Rai, Pragati

    2013-01-01

    Android Application Security Essentials is packed with examples, screenshots, illustrations, and real world use cases to secure your apps the right way.If you are looking for guidance and detailed instructions on how to secure app data, then this book is for you. Developers, architects, managers, and technologists who wish to enhance their knowledge of Android security will find this book interesting. Some prior knowledge of development on the Android stack is desirable but not required.

  6. Disposal of TRU Waste from the PFP in pipe overpack containers to WIPP Including New Security Requirements

    International Nuclear Information System (INIS)

    HOPKINS, A.M.

    2003-01-01

    The Department of Energy is responsible for the safe management and cleanup of the DOE complex. As part of the cleanup and closure of the Plutonium Finishing Plant (PFP) located on the Hanford site, the nuclear material inventory was reviewed to determine the appropriate disposition path. Based on the nuclear material characteristics, the material was designated for stabilization and packaging for long term storage and transfer to the Savannah River Site, or a decision for discard was made. The discarded material was designated as waste material and slated for disposal to the Waste Isolation Pilot Plant (WIPP). Prior to preparing any residue wastes for disposal at the WIPP, several major activities need to be completed. As detailed a processing history as possible of the material including origin of the waste must be researched and documented. A technical basis for termination of safeguards on the material must be prepared and approved. Utilizing process knowledge and processing history, the material must be characterized, sampling requirements determined, acceptable knowledge package and waste designation completed prior to disposal. All of these activities involve several organizations including the contractor, DOE, state representatives and other regulators such as EPA. At PFP, a process has been developed for meeting the many, varied requirements and successfully used to prepare several residue waste streams including Rocky Flats incinerator ash, hanford incinerator ash and Sand, Slag and Crucible (SS and C) material for disposal. These waste residues are packed into Pipe Overpack Containers for shipment to the WIPP

  7. Securing While Sampling in Wireless Body Area Networks With Application to Electrocardiography.

    Science.gov (United States)

    Dautov, Ruslan; Tsouri, Gill R

    2016-01-01

    Stringent resource constraints and broadcast transmission in wireless body area network raise serious security concerns when employed in biomedical applications. Protecting data transmission where any minor alteration is potentially harmful is of significant importance in healthcare. Traditional security methods based on public or private key infrastructure require considerable memory and computational resources, and present an implementation obstacle in compact sensor nodes. This paper proposes a lightweight encryption framework augmenting compressed sensing with wireless physical layer security. Augmenting compressed sensing to secure information is based on the use of the measurement matrix as an encryption key, and allows for incorporating security in addition to compression at the time of sampling an analog signal. The proposed approach eliminates the need for a separate encryption algorithm, as well as the predeployment of a key thereby conserving sensor node's limited resources. The proposed framework is evaluated using analysis, simulation, and experimentation applied to a wireless electrocardiogram setup consisting of a sensor node, an access point, and an eavesdropper performing a proximity attack. Results show that legitimate communication is reliable and secure given that the eavesdropper is located at a reasonable distance from the sensor node and the access point.

  8. Security Dilemma

    DEFF Research Database (Denmark)

    Wivel, Anders

    2011-01-01

    What is a security dilemma? What are the consequences of security dilemmas in international politics?......What is a security dilemma? What are the consequences of security dilemmas in international politics?...

  9. Relaxing Chosen-Ciphertext Security

    DEFF Research Database (Denmark)

    Canetti, Ran; Krawczyk, Hugo; Nielsen, Jesper Buus

    2003-01-01

    Security against adaptive chosen ciphertext attacks (or, CCA security) has been accepted as the standard requirement from encryption schemes that need to withstand active attacks. In particular, it is regarded as the appropriate security notion for encryption schemes used as components within...... general protocols and applications. Indeed, CCA security was shown to suffice in a large variety of contexts. However, CCA security often appears to be somewhat too strong: there exist encryption schemes (some of which come up naturally in practice) that are not CCA secure, but seem sufficiently secure...... “for most practical purposes.” We propose a relaxed variant of CCA security, called Replayable CCA (RCCA) security. RCCA security accepts as secure the non-CCA (yet arguably secure) schemes mentioned above; furthermore, it suffices for most existing applications of CCA security. We provide three...

  10. Non-proliferation of nuclear weapons and nuclear security. Overview of safeguards requirements for States with limited nuclear material and activities

    International Nuclear Information System (INIS)

    Lodding, J.; Ribeiro, B.

    2006-06-01

    This booklet provides an overview of safeguards obligations that apply to States which are parties to the Nuclear Non-Proliferation Treaty (NPT) that have no nuclear facilities and only limited quantities of nuclear material. Most State parties to the NPT have no nuclear facilities and only limited quantities of nuclear material. For such States, safeguards implementation is expected to be simple and straightforward. This booklet provides an overview of the safeguards obligations that apply to such States. It is hoped that a better understanding of these requirements will facilitate the conclusion and implementation of safeguards agreements and additional protocols, and thereby contribute to the strengthening of the IAEA?s safeguards system and of collective security

  11. Non-proliferation of nuclear weapons and nuclear security. Overview of Safeguards requirements for States with limited nuclear material and activities

    International Nuclear Information System (INIS)

    Lodding, J.; Ribeiro, B.

    2006-06-01

    This booklet provides an overview of safeguards obligations that apply to States which are parties to the Nuclear Non-Proliferation Treaty (NPT) that have no nuclear facilities and only limited quantities of nuclear material. Most State parties to the NPT have no nuclear facilities and only limited quantities of nuclear material. For such States, safeguards implementation is expected to be simple and straightforward. This booklet provides an overview of the safeguards obligations that apply to such States. It is hoped that a better understanding of these requirements will facilitate the conclusion and implementation of safeguards agreements and additional protocols, and thereby contribute to the strengthening of the IAEA?s safeguards system and of collective security

  12. Security Measures in Data Mining

    OpenAIRE

    Anish Gupta; Vimal Bibhu; Rashid Hussain

    2012-01-01

    Data mining is a technique to dig the data from the large databases for analysis and executive decision making. Security aspect is one of the measure requirement for data mining applications. In this paper we present security requirement measures for the data mining. We summarize the requirements of security for data mining in tabular format. The summarization is performed by the requirements with different aspects of security measure of data mining. The performances and outcomes are determin...

  13. Legal and security requirements for the air transportation of cyanotoxins and toxigenic cyanobacterial cells for legitimate research and analytical purposes.

    Science.gov (United States)

    Metcalf, J S; Meriluoto, J A O; Codd, G A

    2006-05-25

    Cyanotoxins are now recognised by international and national health and environment agencies as significant health hazards. These toxins, and the cells which produce them, are also vulnerable to exploitation for illegitimate purposes. Cyanotoxins are increasingly being subjected to national and international guidelines and regulations governing their production, storage, packaging and transportation. In all of these respects, cyanotoxins are coming under the types of controls imposed on a wide range of chemicals and other biotoxins of microbial, plant and animal origin. These controls apply whether cyanotoxins are supplied on a commercial basis, or stored and transported in non-commercial research collaborations and programmes. Included are requirements concerning the transportation of these toxins as documented by the United Nations, the International Air Transport Association (IATA) and national government regulations. The transportation regulations for "dangerous goods", which by definition include cyanotoxins, cover air mail, air freight, and goods checked in and carried on flights. Substances include those of determined toxicity and others of suspected or undetermined toxicity, covering purified cyanotoxins, cyanotoxin-producing laboratory strains and environmental samples of cyanobacteria. Implications of the regulations for the packaging and air-transport of dangerous goods, as they apply to cyanotoxins and toxigenic cyanobacteria, are discussed.

  14. The implementation of modern digital technology in x-ray medical diagnosis in Republic of Moldova - a stringent necessity

    International Nuclear Information System (INIS)

    Rosca, Andrei

    2011-01-01

    The study includes analyses of current technical state of radiodiagnostic equipment from the Public Medico-Sanitary Institution of Ministry of Health of Republic of Moldova (IMSP MS RM). The traditional radiodiagnostic apparatuses were morally and physically outrun at 96,6% (in regional MSPI - 93,5%), inclusive the dental one - 92,0% (in raional MSPI - 97,2%), X-Ray exam -100%, mobile - 84,1% etc. The exploitation of the traditional radiodiagnostic apparatuses with high degree of physical and moral wear essentially diminished the quality of profile investigation, creates premises for diagnostic error perpetrating, increase the collective ionizing irradiation of population etc. In recent years the subvention of MSPI HM RM with digital radiodiagnostic equipment was started. This process is very hard unfold because of grave socio-economic crises in Republic of Moldova. Despite these obstacles the subvention of MSPI HM RM with digital equipment represents a stringent necessity and a time request.

  15. Insulated hsp70B' promoter: stringent heat-inducible activity in replication-deficient, but not replication-competent adenoviruses.

    Science.gov (United States)

    Rohmer, Stanimira; Mainka, Astrid; Knippertz, Ilka; Hesse, Andrea; Nettelbeck, Dirk M

    2008-04-01

    Key to the realization of gene therapy is the development of efficient and targeted gene transfer vectors. Therapeutic gene transfer by replication-deficient or more recently by conditionally replication-competent/oncolytic adenoviruses has shown much promise. For specific applications, however, it will be advantageous to provide vectors that allow for external control of gene expression. The efficient cellular heat shock system in combination with available technology for focused and controlled hyperthermia suggests heat-regulated transcription control as a promising tool for this purpose. We investigated the feasibility of a short fragment of the human hsp70B' promoter, with and without upstream insulator elements, for the regulation of transgene expression by replication-deficient or oncolytic adenoviruses. Two novel adenoviral vectors with an insulated hsp70B' promoter were developed and showed stringent heat-inducible gene expression with induction ratios up to 8000-fold. In contrast, regulation of gene expression from the hsp70B' promoter without insulation was suboptimal. In replication-competent/oncolytic adenoviruses regulation of the hsp70B' promoter was lost specifically during late replication in permissive cells and could not be restored by the insulators. We developed novel adenovirus gene transfer vectors that feature improved and stringent regulation of transgene expression from the hsp70B' promoter using promoter insulation. These vectors have potential for gene therapy applications that benefit from external modulation of therapeutic gene expression or for combination therapy with hyperthermia. Furthermore, our study reveals that vector replication can deregulate inserted cellular promoters, an observation which is of relevance for the development of replication-competent/oncolytic gene transfer vectors. (c) 2008 John Wiley & Sons, Ltd.

  16. Nuclear controls are stringent

    International Nuclear Information System (INIS)

    Sonnekus, D.

    1983-01-01

    The peace-time application of nuclear power in South Africa, the organisations concerned and certain provisions laid down by the Act on Nuclear Energy, aimed at safeguarding the general public, are discussed

  17. Security research roadmap; Security-tutkimuksen roadmap

    Energy Technology Data Exchange (ETDEWEB)

    Naumanen, M.; Rouhiainen, V. (eds.)

    2006-02-15

    Requirements for increasing security have arisen in Europe after highly visible and tragic events in Madrid and in London. While responsibility for security rests largely with the national activities, the EU has also started planning a research area .Space and security. as a part of the 7th Framework Programme. As the justification for this research area it has been presented that technology alone can not assure security, but security can not be assured without the support of technology. Furthermore, the justification highlights that security and military research are becoming ever closer. The old separation between civil and military research is decreasing, because it has been noticed that both areas are nowadays utilising the same knowledge. In Finland, there is already now noteworthy entrepreneurship related to security. Although some of the companies are currently only operating in Finland, others are already international leaders in their area. The importance of the security area is increasing and remarkable potential for new growth business areas can already be identified. This however also requires an increase in research efforts. VTT has a broad range of security research ongoing in many technology areas. The main areas have been concentrating on public safety and security, but VTT is participating also in several research projects related to the defence technology. For identifying and defining in more detail the expertise and research goals, the Security research roadmap was developed. The roadmap identified three particularly significant areas related to security. The assurance of critical infrastructure emphasises the protection of energy networks, information networks, water supply, traffic and transport, and obviously also the citizens. For assuring the activities of entrepreneurship, significant areas include the security of production and services, the security of sites and assets, and information security for embedded systems. The most important

  18. Present state and problems of the measures for securing stable supply of uranium resources

    International Nuclear Information System (INIS)

    Yoneda, Fumishige

    1982-01-01

    The long-term stable supply of uranium resources must be secured in order to accelerate the development and utilization of nuclear power in Japan. All uranium required in Japan is imported from foreign countries, and depends on small number of suppliers. On the use of uranium, various restrictions have been imposed by bilateral agreements from the viewpoint of nuclear non-proliferation policy. At present, the demand-supply relation in uranium market is not stringent, but in the latter half of 1980s, it is feared that it will be stringent. The prospect of the demand and supply of uranium resources, the state of securing uranium resources, the present policy on uranium resources, the necessity of establishing the new policy, and the active promotion of uranium resource measures are described. The measures to be taken are the promotion of exploration and development of mines, the participation in the management of such foreign projects, the promotion of diversifying the supply sources, the establishment of the structure to accept uranium resources, the promotion of the storage of uranium, and the rearrangement of general coordination and promotion functions for uranium resource procurement. (Kako, I.)

  19. Enhancing implementation security of QKD

    Science.gov (United States)

    Tamaki, Kiyoshi

    2017-10-01

    Quantum key distribution (QKD) can achieve information-theoretic security, which is a provable security against any eavesdropping, given that all the devices the sender and the receiver employ operate exactly as the theory of security requires. Unfortunately, however, it is difficult for practical devices to meet all such requirements, and therefore more works have to be done toward guaranteeing information-theoretic security in practice, i.e., implementation security. In this paper, we review our recent efforts to enhance implementation security. We also have a brief look at a flaw in security proofs and present how to fix it.

  20. Federal technology transfer requirements :a focused study of principal agencies approaches with implications for the Department of Homeland Security.

    Energy Technology Data Exchange (ETDEWEB)

    Koker, Denise; Micheau, Jill M.

    2006-07-01

    This report provides relevant information and analysis to the Department of Homeland Security (DHS) that will assist DHS in determining how to meet the requirements of federal technology transfer legislation. These legal requirements are grouped into five categories: (1) establishing an Office of Research and Technology Applications, or providing the functions thereof; (2) information management; (3) enabling agreements with non-federal partners; (4) royalty sharing; and (5) invention ownership/obligations. These five categories provide the organizing framework for this study, which benchmarks other federal agencies/laboratories engaged in technology transfer/transition Four key agencies--the Department of Health & Human Services (HHS), the U.S. Department of Agriculture (USDA), the Department of Energy (DOE), and the Department of Defense (DoD)--and several of their laboratories have been surveyed. An analysis of DHS's mission needs for commercializing R&D compared to those agencies/laboratories is presented with implications and next steps for DHS's consideration. Federal technology transfer legislation, requirements, and practices have evolved over the decades as agencies and laboratories have grown more knowledgeable and sophisticated in their efforts to conduct technology transfer and as needs and opinions in the federal sector have changed with regards to what is appropriate. The need to address requirements in a fairly thorough manner has, therefore, resulted in a lengthy paper. There are two ways to find summary information. Each chapter concludes with a summary, and there is an overall ''Summary and Next Steps'' chapter on pages 57-60. For those readers who are unable to read the entire document, we recommend referring to these pages.

  1. 76 FR 46603 - Security Ratings

    Science.gov (United States)

    2011-08-03

    ... settled derivative securities). See Simplification of Registration of Reporting Requirements for Foreign... SECURITIES AND EXCHANGE COMMISSION 17 CFR Parts 200, 229, 230, 232, 239, 240, and 249 [Release No. 33-9245; 34-64975; File No. S7-18-08] RIN 3235-AK18 Security Ratings AGENCY: Securities and Exchange...

  2. Modified Small Business Network Security

    OpenAIRE

    Md. Belayet Ali; Oveget Das; Md. Shamim Hossain

    2012-01-01

    This paper covers some likely threats and effectivesteps for a secure small business. It also involves a flowchart tocomprehend the overall small business network security easilyand we identify a set of security issues and applyappropriate techniques to satisfy the correspondingsecurity requirements. In respect of all, this document isstrong enough for any small business network security.

  3. Nuclear security

    International Nuclear Information System (INIS)

    1991-07-01

    This paper reports that despite an Executive Order limiting the authority to make original classification decisions to government officials, DOE has delegated this authority to a number of contractor employees. Although the number of original classification decisions made by these contractors is small, this neither negates nor diminishes the significance of the improper delegation of authority. If misclassification were to occur, particularly at the Top Secret level, U.S. national security interests could potentially be seriously affected and threatened. DOE's argument that the delegation of such authority is a long-standing policy and done on a selective basis does not legitimize the practice and does not relieve DOE of its responsibility to meet the requirements of the Executive Order. DOE needs to independently assess all original classification determinations made by contractors; otherwise, it cannot be sure that U.S. national security interests have been or are being adequately protected

  4. Secure Transportation Management

    International Nuclear Information System (INIS)

    Gibbs, P. W.

    2014-01-01

    Secure Transport Management Course (STMC) course provides managers with information related to procedures and equipment used to successfully transport special nuclear material. This workshop outlines these procedures and reinforces the information presented with the aid of numerous practical examples. The course focuses on understanding the regulatory framework for secure transportation of special nuclear materials, identifying the insider and outsider threat(s) to secure transportation, organization of a secure transportation unit, management and supervision of secure transportation units, equipment and facilities required, training and qualification needed.

  5. Security Evolution.

    Science.gov (United States)

    De Patta, Joe

    2003-01-01

    Examines how to evaluate school security, begin making schools safe, secure schools without turning them into fortresses, and secure schools easily and affordably; the evolution of security systems into information technology systems; using schools' high-speed network lines; how one specific security system was developed; pros and cons of the…

  6. Operating System Security

    CERN Document Server

    Jaeger, Trent

    2008-01-01

    Operating systems provide the fundamental mechanisms for securing computer processing. Since the 1960s, operating systems designers have explored how to build "secure" operating systems - operating systems whose mechanisms protect the system against a motivated adversary. Recently, the importance of ensuring such security has become a mainstream issue for all operating systems. In this book, we examine past research that outlines the requirements for a secure operating system and research that implements example systems that aim for such requirements. For system designs that aimed to

  7. Impact of a More Stringent Blood Lead Level Recommendation for Children (Ages 1-5): Vulnerabilities Related to Housing, Food Security, Vitamins, and Environmental Toxicants

    Science.gov (United States)

    The adverse health effects of lead (Pb) exposure in young children are well known. Non-Hispanic black children historically have higher blood Pb levels (BLL) compared to Mexican-Americans and non- Hispanic white children (CDC-MMWR). In the past, BLL tests below 10 µg/dL m...

  8. Securing collaborative environments

    Energy Technology Data Exchange (ETDEWEB)

    Agarwal, Deborah [Lawrence Berkeley National Lab. (LBNL), Berkeley, CA (United States); Jackson, Keith [Lawrence Berkeley National Lab. (LBNL), Berkeley, CA (United States); Thompson, Mary [Lawrence Berkeley National Lab. (LBNL), Berkeley, CA (United States)

    2002-05-16

    The diverse set of organizations and software components involved in a typical collaboratory make providing a seamless security solution difficult. In addition, the users need support for a broad range of frequency and locations for access to the collaboratory. A collaboratory security solution needs to be robust enough to ensure that valid participants are not denied access because of its failure. There are many tools that can be applied to the task of securing collaborative environments and these include public key infrastructure, secure sockets layer, Kerberos, virtual and real private networks, grid security infrastructure, and username/password. A combination of these mechanisms can provide effective secure collaboration capabilities. In this paper, we discuss the requirements of typical collaboratories and some proposals for applying various security mechanisms to collaborative environments.

  9. Contemporary security management

    CERN Document Server

    Fay, John

    2010-01-01

    Contemporary Security Management, 3rd Edition teaches security professionals how to operate an efficient security department and how to integrate smoothly with other groups inside and outside their own organizations. Fay demonstrates the specifics of security management: * how to organize, plan, develop and manage a security operation. * how to identify vulnerabilities. * how to determine the protective resources required to offset threats. * how to implement all necessary physical and IT security measures. Security professionals share the responsibility for mitigating damage, serving as a resource to an Emergency Tactical Center, assisting the return of business continuity, and liaising with local response agencies such as police and fire departments, emergency medical responders, and emergency warning centers. At the organizational level, the book addresses budgeting, employee performance, counseling, hiring and termination, employee theft and other misconduct, and offers sound advice on building constructi...

  10. PCI DSS: Security Standard and Security in Fact

    Directory of Open Access Journals (Sweden)

    M. V. Kuzin

    2011-12-01

    Full Text Available The article focuses on Payment Card Industry Data Security Standard (PCI DSS requirements and practices, especially it’s issues and disadvantages to achieve the main goal — security of payment cards infrastructure.

  11. PCI DSS: Security Standard and Security in Fact

    OpenAIRE

    M. V. Kuzin

    2011-01-01

    The article focuses on Payment Card Industry Data Security Standard (PCI DSS) requirements and practices, especially it’s issues and disadvantages to achieve the main goal — security of payment cards infrastructure.

  12. Critical analysis of the stringent complete response in multiple myeloma: contribution of sFLC and bone marrow clonality.

    Science.gov (United States)

    Martínez-López, Joaquín; Paiva, Bruno; López-Anglada, Lucía; Mateos, María-Victoria; Cedena, Teresa; Vidríales, María-Belén; Sáez-Gómez, María Auxiliadora; Contreras, Teresa; Oriol, Albert; Rapado, Inmaculada; Teruel, Ana-Isabel; Cordón, Lourdes; Blanchard, María Jesús; Bengoechea, Enrique; Palomera, Luis; de Arriba, Felipe; Cueto-Felgueroso, Cecilia; Orfao, Alberto; Bladé, Joan; San Miguel, Jesús F; Lahuerta, Juan José

    2015-08-13

    Stringent complete response (sCR) criteria are used in multiple myeloma as a deeper response category compared with CR, but prospective validation is lacking, it is not always clear how evaluation of clonality is performed, and is it not known what the relative clinical influence is of the serum free light chain ratio (sFLCr) and bone marrow (BM) clonality to define more sCR. To clarify this controversy, we focused on 94 patients that reached CR, of which 69 (73%) also fulfilled the sCR criteria. Patients with sCR displayed slightly longer time to progression (median, 62 vs 53 months, respectively; P = .31). On analyzing this contribution to the prognosis of sFLCr or clonality, it was found that the sFLCr does not identify patients in CR at distinct risk; by contrast, low-sensitive multiparametric flow cytometry (MFC) immunophenotyping (2 colors), which is equivalent to immunohistochemistry, identifies a small number of patients (5 cases) with high residual tumor burden and dismal outcome; nevertheless, using traditional 4-color MFC, persistent clonal BM disease was detectable in 36% of patients, who, compared with minimal residual disease-negative cases, had a significantly inferior outcome. These results show that the current definition of sCR should be revised. © 2015 by The American Society of Hematology.

  13. Are Dutch residents ready for a more stringent policy to enhance the energy performance of their homes?

    International Nuclear Information System (INIS)

    Middelkoop, Manon van; Vringer, Kees; Visser, Hans

    2017-01-01

    Investments in the energy performance of houses offer good prospects for reducing energy consumption and CO_2 emissions. However, people are not easily convinced of the need to take measures to improve the energy performance of their houses, even when financial benefits outweigh the costs. This article analyses the factors that influence the decision for improving the energy performance of existing homes, including policy instruments. Subsequently, the article provides policy suggestions on how to stimulate energy performance improvements. Both owners and tenants (50–70%) support government policy on energy performance improvements to existing homes. Nevertheless, people also have strong feelings of autonomy regarding their homes. Our results underline the importance of well-informed and competent decision-makers. Introducing the use of Energy Performance Certificates (EPCs) into the tax system for energy and residential buildings might therefore be an effective way to increase the interest of owners in the EPC, improve the use and effect of this informative instrument, and make the first step towards bridging the tension between autonomy and more stringent instruments.

  14. Fingerprint multicast in secure video streaming.

    Science.gov (United States)

    Zhao, H Vicky; Liu, K J Ray

    2006-01-01

    Digital fingerprinting is an emerging technology to protect multimedia content from illegal redistribution, where each distributed copy is labeled with unique identification information. In video streaming, huge amount of data have to be transmitted to a large number of users under stringent latency constraints, so the bandwidth-efficient distribution of uniquely fingerprinted copies is crucial. This paper investigates the secure multicast of anticollusion fingerprinted video in streaming applications and analyzes their performance. We first propose a general fingerprint multicast scheme that can be used with most spread spectrum embedding-based multimedia fingerprinting systems. To further improve the bandwidth efficiency, we explore the special structure of the fingerprint design and propose a joint fingerprint design and distribution scheme. From our simulations, the two proposed schemes can reduce the bandwidth requirement by 48% to 87%, depending on the number of users, the characteristics of video sequences, and the network and computation constraints. We also show that under the constraint that all colluders have the same probability of detection, the embedded fingerprints in the two schemes have approximately the same collusion resistance. Finally, we propose a fingerprint drift compensation scheme to improve the quality of the reconstructed sequences at the decoder's side without introducing extra communication overhead.

  15. Financial security

    NARCIS (Netherlands)

    de Goede, M.; Burgess, J.P.

    2010-01-01

    1. Introduction J. Peter Burgess Part 1: New Security Concepts 2. Civilizational Security Brett Bowden 3. Risk Oliver Kessler 4. Small Arms Keith Krause 5. Critical Human Security Taylor Owen 6. Critical Geopolitics Simon Dalby Part 2: New Security Subjects 7. Biopolitics Michael Dillon 8. Gendered

  16. Cyber security

    CERN Document Server

    Voeller, John G

    2014-01-01

    Cyber Security features articles from the Wiley Handbook of Science and Technology for Homeland Security covering topics related to cyber security metrics and measure  and related technologies that meet security needs. Specific applications to web services, the banking and the finance sector, and industrial process control systems are discussed.

  17. Finding Security Patterns to Countermeasure Software Vulnerabilities

    OpenAIRE

    Borstad, Ole Gunnar

    2008-01-01

    Software security is an increasingly important part of software development as the risk from attackers is constantly evolving through increased exposure, threats and economic impact of security breaches. Emerging security literature describes expert knowledge such as secure development best practices. This knowledge is often not applied by software developers because they lack security awareness, security training and secure development methods and tools. Existing methods and tools require to...

  18. Stringent constraints on the dark matter annihilation cross section from subhalo searches with the Fermi Gamma-Ray Space Telescope

    Energy Technology Data Exchange (ETDEWEB)

    Berlin, Asher; Hooper, Dan

    2014-01-01

    The dark matter halo of the Milky Way is predicted to contain a very large number of smaller subhalos. As a result of the dark matter annihilations taking place within such objects, the most nearby and massive subhalos could appear as point-like or spatially extended gamma-ray sources, without observable counterparts at other wavelengths. In this paper, we use the results of the Aquarius simulation to predict the distribution of nearby subhalos, and compare this to the characteristics of the unidentified gamma-ray sources observed by the Fermi Gamma-Ray Space Telescope. Focusing on the brightest high latitude sources, we use this comparison to derive limits on the dark matter annihilation cross section. For dark matter particles lighter than ~200 GeV, the resulting limits are the strongest obtained to date, being modestly more stringent than those derived from observations of dwarf galaxies or the Galactic Center. We also derive independent limits based on the lack of unidentified gamma-ray sources with discernible spatial extension, but these limits are a factor of ~2-10 weaker than those based on point-like subhalos. Lastly, we note that four of the ten brightest high-latitude sources exhibit a similar spectral shape, consistent with 30-60 GeV dark matter particles annihilating to b quarks with an annihilation cross section on the order of sigma v ~ (5-10) x 10^-27 cm^3/s, or 8-10 GeV dark matter particles annihilating to taus with sigma v ~ (2.0-2.5) x 10^-27 cm^3/s.

  19. Information security management with ITIL V3

    CERN Document Server

    Cazemier, Jacques A; Peters, Louk

    2010-01-01

    This groundbreaking new title looks at Information Security from defining what security measures positively support the business, to implementation to maintaining the required level and anticipating required changes. It covers:Fundamentals of information security ? providing readers insight and give background about what is going to be managed. Topics covered include: types of security controls, business benefits and the perspectives of business, customers, partners, service providers, and auditors.Fundamentals of management of information security - explains what information security manageme

  20. Security negotiation

    OpenAIRE

    Mitrović, Miroslav M.; Ivaniš, Željko

    2013-01-01

    Contemporary security challenges, risks and threats represent a resultant of the achieved level of interaction between various entities within the paradigm of global security relations. Asymmetry and nonlinearity are main features of contemporary challenges in the field of global security. Negotiation in the area of security, namely the security negotiation, thus goes beyond just the domain of negotiation in conflicts and takes into consideration particularly asymmetric forms of possible sour...

  1. 7 CFR 1942.114 - Security.

    Science.gov (United States)

    2010-01-01

    ... 7 Agriculture 13 2010-01-01 2009-01-01 true Security. 1942.114 Section 1942.114 Agriculture... Security. Specific requirements for security for each loan will be included in the letter of conditions. Loans must be secured by the best security position practicable, in a manner which will adequately...

  2. Oil Dependence, Climate Change and Energy Security: Will Constraints on Oil Shape our Climate Future or Vice Versa?

    Science.gov (United States)

    Mignone, B. K.

    2008-12-01

    Threats to US and global energy security take several forms. First, the overwhelming dependence on oil in the transport sector leaves the US economy (and others) vulnerable to supply shocks and price volatility. Secondly, the global dependence on oil inflates prices and enhances the transfer of wealth to authoritarian regimes. Finally, the global reliance on fossil fuels more generally jeopardizes the stability of the climate system. These three threats - economic, strategic and environmental - can only be mitigated through a gradual substitution away from fossil fuels (both coal and oil) on a global scale. Such large-scale substitution could occur in response to potential resource constraints or in response to coordinated government policies in which these externalities are explicitly internalized. Here, I make use of a well-known integrated assessment model (MERGE) to examine both possibilities. When resource limits are considered alone, global fuel use tends to shift toward even more carbon-intensive resources, like oil shale or liquids derived from coal. On the other hand, when explicit carbon constraints are imposed, the fuel sector response is more complex. Generally, less stringent climate targets can be satisfied entirely through reductions in global coal consumption, while more stringent targets require simultaneous reductions in both coal and oil consumption. Taken together, these model results suggest that resource constraints alone will only exacerbate the climate problem, while a subset of policy-driven carbon constraints may yield tangible security benefits (in the form of reduced global oil consumption) in addition to the intended environmental outcome.

  3. SecurID

    CERN Multimedia

    Now called RSA SecurID, SecurID is a mechanism developed by Security Dynamics that allows two-factor authentication for a user on a network resource. It works on the principle of the unique password mode, based on a shared secret. Every sixty seconds, the component generates a new six-digit token on the screen. The latter comes from the current time (internal clock) and the seed (SecurID private key that is available on the component, and is also from the SecurID server). During an authentication request, the SecurID server will check the entered token by performing exactly the same calculation as that performed by your component. The server knows the two information required for this calculation: the current time and the seed of your component. Access is allowed if the token calculated by the server matches the token you specified.

  4. Mobile IP: Security & application

    NARCIS (Netherlands)

    Tuquerres, G.; Salvador, M.R.; Sprenkels, Ron

    1999-01-01

    As required in the TGS Mobile IP Advanced Module, this paper presents a survey of common security threats which mobile IP networks are exposed to as well as some proposed solutions to deal with such threats.

  5. Managing for Enterprise Security

    National Research Council Canada - National Science Library

    Caralli, Richard A; Allen, Julia H; Stevens, James F; Willke, Bradford J; Wilson, William R

    2004-01-01

    Security has become one of the most urgent issues for many organizations. It is an essential requirement for doing business in a globally networked economy and for achieving organizational goals and mission...

  6. Security studies

    International Nuclear Information System (INIS)

    Venot, R.

    2001-01-01

    physical protection system is not covered by such studies, since this type of detection gives no information on either the effectiveness or the reliability of the MC and A systems. A critical scenario is defined as one which leads to discrepancies involving substantial amounts of NM or for which the detection delay is long. Special care is taken when analysing these scenarios. For critical scenarios, sensitivity analysis could be made to determine the smallest quantity of NM the disappearance of which could be detected or the criteria leading to the detection of the disappearance in the control system or in the accounting system. The threats taken into account are identified with reference to the design basis threat specified by the competent authority. Both internal and external threats are taken in account. Internal threats are defined as attempts by insiders to steal quantities of nuclear material, either once or on several occasions; accumulating these quantities leads to a significant quantity of NM. External threats are defined as attempts by groups of aggressors to steal significant amounts of nuclear material. Two hypotheses are taken into account to test the ability of the physical protection system to counter threats of this type. The first is based on a small group of aggressors with limited resources and the second involves a larger team with more sophisticated resources. Of course security studies have to be carried out in compliance with the corresponding confidentiality rules. In addition, such studies have to be regularly updated, notably if significant modifications are made in the MC and A or PP systems. It is important that security studies are available in the facilities for competent personnel, as it gives the rationale behind control and protection of NM. In particular, it could be used, in a performance-based approach, to support analysis reports or to illustrate that the required level of security has been reached. (author)

  7. Security Expertise

    DEFF Research Database (Denmark)

    systematic study of security expertise and opens up a productive dialogue between science and technology studies and security studies to investigate the character and consequences of this expertise. In security theory, the study of expertise is crucial to understanding whose knowledge informs security making......This volume brings together scholars from different fields to explore the power, consequences and everyday practices of security expertise. Expertise mediates between different forms of knowledge: scientific and technological, legal, economic and political knowledge. This book offers the first...... and to reflect on the impact and responsibility of security analysis. In science and technology studies, the study of security politics adds a challenging new case to the agenda of research on expertise and policy. The contributors investigate cases such as academic security studies, security think tanks...

  8. Optical security based on near-field processes at the nanoscale

    International Nuclear Information System (INIS)

    Naruse, Makoto; Tate, Naoya; Ohtsu, Motoichi

    2012-01-01

    Optics has been playing crucial roles in security applications ranging from authentication and watermarks to anti-counterfeiting. However, since the fundamental physical principle involves optical far-fields, or propagating light, diffraction of light causes severe difficulties, for example in device scaling and system integration. Moreover, conventional security technologies in use today have been facing increasingly stringent demands to safeguard against threats such as counterfeiting of holograms, requiring innovative physical principles and technologies to overcome their limitations. Nanophotonics, which utilizes interactions between light and matter at the nanometer scale via optical near-field interactions, can break through the diffraction limit of conventional propagating light. Moreover, nanophotonics has some unique physical attributes, such as localized optical energy transfer and the hierarchical nature of optical near-field interactions, which pave the way for novel security functionalities. This paper reviews the physical principles and describes some experimental demonstrations of systems based on nanophotonics with respect to security applications such as tamper resistance against non-invasive and invasive attacks, hierarchical information retrieval, hierarchical holograms, authentication, and traceability. (paper)

  9. Surviving security how to integrate people, process, and technology

    CERN Document Server

    Andress, Amanda

    2003-01-01

    WHY DO I NEED SECURITY? Introduction The Importance of an Effective Security Infrastructure People, Process, and Technology What Are You Protecting Against? Types of Attacks Types of Attackers Security as a Competitive Advantage Choosing a Solution Finding Security Employees The Layered Approach UNDERSTANDING REQUIREMENTS AND RISK What Is Risk? Embracing Risk Information Security Risk Assessment Assessing Risk Insurance SECURITY POLICIES AND PROCEDURES Internal Focus Is Key Security Awareness and Education Policy Life Cycle Developing Policies Components of a Security Policy Sample Security Po

  10. Watermarking security

    CERN Document Server

    Bas, Patrick; Cayre, François; Doërr, Gwenaël; Mathon, Benjamin

    2016-01-01

    This book explains how to measure the security of a watermarking scheme, how to design secure schemes but also how to attack popular watermarking schemes. This book gathers the most recent achievements in the field of watermarking security by considering both parts of this cat and mouse game. This book is useful to industrial practitioners who would like to increase the security of their watermarking applications and for academics to quickly master this fascinating domain.

  11. Smart grid security

    Energy Technology Data Exchange (ETDEWEB)

    Cuellar, Jorge (ed.) [Siemens AG, Muenchen (Germany). Corporate Technology

    2013-11-01

    The engineering, deployment and security of the future smart grid will be an enormous project requiring the consensus of many stakeholders with different views on the security and privacy requirements, not to mention methods and solutions. The fragmentation of research agendas and proposed approaches or solutions for securing the future smart grid becomes apparent observing the results from different projects, standards, committees, etc, in different countries. The different approaches and views of the papers in this collection also witness this fragmentation. This book contains the following papers: 1. IT Security Architecture Approaches for Smart Metering and Smart Grid. 2. Smart Grid Information Exchange - Securing the Smart Grid from the Ground. 3. A Tool Set for the Evaluation of Security and Reliability in Smart Grids. 4. A Holistic View of Security and Privacy Issues in Smart Grids. 5. Hardware Security for Device Authentication in the Smart Grid. 6. Maintaining Privacy in Data Rich Demand Response Applications. 7. Data Protection in a Cloud-Enabled Smart Grid. 8. Formal Analysis of a Privacy-Preserving Billing Protocol. 9. Privacy in Smart Metering Ecosystems. 10. Energy rate at home Leveraging ZigBee to Enable Smart Grid in Residential Environment.

  12. Integrated security system definition

    International Nuclear Information System (INIS)

    Campbell, G.K.; Hall, J.R. II

    1985-01-01

    The objectives of an integrated security system are to detect intruders and unauthorized activities with a high degree of reliability and the to deter and delay them until effective response/engagement can be accomplished. Definition of an effective integrated security system requires proper application of a system engineering methodology. This paper summarizes a methodology and describes its application to the problem of integrated security system definition. This process includes requirements identification and analysis, allocation of identified system requirements to the subsystem level and provides a basis for identification of synergistic subsystem elements and for synthesis into an integrated system. The paper discusses how this is accomplished, emphasizing at each step how system integration and subsystem synergism is considered. The paper concludes with the product of the process: implementation of an integrated security system

  13. Security Locks

    Science.gov (United States)

    Hart, Kevin

    2010-01-01

    According to a 2008 "Year in Review" report by Educational Security Incidents, an online repository that collects data on higher education security issues, the total number of security incidents reported at universities and colleges worldwide rose to 173 in 2008, a 24.5 percent increase over 2007. The number of institutions…

  14. Model-based security testing

    OpenAIRE

    Schieferdecker, Ina; Großmann, Jürgen; Schneider, Martin

    2012-01-01

    Security testing aims at validating software system requirements related to security properties like confidentiality, integrity, authentication, authorization, availability, and non-repudiation. Although security testing techniques are available for many years, there has been little approaches that allow for specification of test cases at a higher level of abstraction, for enabling guidance on test identification and specification as well as for automated test generation. Model-based security...

  15. 685. Order amending the Order concerning the definition of goods whose export requires a permit in accordance with the Security Control Act

    International Nuclear Information System (INIS)

    1990-01-01

    The list of goods which may not be exported without a permit, in accordance with the Act of 1972 on security control, was amended by this Order. The amendment includes numerous items or equipment involving radiation or radioactive materials. It came into effect on 1 December 1990. (NEA)

  16. The Johnson Space Center Management Information Systems (JSCMIS). 1: Requirements Definition and Design Specifications for Versions 2.1 and 2.1.1. 2: Documented Test Scenario Environments. 3: Security Design and Specifications

    Science.gov (United States)

    1986-01-01

    The Johnson Space Center Management Information System (JSCMIS) is an interface to computer data bases at NASA Johnson which allows an authorized user to browse and retrieve information from a variety of sources with minimum effort. This issue gives requirements definition and design specifications for versions 2.1 and 2.1.1, along with documented test scenario environments, and security object design and specifications.

  17. SMS security system for smart home detectors

    OpenAIRE

    Cekova, Katerina; Gelev, Saso

    2016-01-01

    Security has always been an important problem everywhere. Home security has been a major issue where crime is increasing and everybody wants home security to protect the home. Safety from theft and flame are the most important requirements of a home security system for people. A remote home security system offers many benefits from keeping homeowners, and their property safe. This paper present controlling of the home security system remotely from Android Application. Owners can turn on or...

  18. Moving towards Cloud Security

    Directory of Open Access Journals (Sweden)

    Edit Szilvia Rubóczki

    2015-01-01

    Full Text Available Cloud computing hosts and delivers many different services via Internet. There are a lot of reasons why people opt for using cloud resources. Cloud development is increasing fast while a lot of related services drop behind, for example the mass awareness of cloud security. However the new generation upload videos and pictures without reason to a cloud storage, but only few know about data privacy, data management and the proprietary of stored data in the cloud. In an enterprise environment the users have to know the rule of cloud usage, however they have little knowledge about traditional IT security. It is important to measure the level of their knowledge, and evolve the training system to develop the security awareness. The article proves the importance of suggesting new metrics and algorithms for measuring security awareness of corporate users and employees to include the requirements of emerging cloud security.

  19. Ultra Secure High Reliability Wireless Radiation Monitor

    International Nuclear Information System (INIS)

    Cordaro, J.; Shull, D.; Farrar, M.; Reeves, G.

    2011-01-01

    Radiation monitoring in nuclear facilities is essential to safe operation of the equipment as well as protecting personnel. In specific, typical air monitoring of radioactive gases or particulate involves complex systems of valves, pumps, piping and electronics. The challenge is to measure a representative sample in areas that are radioactively contaminated. Running cables and piping to these locations is very expensive due to the containment requirements. Penetration into and out of an airborne or containment area is complex and costly. The process rooms are built with thick rebar-enforced concrete walls with glove box containment chambers inside. Figure 1 shows high temperature radiation resistance cabling entering the top of a typical glove box. In some case, the entire processing area must be contained in a 'hot cell' where the only access into the chamber is via manipulators. An example is shown in Figure 2. A short range wireless network provides an ideal communication link for transmitting the data from the radiation sensor to a 'clean area', or area absent of any radiation fields or radioactive contamination. Radiation monitoring systems that protect personnel and equipment must meet stringent codes and standards due to the consequences of failure. At first glance a wired system would seem more desirable. Concerns with wireless communication include latency, jamming, spoofing, man in the middle attacks, and hacking. The Department of Energy's Savannah River National Laboratory (SRNL) has developed a prototype wireless radiation air monitoring system that address many of the concerns with wireless and allows quick deployment in radiation and contamination areas. It is stand alone and only requires a standard 120 VAC, 60 Hz power source. It is designed to be mounted or portable. The wireless link uses a National Security Agency (NSA) Suite B compliant wireless network from Fortress Technologies that is considered robust enough to be used for classified data

  20. ULTRA SECURE HIGH RELIABILITY WIRELESS RADIATION MONITOR

    Energy Technology Data Exchange (ETDEWEB)

    Cordaro, J.; Shull, D.; Farrar, M.; Reeves, G.

    2011-08-03

    Radiation monitoring in nuclear facilities is essential to safe operation of the equipment as well as protecting personnel. In specific, typical air monitoring of radioactive gases or particulate involves complex systems of valves, pumps, piping and electronics. The challenge is to measure a representative sample in areas that are radioactively contaminated. Running cables and piping to these locations is very expensive due to the containment requirements. Penetration into and out of an airborne or containment area is complex and costly. The process rooms are built with thick rebar-enforced concrete walls with glove box containment chambers inside. Figure 1 shows high temperature radiation resistance cabling entering the top of a typical glove box. In some case, the entire processing area must be contained in a 'hot cell' where the only access into the chamber is via manipulators. An example is shown in Figure 2. A short range wireless network provides an ideal communication link for transmitting the data from the radiation sensor to a 'clean area', or area absent of any radiation fields or radioactive contamination. Radiation monitoring systems that protect personnel and equipment must meet stringent codes and standards due to the consequences of failure. At first glance a wired system would seem more desirable. Concerns with wireless communication include latency, jamming, spoofing, man in the middle attacks, and hacking. The Department of Energy's Savannah River National Laboratory (SRNL) has developed a prototype wireless radiation air monitoring system that address many of the concerns with wireless and allows quick deployment in radiation and contamination areas. It is stand alone and only requires a standard 120 VAC, 60 Hz power source. It is designed to be mounted or portable. The wireless link uses a National Security Agency (NSA) Suite B compliant wireless network from Fortress Technologies that is considered robust enough to be

  1. Securing Chinese nuclear power development: further strengthening nuclear security

    International Nuclear Information System (INIS)

    Zhang Hui

    2014-01-01

    Chinese President Xi Jinping addresses China's new concept of nuclear security with four 'equal emphasis' at the third Nuclear Security Summit, and makes four commitments to strengthen nuclear security in the future. To convert President Xi's political commitments into practical, sustainable reality, China should take further steps to install a complete, reliable, and effective security system to ensure that all its nuclear materials and nuclear facilities are effectively protected against the full spectrum of plausible terrorist and criminal threats. This paper suggests the following measures be taken to improve China's existing nuclear security system, including updating and clarifying the requirements for a national level DBT; updating and enforcing existing regulations; further promoting nuclear security culture; balancing the costs of nuclear security, and further strengthening international cooperation on nuclear security. (author)

  2. Secure Multiparty AES

    Science.gov (United States)

    Damgård, Ivan; Keller, Marcel

    We propose several variants of a secure multiparty computation protocol for AES encryption. The best variant requires 2200 + {{400}over{255}} expected elementary operations in expected 70 + {{20}over{255}} rounds to encrypt one 128-bit block with a 128-bit key. We implemented the variants using VIFF, a software framework for implementing secure multiparty computation (MPC). Tests with three players (passive security against at most one corrupted player) in a local network showed that one block can be encrypted in 2 seconds. We also argue that this result could be improved by an optimized implementation.

  3. Demarcation of Security in Authentication Protocols

    DEFF Research Database (Denmark)

    Ahmed, Naveed; Jensen, Christian D.

    2011-01-01

    Security analysis of communication protocols is a slippery business; many “secure” protocols later turn out to be insecure. Among many, two complains are more frequent: inadequate definition of security and unstated assumptions in the security model. In our experience, one principal cause...... for such state of affairs is an apparent overlap of security and correctness, which may lead to many sloppy security definitions and security models. Although there is no inherent need to separate security and correctness requirements, practically, such separation is significant. It makes security analysis...... easier, and enables us to define security goals with a fine granularity. We present one such separation, by introducing the notion of binding sequence as a security primitive. A binding sequence, roughly speaking, is the only required security property of an authentication protocol. All other...

  4. Securing Hadoop

    CERN Document Server

    Narayanan, Sudheesh

    2013-01-01

    This book is a step-by-step tutorial filled with practical examples which will focus mainly on the key security tools and implementation techniques of Hadoop security.This book is great for Hadoop practitioners (solution architects, Hadoop administrators, developers, and Hadoop project managers) who are looking to get a good grounding in what Kerberos is all about and who wish to learn how to implement end-to-end Hadoop security within an enterprise setup. It's assumed that you will have some basic understanding of Hadoop as well as be familiar with some basic security concepts.

  5. Grid Security

    CERN Multimedia

    CERN. Geneva

    2004-01-01

    The aim of Grid computing is to enable the easy and open sharing of resources between large and highly distributed communities of scientists and institutes across many independent administrative domains. Convincing site security officers and computer centre managers to allow this to happen in view of today's ever-increasing Internet security problems is a major challenge. Convincing users and application developers to take security seriously is equally difficult. This paper will describe the main Grid security issues, both in terms of technology and policy, that have been tackled over recent years in LCG and related Grid projects. Achievements to date will be described and opportunities for future improvements will be addressed.

  6. ICT security and the progress towards intelligent energy supply systems. Sustained safeguarding of compliance with basic requirements; IKT-Sicherheit und der Weg zu intelligenten Energieversorgungssystemen. Nachhaltige Sicherstellung der Einhaltung grundlegender Anforderungen

    Energy Technology Data Exchange (ETDEWEB)

    Honecker, Hans [Bundesamt fuer Sicherheit in der Informationstechnik, Bonn (Germany)

    2012-07-01

    Using the electricity supply system as an example, this contribution tries to show the global correlation between basic requirements regarding the holistic view on energy supply on one hand and considerations regarding ICT-security of sub-infrastructures of the upcoming intelligent energy supply systems on the other hand. This article discusses the key role of fundamental decisions regarding the overall architecture of electricity supply systems. The overall situation regarding ICT-threats can change and get worse quickly, fundamental adaptions of energy supply infrastructures to changing threats take - if possible at all - very long on the time scale. Thus, from the author's point of view, an appropriate integration and coverage of ICT-security within the overall context is mandatory. (orig.)

  7. 42 CFR 73.11 - Security.

    Science.gov (United States)

    2010-10-01

    ... 42 Public Health 1 2010-10-01 2010-10-01 false Security. 73.11 Section 73.11 Public Health PUBLIC... AND TOXINS § 73.11 Security. (a) An individual or entity required to register under this part must develop and implement a written security plan. The security plan must be sufficient to safeguard the...

  8. 9 CFR 121.11 - Security.

    Science.gov (United States)

    2010-01-01

    ... 9 Animals and Animal Products 1 2010-01-01 2010-01-01 false Security. 121.11 Section 121.11... AGENTS AND TOXINS § 121.11 Security. (a) An individual or entity required to register under this part must develop and implement a written security plan. The security plan must be sufficient to safeguard...

  9. 7 CFR 1780.14 - Security.

    Science.gov (United States)

    2010-01-01

    ... 7 Agriculture 12 2010-01-01 2010-01-01 false Security. 1780.14 Section 1780.14 Agriculture... (CONTINUED) WATER AND WASTE LOANS AND GRANTS General Policies and Requirements § 1780.14 Security. Loans will be secured by the best security position practicable in a manner which will adequately protect the...

  10. Lemnos Interoperable Security Program

    Energy Technology Data Exchange (ETDEWEB)

    Stewart, John [Tennessee Valley Authority, Knoxville, TN (United States); Halbgewachs, Ron [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Chavez, Adrian [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Smith, Rhett [Schweitzer Engineering Laboratories, Chattanooga, TN (United States); Teumim, David [Teumim Technical, Allentown, PA (United States)

    2012-01-31

    The manner in which the control systems are being designed and operated in the energy sector is undergoing some of the most significant changes in history due to the evolution of technology and the increasing number of interconnections to other system. With these changes however come two significant challenges that the energy sector must face; 1) Cyber security is more important than ever before, and 2) Cyber security is more complicated than ever before. A key requirement in helping utilities and vendors alike in meeting these challenges is interoperability. While interoperability has been present in much of the discussions relating to technology utilized within the energy sector and especially the Smart Grid, it has been absent in the context of cyber security. The Lemnos project addresses these challenges by focusing on the interoperability of devices utilized within utility control systems which support critical cyber security functions. In theory, interoperability is possible with many of the cyber security solutions available to utilities today. The reality is that the effort required to achieve cyber security interoperability is often a barrier for utilities. For example, consider IPSec, a widely-used Internet Protocol to define Virtual Private Networks, or tunnels , to communicate securely through untrusted public and private networks. The IPSec protocol suite has a significant number of configuration options and encryption parameters to choose from, which must be agreed upon and adopted by both parties establishing the tunnel. The exercise in getting software or devices from different vendors to interoperate is labor intensive and requires a significant amount of security expertise by the end user. Scale this effort to a significant number of devices operating over a large geographical area and the challenge becomes so overwhelming that it often leads utilities to pursue solutions from a single vendor. These single vendor solutions may inadvertently lock

  11. Social Security.

    Science.gov (United States)

    Social and Labour Bulletin, 1983

    1983-01-01

    This group of articles discusses a variety of studies related to social security and retirement benefits. These studies are related to both developing and developed nations and are also concerned with studying work conditions and government role in administering a democratic social security system. (SSH)

  12. Redefining security.

    Science.gov (United States)

    Mathews, J T

    1989-01-01

    The concept of US national security was redefined in the 1970s to include international economics, and lately environmental degradation has also become a factor, as pollution transcends boundaries. By 2100 another 5-6 billion people may be added to the world's population requiring dramatic production and technology transformation with the resultant expanded energy use, emissions, and waste impacting the ecosystem. Climate change through global warming is in the offing. The exponential growth of the population in the developing world poses a crucial challenge for food production, housing, and employment. At a 1% growth rate population doubles in 72 years, while at 3% it doubles in 24 years. Africa's growth rate is almost 3%, it is close to 2% in Latin America, and it is somewhat less in Asia. Renewable resources such as overfished fishing grounds can become nonrenewable, and vanished species can never be resurrected. Deforestation leads to soil erosion, damage to water resources through floods and silting of irrigation networks, and accelerated loss of species. 20% of species could disappear by 2000 thereby losing genetic resources for chemicals, drugs, and food sources. Overcultivation has caused major erosion and decline of agricultural productivity in Haiti, Guatemala, Turkey, and India. Lopsided land ownership in Latin America requires land reform for sustainable agricultural production in the face of the majority of people cultivating plots for bare subsistence. Human practices that have caused environmental damage include concessions granted to logging companies in the Philippines, mismanagement of natural resources in sub-Saharan Africa, the ozone hole, and the greenhouse effect with potential climate changes. Solutions include family planning, efficient energy use, sustainable agroforestry techniques, and environmental accounting of goods and services.

  13. Security for 5G Mobile Wireless Networks

    OpenAIRE

    Fang, Dongfeng; Qian, Yi; Qingyang Hu, Rose

    2017-01-01

    The advanced features of 5G mobile wireless network systems yield new security requirements and challenges. This paper presents a comprehensive survey on security of 5G wireless network systems compared to the traditional cellular networks. The paper starts with a review on 5G wireless networks particularities as well as on the new requirements and motivations of 5G wireless security. The potential attacks and security services with the consideration of new service requirements and new use ca...

  14. Security management

    International Nuclear Information System (INIS)

    Adams, H.W.

    1990-01-01

    Technical progress is moving more and more quickly and the systems thus produced are so complex and have become so unclear to the individual that he can no longer estimate the consequences: Faith in progress has given way to deep mistrust. Companies have adjusted to this change in consciousness. An interesting tendency can be identified: technical security is already available - now the organization of security has become an important objective for companies. The key message of the book is: If outworn technical systems are no longer adequate, the organization must be thoroughly overhauled. Five chapters deal with the following themes: organization as an aspect of society; risk control; aspects of security; is there security in ADP; the broader concept of security. (orig./HP) [de

  15. INFORMATION SYSTEM SECURITY (CYBER SECURITY

    Directory of Open Access Journals (Sweden)

    Muhammad Siddique Ansari

    2016-03-01

    Full Text Available Abstract - Business Organizations and Government unequivocally relies on upon data to deal with their business operations. The most unfavorable impact on association is disappointment of friendship, goodness, trustworthiness, legitimacy and probability of data and administrations. There is an approach to ensure data and to deal with the IT framework's Security inside association. Each time the new innovation is made, it presents some new difficulties for the insurance of information and data. To secure the information and data in association is imperative on the grounds that association nowadays inside and remotely joined with systems of IT frameworks. IT structures are inclined to dissatisfaction and security infringement because of slips and vulnerabilities. These slips and vulnerabilities can be brought on by different variables, for example, quickly creating headway, human slip, poor key particulars, poor movement schedules or censuring the threat. Likewise, framework changes, new deserts and new strikes are a huge piece of the time displayed, which helpers augmented vulnerabilities, disappointments and security infringement all through the IT structure life cycle. The business went to the confirmation that it is essentially difficult to ensure a slip free, risk free and secure IT structure in perspective of the disfigurement of the disavowing security parts, human pass or oversight, and part or supplies frustration. Totally secure IT frameworks don't exist; just those in which the holders may have changing degrees of certainty that security needs of a framework are fulfilled do. The key viewpoints identified with security of data outlining are examined in this paper. From the start, the paper recommends pertinent legitimate structure and their duties including open association obligation, and afterward it returns to present and future time, system limits, structure security in business division. At long last, two key inadequacy markers

  16. Information security management handbook

    CERN Document Server

    Tipton, Harold F

    2006-01-01

    Access Control Systems and Methodology. Telecommunications and Network Security. Security Management Practices. Application Program Security. Cryptography. Computer, System, and Security Architecture. Operations Security. Business Continuity Planning and Disaster Recovery Planning. Law, Investigation and Ethics. Physical Security.

  17. European Climate - Energy Security Nexus. A model based scenario analysis

    International Nuclear Information System (INIS)

    Criqui, Patrick; Mima, Silvana

    2011-01-01

    In this research, we have provided an overview of the climate-security nexus in the European sector through a model based scenario analysis with POLES model. The analysis underline that under stringent climate policies, Europe take advantage of a double dividend in its capacity to develop a new cleaner energy model and in lower vulnerability to potential shocks on the international energy markets. (authors)

  18. Legal status and source of offenders' firearms in states with the least stringent criteria for gun ownership.

    Science.gov (United States)

    Vittes, Katherine A; Vernick, Jon S; Webster, Daniel W

    2013-02-01

    Gun possession by high-risk individuals presents a serious threat to public safety. U.S. federal law establishes minimum criteria for legal purchase and possession of firearms; many states have laws disqualifying additional categories for illegal possession. We used data from a national survey of state prison inmates to calculate: 1) the proportion of offenders, incarcerated for crimes committed with firearms in 13 states with the least restrictive firearm purchase and possession laws, who would have been prohibited if their states had stricter gun laws; and 2) the source of gun acquisition for offenders who were and were not legally permitted to purchase and possess firearms. Nearly three of ten gun offenders (73 of 253 or 28.9%) were legal gun possessors but would have been prohibited from purchasing or possessing firearms when committing their most recent offense if their states had stricter prohibitions. Offenders who were already prohibited under current law acquired their gun from a licensed dealer, where a background check is required, five times less often than offenders who were not prohibited (3.9% vs. 19.9%; χ(2)=13.31; p≤0.001). Nearly all (96.1%) offenders who were legally prohibited, acquired their gun from a supplier not required to conduct a background check. Stricter gun ownership laws would have made firearm possession illegal for many state prison inmates who used a gun to commit a crime. Requiring all gun sales to be subject to a background check would make it more difficult for these offenders to obtain guns.

  19. Radioactive Waste SECURITY

    International Nuclear Information System (INIS)

    Brodowski, R.; Drapalik, M.; Gepp, C.; Gufler, K.; Sholly, S.

    2010-01-01

    The purpose of this work is to investigate the safety requirements for a radioactive waste repository, the fundamental problems involved and the legislative rules and arrangements for doing so. As the title already makes clear, the focus of this work is on aspects that can be assigned to the security sector - ie the security against the influence of third parties - and are to be distinguished from safety measures for the improvement of the technical safety aspects. In this context, mention is made of events such as human intrusion into guarded facilities, whereas e.g. a geological analysis on seismic safety is not discussed. For a variety of reasons, the consideration of security nuclear waste repositories in public discussions is increasingly taking a back seat, as ia. Terrorist threats can be considered as negligible risk or well calculable. Depending on the type of storage, different security aspects still have to be considered. (roessner)

  20. Security Bingo

    CERN Multimedia

    Computer Security Team

    2011-01-01

    Want to check your security awareness and win one of three marvellous books on computer security? Just print out this page, mark which of the 25 good practices below you already follow, and send the sheet back to us by 31 October 2011 at either Computer.Security@cern.ch or P.O. Box G19710.   Winners[1] must show that they fulfil at least five good practices in a continuous vertical, horizontal or diagonal row. For details on CERN Computer Security, please consult http://cern.ch/security. I personally…   …am concerned about computer security. …run my computer with an anti-virus software and up-to-date signature files. …lock my computer screen whenever I leave my office. …have chosen a reasonably complex password. …have restricted access to all my files and data. …am aware of the security risks and threats to CERN’s computing facilities. &hell...

  1. Computer security

    CERN Document Server

    Gollmann, Dieter

    2011-01-01

    A completely up-to-date resource on computer security Assuming no previous experience in the field of computer security, this must-have book walks you through the many essential aspects of this vast topic, from the newest advances in software and technology to the most recent information on Web applications security. This new edition includes sections on Windows NT, CORBA, and Java and discusses cross-site scripting and JavaScript hacking as well as SQL injection. Serving as a helpful introduction, this self-study guide is a wonderful starting point for examining the variety of competing sec

  2. Secure PVM

    Energy Technology Data Exchange (ETDEWEB)

    Dunigan, T.H.; Venugopal, N.

    1996-09-01

    This research investigates techniques for providing privacy, authentication, and data integrity to PVM (Parallel Virtual Machine). PVM is extended to provide secure message passing with no changes to the user`s PVM application, or, optionally, security can be provided on a message-by message basis. Diffe-Hellman is used for key distribution of a single session key for n-party communication. Keyed MD5 is used for message authentication, and the user may select from various secret-key encryption algorithms for message privacy. The modifications to PVM are described, and the performance of secure PVM is evaluated.

  3. Health Security and Risk Aversion.

    Science.gov (United States)

    Herington, Jonathan

    2016-09-01

    Health security has become a popular way of justifying efforts to control catastrophic threats to public health. Unfortunately, there has been little analysis of the concept of health security, nor the relationship between health security and other potential aims of public health policy. In this paper I develop an account of health security as an aversion to risky policy options. I explore three reasons for thinking risk avoidance is a distinctly worthwhile aim of public health policy: (i) that security is intrinsically valuable, (ii) that it is necessary for social planning and (iii) that it is an appropriate response to decision-making in contexts of very limited information. Striking the right balance between securing and maximizing population health thus requires a substantive, and hitherto unrecognized, value judgment. Finally, I critically evaluate the current health security agenda in light of this new account of the concept and its relationship to the other aims of public health policy. © 2016 John Wiley & Sons Ltd.

  4. Social security for seafarers globally

    DEFF Research Database (Denmark)

    Jensen, Olaf; Canals, Luisa; Haarløv, Erik

    2013-01-01

    Social security for seafarers globally Background: Social security protection is one of the essential elements of decent work. The issue is complex and no previous epidemiological studies of the coverage among seafarers have yet been performed. Objectives: The aim was to overcome the gap...... of knowledge to promote the discussion and planning of the implementation of social security for all seafarers. Methods: The seafarers completed a short questionnaire concerning their knowledge about their social security status. Results: Significant disparities of coverage of social security were pointed out...... comes from poorer countries without substantial social security systems. The solutions suggested are to implement the minimum requirements as recommended by the ILO 2006 Convention, to survey the implementation and in the long term to struggle for global social equality. Key words: Social security...

  5. Computer-aided support for Secure Tropos

    NARCIS (Netherlands)

    Massacci, F.; Mylopoulos, J.; Zannone, N.

    2007-01-01

    In earlier work, we have introduced Secure Tropos, a requirements engineering methodology that extends the Tropos methodology and is intended for the design and analysis of security requirements. This paper briefly recaps the concepts proposed for capturing security aspects, and presents an

  6. Securities and Exchange Commission Semiannual Regulatory Agenda

    Science.gov (United States)

    2010-12-20

    ... Flexibility Analysis Required: Yes Agency Contact: Alicia Goldin, Division of Trading and Markets, Securities...: Alicia Goldin, Division of Trading and Markets, Securities and Exchange Commission, 100 F Street NE... Flexibility Analysis Required: Yes Agency Contact: Alicia Goldin, Division of Trading and Markets, Securities...

  7. Specifying Information Security Needs for the Delivery of High Quality Security Services

    NARCIS (Netherlands)

    Su, X.; Bolzoni, D.; van Eck, Pascal

    In this paper we present an approach for specifying and prioritizing information security requirements in organizations. We propose to explicitly link security requirements with the organizations' business vision, i.e. to provide business rationale for security requirements. The rationale is then

  8. A Development Framework for Software Security in Nuclear Safety Systems: Integrating Secure Development and System Security Activities

    Energy Technology Data Exchange (ETDEWEB)

    Park, Jaekwan; Suh, Yongsuk [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of)

    2014-02-15

    The protection of nuclear safety software is essential in that a failure can result in significant economic loss and physical damage to the public. However, software security has often been ignored in nuclear safety software development. To enforce security considerations, nuclear regulator commission recently issued and revised the security regulations for nuclear computer-based systems. It is a great challenge for nuclear developers to comply with the security requirements. However, there is still no clear software development process regarding security activities. This paper proposes an integrated development process suitable for the secure development requirements and system security requirements described by various regulatory bodies. It provides a three-stage framework with eight security activities as the software development process. Detailed descriptions are useful for software developers and licensees to understand the regulatory requirements and to establish a detailed activity plan for software design and engineering.

  9. Collective Security

    DEFF Research Database (Denmark)

    Galster, Kjeld

    in worldwide market conditions left perceptible ripples in Danish economy, budget discussions grew in importance over this period. The pacifist stance entailed disinclination to accept that the collective security concept and international treaties and accords signed by Denmark should necessitate credible...... and other international treaties provided arguments for adjusting the foreign and security policy ambitions, and since the general flux in worldwide market conditions left perceptible ripples in Danish economy, budget discussions grew in importance over this period. The pacifist stance entailed......Collective Security: National Egotism (Abstract) In Danish pre-World War I defence debate the notion of collective security is missing. During the early years of the 19th century, the political work is influenced by a pervasive feeling of rising tension and danger on the continent of Europe...

  10. Security Transformation

    National Research Council Canada - National Science Library

    Metz, Steven

    2003-01-01

    ... adjustment. With American military forces engaged around the world in both combat and stabilization operations, the need for rigorous and critical analysis of security transformation has never been greater...

  11. European Security

    DEFF Research Database (Denmark)

    Møller, Bjørn

    Theoretical chapters on "Security", "Organisations" and "Regions," Historical Chapters on "Europe and Its Distinguishing Features" and on "The United Nations," "NATO," "The CSCE/OSCE and the Council of Europe" and "The European Union"......Theoretical chapters on "Security", "Organisations" and "Regions," Historical Chapters on "Europe and Its Distinguishing Features" and on "The United Nations," "NATO," "The CSCE/OSCE and the Council of Europe" and "The European Union"...

  12. Data Security

    OpenAIRE

    Lopez, Diego

    2013-01-01

    Training specialists in the field of data security and security administrators for the information systems represents a significant priority demanded by both governmental environments and the central and local administrations, as well as by the private sector - companies, banks. They are responsible for implementing information services and systems, but they are also their beneficiaries, with applicability in fields such as: e government, e-administration, e-banking, e-commerce, e-payment, wh...

  13. Nuclear security

    International Nuclear Information System (INIS)

    1991-12-01

    This paper reports that despite their crucial importance to national security, safeguards at the Department of Energy's (DOE) weapons facilities may be falling short. DOE security inspections have identified many weaknesses, including poor performance by members of DOE's security force, poor accountability for quantities of nuclear materials, and the inability of personnel to locate documents containing classified information. About 13 percent of the 2,100 identified weakness resulted in DOE inspectors giving out unsatisfactory security ratings; another 38 percent led to marginal ratings. In addition, DOE's centralized safeguards and security information tracking system lacks current data on whether DOE field offices have corrected the identified weaknesses. Without reliable information, DOE has no way of knowing whether timely action was taken to correct problems, nor can it determine whether weaknesses are systematic. DOE has tried to minimize the impact of these security weaknesses at its facilities by establishing multiple layers of protection measures and instituting interim and compensatory measures for identified weaknesses. DOE is planning enhancements to the centralized tracking system that should improve its reliability and increase its effectiveness

  14. Use of Evaluation Criteria in Security Education

    National Research Council Canada - National Science Library

    Nguyen, Thuy D; Irvine, Cynthia E

    2008-01-01

    .... A cornerstone of this success will be the ability of Information Assurance professionals to develop sound security requirements and determine the suitability of evaluated security products for mission-specific systems...

  15. Developing security protocols in χ-Spaces

    DEFF Research Database (Denmark)

    Crazzolara, Federico; Milicia, Giuseppe

    2002-01-01

    It is of paramount importance that a security protocol effectively enforces the desired security requirements. The apparent simplicity of informal protocol descriptions hides the inherent complexity of their interactions which, often, invalidate informal correctness arguments and justify the effort...

  16. Secure Java For Web Application Development

    CERN Document Server

    Bhargav, Abhay

    2010-01-01

    As the Internet has evolved, so have the various vulnerabilities, which largely stem from the fact that developers are unaware of the importance of a robust application security program. This book aims to educate readers on application security and building secure web applications using the new Java Platform. The text details a secure web application development process from the risk assessment phase to the proof of concept phase. The authors detail such concepts as application risk assessment, secure SDLC, security compliance requirements, web application vulnerabilities and threats, security

  17. Security an introduction

    CERN Document Server

    Purpura, Philip P

    2011-01-01

    Section I The History and Profession of SecurityDefinition, Role, and History of Security Security Defined The Contexts of Security The Roles of Security The History of Security Security in an Environment of Threats, Terrorism, and All-Hazards Threats and Hazards Terrorism National Strategies The Profession and Business of Security The Business of Security Professionalism and Security Associations Ethics Regulation of the Security Industry Security Training Higher Education Careers Section II Protecting People and AssetsSecurity Methodology Methodology Defined Security Business Proposals Secur

  18. [Food security in Mexico].

    Science.gov (United States)

    Urquía-Fernández, Nuria

    2014-01-01

    An overview of food security and nutrition in Mexico is presented, based on the analysis of the four pillars of food security: availability, access, utilization of food, and stability of the food supply. In addition, the two faces of malnutrition in Mexico were analyzed: obesity and undernourishment. Data were gathered from the food security indicators of the United Nations's Food and Agriculture Organization, from the Mexican Scale of Food Security, and from the National Health and Nutrition Survey. Mexico presents an index of availability of 3 145 kilocalories per person per day, one of the highest indexes in the world, including both food production and imports. In contrast, Mexico is affected by a double burden of malnutrition: whereas children under five present 14% of stunt, 30% of the adult population is obese. Also, more than 18% of the population cannot afford the basic food basket (food poverty). Using perception surveys, people reports important levels of food insecurity, which concentrates in seven states of the Mexican Federation. The production structure underlying these indicators shows a very heterogeneous landscape, which translates in to a low productivity growth across the last years. Food security being a multidimensional concept, to ensure food security for the Mexican population requires a revision and redesign of public productive and social policies, placing a particular focus on strengthening the mechanisms of institutional governance.

  19. Stringent bounds to spatial variations of the electron-to-proton mass ratio in the Milky Way

    Energy Technology Data Exchange (ETDEWEB)

    Molaro, P. [INAF-Osservatorio Astronomico di Trieste, Via G. B. Tiepolo 11, 34143 I, Trieste (Italy); Levshakov, S.A. [Ioffe Physical-Technical Institute, Politekhnicheskaya Str. 26, 194021 St. Petersburg (Russian Federation); Kozlov, M.G. [Petersburg Nuclear Physics Institute, Gatchina, 188300 (Russian Federation)

    2009-10-15

    The ammonia method, recently proposed by Flambaum and Kozlov (2007) to probe variations of the electron-to-proton mass ratio, mu=m{sub e}/m{sub p}, is applied for the first time to dense prestellar molecular clouds in the Milky Way, allowing to test DELTAmu/mu at different galactocentric distances. High quality radio-astronomical observations are used to check the presence of possible relative radial velocity offsets between the inversion transition of NH{sub 3}(J,K)=(1,1), and the CCS J{sub N}=2{sub 1}-1{sub 0} and N{sub 2}H{sup +}J=1-0 rotational transitions. Carefully selected sample of 21 NH{sub 3}/CCS pairs observed in the Perseus molecular cloud provide the offset DELTAV{sub CCS-NH{sub 3}}=36+-7{sub stat}+-13.5{sub sys}ms{sup -1}. A similar offset of DELTAV=40.8+-12.9{sub stat}ms{sup -1} between NH{sub 3}(J,K)=(1,1) and N{sub 2}H{sup +}J=1-0 has been found in an isolated dense core L183 by Pagani et al. (2009). Overall these observations provide a safe bound of a maximum offset between ammonia and the other molecules at the level of DELTAV<=100m s{sup -1}. Being interpreted in terms of DELTAmu/mu, this bound corresponds to DELTAmu/mu<=1x10{sup -7}, which is an order of magnitude more sensitive than available extragalactic constraints. Taken at face value the measured DELTAV shows positive shifts between the line centers of NH{sub 3} and these two other molecules and suggest a real offset, which would imply a DELTAmu/muapprox4x10{sup -8}. If DELTAmu/mu follows the gradient of the local gravitational potential, then the obtained results are in conflict with laboratory atomic clock experiments in the solar system by approx5 orders of magnitude, thus requiring a chameleon-type scalar field model. New measurements involving other molecules and a wider range of objects along with verification of molecular rest frequencies are currently planned to confirm these first indications.

  20. Process Control/SCADA system vendor security awareness and security posture.

    NARCIS (Netherlands)

    Luiijf, H.A.M.; Lüders, S.

    2009-01-01

    A starting point for the adequate security of process control/SCADA systems is the security awareness and security posture by the manufacturers, vendors, system integrators, and service organisations. The results of a short set of questions indicate that major security improvements are required in

  1. Multimedia and security: Workshop at ACM Multimedia '98, Bristol, U.K., September 12 - 13, 1998

    OpenAIRE

    Dittmann, J.; Wohlmacher, P.; Horster, P.; Steinmetz, R.

    1998-01-01

    In this paper we describe the most important security requirements, which must be fulfilled by today's IT-systems, and the security measures used to satisfy these requirements. These security measures are based on modern cryptographic mechanisms as well as on security infrastructures. Regarding data security and communication security in particular in the field of multimedia, the requirements on security increase. If and in which way the discussed security mechanisms can be applied to multime...

  2. Improving Timeliness in Real-Time Secure Database Systems

    National Research Council Canada - National Science Library

    Son, Sang H; David, Rasikan; Thuraisingham, Bhavani

    2006-01-01

    .... In addition to real-time requirements, security is usually required in many applications. Multilevel security requirements introduce a new dimension to transaction processing in real-time database systems...

  3. PROVIDING STRINGENT STAR FORMATION RATE LIMITS OF z ∼ 2 QSO HOST GALAXIES AT HIGH ANGULAR RESOLUTION

    Energy Technology Data Exchange (ETDEWEB)

    Vayner, Andrey; Wright, Shelley A. [Department of Astronomy and Astrophysics, University of Toronto, 50 St. George Street, Toronto, ON, M5S 3H4 (Canada); Do, Tuan [Dunlap Institute for Astronomy and Astrophysics, University of Toronto, 50 St. George Street, Toronto, ON, M5S 3H4 (Canada); Larkin, James E. [Department of Physics and Astronomy, University of California, Los Angeles, CA 90095 (United States); Armus, Lee [Spitzer Science Center, California Institute of Technology, 1200 E. California Boulevard, Pasadena, CA 91125 (United States); Gallagher, S. C. [Department of Physics and Astronomy, The University of Western Ontario, London, ON N6A 3K7 (Canada)

    2016-04-10

    We present integral field spectrograph (IFS) with laser guide star adaptive optics (LGS-AO) observations of z ∼ 2 quasi-stellar objects (QSOs) designed to resolve extended nebular line emission from the host galaxy. Our data was obtained with W. M. Keck and Gemini North Observatories, using OSIRIS and NIFS coupled with the LGS-AO systems, respectively. We have conducted a pilot survey of five QSOs, three observed with NIFS+AO and two observed with OSIRIS+AO at an average redshift of z = 2.2. We demonstrate that the combination of AO and IFSs provides the necessary spatial and spectral resolutions required to separate QSO emission from its host. We present our technique for generating a point-spread function (PSF) from the broad-line region of the QSO and performing PSF subtraction of the QSO emission to detect the host galaxy emission at a separation of ∼0.″2 (∼1.4 kpc). We detect Hα narrow-line emission for two sources, SDSS J1029+6510 (z{sub Hα} = 2.182) and SDSS J0925+0655 (z{sub Hα} = 2.197), that have evidence for both star formation and extended narrow-line emission. Assuming that the majority of narrow-line Hα emission is from star formation, we infer a star formation rate (SFR) for SDSS J1029+6510 of 78.4 M{sub ⊙} yr{sup −1} originating from a compact region that is kinematically offset by 290–350 km s{sup −1}. For SDSS J0925+0655 we infer a SFR of 29 M{sub ⊙} yr{sup −1} distributed over three clumps that are spatially offset by ∼7 kpc. The null detections on three of the QSOs are used to infer surface brightness limits and we find that at 1.4 kpc from the QSO the un-reddened star formation limit is ≲0.3 M{sub ⊙} yr{sup −1} kpc{sup −2}. If we assume typical extinction values for z = 2 type-1 QSOs, the dereddened SFR for our null detections would be ≲0.6 M{sub ⊙} yr{sup −1} kpc{sup −2}. These IFS observations indicate that while the central black hole is accreting mass at 10%–40% of the Eddington rate, if

  4. Privacy and security in teleradiology

    International Nuclear Information System (INIS)

    Ruotsalainen, Pekka

    2010-01-01

    Teleradiology is probably the most successful eHealth service available today. Its business model is based on the remote transmission of radiological images (e.g. X-ray and CT-images) over electronic networks, and on the interpretation of the transmitted images for diagnostic purpose. Two basic service models are commonly used teleradiology today. The most common approach is based on the message paradigm (off-line model), but more developed teleradiology systems are based on the interactive use of PACS/RIS systems. Modern teleradiology is also more and more cross-organisational or even cross-border service between service providers having different jurisdictions and security policies. This paper defines the requirements needed to make different teleradiology models trusted. Those requirements include a common security policy that covers all partners and entities, common security and privacy protection principles and requirements, controlled contracts between partners, and the use of security controls and tools that supporting the common security policy. The security and privacy protection of any teleradiology system must be planned in advance, and the necessary security and privacy enhancing tools should be selected (e.g. strong authentication, data encryption, non-repudiation services and audit-logs) based on the risk analysis and requirements set by the legislation. In any case the teleradiology system should fulfil ethical and regulatory requirements. Certification of the whole teleradiology service system including security and privacy is also proposed. In the future, teleradiology services will be an integrated part of pervasive eHealth. Security requirements for this environment including dynamic and context aware security services are also discussed in this paper.

  5. Privacy and security in teleradiology

    Energy Technology Data Exchange (ETDEWEB)

    Ruotsalainen, Pekka [National Institute for Health and Welfare, Helsinki (Finland)], E-mail: pekka.ruotsalainen@THL.fi

    2010-01-15

    Teleradiology is probably the most successful eHealth service available today. Its business model is based on the remote transmission of radiological images (e.g. X-ray and CT-images) over electronic networks, and on the interpretation of the transmitted images for diagnostic purpose. Two basic service models are commonly used teleradiology today. The most common approach is based on the message paradigm (off-line model), but more developed teleradiology systems are based on the interactive use of PACS/RIS systems. Modern teleradiology is also more and more cross-organisational or even cross-border service between service providers having different jurisdictions and security policies. This paper defines the requirements needed to make different teleradiology models trusted. Those requirements include a common security policy that covers all partners and entities, common security and privacy protection principles and requirements, controlled contracts between partners, and the use of security controls and tools that supporting the common security policy. The security and privacy protection of any teleradiology system must be planned in advance, and the necessary security and privacy enhancing tools should be selected (e.g. strong authentication, data encryption, non-repudiation services and audit-logs) based on the risk analysis and requirements set by the legislation. In any case the teleradiology system should fulfil ethical and regulatory requirements. Certification of the whole teleradiology service system including security and privacy is also proposed. In the future, teleradiology services will be an integrated part of pervasive eHealth. Security requirements for this environment including dynamic and context aware security services are also discussed in this paper.

  6. Privacy and security in teleradiology.

    Science.gov (United States)

    Ruotsalainen, Pekka

    2010-01-01

    Teleradiology is probably the most successful eHealth service available today. Its business model is based on the remote transmission of radiological images (e.g. X-ray and CT-images) over electronic networks, and on the interpretation of the transmitted images for diagnostic purpose. Two basic service models are commonly used teleradiology today. The most common approach is based on the message paradigm (off-line model), but more developed teleradiology systems are based on the interactive use of PACS/RIS systems. Modern teleradiology is also more and more cross-organisational or even cross-border service between service providers having different jurisdictions and security policies. This paper defines the requirements needed to make different teleradiology models trusted. Those requirements include a common security policy that covers all partners and entities, common security and privacy protection principles and requirements, controlled contracts between partners, and the use of security controls and tools that supporting the common security policy. The security and privacy protection of any teleradiology system must be planned in advance, and the necessary security and privacy enhancing tools should be selected (e.g. strong authentication, data encryption, non-repudiation services and audit-logs) based on the risk analysis and requirements set by the legislation. In any case the teleradiology system should fulfil ethical and regulatory requirements. Certification of the whole teleradiology service system including security and privacy is also proposed. In the future, teleradiology services will be an integrated part of pervasive eHealth. Security requirements for this environment including dynamic and context aware security services are also discussed in this paper. Copyright (c) 2009 Elsevier Ireland Ltd. All rights reserved.

  7. Site security personnel training manual

    International Nuclear Information System (INIS)

    1978-10-01

    As required by 10 CFR Part 73, this training manual provides guidance to assist licensees in the development of security personnel training and qualifications programs. The information contained in the manual typifies the level and scope of training for personnel assigned to perform security related tasks and job duties associated with the protection of nuclear fuel cycle facilities and nuclear power reactors

  8. Information Security and the Internet.

    Science.gov (United States)

    Doddrell, Gregory R.

    1996-01-01

    As business relies less on "fortress" style central computers and more on distributed systems, the risk of disruption increases because of inadequate physical security, support services, and site monitoring. This article discusses information security and why protection is required on the Internet, presents a best practice firewall, and…

  9. The Key to School Security.

    Science.gov (United States)

    Hotle, Dan

    1993-01-01

    In addition to legislative accessibility requirements, other security issues facing school administrators who select a security system include the following: access control; user friendliness; durability or serviceability; life safety precautions; possibility of vandalism, theft, and tampering; and key control. Offers steps to take in considering…

  10. DIRAC Security

    CERN Document Server

    Casajús Ramo, A

    2006-01-01

    DIRAC is the LHCb Workload and Data Management System. Based on a service-oriented architecture, it enables generic distributed computing with lightweight Agents and Clients for job execution and data transfers. DIRAC implements a client-server architecture exposing server methods through XML Remote Procedure Call (XML-RPC) protocol. DIRAC is mostly coded in python. DIRAC security infrastructure has been designed to be a completely generic XML-RPC transport over a SSL tunnel. This new security layer is able to handle standard X509 certificates as well as grid-proxies to authenticate both sides of the connection. Serve and client authentication relies over OpenSSL and py-Open SSL, but to be able to handle grid proxies some modifications have been added to those libraries. DIRAC security infrastructure handles authorization and authorization as well as provides extended capabilities like secure connection tunneling and file transfer. Using this new security infrastructure all LHCb users can safely make use o...

  11. 49 CFR 1552.23 - Security awareness training programs.

    Science.gov (United States)

    2010-10-01

    ... employee to identify— (i) Uniforms and other identification, if any are required at the flight school, for... SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY FLIGHT SCHOOLS Flight School Security Awareness Training § 1552.23 Security awareness training programs. (a) General. A flight...

  12. Nuclear security officer training

    International Nuclear Information System (INIS)

    Harrington, W.F.

    1981-01-01

    Training has become complex and precise in today's world of critical review and responsibility. Entrusted to a security officer is the success or demise of large business. In more critical environments the security officer is entrusted with the monitoring and protection of life sensitive systems and devices. The awareness of this high visibility training requirement has been addressed by a limited few. Those involved in the nuclear power industry through dedication and commitment to the American public have without a doubt become leading pioneers in demanding training excellence

  13. Privatising Security

    Directory of Open Access Journals (Sweden)

    Irina Mindova-Docheva

    2016-06-01

    Full Text Available The article proposes an analysis of the different approaches towards employing the international legal framework in the regulation and oversight of private military and security companies’ operation in armed conflicts and in peace time security systems. It proposes a partnership-based approach for public and private actors aiming at creating and sharing common values under the principles of solidarity, protection of human rights and rule of law. A focus of further research should be the process of shaping those common values.

  14. Proactive Security Testing and Fuzzing

    Science.gov (United States)

    Takanen, Ari

    Software is bound to have security critical flaws, and no testing or code auditing can ensure that software is flaw-less. But software security testing requirements have improved radically during the past years, largely due to criticism from security conscious consumers and Enterprise customers. Whereas in the past, security flaws were taken for granted (and patches were quietly and humbly installed), they now are probably one of the most common reasons why people switch vendors or software providers. The maintenance costs from security updates often add to become one of the biggest cost items to large Enterprise users. Fortunately test automation techniques have also improved. Techniques like model-based testing (MBT) enable efficient generation of security tests that reach good confidence levels in discovering zero-day mistakes in software. This technique is called fuzzing.

  15. Cloud Computing Security: A Survey

    Directory of Open Access Journals (Sweden)

    Issa M. Khalil

    2014-02-01

    Full Text Available Cloud computing is an emerging technology paradigm that migrates current technological and computing concepts into utility-like solutions similar to electricity and water systems. Clouds bring out a wide range of benefits including configurable computing resources, economic savings, and service flexibility. However, security and privacy concerns are shown to be the primary obstacles to a wide adoption of clouds. The new concepts that clouds introduce, such as multi-tenancy, resource sharing and outsourcing, create new challenges to the security community. Addressing these challenges requires, in addition to the ability to cultivate and tune the security measures developed for traditional computing systems, proposing new security policies, models, and protocols to address the unique cloud security challenges. In this work, we provide a comprehensive study of cloud computing security and privacy concerns. We identify cloud vulnerabilities, classify known security threats and attacks, and present the state-of-the-art practices to control the vulnerabilities, neutralize the threats, and calibrate the attacks. Additionally, we investigate and identify the limitations of the current solutions and provide insights of the future security perspectives. Finally, we provide a cloud security framework in which we present the various lines of defense and identify the dependency levels among them. We identify 28 cloud security threats which we classify into five categories. We also present nine general cloud attacks along with various attack incidents, and provide effectiveness analysis of the proposed countermeasures.

  16. Communications and Information: Emission Security

    National Research Council Canada - National Science Library

    1998-01-01

    The Air Force EMSEC process has experienced many changes. Although these changes were attempts to meet the variances of a dynamic world, they require security protection measures far beyond the needs of the average user...

  17. Transportation security personnel training manual

    International Nuclear Information System (INIS)

    1978-11-01

    Objective of this manual is to train security personnel to protect special nuclear materials and nuclear facilities against theft and sabotage as required by 10 CFR Part 73. This volume contains the introduction and rationale

  18. 5 CFR 1312.3 - Classification requirements.

    Science.gov (United States)

    2010-01-01

    ..., DOWNGRADING, DECLASSIFICATION AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION Classification and Declassification of National Security Information § 1312.3 Classification requirements. United States citizens must...; (5) Scientific, technological, or economic matters relating to the national security; (6) United...

  19. Information Security

    NARCIS (Netherlands)

    Hartel, Pieter H.; Suryana Herman, Nanna; Leukfeldt, E.R.; Stol, W.Ph.

    2012-01-01

    Information security is all about the protection of digital assets, such as digital content, personal health records, state secrets etc. These assets can be handled by a party who is authorised to access and control the asset or a party who is not authorised to do so. Authorisation determines who is

  20. Food security

    NARCIS (Netherlands)

    Ridder, M. de

    2011-01-01

    Food security is back on the agenda as a top priority for policy makers. In January 2011, record high food prices resulted in protests in Tunisia, which subsequently led to the spread of the revolutions in other North African and Middle Eastern countries. Although experts have asserted that no

  1. Understanding and Specifying Information Security Needs to Support the Delivery of High Quality Security Services

    NARCIS (Netherlands)

    Su, X.; Bolzoni, D.; van Eck, Pascal

    2006-01-01

    In this paper we present an approach for specifying and prioritizing information security requirements in organizations. It is important to prioritize security requirements since hundred per cent security is not achievable and the limited resources available should be directed to satisfy the most

  2. Understanding and Specifying Information Security Needs to Support the Delivery of High Quality Security Services

    NARCIS (Netherlands)

    Su, X.; Bolzoni, D.; van Eck, Pascal

    2007-01-01

    In this paper we present an approach for specifying and prioritizing information security requirements in organizations. It is important to prioritize security requirements since hundred per cent security is not achievable and the limited resources available should be directed to satisfy the most

  3. Radiological protection, safety and security issues in the industrial and medical applications of radiation sources

    International Nuclear Information System (INIS)

    Vaz, Pedro

    2015-01-01

    The use of radiation sources, namely radioactive sealed or unsealed sources and particle accelerators and beams is ubiquitous in the industrial and medical applications of ionizing radiation. Besides radiological protection of the workers, members of the public and patients in routine situations, the use of radiation sources involves several aspects associated to the mitigation of radiological or nuclear accidents and associated emergency situations. On the other hand, during the last decade security issues became burning issues due to the potential malevolent uses of radioactive sources for the perpetration of terrorist acts using RDD (Radiological Dispersal Devices), RED (Radiation Exposure Devices) or IND (Improvised Nuclear Devices). A stringent set of international legally and non-legally binding instruments, regulations, conventions and treaties regulate nowadays the use of radioactive sources. In this paper, a review of the radiological protection issues associated to the use of radiation sources in the industrial and medical applications of ionizing radiation is performed. The associated radiation safety issues and the prevention and mitigation of incidents and accidents are discussed. A comprehensive discussion of the security issues associated to the global use of radiation sources for the aforementioned applications and the inherent radiation detection requirements will be presented. Scientific, technical, legal, ethical, socio-economic issues are put forward and discussed. - Highlights: • The hazards associated to the use of radioactive sources must be taken into account. • Security issues are of paramount importance in the use of radioactive sources. • Radiation sources can be used to perpetrate terrorist acts (RDDs, INDs, REDs). • DSRS and orphan sources trigger radiological protection, safety and security concerns. • Regulatory control, from cradle to grave, of radioactive sources is mandatory.

  4. Radiological protection, safety and security issues in the industrial and medical applications of radiation sources

    Science.gov (United States)

    Vaz, Pedro

    2015-11-01

    The use of radiation sources, namely radioactive sealed or unsealed sources and particle accelerators and beams is ubiquitous in the industrial and medical applications of ionizing radiation. Besides radiological protection of the workers, members of the public and patients in routine situations, the use of radiation sources involves several aspects associated to the mitigation of radiological or nuclear accidents and associated emergency situations. On the other hand, during the last decade security issues became burning issues due to the potential malevolent uses of radioactive sources for the perpetration of terrorist acts using RDD (Radiological Dispersal Devices), RED (Radiation Exposure Devices) or IND (Improvised Nuclear Devices). A stringent set of international legally and non-legally binding instruments, regulations, conventions and treaties regulate nowadays the use of radioactive sources. In this paper, a review of the radiological protection issues associated to the use of radiation sources in the industrial and medical applications of ionizing radiation is performed. The associated radiation safety issues and the prevention and mitigation of incidents and accidents are discussed. A comprehensive discussion of the security issues associated to the global use of radiation sources for the aforementioned applications and the inherent radiation detection requirements will be presented. Scientific, technical, legal, ethical, socio-economic issues are put forward and discussed.

  5. Access Point Security Service for wireless ad-hoc communication

    NARCIS (Netherlands)

    Scholten, Johan; Nijdam, M.

    2006-01-01

    This paper describes the design and implementation of a security solution for ad-hoc peer-to-peer communication. The security solution is based on a scenario where two wireless devices require secure communication, but share no security relationship a priori. The necessary requirements for the

  6. 46 CFR 10.214 - Security Check.

    Science.gov (United States)

    2010-10-01

    ... 46 Shipping 1 2010-10-01 2010-10-01 false Security Check. 10.214 Section 10.214 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MERCHANT MARINE OFFICERS AND SEAMEN MERCHANT MARINER CREDENTIAL General Requirements for All Merchant Mariner Credentials § 10.214 Security Check. Until April 15, 2009...

  7. 10 CFR 39.71 - Security.

    Science.gov (United States)

    2010-01-01

    ... 10 Energy 1 2010-01-01 2010-01-01 false Security. 39.71 Section 39.71 Energy NUCLEAR REGULATORY COMMISSION LICENSES AND RADIATION SAFETY REQUIREMENTS FOR WELL LOGGING Security, Records, Notifications § 39.71 Security. (a) A logging supervisor must be physically present at a temporary jobsite whenever...

  8. 14 CFR 121.538 - Aircraft security.

    Science.gov (United States)

    2010-01-01

    ... 14 Aeronautics and Space 3 2010-01-01 2010-01-01 false Aircraft security. 121.538 Section 121.538..., FLAG, AND SUPPLEMENTAL OPERATIONS Flight Operations § 121.538 Aircraft security. Certificate holders conducting operations under this part must comply with the applicable security requirements in 49 CFR chapter...

  9. 7 CFR 1951.866 - Security.

    Science.gov (United States)

    2010-01-01

    ... 7 Agriculture 14 2010-01-01 2009-01-01 true Security. 1951.866 Section 1951.866 Agriculture... REGULATIONS (CONTINUED) SERVICING AND COLLECTIONS Rural Development Loan Servicing § 1951.866 Security. (a) Loans from RDLF intermediaries to ultimate recipients. Security requirements for loans from...

  10. 15 CFR 742.4 - National security.

    Science.gov (United States)

    2010-01-01

    ... 15 Commerce and Foreign Trade 2 2010-01-01 2010-01-01 false National security. 742.4 Section 742.4... INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE EXPORT ADMINISTRATION REGULATIONS CONTROL POLICY-CCL BASED CONTROLS § 742.4 National security. (a) License requirements. It is the policy of the United States to...

  11. 14 CFR 135.125 - Aircraft security.

    Science.gov (United States)

    2010-01-01

    ... 14 Aeronautics and Space 3 2010-01-01 2010-01-01 false Aircraft security. 135.125 Section 135.125....125 Aircraft security. Certificate holders conducting operators conducting operations under this part must comply with the applicable security requirements in 49 CFR chapter XII. [67 FR 8350, Feb. 22, 2002] ...

  12. 14 CFR 460.53 - Security.

    Science.gov (United States)

    2010-01-01

    ... 14 Aeronautics and Space 4 2010-01-01 2010-01-01 false Security. 460.53 Section 460.53 Aeronautics and Space COMMERCIAL SPACE TRANSPORTATION, FEDERAL AVIATION ADMINISTRATION, DEPARTMENT OF....53 Security. An operator must implement security requirements to prevent any space flight participant...

  13. 40 CFR 264.14 - Security.

    Science.gov (United States)

    2010-07-01

    ... 40 Protection of Environment 25 2010-07-01 2010-07-01 false Security. 264.14 Section 264.14... Standards § 264.14 Security. (a) The owner or operator must prevent the unknowing entry, and minimize the...) for discussion of security requirements at disposal facilities during the post-closure care period...

  14. 40 CFR 265.14 - Security.

    Science.gov (United States)

    2010-07-01

    ... 40 Protection of Environment 25 2010-07-01 2010-07-01 false Security. 265.14 Section 265.14... Facility Standards § 265.14 Security. (a) The owner or operator must prevent the unknowing entry, and...) for discussion of security requirements at disposal facilities during the post-closure care period...

  15. 7 CFR 331.11 - Security.

    Science.gov (United States)

    2010-01-01

    ... 7 Agriculture 5 2010-01-01 2010-01-01 false Security. 331.11 Section 331.11 Agriculture..., DEPARTMENT OF AGRICULTURE POSSESSION, USE, AND TRANSFER OF SELECT AGENTS AND TOXINS § 331.11 Security. (a) An individual or entity required to register under this part must develop and implement a written security plan...

  16. 76 FR 4079 - Information Technology (IT) Security

    Science.gov (United States)

    2011-01-24

    ... Security, consistent with Federal policies for the security of unclassified information and information... Certification Program, and provide a Web site link within a contract clause to a library where contractors can... Security should be addressed through government-wide policies, standards, and requirements. NASA response...

  17. The Extended Concept of Security and the Czech Security Practice

    Directory of Open Access Journals (Sweden)

    Libor Stejskal

    2008-12-01

    Full Text Available According to the extended concept of security, the nation state is no longer the sole privileged reference object of security. The traditional model of national security is developing from military terms to a broader concept which embraces the international, economic, social, environmental, and human rights dimensions of security. The meaning and relevance of the concept is being extended “upwards”, to international organisations, and “downwards”, to regional and local authorities, non-governmental organisations, communities, and individual citizens. This has immediate bearing on the everyday security reality of the Czech Republic. In international context, the “security frontier” of the Czech Republic is expanding, e.g. through the country’s involvement in UN and NATO security missions in conflict-ridden regions of Europe and the world. The country also helps enhance the internal security of the European Union, whose strength depends on its Member States’ willingness to “harmonise” the pursuit of their respective national security interests. This approach is especially important with regard to the principal security threats Europe faces and will continue to face in the future: terrorism and organised crime. It is vital that the Czech Republic have a well-working security system capable of responding effectively to a broad range of threats. This requirement applies first and foremost to the Police, the Fire and Rescue Service, and intelligence services. Unfortunately, with the present effectiveness of the Czech security system, much remains wishful thinking and, due to the lack of a comprehensive framework, a comparatively low level of protection against emergencies exists. Fight against crime is hampered by inefficient operation of the Police and judiciary. A thorough analysis of the aforementioned problems could provide basis for a broader public debate over the priorities and goals of Czech security policy, which should

  18. The Informatics Security Cost of Distributed Applications

    Directory of Open Access Journals (Sweden)

    Ion IVAN

    2010-01-01

    Full Text Available The objective, necessity, means and estimated efficiency of information security cost modeling are presented. The security requirements of distributed informatics applications are determined. Aspects regarding design, development and implementation are established. Influence factors for informatics security are presented and their correlation is analyzed. The costs associated to security processes are studied. Optimal criteria for informatics security are established. The security cost of the informatics application for validating organizational identifiers is determined using theoretical assumptions made for cost models. The conclusions highlight the validity of research results and offer perspectives for future research.

  19. Computer Security: the security marathon

    CERN Multimedia

    Computer Security Team

    2014-01-01

    If you believe that “security” is a sprint, that a quick hack is invulnerable, that quick bug fixing is sufficient, that plugging security measures on top of existing structures is good, that once you are secure your life will be easy... then let me convince you otherwise.   An excellent example of this is when the summer students join us at CERN. As the summer period is short, software projects must be accomplished quickly, like a sprint. Rush, rush! But often, this sprint ends with aching muscles. Regularly, these summer students approach us to have their project or web server made visible to the Internet. Regularly, quick security reviews of those web servers diagnose severe underperformance with regards to security: the web applications are flawed or use insecure protocols; the employed software tools, databases or web frameworks are sub-optimal and not adequately chosen for that project; the operating system is non-standard and has never been brought up-to-date; and ...

  20. Selection, Classification and requirements give design he/she gives the important systems for the security in a center he/she gives production he/she gives radiopharmaceuticals and marked compounds

    International Nuclear Information System (INIS)

    Perez Pijuan, S.; Ayra Pardo, F.E.; Ilizastegui Perez, F.

    1998-01-01

    In the work the security functions are identified that should complete the system, subsystems and components to guarantee the security the workers and human populations. Was selected the system that intervene in the security the installation and they are classified in categories by deterministic methods consider their holding in the detection and mitigation the radiological events postulates and the maintenance in normal operation conditions

  1. Security Administration Reports Application

    Data.gov (United States)

    Social Security Administration — Contains SSA Security Reports that allow Information Security Officers (ISOs) to access, review and take appropriate action based on the information contained in the...

  2. Security Investigation Database (SID)

    Data.gov (United States)

    US Agency for International Development — Security Investigation & Personnel Security Clearance - COTS personnel security application in a USAID virtualized environement that can support USAID's business...

  3. Model-Based Security Testing

    Directory of Open Access Journals (Sweden)

    Ina Schieferdecker

    2012-02-01

    Full Text Available Security testing aims at validating software system requirements related to security properties like confidentiality, integrity, authentication, authorization, availability, and non-repudiation. Although security testing techniques are available for many years, there has been little approaches that allow for specification of test cases at a higher level of abstraction, for enabling guidance on test identification and specification as well as for automated test generation. Model-based security testing (MBST is a relatively new field and especially dedicated to the systematic and efficient specification and documentation of security test objectives, security test cases and test suites, as well as to their automated or semi-automated generation. In particular, the combination of security modelling and test generation approaches is still a challenge in research and of high interest for industrial applications. MBST includes e.g. security functional testing, model-based fuzzing, risk- and threat-oriented testing, and the usage of security test patterns. This paper provides a survey on MBST techniques and the related models as well as samples of new methods and tools that are under development in the European ITEA2-project DIAMONDS.

  4. Security seal

    Science.gov (United States)

    Gobeli, Garth W.

    1985-01-01

    Security for a package or verifying seal in plastic material is provided by a print seal with unique thermally produced imprints in the plastic. If tampering is attempted, the material is irreparably damaged and thus detectable. The pattern of the imprints, similar to "fingerprints" are recorded as a positive identification for the seal, and corresponding recordings made to allow comparison. The integrity of the seal is proved by the comparison of imprint identification records made by laser beam projection.

  5. Security system

    Science.gov (United States)

    Baumann, Mark J.; Kuca, Michal; Aragon, Mona L.

    2016-02-02

    A security system includes a structure having a structural surface. The structure is sized to contain an asset therein and configured to provide a forceful breaching delay. The structure has an opening formed therein to permit predetermined access to the asset contained within the structure. The structure includes intrusion detection features within or associated with the structure that are activated in response to at least a partial breach of the structure.

  6. Protective force legal issues: the security perspective

    International Nuclear Information System (INIS)

    Rich, B.L.

    1984-01-01

    There has been much discussion and some controversy on the legal issues faced by the Department of Energy's (DOE) protective forces in the performance of their security duties. These include the observance of legal proprieties in the arrest of non-violent demonstrators, the use of lethal weapons, and the extent of protective forces' authority to carry weapons and protect DOE's security interests offsite. In brief, the need to protect DOE's security interests may be in nominal conflict with other requirements. When faced with a potential conflict in requirements, we in the DOE security community must place first attention to the security mission -- to deter and prevent hostile acts

  7. Network Security Validation Using Game Theory

    Science.gov (United States)

    Papadopoulou, Vicky; Gregoriades, Andreas

    Non-functional requirements (NFR) such as network security recently gained widespread attention in distributed information systems. Despite their importance however, there is no systematic approach to validate these requirements given the complexity and uncertainty characterizing modern networks. Traditionally, network security requirements specification has been the results of a reactive process. This however, limited the immunity property of the distributed systems that depended on these networks. Security requirements specification need a proactive approach. Networks' infrastructure is constantly under attack by hackers and malicious software that aim to break into computers. To combat these threats, network designers need sophisticated security validation techniques that will guarantee the minimum level of security for their future networks. This paper presents a game-theoretic approach to security requirements validation. An introduction to game theory is presented along with an example that demonstrates the application of the approach.

  8. Nuclear energy technology transfer: the security barriers

    International Nuclear Information System (INIS)

    Rinne, R.L.

    1975-08-01

    The problems presented by security considerations to the transfer of nuclear energy technology are examined. In the case of fusion, the national security barrier associated with the laser and E-beam approaches is discussed; for fission, the international security requirements, due to the possibility of the theft or diversion of special nuclear materials or sabotage of nuclear facilities, are highlighted. The paper outlines the nuclear fuel cycle and terrorist threat, examples of security barriers, and the current approaches to transferring technology. (auth)

  9. Security aspects of database systems implementation

    OpenAIRE

    Pokorný, Tomáš

    2009-01-01

    The aim of this thesis is to provide a comprehensive overview of database systems security. Reader is introduced into the basis of information security and its development. Following chapter defines a concept of database system security using ISO/IEC 27000 Standard. The findings from this chapter form a complex list of requirements on database security. One chapter also deals with legal aspects of this domain. Second part of this thesis offers a comparison of four object-relational database s...

  10. THz and Security Applications

    CERN Document Server

    Sizov, Fedir; Detectors, Sources and Associated Electronics for THz Applications

    2014-01-01

    These proceedings comprise invited papers from highly experienced researchers in THz technology and security applications. THz detection of explosives represents one of the most appealing technologies to have recently emerged in dealing with terrorist attacks encountered by civil security and military forces throughout the world. Discussed are the most advanced technologies and developments, the various points of operational strength and weaknesses as well as are suggestions and predictions the best technological solutions to  overcome current operational limits.  The current status of various levels of cooling in THz detectors, sources and associated electronics are also addressed. The goal was to provide a clear view on the current technologies available and the required advances needed in order to achieve more efficient systems. This goal was outlined in part by establishing the baseline of current uncertainty estimations in physics-based modelling and the identification of key areas which require additi...

  11. Strengthening nuclear security

    International Nuclear Information System (INIS)

    Kurihara, Hiroyoshi

    2003-01-01

    The international situation after the end of the Cold-War has been quite unstable, due to the occurrence of frequent regional conflicts and domestic wars based on ethnic, religious or racial reasons. Further, threats to the would peace and security by non-state actors, like international terrorist groups, have been recognized after 9.11 terrorist attacks to the World Trade Center buildings and to the Pentagon. Utilization of nuclear energy, which encompasses both peaceful uses and military ones, required an establishment of regulatory system, by which risks associated with the development of nuclear energy can be controlled. Accordingly, nuclear safety control system, and then non-proliferation control system has been developed, both in the international level and notional level. In recognition of the present unstable international situations, it is required to establish, maintain and strengthen a system which control nuclear security aspect, in addition to the present systems. (author)

  12. Draft secure medical database standard.

    Science.gov (United States)

    Pangalos, George

    2002-01-01

    Medical database security is a particularly important issue for all Healthcare establishments. Medical information systems are intended to support a wide range of pertinent health issues today, for example: assure the quality of care, support effective management of the health services institutions, monitor and contain the cost of care, implement technology into care without violating social values, ensure the equity and availability of care, preserve humanity despite the proliferation of technology etc.. In this context, medical database security aims primarily to support: high availability, accuracy and consistency of the stored data, the medical professional secrecy and confidentiality, and the protection of the privacy of the patient. These properties, though of technical nature, basically require that the system is actually helpful for medical care and not harmful to patients. These later properties require in turn not only that fundamental ethical principles are not violated by employing database systems, but instead, are effectively enforced by technical means. This document reviews the existing and emerging work on the security of medical database systems. It presents in detail the related problems and requirements related to medical database security. It addresses the problems of medical database security policies, secure design methodologies and implementation techniques. It also describes the current legal framework and regulatory requirements for medical database security. The issue of medical database security guidelines is also examined in detailed. The current national and international efforts in the area are studied. It also gives an overview of the research work in the area. The document also presents in detail the most complete to our knowledge set of security guidelines for the development and operation of medical database systems.

  13. National Cyber Security Policy

    Indian Academy of Sciences (India)

    National Cyber Security Policy. Salient Features: Caters to ... Creating a secure cyber ecosystem. Creating an assurance framework. Encouraging Open Standards. Strengthening the Regulatory framework. Creating mechanisms for security threat early warning, vulnerability management and response to security threats.

  14. Statistical security for Social Security.

    Science.gov (United States)

    Soneji, Samir; King, Gary

    2012-08-01

    The financial viability of Social Security, the single largest U.S. government program, depends on accurate forecasts of the solvency of its intergenerational trust fund. We begin by detailing information necessary for replicating the Social Security Administration's (SSA's) forecasting procedures, which until now has been unavailable in the public domain. We then offer a way to improve the quality of these procedures via age- and sex-specific mortality forecasts. The most recent SSA mortality forecasts were based on the best available technology at the time, which was a combination of linear extrapolation and qualitative judgments. Unfortunately, linear extrapolation excludes known risk factors and is inconsistent with long-standing demographic patterns, such as the smoothness of age profiles. Modern statistical methods typically outperform even the best qualitative judgments in these contexts. We show how to use such methods, enabling researchers to forecast using far more information, such as the known risk factors of smoking and obesity and known demographic patterns. Including this extra information makes a substantial difference. For example, by improving only mortality forecasting methods, we predict three fewer years of net surplus, $730 billion less in Social Security Trust Funds, and program costs that are 0.66% greater for projected taxable payroll by 2031 compared with SSA projections. More important than specific numerical estimates are the advantages of transparency, replicability, reduction of uncertainty, and what may be the resulting lower vulnerability to the politicization of program forecasts. In addition, by offering with this article software and detailed replication information, we hope to marshal the efforts of the research community to include ever more informative inputs and to continue to reduce uncertainties in Social Security forecasts.

  15. On Building Secure Communication Systems

    DEFF Research Database (Denmark)

    Carvalho Quaresma, Jose Nuno

    This thesis presents the Guided System Development (GSD) framework, which aims at supporting the development of secure communication systems. A communication system is specified in a language similar to the Alice and Bob notation, a simple and intuitive language used to describe the global...... the verification and implementation of the system. The translation is semi-automatic because the developer has the option of choosing which implementation to use in order to achieve the specified security requirements. The implementation options are given by plugins defined in the framework. The framework......’s flexibility allows for the addition of constructs that model new security properties as well as new plugins that implement the security properties. In order to provide higher security assurances, the system specification can be verified by formal methods tools such as the Beliefs and Knowledge (BAK) tool...

  16. Network security

    CERN Document Server

    Perez, André

    2014-01-01

    This book introduces the security mechanisms deployed in Ethernet, Wireless-Fidelity (Wi-Fi), Internet Protocol (IP) and MultiProtocol Label Switching (MPLS) networks. These mechanisms are grouped throughout the book according to the following four functions: data protection, access control, network isolation, and data monitoring. Data protection is supplied by data confidentiality and integrity control services. Access control is provided by a third-party authentication service. Network isolation is supplied by the Virtual Private Network (VPN) service. Data monitoring consists of applying

  17. Information Security

    OpenAIRE

    2005-01-01

    Information security is all about the protection of digital assets, such as digital content, personal health records, state secrets etc. These assets can be handled by a party who is authorised to access and control the asset or a party who is not authorised to do so. Authorisation determines who is trusted to actually handle an asset. Two concepts complement authorisation. Authentication deter-mines who makes a request to handle an asset. To decide who is authorised, a system needs to au-the...

  18. Metric-Aware Secure Service Orchestration

    Directory of Open Access Journals (Sweden)

    Gabriele Costa

    2012-12-01

    Full Text Available Secure orchestration is an important concern in the internet of service. Next to providing the required functionality the composite services must also provide a reasonable level of security in order to protect sensitive data. Thus, the orchestrator has a need to check whether the complex service is able to satisfy certain properties. Some properties are expressed with metrics for precise definition of requirements. Thus, the problem is to analyse the values of metrics for a complex business process. In this paper we extend our previous work on analysis of secure orchestration with quantifiable properties. We show how to define, verify and enforce quantitative security requirements in one framework with other security properties. The proposed approach should help to select the most suitable service architecture and guarantee fulfilment of the declared security requirements.

  19. Information Security and Integrity Systems

    Science.gov (United States)

    1990-01-01

    Viewgraphs from the Information Security and Integrity Systems seminar held at the University of Houston-Clear Lake on May 15-16, 1990 are presented. A tutorial on computer security is presented. The goals of this tutorial are the following: to review security requirements imposed by government and by common sense; to examine risk analysis methods to help keep sight of forest while in trees; to discuss the current hot topic of viruses (which will stay hot); to examine network security, now and in the next year to 30 years; to give a brief overview of encryption; to review protection methods in operating systems; to review database security problems; to review the Trusted Computer System Evaluation Criteria (Orange Book); to comment on formal verification methods; to consider new approaches (like intrusion detection and biometrics); to review the old, low tech, and still good solutions; and to give pointers to the literature and to where to get help. Other topics covered include security in software applications and development; risk management; trust: formal methods and associated techniques; secure distributed operating system and verification; trusted Ada; a conceptual model for supporting a B3+ dynamic multilevel security and integrity in the Ada runtime environment; and information intelligence sciences.

  20. Requirements For Security Sector Reform Success

    Science.gov (United States)

    2016-05-26

    examination of Kenya’s economic history showed great potential in the early decades since independence with strong autocratic leaders as the driving......problems still exist today and contribute to the fragility of African states. Jeffrey Herbst states that African leaders contend with three problems

  1. Extremely secure identification documents

    International Nuclear Information System (INIS)

    Tolk, K.M.; Bell, M.

    1997-09-01

    The technology developed in this project uses biometric information printed on the document and public key cryptography to ensure that an adversary cannot issue identification documents to unauthorized individuals or alter existing documents to allow their use by unauthorized individuals. This process can be used to produce many types of identification documents with much higher security than any currently in use. The system is demonstrated using a security badge as an example. This project focused on the technologies requiring development in order to make the approach viable with existing badge printing and laminating technologies. By far the most difficult was the image processing required to verify that the picture on the badge had not been altered. Another area that required considerable work was the high density printed data storage required to get sufficient data on the badge for verification of the picture. The image processing process was successfully tested, and recommendations are included to refine the badge system to ensure high reliability. A two dimensional data array suitable for printing the required data on the badge was proposed, but testing of the readability of the array had to be abandoned due to reallocation of the budgeted funds by the LDRD office

  2. Cyber security of critical infrastructures

    Directory of Open Access Journals (Sweden)

    Leandros A. Maglaras

    2018-03-01

    Full Text Available Modern Supervisory Control and Data Acquisition (SCADA systems are essential for monitoring and managing electric power generation, transmission and distribution. In the age of the Internet of Things, SCADA has evolved into big, complex and distributed systems that are prone to be conventional in addition to new threats. Many security methods can be applied to such systems, having in mind that both high efficiency, real time intrusion identification and low overhead are required. Keywords: SCADA systems, Security

  3. Secure computing on reconfigurable systems

    OpenAIRE

    Fernandes Chaves, R.J.

    2007-01-01

    This thesis proposes a Secure Computing Module (SCM) for reconfigurable computing systems. SC provides a protected and reliable computational environment, where data security and protection against malicious attacks to the system is assured. SC is strongly based on encryption algorithms and on the attestation of the executed functions. The use of SC on reconfigurable devices has the advantage of being highly adaptable to the application and the user requirements, while providing high performa...

  4. INFORMATION SECURITY IN LOGISTICS COOPERATION

    Directory of Open Access Journals (Sweden)

    Tomasz Małkus

    2015-03-01

    Full Text Available Cooperation of suppliers of raw materials, semi-finished products, finished products, wholesalers, retailers in the form of the supply chain, as well as outsourcing of specialized logistics service require ensuring adequate support of information. It concerns the use of appropriate computer tools. The security of information in such conditions of collaboration becomes the important problem for parties of contract. The objective of the paper is to characterize main issues relating to security of information in logistics cooperation.

  5. Communication security in open health care networks.

    Science.gov (United States)

    Blobel, B; Pharow, P; Engel, K; Spiegel, V; Krohn, R

    1999-01-01

    Fulfilling the shared care paradigm, health care networks providing open systems' interoperability in health care are needed. Such communicating and co-operating health information systems, dealing with sensitive personal medical information across organisational, regional, national or even international boundaries, require appropriate security solutions. Based on the generic security model, within the European MEDSEC project an open approach for secure EDI like HL7, EDIFACT, XDT or XML has been developed. The consideration includes both securing the message in an unsecure network and the transport of the unprotected information via secure channels (SSL, TLS etc.). Regarding EDI, an open and widely usable security solution has been specified and practically implemented for the examples of secure mailing and secure file transfer (FTP) via wrapping the sensitive information expressed by the corresponding protocols. The results are currently prepared for standardisation.

  6. IAEA Nuclear Security Human Resource Development Program

    International Nuclear Information System (INIS)

    Braunegger-Guelich, A.

    2009-01-01

    The IAEA is at the forefront of international efforts to strengthen the world's nuclear security framework. The current Nuclear Security Plan for 2006-2009 was approved by the IAEA Board of Governors in September 2005. This Plan has three main points of focus: needs assessment, prevention, detection and response. Its overall objective is to achieve improved worldwide security of nuclear and other radioactive material in use, storage and transport, and of their associated facilities. This will be achieved, in particular, through the provision of guidelines and recommendations, human resource development, nuclear security advisory services and assistance for the implementation of the framework in States, upon request. The presentation provides an overview of the IAEA nuclear security human resource development program that is divided into two parts: training and education. Whereas the training program focuses on filling gaps between the actual performance of personnel working in the area of nuclear security and the required competencies and skills needed to meet the international requirements and recommendations described in UN and IAEA documents relating to nuclear security, the Educational Program in Nuclear Security aims at developing nuclear security experts and specialists, at fostering a nuclear security culture and at establishing in this way sustainable knowledge in this field within a State. The presentation also elaborates on the nuclear security computer based learning component and provides insights into the use of human resource development as a tool in achieving the IAEA's long term goal of improving sustainable nuclear security in States. (author)

  7. Security infrastructures: towards the INDECT system security

    OpenAIRE

    Stoianov, Nikolai; Urueña, Manuel; Niemiec, Marcin; Machník, Petr; Maestro, Gema

    2012-01-01

    This paper provides an overview of the security infrastructures being deployed inside the INDECT project. These security infrastructures can be organized in five main areas: Public Key Infrastructure, Communication security, Cryptography security, Application security and Access control, based on certificates and smartcards. This paper presents the new ideas and deployed testbeds for these five areas. In particular, it explains the hierarchical architecture of the INDECT PKI...

  8. Internet Banking Security Strategy: Securing Customer Trust

    OpenAIRE

    Frimpong Twum; Kwaku Ahenkora

    2012-01-01

    Internet banking strategies should enhance customers¡¯ online experiences which are affected by trust and security issues. This study provides perspectives of users and nonusers on internet banking security with a view to understanding trust and security factors in relation to adoption and continuous usage. Perception of internet banking security influenced usage intentions. Nonusers viewed internet banking to be insecure but users perceived it to be secure with perceived ease of use influenc...

  9. 33 CFR 106.235 - Maritime Security (MARSEC) Level coordination and implementation.

    Science.gov (United States)

    2010-07-01

    ... 33 Navigation and Navigable Waters 1 2010-07-01 2010-07-01 false Maritime Security (MARSEC) Level..., DEPARTMENT OF HOMELAND SECURITY MARITIME SECURITY MARINE SECURITY: OUTER CONTINENTAL SHELF (OCS) FACILITIES Outer Continental Shelf (OCS) Facility Security Requirements § 106.235 Maritime Security (MARSEC) Level...

  10. 33 CFR 105.230 - Maritime Security (MARSEC) Level coordination and implementation.

    Science.gov (United States)

    2010-07-01

    ... 33 Navigation and Navigable Waters 1 2010-07-01 2010-07-01 false Maritime Security (MARSEC) Level..., DEPARTMENT OF HOMELAND SECURITY MARITIME SECURITY MARITIME SECURITY: FACILITIES Facility Security Requirements § 105.230 Maritime Security (MARSEC) Level coordination and implementation. (a) The facility owner...

  11. 33 CFR 104.240 - Maritime Security (MARSEC) Level coordination and implementation.

    Science.gov (United States)

    2010-07-01

    ... 33 Navigation and Navigable Waters 1 2010-07-01 2010-07-01 false Maritime Security (MARSEC) Level..., DEPARTMENT OF HOMELAND SECURITY MARITIME SECURITY MARITIME SECURITY: VESSELS Vessel Security Requirements § 104.240 Maritime Security (MARSEC) Level coordination and implementation. (a) The vessel owner or...

  12. Future consumer mobile phone security: A case study using the data-centric security model

    NARCIS (Netherlands)

    van Cleeff, A.

    Consumer mobile phone security requires more attention, now that their data storage capacity is increasing. At the same time, much effort is spent on data-centric security for large enterprises. In this article we try to apply data-centric security to consumer mobile phones. We show a maturity model

  13. 75 FR 28046 - Privacy Act of 1974; Department of Homeland Security Transportation Security Administration-002...

    Science.gov (United States)

    2010-05-19

    ... security, law enforcement, immigration, intelligence, or other functions consistent with the routine uses... transportation operators, flight students, and others, where appropriate, for services related to security threat.... Enforce safety- and security-related regulations and requirements; 3. Assess and distribute intelligence...

  14. Impact of applying the more stringent validation criteria of the revised European Society of Hypertension International Protocol 2010 on earlier validation studies.

    Science.gov (United States)

    Stergiou, George S; Karpettas, Nikos; Atkins, Neil; O'Brien, Eoin

    2011-04-01

    Since 2002 when the European Society of Hypertension International Protocol (ESH-IP) was published it has become the preferred protocol for validating blood pressure monitors worldwide. In 2010, a revised version of the ESH-IP with more stringent criteria was published. This study assesses the impact of applying the revised ESH-IP criteria. A systematic literature review of ESH-IP studies reported between 2002 and 2010 was conducted. The impact of applying the ESH-IP 2010 criteria retrospectively on the data reported in these studies was investigated. The performance of the oscillometric devices in the last decade was also investigated on the basis of the ESH-IP criteria. Among 119 published studies, 112 with sufficient data were analyzed. According to ESH-IP 2002, the test device failed in 19 studies, whereas by applying the ESH-IP 2010 criteria in 28 additional studies increased the failure rate from 17 to 42%. Of these 28 studies, in 20 (71%) the test device failed at part 1 (accuracy per measurement) and in 22 (79%) at part 2 (accuracy per subject). Most of the failures involved the '5 mmHg or less' criterion. In the last decade there has been a consistent trend toward improved performance of oscillometric devices assessed on the basis of the ESH-IP criteria. This retrospective analysis shows that the stricter revised ESH-IP 2010 criteria will noticeably increase the failure rate of devices being validated. Oscillometric devices are becoming more accurate, and the revised ESH-IP by acknowledging this trend will allow more accurate devices to enter the market.

  15. Planning security for supply security

    International Nuclear Information System (INIS)

    Spies von Buellesheim.

    1994-01-01

    The situation of the hardcoal mining industry is still difficult, however better than last year. Due to better economic trends in the steel industry, though on a lower level, sales in 1994 have stabilised. Stocks are being significantly reduced. As to the production, we have nearly reached a level which has been politically agreed upon in the long run. Due to the determined action of the coalmining companies, a joint action of management and labour, the strong pressure has been mitigated. On the energy policy sector essential targets have been achieved: First of all the ECSC decision on state aid which will be in force up to the year 2002 and which will contribute to accomplish the results of the 1991 Coal Round. Furthermore, the 1994 Act on ensuring combustion of hardcoal in electricity production up to the year 2005. The hardcoal mining industry is grateful to all political decision makers for the achievements. The industry demands, however, that all questions still left open, including the procurement of financial means after 1996, should be settled soon on the basis of the new act and in accordance with the 1991 Coal Round and the energy concept of the Federal Government. German hardcoal is an indispensable factor within a balanced energy mix which guarantees the security of our energy supply, the security of the price structure and the respect of the environment. (orig.) [de

  16. 17 CFR 250.44 - Sales of securities and assets.

    Science.gov (United States)

    2010-04-01

    ... not require prior Commission approval. (c) Sales pursuant to order or plan under section 11. No... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Sales of securities and assets... Various Financial Transactions 2 § 250.44 Sales of securities and assets. (a) Sales of utility securities...

  17. 32 CFR 2400.45 - Information Security Program Review.

    Science.gov (United States)

    2010-07-01

    ... 32 National Defense 6 2010-07-01 2010-07-01 false Information Security Program Review. 2400.45... SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.45 Information Security Program Review. (a) The Director, OSTP, shall require an annual formal review of the OSTP...

  18. 33 CFR 106.255 - Security systems and equipment maintenance.

    Science.gov (United States)

    2010-07-01

    ... 33 Navigation and Navigable Waters 1 2010-07-01 2010-07-01 false Security systems and equipment... Shelf (OCS) Facility Security Requirements § 106.255 Security systems and equipment maintenance. (a) Security systems and equipment must be in good working order and inspected, tested, calibrated, and...

  19. ORACLE DATABASE SECURITY

    OpenAIRE

    Cristina-Maria Titrade

    2011-01-01

    This paper presents some security issues, namely security database system level, data level security, user-level security, user management, resource management and password management. Security is a constant concern in the design and database development. Usually, there are no concerns about the existence of security, but rather how large it should be. A typically DBMS has several levels of security, in addition to those offered by the operating system or network. Typically, a DBMS has user a...

  20. Securing energy equity

    Energy Technology Data Exchange (ETDEWEB)

    Grimsby, Lars Kare, E-mail: lars.grimsby@umb.no [Department of International Environment and Development Studies, Noragric, Norwegian University of Life Sciences, P.O. Box 5003, 1432 Aas (Norway)

    2011-11-15

    Addressing energy poverty rather than energy equity conveniently evades the problem of the gap in energy consumption per capita in the developed and developing world. For energy security policies to adequately address energy poverty it requires a widening of scope from national to global. This is a comment to the forthcoming presentation of IEA's proposition for a new architecture for financing universal modern energy access to be presented at the conference 'Energy for all-Financing access for the poor' held in Oslo in October 2011. - Highlights: > Addressing energy poverty may elude the disparity in energy consumption between rich and poor. > A minimum threshold of energy for the poor does not itself address inequity in energy consumption. > Energy equity may be secured by widening scope from national to global, from the poorest to us all.

  1. Securing energy equity

    International Nuclear Information System (INIS)

    Grimsby, Lars Kare

    2011-01-01

    Addressing energy poverty rather than energy equity conveniently evades the problem of the gap in energy consumption per capita in the developed and developing world. For energy security policies to adequately address energy poverty it requires a widening of scope from national to global. This is a comment to the forthcoming presentation of IEA's proposition for a new architecture for financing universal modern energy access to be presented at the conference 'Energy for all-Financing access for the poor' held in Oslo in October 2011. - Highlights: → Addressing energy poverty may elude the disparity in energy consumption between rich and poor. → A minimum threshold of energy for the poor does not itself address inequity in energy consumption. → Energy equity may be secured by widening scope from national to global, from the poorest to us all.

  2. Secure Dynamic Program Repartitioning

    DEFF Research Database (Denmark)

    Hansen, Rene Rydhoff; Probst, Christian

    2005-01-01

    Secure program partitioning has been introduced as a language-based technique to allow the distribution of data and computation across mutualy untrusted hosts, while at the same time guaranteeing the protection of confidential data. Programs that have been annotated with security types......, but the partitioning compiler becomes a part of the network and can recompile applications, thus alowing hosts to enter or leave the framework. We contend that this setting is superior to static partitioning, since it allows redistribution of data and computations. This is especialy beneficial if the new host alows...... data and computations to better fulfil the trust requirements of the users. Erasure Policies ensure that the original host of the redistributed data or computation does not store the data any longer....

  3. Embedding security messages in existing processes: a pragmatic and effective approach to information security culture change

    CERN Document Server

    Lopienski, Sebastian

    Companies and organizations world-wide depend more and more on IT infrastructure and operations. Computer systems store vital information and sensitive data; computing services are essential for main business processes. This high dependency comes with a number of security risks, which have to be managed correctly on technological, organizational and human levels. Addressing the human aspects of information security often boils down just to procedures, training and awareness raising. On the other hand, employees and collaborators do not adopt security attitude and habits simply when told to do so – a real change in behaviour requires an established security culture. But how to introduce a security culture? This thesis outlines the need of developing or improving security culture, and discusses how this can be done. The proposed approach is to gradually build security knowledge and awareness, and influence behaviours. The way to achieve this is to make security communication pervasive by embedding security me...

  4. Computer Security: the security marathon, part 2

    CERN Multimedia

    Computer Security Team

    2014-01-01

    Do you recall our latest article on the “Security Marathon” (see here) and why it’s wrong to believe that computer security is a sprint, that a quick hack is invulnerable, that quick bug-fixing is sufficient, that plugging security measures on top of existing structures is a good idea, that once you are secure, your life is cosy?   In fact, security is a marathon for us too. Again and again, we have felt comfortable with the security situation at CERN, with dedicated protections deployed on individual hosts, with the security measures deployed by individual service managers, with the attentiveness and vigilance of our users, and with the responsiveness of the Management. Again and again, however, we subsequently detect or receive reports that this is wrong, that protections are incomplete, that security measures are incomplete, that security awareness has dropped. Thus, unfortunately, we often have to go back to square one and address similar issues over and over...

  5. Securing the Global Airspace System Via Identity-Based Security

    Science.gov (United States)

    Ivancic, William D.

    2015-01-01

    Current telecommunications systems have very good security architectures that include authentication and authorization as well as accounting. These three features enable an edge system to obtain access into a radio communication network, request specific Quality-of-Service (QoS) requirements and ensure proper billing for service. Furthermore, the links are secure. Widely used telecommunication technologies are Long Term Evolution (LTE) and Worldwide Interoperability for Microwave Access (WiMAX) This paper provides a system-level view of network-centric operations for the global airspace system and the problems and issues with deploying new technologies into the system. The paper then focuses on applying the basic security architectures of commercial telecommunication systems and deployment of federated Authentication, Authorization and Accounting systems to provide a scalable, evolvable reliable and maintainable solution to enable a globally deployable identity-based secure airspace system.

  6. Securing India's energy future

    International Nuclear Information System (INIS)

    Raghuraman, V.

    2009-01-01

    India's development aspirations are challenged by energy security and climate change considerations. The integrated energy policy clearly deliberates the need to intensify all energy options with emphasis on maximizing indigenous coal production, harnessing hydropower, increasing adoption of renewables, intensifying hydrocarbon exploration and production and anchoring nuclear power development to meet the long-term requirements. The report also emphasizes the need to secure overseas hydrocarbon and coal assets. Subsequently the National Action Plan on climate change has underscored the need to wean away from fossil fuels, the ambitious National Solar Mission is a case in point. Ultimately securing India's energy future lies in clean coal, safe nuclear and innovative solar. Coal is the key energy option in the foreseeable future. Initiatives are needed to take lead role in clean coal technologies, in-situ coal gasification, tapping coal bed methane, coal to liquids and coal to gas technologies. There is need to intensify oil exploration by laying the road-map to open acreage to unlock the hydrocarbon potential. Pursue alternate routes based on shale, methane from marginal fields. Effectively to use oil diplomacy to secure and diversify sources of supply including trans-national pipelines and engage with friendly countries to augment strategic resources. Technologies to be accessed and developed with international co-operation and financial assistance. Public-Private Partnerships, in collaborative R and D projects need to be accelerated. Nuclear share of electricity generation capacity to be increased 6 to 7% of 63000 MW by 2031-32 and further to 25% (300000 MW) capacity by 2050 is to be realized by operationalizing the country's thorium programme. Nuclear renaissance has opened up opportunities for the Indian industry to meet not only India's requirements but also participate in the global nuclear commerce; India has the potential to emerge as a manufacturing hub

  7. Information Systems Security Audit

    OpenAIRE

    Gheorghe Popescu; Veronica Adriana Popescu; Cristina Raluca Popescu

    2007-01-01

    The article covers:Defining an information system; benefits obtained by introducing new information technologies; IT management;Defining prerequisites, analysis, design, implementation of IS; Information security management system; aspects regarding IS security policy; Conceptual model of a security system; Auditing information security systems and network infrastructure security.

  8. Information security management handbook, v.7

    CERN Document Server

    O'Hanley, Richard

    2013-01-01

    Updated annually, the Information Security Management Handbook, Sixth Edition, Volume 7 is the most comprehensive and up-to-date reference available on information security and assurance. Bringing together the knowledge, skills, techniques, and tools required of IT security professionals, it facilitates the up-to-date understanding required to stay one step ahead of evolving threats, standards, and regulations. Reporting on the latest developments in information security and recent changes to the (ISC)2(R) CISSP Common Body of Knowledge (CBK(R)), this volume features 27 new chapters on topics

  9. Guidelines for development of NASA (National Aeronautics and Space Administration) computer security training programs

    Science.gov (United States)

    Tompkins, F. G.

    1983-01-01

    The report presents guidance for the NASA Computer Security Program Manager and the NASA Center Computer Security Officials as they develop training requirements and implement computer security training programs. NASA audiences are categorized based on the computer security knowledge required to accomplish identified job functions. Training requirements, in terms of training subject areas, are presented for both computer security program management personnel and computer resource providers and users. Sources of computer security training are identified.

  10. Information security becoming a priority for utilities

    Energy Technology Data Exchange (ETDEWEB)

    Nicolaides, S. [Numerex, Atlanta, GA (United States)

    2009-10-15

    As part of North America's national critical infrastructure, utilities are finding themselves at the forefront of a security issue. In October 2007, a leading security service provider reported a 90 per cent increase in the number of hackers attempting to attack its utility clients in just one year. Utilities are vulnerable to cyber attacks that could disrupt power production and the transmission system. This article discussed the need for intelligent technologies in securely enabling resource management and operational efficiency of the utilities market. It discussed the unique security challenges that utilities face at a time of greater regulatory activity, heightened environmental concerns, tighter data security requirements and an increasing need for remote monitoring and control. A new tool has emerged for cyber security in the form of an international standard that may offer a strong guideline to work toward 11 security domains. These include security policy; organization of information security; asset management; human resources security; physical and environmental security; communications and operations management; access control; information systems acquisition; development and maintenance; information security incident management; business continuity management; and compliance. 2 figs.

  11. Modeling Security Aspects of Network

    Science.gov (United States)

    Schoch, Elmar

    With more and more widespread usage of computer systems and networks, dependability becomes a paramount requirement. Dependability typically denotes tolerance or protection against all kinds of failures, errors and faults. Sources of failures can basically be accidental, e.g., in case of hardware errors or software bugs, or intentional due to some kind of malicious behavior. These intentional, malicious actions are subject of security. A more complete overview on the relations between dependability and security can be found in [31]. In parallel to the increased use of technology, misuse also has grown significantly, requiring measures to deal with it.

  12. Holographic optical security systems

    Science.gov (United States)

    Fagan, William F.

    1990-06-01

    One of the most successful applications of Holography,in recent years,has been its use as an optical security technique.Indeed the general public's awareness of holograms has been greatly enhanced by the incorporation of holographic elements into the VISA and MASTERCHARGE credit cards.Optical techniques related to Holography,are also being used to protect the currencies of several countries against the counterfeiter. The mass production of high quality holographic images is by no means a trivial task as a considerable degree of expertise is required together with an optical laboratory and embossing machinery.This paper will present an overview of the principal holographic and related optical techniques used for security purposes.Worldwide, over thirty companies are involved in the production of security elements utilising holographic and related optical technologies.Counterfeiting of many products is a major criminal activity with severe consequences not only for the manufacturer but for the public in general as defective automobile parts,aircraft components,and pharmaceutical products, to cite only a few of the more prominent examples,have at one time or another been illegally copied.

  13. Social Security Bulletin

    Data.gov (United States)

    Social Security Administration — The Social Security Bulletin (ISSN 1937-4666) is published quarterly by the Social Security Administration. The Bulletin is prepared in the Office of Retirement and...

  14. Transportation Security Administration

    Science.gov (United States)

    ... content Official website of the Department of Homeland Security Transportation Security Administration A - Z Index Blog What Can I ... Search form Search the Site Main menu Travel Security Screening Special Procedures TSA Pre✓® Passenger Support Travel ...

  15. Security, Fraud Detection

    Indian Academy of Sciences (India)

    First page Back Continue Last page Overview Graphics. Secure. Secure. Server – Intruder prevention/detection; Network – Encryption, PKI; Client - Secure. Fraud detection based on audit trails. Automatic alerts like credit-card alerts based on suspicious patterns.

  16. USCG Security Plan Review

    Data.gov (United States)

    Department of Homeland Security — The Security Plan Review module is intended for vessel and facility operators to check on the status of their security plans submitted to the US Coast Guard. A MISLE...

  17. Cyberspace security system

    Science.gov (United States)

    Abercrombie, Robert K; Sheldon, Frederick T; Ferragut, Erik M

    2014-06-24

    A system evaluates reliability, performance and/or safety by automatically assessing the targeted system's requirements. A cost metric quantifies the impact of failures as a function of failure cost per unit of time. The metrics or measurements may render real-time (or near real-time) outcomes by initiating active response against one or more high ranked threats. The system may support or may be executed in many domains including physical domains, cyber security domains, cyber-physical domains, infrastructure domains, etc. or any other domains that are subject to a threat or a loss.

  18. Knowledge-based computer security advisor

    International Nuclear Information System (INIS)

    Hunteman, W.J.; Squire, M.B.

    1991-01-01

    The rapid expansion of computer security information and technology has included little support to help the security officer identify the safeguards needed to comply with a policy and to secure a computing system. This paper reports that Los Alamos is developing a knowledge-based computer security system to provide expert knowledge to the security officer. This system includes a model for expressing the complex requirements in computer security policy statements. The model is part of an expert system that allows a security officer to describe a computer system and then determine compliance with the policy. The model contains a generic representation that contains network relationships among the policy concepts to support inferencing based on information represented in the generic policy description

  19. Security challenges for virtualization in cloud

    International Nuclear Information System (INIS)

    Tayab, A.

    2015-01-01

    Virtualization is a model that is vastly growing in IT industry. Virtualization provides more than one logical resource in one single physical machine. Infrastructure use cloud services and on behalf of virtualization, cloud computing is also a rapidly growing model of IT industry. Cloud provider and cloud user, both remain ignorant of each other's security. Since virtualization and cloud computing are rapidly expanding and becoming more and more complex in infrastructure, more security is required to protect them from potential attacks and security threats. Virtualization provides various benefits in terms of hardware utilization, resources protection, remote access and other resources. This paper intends to discuss the common exploits of security uses in the virtualized environment and focuses on the security threats from the attacker's perspective. This paper discuss the major areas of virtualized model environment and also address the security concerns. And finally presents a solution for secure valorization in IT infrastructure and to protect inter communication of virtual machines. (author)

  20. Enhancing Critical Infrastructure and Key Resources (CIKR) Level-0 Physical Process Security Using Field Device Distinct Native Attribute Features

    Energy Technology Data Exchange (ETDEWEB)

    Lopez, Juan [Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States); Liefer, Nathan C. [Wright-Patterson AFB, Dayton, OH (United States); Busho, Colin R. [Wright-Patterson AFB, Dayton, OH (United States); Temple, Michael A. [Wright-Patterson AFB, Dayton, OH (United States)

    2017-12-04

    Here, the need for improved Critical Infrastructure and Key Resource (CIKR) security is unquestioned and there has been minimal emphasis on Level-0 (PHY Process) improvements. Wired Signal Distinct Native Attribute (WS-DNA) Fingerprinting is investigated here as a non-intrusive PHY-based security augmentation to support an envisioned layered security strategy. Results are based on experimental response collections from Highway Addressable Remote Transducer (HART) Differential Pressure Transmitter (DPT) devices from three manufacturers (Yokogawa, Honeywell, Endress+Hauer) installed in an automated process control system. Device discrimination is assessed using Time Domain (TD) and Slope-Based FSK (SB-FSK) fingerprints input to Multiple Discriminant Analysis, Maximum Likelihood (MDA/ML) and Random Forest (RndF) classifiers. For 12 different classes (two devices per manufacturer at two distinct set points), both classifiers performed reliably and achieved an arbitrary performance benchmark of average cross-class percent correct of %C > 90%. The least challenging cross-manufacturer results included near-perfect %C ≈ 100%, while the more challenging like-model (serial number) discrimination results included 90%< %C < 100%, with TD Fingerprinting marginally outperforming SB-FSK Fingerprinting; SB-FSK benefits from having less stringent response alignment and registration requirements. The RndF classifier was most beneficial and enabled reliable selection of dimensionally reduced fingerprint subsets that minimize data storage and computational requirements. The RndF selected feature sets contained 15% of the full-dimensional feature sets and only suffered a worst case %CΔ = 3% to 4% performance degradation.

  1. Foundational aspects of security

    DEFF Research Database (Denmark)

    Chatzikokolakis, Konstantinos; Mödersheim, Sebastian Alexander; Palamidessi, Catuscia

    2014-01-01

    This Special Issue of the Journal of Computer Security focuses on foundational aspects of security, which in recent years have helped change much of the way we think about and approach system security.......This Special Issue of the Journal of Computer Security focuses on foundational aspects of security, which in recent years have helped change much of the way we think about and approach system security....

  2. Security guide for subcontractors

    Energy Technology Data Exchange (ETDEWEB)

    Adams, R.C.

    1991-01-01

    This security guide of the Department of Energy covers contractor and subcontractor access to DOE and Mound facilities. The topics of the security guide include responsibilities, physical barriers, personnel identification system, personnel and vehicular access controls, classified document control, protecting classified matter in use, storing classified matter repository combinations, violations, security education clearance terminations, security infractions, classified information nondisclosure agreement, personnel security clearances, visitor control, travel to communist-controlled or sensitive countries, shipment security, and surreptitious listening devices.

  3. 7 CFR 273.6 - Social security numbers.

    Science.gov (United States)

    2010-01-01

    ... 7 Agriculture 4 2010-01-01 2010-01-01 false Social security numbers. 273.6 Section 273.6... normally uses the Receipt of Application for a Social Security Number, Form SSA-5028, as evidence that an... security numbers. (a) Requirements for participation. The State agency shall require that a household...

  4. Routing architecture and security for airborne networks

    Science.gov (United States)

    Deng, Hongmei; Xie, Peng; Li, Jason; Xu, Roger; Levy, Renato

    2009-05-01

    Airborne networks are envisioned to provide interconnectivity for terrestial and space networks by interconnecting highly mobile airborne platforms. A number of military applications are expected to be used by the operator, and all these applications require proper routing security support to establish correct route between communicating platforms in a timely manner. As airborne networks somewhat different from traditional wired and wireless networks (e.g., Internet, LAN, WLAN, MANET, etc), security aspects valid in these networks are not fully applicable to airborne networks. Designing an efficient security scheme to protect airborne networks is confronted with new requirements. In this paper, we first identify a candidate routing architecture, which works as an underlying structure for our proposed security scheme. And then we investigate the vulnerabilities and attack models against routing protocols in airborne networks. Based on these studies, we propose an integrated security solution to address routing security issues in airborne networks.

  5. Personnel Security Investigations -

    Data.gov (United States)

    Department of Transportation — This data set contains the types of background investigations, decisions, level of security clearance, date of security clearance training, and credentials issued to...

  6. Design and realization of a network security model

    OpenAIRE

    WANG, Jiahai; HAN, Fangxi; Tang, Zheng; TAMURA, Hiroki; Ishii, Masahiro

    2002-01-01

    The security of information is a key problem in the development of network technology. The basic requirements of security of information clearly include confidentiality, integrity, authentication and non-repudiation. This paper proposes a network security model that is composed of security system, security connection and communication, and key management. The model carries out encrypting, decrypting, signature and ensures confidentiality, integrity, authentication and non-repudiation. Finally...

  7. RFID Based Security Access Control System with GSM Technology

    OpenAIRE

    Peter Adole; Joseph M. Môm; Gabriel A. Igwue

    2016-01-01

    The security challenges being encountered in many places today require electronic means of controlling access to secured premises in addition to the available security personnel. Various technologies were used in different forms to solve these challenges. The Radio Frequency Identification (RFID) Based Access Control Security system with GSM technology presented in this work helps to prevent unauthorized access to controlled environments (secured premises). This is achieved mainly...

  8. A Research Agenda for Security Engineering

    Directory of Open Access Journals (Sweden)

    Rich Goyette

    2013-08-01

    Full Text Available Despite nearly 30 years of research and application, the practice of information system security engineering has not yet begun to exhibit the traits of a rigorous scientific discipline. As cyberadversaries have become more mature, sophisticated, and disciplined in their tradecraft, the science of security engineering has not kept pace. The evidence of the erosion of our digital security – upon which society is increasingly dependent – appears in the news almost daily. In this article, we outline a research agenda designed to begin addressing this deficit and to move information system security engineering toward a mature engineering discipline. Our experience suggests that there are two key areas in which this movement should begin. First, a threat model that is actionable from the perspectives of risk management and security engineering should be developed. Second, a practical and relevant security-measurement framework should be developed to adequately inform security-engineering and risk-management processes. Advances in these areas will particularly benefit business/government risk assessors as well as security engineers performing security design work, leading to more accurate, meaningful, and quantitative risk analyses and more consistent and coherent security design decisions. Threat modelling and security measurement are challenging activities to get right – especially when they need to be applied in a general context. However, these are decisive starting points because they constitute the foundation of a scientific security-engineering practice. Addressing these challenges will require stronger and more coherent integration between the sub-disciplines of risk assessment and security engineering, including new tools to facilitate that integration. More generally, changes will be required in the way security engineering is both taught and practiced to take into account the holistic approach necessary from a mature, scientific

  9. Análise comparativa do registro médico-pericial do diagnóstico de transtornos mentais de segurados do Instituto Nacional do Seguro Social requerentes de auxílio-doença Comparative analysis of the expertise recordings of mental disorders diagnoses of secured citizens of the Brazilian National Institute of Social Security requiring sickness benefit

    Directory of Open Access Journals (Sweden)

    Adriana Kelmer Siano

    2010-01-01

    Full Text Available OBJETIVOS: Analisar comparativamente os registros médico-periciais dos diagnósticos de segurados do INSS requerentes de auxílio-doença apresentando transtorno mental. MÉTODO: Estudo retrospectivo de registros de perícias iniciais realizadas em agências da Previdência Social de Juiz de Fora, MG, entre julho/2004 e dezembro/2006. Foram realizadas análises bivariadas de acordo com o local de realização da perícia, categoria de perito médico examinador e período da avaliação RESULTADOS: Transtornos depressivos leves ou moderados e transtornos persistentes do humor (39,6% e os transtornos de ansiedade (34,5% - quadros mais leves que não comprometeriam tanto a capacidade laborativa - foram os diagnósticos mais frequentemente registrados. Dentre as comorbidades, transtornos mentais foram mais frequentes (33,6% que quadros clínicos, especialmente na agência Riachuelo, entre peritos concursados após 2005 e no quarto período estudado. A concordância entre o diagnóstico do benefício atual e o do benefício anterior foi baixa, inferior a 50% na maioria dos casos, mesmo para transtornos mentais graves e com características clínicas mais bem definidas, como as psicoses. A maior taxa de concordância ocorreu com os transtornos por uso de substâncias psicoativas entre peritos credenciados (66,7%. CONCLUSÃO: Este estudo evidencia possíveis falhas no treinamento dos peritos médicos de Juiz de Fora no que se refere ao registro do diagnóstico dos transtornos mentais dos segurados avaliados.OBJECTIVES: Comparative analysis of the expertise recordings of diagnoses of the secured citizens of the Brazilian National Institute of Social Security (INSS requiring sickness benefit and presenting mental disorders. METHOD: Retrospective study of the recordings of initial expertise examinations performed in the INSS offices in Juiz de Fora, MG, Brazil, between July/2004 and December/2006. Bivariate analyses according to the site where the

  10. Security 2020 Reduce Security Risks This Decade

    CERN Document Server

    Howard, Doug; Schneier, Bruce

    2010-01-01

    Identify real security risks and skip the hype After years of focusing on IT security, we find that hackers are as active and effective as ever. This book gives application developers, networking and security professionals, those that create standards, and CIOs a straightforward look at the reality of today's IT security and a sobering forecast of what to expect in the next decade. It debunks the media hype and unnecessary concerns while focusing on the knowledge you need to combat and prioritize the actual risks of today and beyond.IT security needs are constantly evolving; this guide examine

  11. Management of Information Security in Financial Accounting

    OpenAIRE

    Aurel Serb; Constantin Baron; Nicoleta Magdalena Iacob; Costinela-Luminita Defta

    2014-01-01

    Security issues in financial accounting are complex, and the risks are often difficult to stipulate, even for experts. The issues presented in this article try to be formed in a contribution to the consolidation of problems in the field of risk, and former vulnerabilities in cyber security in financial accounting. The use of an information security management system became a requirement for organizations because on the states began adopting mandatory data protection legislation and informatio...

  12. Keystone Business Models for Network Security Processors

    OpenAIRE

    Arthur Low; Steven Muegge

    2013-01-01

    Network security processors are critical components of high-performance systems built for cybersecurity. Development of a network security processor requires multi-domain experience in semiconductors and complex software security applications, and multiple iterations of both software and hardware implementations. Limited by the business models in use today, such an arduous task can be undertaken only by large incumbent companies and government organizations. Neither the “fabless semiconductor...

  13. CAR SECURITY ENHANCEMENT IN PARKING AREAS

    OpenAIRE

    NANYONGA BERINDA; AYESIGA LINDSEY PATRA; BYEKWASO FAISAL; NATULINDA LADAN

    2017-01-01

    Over time, car thefts have been reported within Kampala parking areas. This has been majorly due to inefficient security measures of the available parking systems which focus mainly on the car and not the driver, making parking management a challenge. The focus of this survey was to explore the requirements of a new system called Car to Driver Matching Security System to enhance security of cars in Kampala, in particular, from the experience of 15 people. The data collected was then analyzed ...

  14. IP Security für Linux

    OpenAIRE

    Parthey, Mirko

    2001-01-01

    Die Nutzung des Internet für sicherheitskritische Anwendungen erfordert kryptographische Schutzmechanismen. IP Security (IPsec) definiert dafür geeignete Protokolle. Diese Arbeit gibt einen Überblick über IPsec. Eine IPsec-Implementierung für Linux (FreeS/WAN) wird auf Erweiterbarkeit und Praxistauglichkeit untersucht. Using the Internet in security-critical areas requires cryptographic protection, for which IP Security (IPsec) defines suitable protocols. This paper gives an overview of IP...

  15. Adversary characterization for security system evaluation

    International Nuclear Information System (INIS)

    Suber, L.A. Jr.

    1976-04-01

    Evaluation of security systems effectiveness requires a definition of adversary capabilities, but an objective basis for such a definition has been lacking. A system of adversary attributes is proposed in which any desired adversary may be synthesized by selection of the appropriate level of capability from each attribute or category. In use, the synthesized adversaries will be pitted against a security system in an evaluation model, thus allowing comparison of other adversary or security system configurations

  16. Technologies to counter aviation security threats

    Science.gov (United States)

    Karoly, Steve

    2017-11-01

    The Aviation and Transportation Security Act (ATSA) makes TSA responsible for security in all modes of transportation, and requires that TSA assess threats to transportation, enforce security-related regulations and requirements, and ensure the adequacy of security measures at airports and other transportation facilities. Today, TSA faces a significant challenge and must address a wide range of commercial, military grade, and homemade explosives and these can be presented in an infinite number of configurations and from multiple vectors. TSA screens 2 million passengers and crew, and screens almost 5 million carry-on items and 1.2 million checked bags daily. As TSA explores new technologies for improving efficiency and security, those on the forefront of research and development can help identify unique and advanced methods to combat terrorism. Research and Development (R&D) drives the development of future technology investments that can address an evolving adversary and aviation threat. The goal is to rethink the aviation security regime in its entirety, and rather than focusing security at particular points in the enterprise, distribute security from the time a reservation is made to the time a passenger boards the aircraft. The ultimate objective is to reengineer aviation security from top to bottom with a continued focus on increasing security throughout the system.

  17. The corporate security professional

    DEFF Research Database (Denmark)

    Petersen, Karen Lund

    2013-01-01

    In our age of globalization and complex threat environments, every business is called upon to manage security. This tendency is reflected in the fact that a wide range of businesses increasingly think about security in broad terms and strive to translate national security concerns into corporate...... speech. This article argues that the profession of the security manager has become central for understanding how the relationship between national and corporate security is currently negotiated. The national security background of most private sector security managers makes the corporate security...... professional inside the company a powerful hybrid agent. By zooming in on the profession and the practice of national security inside companies, the article raises questions about where to draw the line between corporate security and national security along with the political consequences of the constitution...

  18. Security guide for subcontractors

    Energy Technology Data Exchange (ETDEWEB)

    Adams, R.C.

    1993-06-01

    This guide is provided to aid in the achievement of security objectives in the Department of Energy (DOE) contractor/subcontractor program. The objectives of security are to protect information that, if released, would endanger the common defense and security of the nation and to safeguard plants and installations of the DOE and its contractors to prevent the interruption of research and production programs. The security objective and means of achieving the objective are described. Specific security measures discussed in this guide include physical barriers, personnel identification systems, personnel and vehicular access control, classified document control, protection of classified matter in use, storing classified matter, and repository combinations. Means of dealing with security violations and security infractions are described. Maintenance of a security education program is discussed. Also discussed are methods of handling clearance terminations, visitor control, travel to sensitive countries, and shipment security. The Technical Surveillance Countermeasures Program (TSCM), the Computer Security Program, and the Operations Security Plan (OPSEC) are examined.

  19. AP1000 Design for Security

    International Nuclear Information System (INIS)

    Long, L.B.; Cummins, W.E.; Winters, J.W.

    2006-01-01

    Nuclear power plants are protected from potential security threats through a combination of robust structures around the primary system and other vital equipment, security systems and equipment, and defensive strategy. The overall objective for nuclear power plant security is to protect public health and safety by ensuring that attacks or sabotage do not challenge the ability to safely shutdown the plant or protect from radiological releases. In addition, plants have systems, features and operational strategies to cope with external conditions, such as loss of offsite power, which could be created as part of an attack. Westinghouse considered potential security threats during design of the AP1000 PWR. The differences in plant configuration, safety system design, and safe shutdown equipment between existing plants and AP1000 affect potential vulnerabilities. This paper provides an evaluation of AP1000 with respect to vulnerabilities to security threats. The AP1000 design differs from the design of operating PWRs in the US in the configuration and the functional requirements for safety systems. These differences are intentional departures from conventional PWR designs which simplify plant design and enhance overall safety. The differences between the AP1000 PWR and conventional PWRs can impact vulnerabilities to security threats. The NRC addressed security concerns as part of their reviews for AP1000 Design Certification, and did not identify any security issues of concern. However, much of the detailed security design information for the AP1000 was deferred to the combined Construction and Operating License (COL) phase as many of the security issues are site-specific. Therefore, NRC review of security issues related to the AP1000 is not necessarily complete. Further, since the AP1000 plant design differs from existing PWRs, it is not obvious that the analyses and assessments prepared for existing plants also apply to the AP1000. We conclude that, overall, the AP1000

  20. Handbook for the Computer Security Certification of Trusted Systems

    National Research Council Canada - National Science Library

    Weissman, Clark

    1995-01-01

    Penetration testing is required for National Computer Security Center (NCSC) security evaluations of systems and products for the B2, B3, and A1 class ratings of the Trusted Computer System Evaluation Criteria (TCSEC...

  1. 33 CFR 105.210 - Facility personnel with security duties.

    Science.gov (United States)

    2010-07-01

    ... to threaten security; (d) Techniques used to circumvent security measures; (e) Crowd management and... effects, baggage, cargo, and vessel stores; and (m) The meaning and the consequential requirements of the...

  2. Review on Cyber Security Programs for NPP Application

    Energy Technology Data Exchange (ETDEWEB)

    Oh, Eung Se [KEPRI, Daejeon (Korea, Republic of)

    2010-10-15

    Increased history records of cyber security (CS) attacks and concerns for computers and networks technical mishaps pull out cyber security to open places. In spite of secrete nature of security, transparent and shared knowledge of many security features are more required at modern plant floors. Korea Institute of Nuclear Safety (KINS), US Government and Nuclear Regulatory Commission (NRC) requested to develop cyber security plans and enforce their implementing to the NPPs. [KINS; CFR; RG 5.71] This paper reviews various cyber security guidelines and suggests an applicable cyber security program development models during the life cycle of NPP's Instrumentation and Control (I and C) systems

  3. Review on Cyber Security Programs for NPP Application

    International Nuclear Information System (INIS)

    Oh, Eung Se

    2010-01-01

    Increased history records of cyber security (CS) attacks and concerns for computers and networks technical mishaps pull out cyber security to open places. In spite of secrete nature of security, transparent and shared knowledge of many security features are more required at modern plant floors. Korea Institute of Nuclear Safety (KINS), US Government and Nuclear Regulatory Commission (NRC) requested to develop cyber security plans and enforce their implementing to the NPPs. [KINS] [CFR] [RG 5.71] This paper reviews various cyber security guidelines and suggests an applicable cyber security program development models during the life cycle of NPP's Instrumentation and Control (I and C) systems

  4. The nature of international health security.

    Science.gov (United States)

    Chiu, Ya-Wen; Weng, Yi-Hao; Su, Yi-Yuan; Huang, Ching-Yi; Chang, Ya-Chen; Kuo, Ken N

    2009-01-01

    Health issues occasionally intersect security issues. Health security has been viewed as an essential part of human security. Policymakers and health professionals, however, do not share a common definition of health security. This article aims to characterize the notions of health security in order to clarify what constitutes the nexus of health and security. The concept of health security has evolved over time so that it encompasses many entities. Analyzing the health reports of four multilateral organizations (the United Nations, World Health Organization, Asia-Pacific Economic Cooperation, and the European Union) produced eight categories of most significant relevance to contemporary health security, allowing comparison of the definitions. The four categories are: emerging diseases; global infectious disease; deliberate release of chemical and biological materials; violence, conflict, and humanitarian emergencies. Two other categories of common concern are natural disasters and environmental change, as well as chemical and radioactive accidents. The final two categories, food insecurity and poverty, are discussed less frequently. Nevertheless, food security is emerging as an increasingly important issue in public health. Health security is the first line of defence against health emergencies. As globalization brings more complexities, dealing with the increased scale and extent of health security will require greater international effort and political support.

  5. Soil Security Assessment of Tasmania

    Science.gov (United States)

    Field, Damien; Kidd, Darren; McBratney, Alex

    2017-04-01

    The concept of soil security aligns well with the aspirational and marketing policies of the Tasmanian Government, where increased agricultural expansion through new irrigation schemes and multiple-use State managed production forests co-exists beside pristine World Heritage conservation land, a major drawcard of the economically important tourism industry . Regarding the Sustainable Development Gaols (SDG's) this could be seen as a exemplar of the emerging tool for quantification of spatial soil security to effectively protect our soil resource in terms of food (SDG 2.4, 3.9) and water security (SDG 6.4, 6.6), biodiversity maintenance and safeguarding fragile ecosystems (SDG 15.3, 15.9). The recent development and application of Digital Soil Mapping and Assessment capacities in Tasmania to stimulate agricultural production and better target appropriate soil resources has formed the foundational systems that can enable the first efforts in quantifying and mapping Tasmanian Soil Security, in particular the five Soil Security dimensions (Capability, Condition, Capital, Codification and Connectivity). However, to provide a measure of overall soil security, it was necessary to separately assess the State's three major soil uses; Agriculture, Conservation and Forestry. These products will provide an indication of where different activities are sustainable or at risk, where more soil data is needed, and provide a tool to better plan for a State requiring optimal food and fibre production, without depleting its natural soil resources and impacting on the fragile ecosystems supporting environmental benefits and the tourism industry.

  6. Secure Storage Architectures

    Energy Technology Data Exchange (ETDEWEB)

    Aderholdt, Ferrol [Tennessee Technological University; Caldwell, Blake A [ORNL; Hicks, Susan Elaine [ORNL; Koch, Scott M [ORNL; Naughton, III, Thomas J [ORNL; Pogge, James R [Tennessee Technological University; Scott, Stephen L [Tennessee Technological University; Shipman, Galen M [ORNL; Sorrillo, Lawrence [ORNL

    2015-01-01

    help with this issue, which are a particular instances of the more general challenge of efficient host/guest IO that is the focus of interfaces like virtio. A collection of bridging technologies have been identified in Chapter 4, which can be helpful to overcome the limitations and challenges of supporting efficient storage for secure enclaves. The synthesis of native filesystem security mechanisms and bridging technologies led to an isolation-centric storage architecture that is proposed in Chapter 5, which leverages isolation mechanisms from different layers to facilitate secure storage for an enclave. Recommendations: The following highlights recommendations from the investigations done thus far. - The Lustre filesystem offers excellent performance but does not support some security related features, e.g., encryption, that are included in GPFS. If encryption is of paramount importance, then GPFS may be a more suitable choice. - There are several possible Lustre related enhancements that may provide functionality of use for secure-enclaves. However, since these features are not currently integrated, the use of Lustre as a secure storage system may require more direct involvement (support). (*The network that connects the storage subsystem and users, e.g., Lustre s LNET.) - The use of OpenStack with GPFS will be more streamlined than with Lustre, as there are available drivers for GPFS. - The Manilla project offers Filesystem as a Service for OpenStack and is worth further investigation. Manilla has some support for GPFS. - The proposed Lustre enhancement of Dynamic-LNET should be further investigated to provide more dynamic changes to the storage network which could be used to isolate hosts and their tenants. - The Linux namespaces offer a good solution for creating efficient restrictions to shared HPC filesystems. However, we still need to conduct a thorough round of storage/filesystem benchmarks. - Vendor products should be more closely reviewed, possibly to

  7. Commercial Security on the Internet.

    Science.gov (United States)

    Liddy, Carrie

    1996-01-01

    Discusses commercial security on the Internet and explains public key technology as successfully melding the conflicting requirements of openness for practical business applications and isolation and confidentiality for protection of data. Examples of public key value-added products are described, including encryption, digital signature and…

  8. Security Technologies for Open Networking Environments (STONE)

    Energy Technology Data Exchange (ETDEWEB)

    Muftic, Sead

    2005-03-31

    -domain scenarios is supported by a set of security engines that represent the core of the Federated Identities Management Server, which is also an extension of the Domain Security Server. The Federated Identity Management server allows users to federate their identities or terminate the federation between the service provider and the identity provider. At the service provider web site, the users are offered a list of identity providers to which they can choose to federate their identities. After users federate their identity, they can perform Single Sign-On protocol in an environment of federated domains. The group security system consists of a number of security technologies under a unified architecture, which supports creation of secure groups and execution of secure group transactions and applications in an open networking environment. The system is based on extensions of the GSAKMP standard for group key distribution and management. The Top layer is the Security Infrastructure with the Security Management and Administration System components and protocols that provide security functions common to all secure network applications The Middle layer is the Secure Group Protocols and Applications layer, consisting of the Policy and Group Key Distribution Server and Web-based (thin) Client. The Bottom layer is the supporting Middleware Security Platform, the cryptographic platform already described above. The group security system is designed to perform the functions necessary to create secure groups and enable secure group applications. Specifically, the system can manage group roles, create and disseminate a group security policy, perform authentication and authorization of users using PKI certificates and Web services security, generate group keys, and recover from compromises. In accordance with the GSAKMP standard, the group security system must perform all the required group life-cycle functions: group definition, group establishment, group maintenance, and group removal. The

  9. 76 FR 78009 - Information Collection; Implementation of Information Technology Security Provision

    Science.gov (United States)

    2011-12-15

    ...] Information Collection; Implementation of Information Technology Security Provision AGENCY: General Services... collection requirement regarding Implementation of Information Technology Security Provision. Public comments... Information Collection 3090- 0294, Implementation of Information Technology Security Provision, by any of the...

  10. Review analysis of properties for an ideal secure biometric template scheme

    CSIR Research Space (South Africa)

    Mzila, Phiwa

    2016-02-01

    Full Text Available privacy and system security. To mitigate this problem, various biometric protection techniques have been proposed. Most of these schemes aim to satisfy diversity, revocability, security and performance properties, as requirements for ideal secured...

  11. The role of Securities and Exchange Commission (S.E.C.) in public ...

    African Journals Online (AJOL)

    ... to invest in any security, the Securities and Exchange Commission requires ... may easily take advantage of investors, where correct and timely information ... Investment and securities business in Nigeria is carried out in the capital market.

  12. Using the safety/security interface to the security manager's advantage

    International Nuclear Information System (INIS)

    Stapleton, B.W.

    1993-01-01

    Two aspects of the safety/security interface are discussed: (1) the personal safety of nuclear security officers; and (2) how the security manager can effectively deal with the safety/security interface in solving today's requirements yet supporting the overall mission of the facility. The basis of this presentation is the result of interviews, document analyses, and observations. The conclusion is that proper planning and communication between the players involved in the security/safety interface can benefit the two programs and help achieve overall system integration, ultimately contributing to the bottom line. This is especially important in today's cost conscious environment

  13. Physical security of nuclear facilities

    International Nuclear Information System (INIS)

    Dixon, H.

    1987-01-01

    A serious problem with present security systems at nuclear facilities is that the threats and standards prepared by the NRC and DOE are general, and the field offices are required to develop their own local threats and, on that basis, to prepared detailed specifications for security systems at sites in their jurisdiction. As a result, the capabilities of the systems vary across facilities. Five steps in particular are strongly recommended as corrective measures: 1. Those agencies responsible for civil nuclear facilities should jointly prepare detailed threat definitions, operational requirements, and equipment specifications to protect generic nuclear facilities, and these matters should be issued as policy. The agencies should provide sufficient detail to guide the design of specific security systems and to identify candidate components. 2. The DOE, NRC, and DOD should explain to Congress why government-developed security and other military equipment are not used to upgrade existing security systems and to stock future ones. 3. Each DOE and NRC facility should be assessed to determine the impact on the size of the guard force and on warning time when personnel-detecting radars and ground point sensors are installed. 4. All security guards and technicians should be investigated for the highest security clearance, with reinvestigations every four years. 5. The processes and vehicles used in intrafacility transport of nuclear materials should be evaluated against a range of threats and attack scenarios, including violent air and vehicle assaults. All of these recommendations are feasible and cost-effective. The appropriate congressional subcommittees should direct that they be implemented as soon as possible

  14. Untangle network security

    CERN Document Server

    El-Bawab, Abd El-Monem A

    2014-01-01

    If you are a security engineer or a system administrator and want to secure your server infrastructure with the feature-rich Untangle, this book is for you. For individuals who want to start their career in the network security field, this book would serve as a perfect companion to learn the basics of network security and how to implement it using Untangle NGFW.

  15. Arguing Against Security Communitarianism

    DEFF Research Database (Denmark)

    Bilgin, Pinar

    2016-01-01

    Anthony Burke’s ‘security cosmopolitanism’ is a fresh and thought-provoking contribution to critical theorizing about security. In this discussion piece, I would like to join Burke’s call for ‘security cosmopolitanism’ by way of arguing against ‘security communitarianism’. I understand the latter...

  16. Security research roadmap

    Energy Technology Data Exchange (ETDEWEB)

    Rouhiainen, V. (ed.)

    2007-02-15

    VTT has a broad range of security research ongoing in many areas of technology. The main areas have been concentrating on public safety and security, but VTT is also participating in several research projects related to defence technology. To identify and define expertise and research goals in more detail, the Security research roadmap was developed. The roadmap identified three particularly significant areas related to security. The assurance of a critical infrastructure emphasises the protection of energy networks, information networks, water supply, traffic and transport, and obviously also the citizens. For assuring the activities of entrepreneurship, significant areas include the security of production and services, the security of sites and assets, and information security for embedded systems. The most important security products and technologies needed are, for example, management of total security, detection, identification, localisation and communication, protection of information networks and systems, as well as physical protection. In the EU's Security programme, which aims at ensuring the security of society and its vital functions, it is stated that. Technology alone can not assure security, but security can not be assured without the support of technology. VTT is conducting security research in all its areas of expertise and clusters. The area has a significant research potential. The development of products and systems designed for the improvement of security has just started. There is still room for innovation. This report presents knowledge and development needs in more detail, as well as future development potential seen in the area of security. (orig.)

  17. Information security risk assessment, aggregation, and mitigation

    NARCIS (Netherlands)

    Lenstra, A.K.; Voss, T.; Wang, H.; Pieprzyk, J.; Varadharajan, V.

    2004-01-01

    As part of their compliance process with the Basel 2 operational risk management requirements, banks must define how they deal with information security risk management. In this paper we describe work in progress on a new quantitative model to assess and aggregate information security risks that is

  18. 27 CFR 18.19 - Security.

    Science.gov (United States)

    2010-04-01

    ... 27 Alcohol, Tobacco Products and Firearms 1 2010-04-01 2010-04-01 false Security. 18.19 Section 18.19 Alcohol, Tobacco Products and Firearms ALCOHOL AND TOBACCO TAX AND TRADE BUREAU, DEPARTMENT OF THE... Provisions Document Requirements § 18.19 Security. The concentrate plant and equipment will be so constructed...

  19. Synthesis of securement device options and strategies

    Science.gov (United States)

    2002-03-01

    The Americans with Disabilities Act of 1990 (ADA) requires that public transit vehicles be equipped with securement location(s) and device(s) that are able to secure common wheelchairs," as defined in the ADA regulations. The definition and size spec...

  20. Fermilab Security Site Access Request Database

    Science.gov (United States)

    Fermilab Security Site Access Request Database Use of the online version of the Fermilab Security Site Access Request Database requires that you login into the ESH&Q Web Site. Note: Only Fermilab generated from the ESH&Q Section's Oracle database on May 27, 2018 05:48 AM. If you have a question

  1. 7 CFR 1735.22 - Loan security.

    Science.gov (United States)

    2010-01-01

    ... 7 Agriculture 11 2010-01-01 2010-01-01 false Loan security. 1735.22 Section 1735.22 Agriculture... GENERAL POLICIES, TYPES OF LOANS, LOAN REQUIREMENTS-TELECOMMUNICATIONS PROGRAM Loan Purposes and Basic Policies § 1735.22 Loan security. (a) RUS makes loans only if, in the judgment of the Administrator, the...

  2. Cyber Security--Are You Prepared?

    Science.gov (United States)

    Newman, Scott

    2007-01-01

    During the summer 2002 term, Oklahoma State University-Okmulgee's Information Technologies Division offered a one credit-hour network security course--which barely had adequate student interest to meet the institution's enrollment requirements. Today, OSU-Okmulgee boasts one of the nation's premier cyber security programs. Many prospective…

  3. 12 CFR 703.11 - Valuing securities.

    Science.gov (United States)

    2010-01-01

    ... credit union must obtain either price quotations on the security from at least two broker-dealers or a price quotation on the security from an industry-recognized information provider. This requirement to obtain price quotations does not apply to new issues purchased at par or at original issue discount. (b...

  4. Critical Perspective on ASEAN's Security Policy Under ASEAN Political and Security Community

    Directory of Open Access Journals (Sweden)

    Irawan Jati

    2016-03-01

    Full Text Available   Despite economic integration challenges, ASEAN faces greater security challenges. It is obvious to assert that a stable economic development requires a secure regional atmosphere. The most probable threats against ASEAN are ranging from hostile foreign entities infiltration, intra and inter states disputes, radical religious movements, human trafficking, drugs and narcotics smuggling, cybercrimes and environmental disasters. In 2009, ASEAN established the ASEAN Political and Security Community as the umbrella of ASEAN’s political and security initiatives. APSC slots in some significant fora; ASEAN Intergovernmental Commission on Human Rights (AICHR, ASEAN Foreign Ministers Meeting (AMM,  ASEAN Regional Forum (ARF, ASEAN Defense Minister’s Meeting (ADMM, ASEAN Law Ministers Meeting (ALAWMM, and ASEAN Ministerial Meeting on Transnational Crimes (AMMTC. The wide array of these forums signify ASEAN efforts to confront double features of security; the traditional and nontraditional or critical security. The traditional security considers state security as the primary object security. While the critical security tends to focus on non-state aspects such as individual human being as its referent object. Even though some argue that APSC has been able to preserve the stability in the region, it still lack of confidence in solving critical issues such as territorial disputes and irregular migrants problems.Therefore, this piece would examine the fundamental questions: How does ASEAN address beyond state security issues in its security policy through APSC? To search for the answer this paper would apply critical security studies approach. Critical security posits that threats are not always for the states but in many cases for the people. Based on the examination of ASEAN security policies, this paper argues that ASEAN’s security policy has touched the non-traditional security issues but showing slow progress on its development and application. 

  5. 17 CFR 41.2 - Required records.

    Science.gov (United States)

    2010-04-01

    ... 17 Commodity and Securities Exchanges 1 2010-04-01 2010-04-01 false Required records. 41.2 Section 41.2 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION SECURITY FUTURES PRODUCTS General Provisions § 41.2 Required records. A designated contract market or registered derivatives...

  6. IAEA nuclear security program

    Energy Technology Data Exchange (ETDEWEB)

    Ek, D. [International Atomic Energy Agency, Vienna (Austria)

    2006-07-01

    Although nuclear security is a State responsibility, it is nevertheless an international concern, as the consequences of a nuclear security incident would have worldwide impact. These concerns have resulted in the development of numerous international instruments on nuclear security since the terrorist events in the USA on September 11, 2001. The IAEA Office of Nuclear Security has been charged to assist Member States to improvement their nuclear security and to meet the intent of these international obligations in order to ensure a cohesive thread of nuclear security protects the global community. The programs underway and planned by the Office of Nuclear Security will be discussed in this paper. (author)

  7. IAEA nuclear security program

    International Nuclear Information System (INIS)

    Ek, D.

    2006-01-01

    Although nuclear security is a State responsibility, it is nevertheless an international concern, as the consequences of a nuclear security incident would have worldwide impact. These concerns have resulted in the development of numerous international instruments on nuclear security since the terrorist events in the USA on September 11, 2001. The IAEA Office of Nuclear Security has been charged to assist Member States to improvement their nuclear security and to meet the intent of these international obligations in order to ensure a cohesive thread of nuclear security protects the global community. The programs underway and planned by the Office of Nuclear Security will be discussed in this paper. (author)

  8. Professional Cocoa Application Security

    CERN Document Server

    Lee, Graham J

    2010-01-01

    The first comprehensive security resource for Mac and iPhone developers. The Mac platform is legendary for security, but consequently, Apple developers have little appropriate security information available to help them assure that their applications are equally secure. This Wrox guide provides the first comprehensive go-to resource for Apple developers on the available frameworks and features that support secure application development.: While Macs are noted for security, developers still need to design applications for the Mac and the iPhone with security in mind; this guide offers the first

  9. Lecture 2: Software Security

    CERN Multimedia

    CERN. Geneva

    2013-01-01

    Computer security has been an increasing concern for IT professionals for a number of years, yet despite all the efforts, computer systems and networks remain highly vulnerable to attacks of different kinds. Design flaws and security bugs in the underlying software are among the main reasons for this. This lecture addresses the following question: how to create secure software? The lecture starts with a definition of computer security and an explanation of why it is so difficult to achieve. It then introduces the main security principles (like least-privilege, or defense-in-depth) and discusses security in different phases of the software development cycle. The emphasis is put on the implementation part: most common pitfalls and security bugs are listed, followed by advice on best practice for security development, testing and deployment. Sebastian Lopienski is CERN’s deputy Computer Security Officer. He works on security strategy and policies; offers internal consultancy and audit services; develops and ...

  10. Concepts and Practices of Cooperative Security

    DEFF Research Database (Denmark)

    Keating, Vincent; Wheeler, Nicholas J

    2013-01-01

    This chapter considers how the security dilemma can be overcome in ways that promote cooperation and even trust, mitigating or transcending the international uncertainty that can otherwise inhibit interstate cooperation. It argues that there are two mechanisms to create the trust necessary...... for the development of a security community, Charles Osgood's GRIT strategy and a unilateral 'leap of trust.' Both of these, however, initially require elites to develop security dilemma sensibility. The long-term stability of security communities is fundamentally linked to the presence of embedded trust among...

  11. Improved verification methods for OVI security ink

    Science.gov (United States)

    Coombs, Paul G.; Markantes, Tom

    2000-04-01

    Together, OVP Security Pigment in OVI Security Ink, provide an excellent method of overt banknote protection. The effective use of overt security feature requires an educated public. The rapid rise in computer-generated counterfeits indicates that consumers are not as educate das to banknote security features as they should be. To counter the education issue, new methodologies have been developed to improve the validation of banknotes using the OVI ink feature itself. One of the new methods takes advantage of the overt nature of the product's optically variable effect. Another method utilizes the unique optical interference characteristics provided by the OVP platelets.

  12. Security for multi-hop wireless networks

    CERN Document Server

    Mahmoud, Mohamed M E A

    2014-01-01

    This Springer Brief discusses efficient security protocols and schemes for multi-hop wireless networks. It presents an overview of security requirements for these networks, explores challenges in securing networks and presents system models. The authors introduce mechanisms to reduce the overhead and identify malicious nodes that drop packets intentionally. Also included is a new, efficient cooperation incentive scheme to stimulate the selfish nodes to relay information packets and enforce fairness. Many examples are provided, along with predictions for future directions of the field. Security

  13. A Container-based Trusted Multi-level Security Mechanism

    Directory of Open Access Journals (Sweden)

    Li Xiao-Yong

    2017-01-01

    Full Text Available Multi-level security mechanism has been widely applied in the military, government, defense and other domains in which information is required to be divided by security-level. Through this type of security mechanism, users at different security levels are provided with information at corresponding security levels. Traditional multi-level security mechanism which depends on the safety of operating system finally proved to be not practical. We propose a container-based trusted multi-level security mechanism in this paper to improve the applicability of the multi-level mechanism. It guarantees multi-level security of the system through a set of multi-level security policy rules and trusted techniques. The technical feasibility and application scenarios are also discussed. The ease of realization, strong practical significance and low cost of our method will largely expand the application of multi-level security mechanism in real life.

  14. Open source systems security certification

    CERN Document Server

    Damiani, Ernesto; El Ioini, Nabil

    2009-01-01

    Open Source Advances in Computer Applications book series provides timely technological and business information for: Enabling Open Source Systems (OSS) to become an integral part of systems and devices produced by technology companies; Inserting OSS in the critical path of complex network development and embedded products, including methodologies and tools for domain-specific OSS testing (lab code available), plus certification of security, dependability and safety properties for complex systems; Ensuring integrated systems, including OSS, meet performance and security requirements as well as achieving the necessary certifications, according to the overall strategy of OSS usage on the part of the adopter

  15. Considerations on Cyber Security Assessments of Korean Nuclear Power Plants

    International Nuclear Information System (INIS)

    Lee, Jung-Woon; Song, Jae-Gu; Han, Kyung-Soo; Lee, Cheol Kwon; Kang, Mingyun

    2015-01-01

    Korea Institute of Nuclear Nonproliferation and Control (KINAC) has prepared the regulatory standard RS-015 based on RG 5.71. RS-015 defines the elements of a cyber security program to be established in nuclear facilities and describes the security control items and relevant requirements. Cyber security assessments are important initial activities in a cyber security program for NPPs. Cyber security assessments can be performed in the following key steps: 1) Formation of a cyber security assessment team (CSAT); 2) Identification of critical systems and critical digital assets (CDAs); 3) Plant compliance checks with the security control requirements in RS-015. Through the assessments, the current status of security controls applied to NPPs can be found out. The assessments provide baseline data for remedial activities. Additional analyses with the results from the assessments should be performed before the implementation of remedial security controls. The cyber security team at the Korea Atomic Energy Research Institute (KAERI) has studied how to perform cyber security assessments for NPPs based on the regulatory requirements. Recently, KAERI's cyber security team has performed pilot cyber security assessments of a Korean NPP. Based on this assessment experience, considerations and checkpoints which would be helpful for full-scale cyber security assessments of Korean NPPs and the implementation of remedial security controls are discussed in this paper. Cyber security assessment is one of important and immediate activities for NPP cyber security. The quality of the first assessment will be a barometer for NPP cyber security. Hence cyber security assessments of Korean NPPs should be performed elaborately

  16. Considerations on Cyber Security Assessments of Korean Nuclear Power Plants

    Energy Technology Data Exchange (ETDEWEB)

    Lee, Jung-Woon; Song, Jae-Gu; Han, Kyung-Soo; Lee, Cheol Kwon [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of); Kang, Mingyun [E-Gonggam Co. Ltd., Daejeon (Korea, Republic of)

    2015-10-15

    Korea Institute of Nuclear Nonproliferation and Control (KINAC) has prepared the regulatory standard RS-015 based on RG 5.71. RS-015 defines the elements of a cyber security program to be established in nuclear facilities and describes the security control items and relevant requirements. Cyber security assessments are important initial activities in a cyber security program for NPPs. Cyber security assessments can be performed in the following key steps: 1) Formation of a cyber security assessment team (CSAT); 2) Identification of critical systems and critical digital assets (CDAs); 3) Plant compliance checks with the security control requirements in RS-015. Through the assessments, the current status of security controls applied to NPPs can be found out. The assessments provide baseline data for remedial activities. Additional analyses with the results from the assessments should be performed before the implementation of remedial security controls. The cyber security team at the Korea Atomic Energy Research Institute (KAERI) has studied how to perform cyber security assessments for NPPs based on the regulatory requirements. Recently, KAERI's cyber security team has performed pilot cyber security assessments of a Korean NPP. Based on this assessment experience, considerations and checkpoints which would be helpful for full-scale cyber security assessments of Korean NPPs and the implementation of remedial security controls are discussed in this paper. Cyber security assessment is one of important and immediate activities for NPP cyber security. The quality of the first assessment will be a barometer for NPP cyber security. Hence cyber security assessments of Korean NPPs should be performed elaborately.

  17. 46 CFR 295.23 - Reporting requirements.

    Science.gov (United States)

    2010-10-01

    ... OPERATORS MARITIME SECURITY PROGRAM (MSP) Maritime Security Program Operating Agreements § 295.23 Reporting... (such as facsimile and Internet) for transmission of required information to MARAD, if practicable.]: (a...

  18. Quality of protection evaluation of security mechanisms.

    Science.gov (United States)

    Ksiezopolski, Bogdan; Zurek, Tomasz; Mokkas, Michail

    2014-01-01

    Recent research indicates that during the design of teleinformatic system the tradeoff between the systems performance and the system protection should be made. The traditional approach assumes that the best way is to apply the strongest possible security measures. Unfortunately, the overestimation of security measures can lead to the unreasonable increase of system load. This is especially important in multimedia systems where the performance has critical character. In many cases determination of the required level of protection and adjustment of some security measures to these requirements increase system efficiency. Such an approach is achieved by means of the quality of protection models where the security measures are evaluated according to their influence on the system security. In the paper, we propose a model for QoP evaluation of security mechanisms. Owing to this model, one can quantify the influence of particular security mechanisms on ensuring security attributes. The methodology of our model preparation is described and based on it the case study analysis is presented. We support our method by the tool where the models can be defined and QoP evaluation can be performed. Finally, we have modelled TLS cryptographic protocol and presented the QoP security mechanisms evaluation for the selected versions of this protocol.

  19. Quality of Protection Evaluation of Security Mechanisms

    Science.gov (United States)

    Ksiezopolski, Bogdan; Zurek, Tomasz; Mokkas, Michail

    2014-01-01

    Recent research indicates that during the design of teleinformatic system the tradeoff between the systems performance and the system protection should be made. The traditional approach assumes that the best way is to apply the strongest possible security measures. Unfortunately, the overestimation of security measures can lead to the unreasonable increase of system load. This is especially important in multimedia systems where the performance has critical character. In many cases determination of the required level of protection and adjustment of some security measures to these requirements increase system efficiency. Such an approach is achieved by means of the quality of protection models where the security measures are evaluated according to their influence on the system security. In the paper, we propose a model for QoP evaluation of security mechanisms. Owing to this model, one can quantify the influence of particular security mechanisms on ensuring security attributes. The methodology of our model preparation is described and based on it the case study analysis is presented. We support our method by the tool where the models can be defined and QoP evaluation can be performed. Finally, we have modelled TLS cryptographic protocol and presented the QoP security mechanisms evaluation for the selected versions of this protocol. PMID:25136683

  20. Problem of Information Security Traffic on Internet

    Directory of Open Access Journals (Sweden)

    Slavko Šarić

    2012-10-01

    Full Text Available Internet information traffic becomes greater and moreimportant. With increasing growth of information importancerequirement for its security becomes indispensable. Theinformation security problem especially affect large and smallcompanies whose prosperity is depending on Internet presence.This affecting the three areas of Internet commerce: credit cardtransactions, virtual private networks and digital certification.To ensure information traffic it is necessary to find a solution,in a proper way, for three major problems: frontier problem,market problem and government problem. While the eventualemergence of security standards for Internet transactions isexpected, it will not automatically result in secure Internettransactions. In future, there is a wealth of security issues thatwill continue to require attention: internal security, continuedhacking, social engineering, malicious code, reliability andperformance, skills shortages and denial of se1vice attacks.

  1. Information security protecting the global enterprise

    CERN Document Server

    Pipkin, Donald L

    2000-01-01

    In this book, IT security expert Donald Pipkin addresses every aspect of information security: the business issues, the technical process issues, and the legal issues. Pipkin starts by reviewing the key business issues: estimating the value of information assets, evaluating the cost to the organization if they are lost or disclosed, and determining the appropriate levels of protection and response to security incidents. Next, he walks through the technical processes required to build a consistent, reasonable information security system, with appropriate intrusion detection and reporting features. Finally, Pipkin reviews the legal issues associated with information security, including corporate officers' personal liability for taking care that information is protected. The book's coverage is applicable to businesses of any size, from 50 employees to 50,000 or more, and ideal for everyone who needs at least a basic understanding of information security: network/system administrators, managers, planners, archite...

  2. Security model for VM in cloud

    Science.gov (United States)

    Kanaparti, Venkataramana; Naveen K., R.; Rajani, S.; Padmvathamma, M.; Anitha, C.

    2013-03-01

    Cloud computing is a new approach emerged to meet ever-increasing demand for computing resources and to reduce operational costs and Capital Expenditure for IT services. As this new way of computation allows data and applications to be stored away from own corporate server, it brings more issues in security such as virtualization security, distributed computing, application security, identity management, access control and authentication. Even though Virtualization forms the basis for cloud computing it poses many threats in securing cloud. As most of Security threats lies at Virtualization layer in cloud we proposed this new Security Model for Virtual Machine in Cloud (SMVC) in which every process is authenticated by Trusted-Agent (TA) in Hypervisor as well as in VM. Our proposed model is designed to with-stand attacks by unauthorized process that pose threat to applications related to Data Mining, OLAP systems, Image processing which requires huge resources in cloud deployed on one or more VM's.

  3. Radioactive source security: the cultural challenges

    International Nuclear Information System (INIS)

    Englefield, Chris

    2015-01-01

    Radioactive source security is an essential part of radiation protection. Sources can be abandoned, lost or stolen. If they are stolen, they could be used to cause deliberate harm and the risks are varied and significant. There is a need for a global security protection system and enhanced capability to achieve this. The establishment of radioactive source security requires 'cultural exchanges'. These exchanges include collaboration between: radiation protection specialists and security specialists; the nuclear industry and users of radioactive sources; training providers and regulators/users. This collaboration will facilitate knowledge and experience exchange for the various stakeholder groups, beyond those already provided. This will promote best practice in both physical and information security and heighten security awareness generally. Only if all groups involved are prepared to open their minds to listen to and learn from, each other will a suitable global level of control be achieved. (authors)

  4. International Legal Framework for Nuclear Security

    International Nuclear Information System (INIS)

    Moore, G.M.

    2010-01-01

    The responsibility for nuclear security rests entirely with each State. There is no single international instrument that addresses nuclear security in a comprehensive manner. The legal foundation for nuclear security comprises international instruments and recognized principles that are implemented by national authorities. Security systems at the national level will contribute to a strengthened and more universal system of nuclear security at the international level. The binding security treaties are; Convention on the Physical Protection of Nuclear Material, the 2005 amendment thereto, Safeguards Agreements between the Agency and states required in Connection with the Treaty on the Non-Proliferation of Nuclear Weapons. Model Protocol additional to agreement(s) between State(s) and the Agency for the application of Safeguards Convention on Early Notification of a Nuclear Accident, Convention on Assistance in the Case of a Nuclear Accident or Radiological Emergency, Convention on Nuclear Safety, Joint Convention on the Safety of Spent Fuel Management and on the Safety of Radioactive Waste Management

  5. Competitive Cyber-Insurance and Internet Security

    Science.gov (United States)

    Shetty, Nikhil; Schwartz, Galina; Felegyhazi, Mark; Walrand, Jean

    This paper investigates how competitive cyber-insurers affect network security and welfare of the networked society. In our model, a user's probability to incur damage (from being attacked) depends on both his security and the network security, with the latter taken by individual users as given. First, we consider cyberinsurers who cannot observe (and thus, affect) individual user security. This asymmetric information causes moral hazard. Then, for most parameters, no equilibrium exists: the insurance market is missing. Even if an equilibrium exists, the insurance contract covers only a minor fraction of the damage; network security worsens relative to the no-insurance equilibrium. Second, we consider insurers with perfect information about their users' security. Here, user security is perfectly enforceable (zero cost); each insurance contract stipulates the required user security. The unique equilibrium contract covers the entire user damage. Still, for most parameters, network security worsens relative to the no-insurance equilibrium. Although cyber-insurance improves user welfare, in general, competitive cyber-insurers fail to improve network security.

  6. Energy security of supply under EU climate policies

    International Nuclear Information System (INIS)

    Groenenberg, H.; Wetzelaer, B.J.H.W.

    2006-12-01

    The implications of various climate policies for the security of supply in the EU-25 were investigated. The security of supply was quantified using the Supply/Demand (S/D) Index. This index aggregates quantitative information on a country's energy system into one single figure. It takes a value between 0 and 100, with higher values indicating a more secure energy system. The S/D Index was calculated for the year 2020 based on the information in a series of policy scenarios, including a baseline (S/D Index 50.7), an energy efficiency scenario (53.8), two renewable energy scenarios (52.6 and 53.3) and two scenarios with combined policies (55.9 and 55.6).The S/D Index proved a useful indicator for assessing the implications of climate policies for the security of supply. As climate policies become more stringent, CO2 index fall, and the S/D index increases. The magnitude of the changes in the two indices is not always similar however. Major falls in CO2 indices in the order of 20% for two scenarios with combined energy efficiency and renewable energy polices lead to less noteworthy improvements in the associated S/D indices. Nevertheless, this combination of policies leads to the greatest improvements in the security of supply

  7. BIOTECHNOLOGY CAN IMPROVE FOOD SECURITY IN AFRICA ...

    African Journals Online (AJOL)

    BIOTECHNOLOGY CAN IMPROVE FOOD SECURITY IN AFRICA. ... and capacity to innovate and patent new materials as well as enforce biosafety requirements. In order for countries to access biotechnology products or technologies, it will ...

  8. Strategy to Enhance International Supply Chain Security

    National Research Council Canada - National Science Library

    2007-01-01

    .... at 1901, 1903, October 13, 2006) which require the development of a strategic plan to enhance the security of the international supply chain, including protocols for the expeditious resumption of the flow of trade following...

  9. Securing military information systems on public infrastructure

    CSIR Research Space (South Africa)

    Botha, P

    2015-03-01

    Full Text Available to set up in time for scenarios which require real time information. This may force communications to utilise public infrastructure. Securing communications for military mobile and Web based systems over public networks poses a greater challenge compared...

  10. Foundations for Security Aware Software Development Education

    National Research Council Canada - National Science Library

    McDonald, Jeffrey T

    2005-01-01

    .... In this paper, we show how rigorous coding techniques should be woven into the fabric of computer science curriculum and ultimately should be distinguished from requirements-driven security techniques...

  11. Macro Security Methodology for Conducting Facility Security and Sustainability Assessments

    International Nuclear Information System (INIS)

    Herdes, Greg A.; Freier, Keith D.; Wright, Kyle A.

    2007-01-01

    Pacific Northwest National Laboratory (PNNL) has developed a macro security strategy that not only addresses traditional physical protection systems, but also focuses on sustainability as part of the security assessment and management process. This approach is designed to meet the needs of virtually any industry or environment requiring critical asset protection. PNNL has successfully demonstrated the utility of this macro security strategy through its support to the NNSA Office of Global Threat Reduction implementing security upgrades at international facilities possessing high activity radioactive sources that could be used in the assembly of a radiological dispersal device, commonly referred to as a 'dirty bomb'. Traditional vulnerability assessments provide a snap shot in time of the effectiveness of a physical protection system without significant consideration to the sustainability of the component elements that make up the system. This paper describes the approach and tools used to integrate technology, plans and procedures, training, and sustainability into a simple, quick, and easy-to-use security assessment and management tool.

  12. Defining Information Security.

    Science.gov (United States)

    Lundgren, Björn; Möller, Niklas

    2017-11-15

    This article proposes a new definition of information security, the 'Appropriate Access' definition. Apart from providing the basic criteria for a definition-correct demarcation and meaning concerning the state of security-it also aims at being a definition suitable for any information security perspective. As such, it bridges the conceptual divide between so-called 'soft issues' of information security (those including, e.g., humans, organizations, culture, ethics, policies, and law) and more technical issues. Because of this it is also suitable for various analytical purposes, such as analysing possible security breaches, or for studying conflicting attitudes on security in an organization. The need for a new definition is demonstrated by pointing to a number of problems for the standard definition type of information security-the so-called CIA definition. Besides being too broad as well as too narrow, it cannot properly handle the soft issues of information security, nor recognize the contextual and normative nature of security.

  13. Managing Cisco network security

    CERN Document Server

    Knipp, Eric

    2002-01-01

    An in-depth knowledge of how to configure Cisco IP network security is a MUST for anyone working in today''s internetworked world"There''s no question that attacks on enterprise networks are increasing in frequency and sophistication..."-Mike Fuhrman, Cisco Systems Manager, Security ConsultingManaging Cisco Network Security, Second Edition offers updated and revised information covering many of Cisco''s security products that provide protection from threats, detection of network security incidents, measurement of vulnerability and policy compliance and management of security policy across an extended organization. These are the tools that network administrators have to mount defenses against threats. Chapters also cover the improved functionality and ease of the Cisco Secure Policy Manger software used by thousands of small-to-midsized businesses and a special section on the Cisco Aironet Wireless Security Solutions.Security from a real-world perspectiveKey coverage of the new technologies offered by the Cisc...

  14. Web Services Security - Implementation and Evaluation Issues

    Science.gov (United States)

    Pimenidis, Elias; Georgiadis, Christos K.; Bako, Peter; Zorkadis, Vassilis

    Web services development is a key theme in the utilization the commercial exploitation of the semantic web. Paramount to the development and offering of such services is the issue of security features and they way these are applied in instituting trust amongst participants and recipients of the service. Implementing such security features is a major challenge to developers as they need to balance these with performance and interoperability requirements. Being able to evaluate the level of security offered is a desirable feature for any prospective participant. The authors attempt to address the issues of security requirements and evaluation criteria, while they discuss the challenges of security implementation through a simple web service application case.

  15. Do you write secure code?

    CERN Multimedia

    Computer Security Team

    2011-01-01

    At CERN, we are excellent at producing software, such as complex analysis jobs, sophisticated control programs, extensive monitoring tools, interactive web applications, etc. This software is usually highly functional, and fulfils the needs and requirements as defined by its author. However, due to time constraints or unintentional ignorance, security aspects are often neglected. Subsequently, it was even more embarrassing for the author to find out that his code flawed and was used to break into CERN computers, web pages or to steal data…   Thus, if you have the pleasure or task of producing software applications, take some time before and familiarize yourself with good programming practices. They should not only prevent basic security flaws in your code, but also improve its readability, maintainability and efficiency. Basic rules for good programming, as well as essential books on proper software development, can be found in the section for software developers on our security we...

  16. Almaraz ovation control system security

    Energy Technology Data Exchange (ETDEWEB)

    Madronal Rodriguez, E.; Anderson, E.; Jimenez Diaz, J.; Carrasco Mateos, J. A.

    2013-07-01

    Improving the security of a plant's Distributed Control System (DCS) is an important consideration for plant safety and profitability, as well as the necessity to comply with the regulation. The U.S. Nuclear Regulatory Commission has produced Regulatory Guide (RG) 5.71, and the Nuclear Energy Institute (NEI) has produced NEI 08-09 to assist plants in meeting 10 CFR 73.54, Protection of digital computer and communication systems and networks. These requirements, which address the establishment, implementation and maintenance of a cyber security program, present challenges to ensure that safety, security and emergency preparedness functions of nuclear facilities are not negatively impacted by the vulnerability scanning and testing process.

  17. Almaraz ovation control system security

    International Nuclear Information System (INIS)

    Madronal Rodriguez, E.; Anderson, E.; Jimenez Diaz, J.; Carrasco Mateos, J. A.

    2013-01-01

    Improving the security of a plant's Distributed Control System (DCS) is an important consideration for plant safety and profitability, as well as the necessity to comply with the regulation. The U.S. Nuclear Regulatory Commission has produced Regulatory Guide (RG) 5.71, and the Nuclear Energy Institute (NEI) has produced NEI 08-09 to assist plants in meeting 10 CFR 73.54, Protection of digital computer and communication systems and networks. These requirements, which address the establishment, implementation and maintenance of a cyber security program, present challenges to ensure that safety, security and emergency preparedness functions of nuclear facilities are not negatively impacted by the vulnerability scanning and testing process.

  18. Physical security in multinational nuclear-fuel-cycle operations

    International Nuclear Information System (INIS)

    Willrich, M.

    1977-01-01

    Whether or not multinationalization will reduce or increase risks of theft or sabotage will depend on the form and location of the enterprise, the precise nature of the physical security arrangements applied to the enterprise, and the future course of crime and terrorism in the nuclear age. If nuclear operations are multinationalized, the host government is likely to insist on physical security measures that are at least as stringent as those for a national or private enterprise subject to its jurisdiction. At the same time, the other participants will want to be sure the host government, as well as criminal groups, do not steal nuclear material from the facility. If designed to be reasonably effective, the physical security arrangements at a multinational nuclear enterprise seem likely to reduce the risk that any participating government will seek to divert material from the facility for use in a nuclear weapons program. Hence, multinationalization and physical security will both contribute to reducing the risks of nuclear weapons proliferation to additional governments. If economic considerations dominate the timing, scale and location of fuel-cycle facilities, the worldwide nuclear power industry is likely to develop along lines where the problems of physical security will be manageable. If, however, nuclear nationalism prevails, and numerous small-scale facilities become widely dispersed, the problem of security against theft and sabotage may prove to be unmanageable. It is ironic, although true, that in attempting to strengthen its security by pursuing self-sufficiency in nuclear power, a nation may be reducing its internal security against criminal terrorists

  19. Establishing a National Nuclear Security Support Centre

    International Nuclear Information System (INIS)

    2014-02-01

    The responsibility for creating and sustaining a nuclear security regime for the protection of nuclear and other radiological material clearly belongs to the State. The nuclear security regime resembles the layers of an onion, with the equipment and personnel securing the borders and ports representing the outer layer, and nuclear power, research reactors and nuclear medicine facilities representing the inner layers, and the actual target material representing the core. Components of any nuclear security regime include not only technological systems, but the human resources needed to manage, operate, administer and maintain equipment, including hardware and software. This publication provides practical guidance on the establishment and maintenance of a national nuclear security support centre (NSSC) as a means to ensure nuclear security sustainability in a State. An NSSC's basic purpose is to provide a national focal point for passing ownership of nuclear security knowledge and associated technical skills to the competent authorities involved in nuclear security. It describes processes and methodologies that can be used by a State to analyse the essential elements of information in a manner that allows several aspects of long term, systemic sustainability of nuclear security to be addressed. Processes such as the systematic approach to training, sometimes referred to as instructional system design, are the cornerstone of the NSSC concept. Proper analysis can provide States with data on the number of personnel requiring training and instructors needed, scale and scope of training, technical and scientific support venues, and details on the type and number of training aids or simulators required so that operational systems are not compromised in any way. Specific regulatory guidance, equipment or technology lists, or specifications/design of protection systems are not included in this publication. For such details, the following IAEA publications should be consulted

  20. Security classification of information

    Energy Technology Data Exchange (ETDEWEB)

    Quist, A.S.

    1993-04-01

    This document is the second of a planned four-volume work that comprehensively discusses the security classification of information. The main focus of Volume 2 is on the principles for classification of information. Included herein are descriptions of the two major types of information that governments classify for national security reasons (subjective and objective information), guidance to use when determining whether information under consideration for classification is controlled by the government (a necessary requirement for classification to be effective), information disclosure risks and benefits (the benefits and costs of classification), standards to use when balancing information disclosure risks and benefits, guidance for assigning classification levels (Top Secret, Secret, or Confidential) to classified information, guidance for determining how long information should be classified (classification duration), classification of associations of information, classification of compilations of information, and principles for declassifying and downgrading information. Rules or principles of certain areas of our legal system (e.g., trade secret law) are sometimes mentioned to .provide added support to some of those classification principles.