WorldWideScience

Sample records for technology security risk

  1. Managing information technology security risk

    Science.gov (United States)

    Gilliam, David

    2003-01-01

    Information Technology (IT) Security Risk Management is a critical task for the organization to protect against the loss of confidentiality, integrity and availability of IT resources. As systems bgecome more complex and diverse and and attacks from intrusions and malicious content increase, it is becoming increasingly difficult to manage IT security risk. This paper describes a two-pronged approach in addressing IT security risk and risk management in the organization: 1) an institutional enterprise appraoch, and 2) a project life cycle approach.

  2. Security Risks and Modern Cyber Security Technologies for Corporate Networks

    CERN Document Server

    Gharibi, Wajeb

    2011-01-01

    This article aims to highlight current trends on the market of corporate antivirus solutions. Brief overview of modern security threats that can destroy IT environment is provided as well as a typical structure and features of antivirus suits for corporate users presented on the market. The general requirements for corporate products are determined according to the last report from av-comparatives.org [1]. The detailed analysis of new features is provided based on an overview of products available on the market nowadays. At the end, an enumeration of modern trends in antivirus industry for corporate users completes this article. Finally, the main goal of this article is to stress an attention about new trends suggested by AV vendors in their solutions in order to protect customers against newest security threats.

  3. Reducing security risk using data loss prevention technology.

    Science.gov (United States)

    Beeskow, John

    2015-11-01

    Data loss/leakage protection (DLP) technology seeks to improve data security by answering three fundamental questions: > Where are confidential data stored? > Who is accessing the information? > How are data being handled?

  4. Selecting Security Technology Providers

    Science.gov (United States)

    Schneider, Tod

    2009-01-01

    The world of security technology holds great promise, but it is fraught with opportunities for expensive missteps and misapplications. The quality of the security technology consultants and system integrators one uses will have a direct bearing on how well his school masters this complex subject. Security technology consultants help determine…

  5. Digital security technology simplified.

    Science.gov (United States)

    Scaglione, Bernard J

    2007-01-01

    Digital security technology is making great strides in replacing analog and other traditional security systems including CCTV card access, personal identification and alarm monitoring applications. Like any new technology, the author says, it is important to understand its benefits and limitations before purchasing and installing, to ensure its proper operation and effectiveness. This article is a primer for security directors on how digital technology works. It provides an understanding of the key components which make up the foundation for digital security systems, focusing on three key aspects of the digital security world: the security network, IP cameras and IP recorders.

  6. School Security Technologies

    Science.gov (United States)

    Schneider, Tod

    2010-01-01

    Over the past decade electronic security technology has evolved from an exotic possibility into an essential safety consideration. Before resorting to high-tech security solutions, school officials should think carefully about the potential for unintended consequences. Technological fixes may be mismatched to the problems being addressed. They can…

  7. Surviving security how to integrate people, process, and technology

    CERN Document Server

    Andress, Amanda

    2003-01-01

    WHY DO I NEED SECURITY? Introduction The Importance of an Effective Security Infrastructure People, Process, and Technology What Are You Protecting Against? Types of Attacks Types of Attackers Security as a Competitive Advantage Choosing a Solution Finding Security Employees The Layered Approach UNDERSTANDING REQUIREMENTS AND RISK What Is Risk? Embracing Risk Information Security Risk Assessment Assessing Risk Insurance SECURITY POLICIES AND PROCEDURES Internal Focus Is Key Security Awareness and Education Policy Life Cycle Developing Policies Components of a Security Policy Sample Security Po

  8. Technology Empowerment: Security Challenges.

    Energy Technology Data Exchange (ETDEWEB)

    Warren, Drake Edward [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Backus, George A. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Jones, Wendell [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Nelson, Thomas R. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Skocypec, Russell D. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)

    2017-03-01

    Technology empowerment” means that innovation is increasingly accessible to ordinary people of limited means. As powerful technologies become more affordable and accessible, and as people are increasingly connected around the world, ordinary people are empowered to participate in the process of innovation and share the fruits of collaborative innovation. This annotated briefing describes technology empowerment and focuses on how empowerment may create challenges to U.S. national security. U.S. defense research as a share of global innovation has dwindled in recent years. With technology empowerment, the role of U.S. defense research is likely to shrink even further while technology empowerment will continue to increase the speed of innovation. To avoid falling too far behind potential technology threats to U.S. national security, U.S. national security institutions will need to adopt many of the tools of technology empowerment.

  9. Privacy and information security risks in a technology platform for home-based chronic disease rehabilitation and education.

    Science.gov (United States)

    Henriksen, Eva; Burkow, Tatjana M; Johnsen, Elin; Vognild, Lars K

    2013-08-09

    Privacy and information security are important for all healthcare services, including home-based services. We have designed and implemented a prototype technology platform for providing home-based healthcare services. It supports a personal electronic health diary and enables secure and reliable communication and interaction with peers and healthcare personnel. The platform runs on a small computer with a dedicated remote control. It is connected to the patient's TV and to a broadband Internet. The platform has been tested with home-based rehabilitation and education programs for chronic obstructive pulmonary disease and diabetes. As part of our work, a risk assessment of privacy and security aspects has been performed, to reveal actual risks and to ensure adequate information security in this technical platform. Risk assessment was performed in an iterative manner during the development process. Thus, security solutions have been incorporated into the design from an early stage instead of being included as an add-on to a nearly completed system. We have adapted existing risk management methods to our own environment, thus creating our own method. Our method conforms to ISO's standard for information security risk management. A total of approximately 50 threats and possible unwanted incidents were identified and analysed. Among the threats to the four information security aspects: confidentiality, integrity, availability, and quality; confidentiality threats were identified as most serious, with one threat given an unacceptable level of High risk. This is because health-related personal information is regarded as sensitive. Availability threats were analysed as low risk, as the aim of the home programmes is to provide education and rehabilitation services; not for use in acute situations or for continuous health monitoring. Most of the identified threats are applicable for healthcare services intended for patients or citizens in their own homes. Confidentiality

  10. Securing smart grid technology

    Science.gov (United States)

    Chaitanya Krishna, E.; Kosaleswara Reddy, T.; Reddy, M. YogaTeja; Reddy G. M., Sreerama; Madhusudhan, E.; AlMuhteb, Sulaiman

    2013-03-01

    In the developing countries electrical energy is very important for its all-round improvement by saving thousands of dollars and investing them in other sector for development. For Growing needs of power existing hierarchical, centrally controlled grid of the 20th Century is not sufficient. To produce and utilize effective power supply for industries or people we should have Smarter Electrical grids that address the challenges of the existing power grid. The Smart grid can be considered as a modern electric power grid infrastructure for enhanced efficiency and reliability through automated control, high-power converters, modern communications infrastructure along with modern IT services, sensing and metering technologies, and modern energy management techniques based on the optimization of demand, energy and network availability and so on. The main objective of this paper is to provide a contemporary look at the current state of the art in smart grid communications as well as critical issues on smart grid technologies primarily in terms of information and communication technology (ICT) issues like security, efficiency to communications layer field. In this paper we propose new model for security in Smart Grid Technology that contains Security Module(SM) along with DEM which will enhance security in Grid. It is expected that this paper will provide a better understanding of the technologies, potential advantages and research challenges of the smart grid and provoke interest among the research community to further explore this promising research area.

  11. Information technology security system engineering methodology

    Science.gov (United States)

    Childs, D.

    2003-01-01

    A methodology is described for system engineering security into large information technology systems under development. The methodology is an integration of a risk management process and a generic system development life cycle process. The methodology is to be used by Security System Engineers to effectively engineer and integrate information technology security into a target system as it progresses through the development life cycle. The methodology can also be used to re-engineer security into a legacy system.

  12. Information Technology and Security

    OpenAIRE

    Denning, Dorothy E.

    2003-01-01

    in Grave New World: Global Dangers in the 21st Century (Michael Brown ed.), Georgetown Press, 2003. (.pdf of prepublication version) This paper examines key trends and developments in information technology, and the implications of those developments on stability and security. Focus is on cyber threats to computer networks, including information theft and sabotage, and acts that disrupt or deny services. Seven trend areas are examined: ubiquity, mobility, hacking tools, perform...

  13. Security 2020 Reduce Security Risks This Decade

    CERN Document Server

    Howard, Doug; Schneier, Bruce

    2010-01-01

    Identify real security risks and skip the hype After years of focusing on IT security, we find that hackers are as active and effective as ever. This book gives application developers, networking and security professionals, those that create standards, and CIOs a straightforward look at the reality of today's IT security and a sobering forecast of what to expect in the next decade. It debunks the media hype and unnecessary concerns while focusing on the knowledge you need to combat and prioritize the actual risks of today and beyond.IT security needs are constantly evolving; this guide examine

  14. Information Technology Security and Human Risk: Exploring Factors of Unintended Insider Threat and Organizational Resilience

    Science.gov (United States)

    Thompson, Eleanor Elizabeth

    2014-01-01

    That organizations face threats to the security of their computer systems from external hackers is well documented. Intentional or unintentional behaviors by organizational insiders can severely compromise computer security as well. Less is known, however, about the nature of this threat from insiders. The purpose of this study was to bridge this…

  15. Information Technology Security and Human Risk: Exploring Factors of Unintended Insider Threat and Organizational Resilience

    Science.gov (United States)

    Thompson, Eleanor Elizabeth

    2014-01-01

    That organizations face threats to the security of their computer systems from external hackers is well documented. Intentional or unintentional behaviors by organizational insiders can severely compromise computer security as well. Less is known, however, about the nature of this threat from insiders. The purpose of this study was to bridge this…

  16. Network security risk level

    Directory of Open Access Journals (Sweden)

    Emil BURTESCU

    2006-01-01

    Full Text Available The advantages of the existence of a computers network within any company with pretensions are obvious. But the construction and the existence of a network without meeting some minimum security requirements, although it would be preferable to be optimal, can lead to bad functioning in the performance of the company’s business. The vulnerability of a grouping, such as a network, is given by the weakest point in its competence. The establishing of the risk level of each component of the network, and implicitly of the grouping, is highly necessary

  17. Information risk and security modeling

    Science.gov (United States)

    Zivic, Predrag

    2005-03-01

    This research paper presentation will feature current frameworks to addressing risk and security modeling and metrics. The paper will analyze technical level risk and security metrics of Common Criteria/ISO15408, Centre for Internet Security guidelines, NSA configuration guidelines and metrics used at this level. Information IT operational standards view on security metrics such as GMITS/ISO13335, ITIL/ITMS and architectural guidelines such as ISO7498-2 will be explained. Business process level standards such as ISO17799, COSO and CobiT will be presented with their control approach to security metrics. Top level, the maturity standards such as SSE-CMM/ISO21827, NSA Infosec Assessment and CobiT will be explored and reviewed. For each defined level of security metrics the research presentation will explore the appropriate usage of these standards. The paper will discuss standards approaches to conducting the risk and security metrics. The research findings will demonstrate the need for common baseline for both risk and security metrics. This paper will show the relation between the attribute based common baseline and corporate assets and controls for risk and security metrics. IT will be shown that such approach spans over all mentioned standards. The proposed approach 3D visual presentation and development of the Information Security Model will be analyzed and postulated. Presentation will clearly demonstrate the benefits of proposed attributes based approach and defined risk and security space for modeling and measuring.

  18. Improving Information Security Risk Management

    Science.gov (United States)

    Singh, Anand

    2009-01-01

    manaOptimizing risk to information to protect the enterprise as well as to satisfy government and industry mandates is a core function of most information security departments. Risk management is the discipline that is focused on assessing, mitigating, monitoring and optimizing risks to information. Risk assessments and analyses are critical…

  19. Improving Information Security Risk Management

    Science.gov (United States)

    Singh, Anand

    2009-01-01

    manaOptimizing risk to information to protect the enterprise as well as to satisfy government and industry mandates is a core function of most information security departments. Risk management is the discipline that is focused on assessing, mitigating, monitoring and optimizing risks to information. Risk assessments and analyses are critical…

  20. Health Security and Risk Aversion.

    Science.gov (United States)

    Herington, Jonathan

    2016-09-01

    Health security has become a popular way of justifying efforts to control catastrophic threats to public health. Unfortunately, there has been little analysis of the concept of health security, nor the relationship between health security and other potential aims of public health policy. In this paper I develop an account of health security as an aversion to risky policy options. I explore three reasons for thinking risk avoidance is a distinctly worthwhile aim of public health policy: (i) that security is intrinsically valuable, (ii) that it is necessary for social planning and (iii) that it is an appropriate response to decision-making in contexts of very limited information. Striking the right balance between securing and maximizing population health thus requires a substantive, and hitherto unrecognized, value judgment. Finally, I critically evaluate the current health security agenda in light of this new account of the concept and its relationship to the other aims of public health policy.

  1. Information security risk analysis

    CERN Document Server

    Peltier, Thomas R

    2001-01-01

    Effective Risk AnalysisQualitative Risk AnalysisValue AnalysisOther Qualitative MethodsFacilitated Risk Analysis Process (FRAP)Other Uses of Qualitative Risk AnalysisCase StudyAppendix A: QuestionnaireAppendix B: Facilitated Risk Analysis Process FormsAppendix C: Business Impact Analysis FormsAppendix D: Sample of ReportAppendix E: Threat DefinitionsAppendix F: Other Risk Analysis OpinionsIndex

  2. Addressing social resistance in emerging security technologies

    Science.gov (United States)

    Mitchener-Nissen, Timothy

    2013-01-01

    In their efforts to enhance the safety and security of citizens, governments and law enforcement agencies look to scientists and engineers to produce modern methods for preventing, detecting, and prosecuting criminal activities. Whole body scanners, lie detection technologies, biometrics, etc., are all being developed for incorporation into the criminal justice apparatus.1 Yet despite their purported security benefits these technologies often evoke social resistance. Concerns over privacy, ethics, and function-creep appear repeatedly in analyses of these technologies. It is argued here that scientists and engineers continue to pay insufficient attention to this resistance; acknowledging the presence of these social concerns yet failing to meaningfully address them. In so doing they place at risk the very technologies and techniques they are seeking to develop, for socially controversial security technologies face restrictions and in some cases outright banning. By identifying sources of potential social resistance early in the research and design process, scientists can both engage with the public in meaningful debate and modify their security technologies before deployment so as to minimize social resistance and enhance uptake. PMID:23970863

  3. Addressing social resistance in emerging security technologies.

    Science.gov (United States)

    Mitchener-Nissen, Timothy

    2013-01-01

    In their efforts to enhance the safety and security of citizens, governments and law enforcement agencies look to scientists and engineers to produce modern methods for preventing, detecting, and prosecuting criminal activities. Whole body scanners, lie detection technologies, biometrics, etc., are all being developed for incorporation into the criminal justice apparatus. Yet despite their purported security benefits these technologies often evoke social resistance. Concerns over privacy, ethics, and function-creep appear repeatedly in analyses of these technologies. It is argued here that scientists and engineers continue to pay insufficient attention to this resistance; acknowledging the presence of these social concerns yet failing to meaningfully address them. In so doing they place at risk the very technologies and techniques they are seeking to develop, for socially controversial security technologies face restrictions and in some cases outright banning. By identifying sources of potential social resistance early in the research and design process, scientists can both engage with the public in meaningful debate and modify their security technologies before deployment so as to minimize social resistance and enhance uptake.

  4. The security Risks and Legal Norms of 3D Printing Technology%3D打印技术的安全风险及其法律规制

    Institute of Scientific and Technical Information of China (English)

    靳澜涛

    2015-01-01

    3D printing is a kind of rapid prototyping technology, which has developed rapidly in recent years, with good prospects for the development and application of space. However, the potential of technological innovation behind the hidden aspects of the security risks of intellectual property rights, criminal and human ethics, the use of legal, regulatory policies the rapid development of 3D printing technology may bring a security risk. Both protecting the social order and public security management are the premise and foundation of 3D printing to further development and innovation.%3D打印作为一种快速成型技术,近年来发展迅速,有着良好的发展前景与应用空间。然而技术革新的背后潜在隐藏着知识产权、刑事犯罪以及人类伦理等多方面的安全风险,利用法律、政策规制3D打印技术迅猛发展可能带来的安全风险,既是保障社会治安管理秩序的关键,更是3D打印技术进一步发展与革新的前提与基础。

  5. Information Security Risk Analysis

    CERN Document Server

    Peltier, Thomas R

    2010-01-01

    Offers readers with the knowledge and the skill-set needed to achieve a highly effective risk analysis assessment. This title demonstrates how to identify threats and then determine if those threats pose a real risk. It is suitable for industry and academia professionals.

  6. Securing the energy industry : perspectives in security risk management

    Energy Technology Data Exchange (ETDEWEB)

    Hurd, G.L. [Anadarko Canada Corp., Calgary, AB (Canada)

    2003-07-01

    This presentation offered some perspectives in security risk management as it relates to the energy sector. Since the events of September 11, 2001 much attention has been given to terrorism and the business is reviewing protection strategies. The paper made reference to each of the following vulnerabilities in the energy sector: information technology, globalization, business restructuring, interdependencies, political/regulatory change, and physical/human factors. The vulnerability of information technology is that it can be subject to cyber and virus attacks. Dangers of globalization lie in privacy and information security, forced nationalization, organized crime, and anti-globalization efforts. It was noted that the Y2K phenomenon provided valuable lessons regarding interdependencies and the effects of power outages, water availability, transportation disruption, common utility corridor accidents, and compounding incidents. The paper also noted the conflict between the government's desire to have a resilient infrastructure that can withstand and recover from attacks versus a company's ability to afford this capability. The physical/human factors that need to be considered in risk management include crime, domestic terrorism, and disasters such as natural disasters, industrial disasters and crisis. The energy industry has geographically dispersed vulnerable systems. It has done a fair job of physical security and has good emergency management practices, but it was noted that the industry cannot protect against all threats. A strategy of vigilance and awareness is needed to deal with threats. Other strategies include contingency planning, physical security, employee communication, and emergency response plans. tabs., figs.

  7. Promoting Economic Security through Information Technology Abstract

    African Journals Online (AJOL)

    PROF. O. E. OSUAGWU

    2013-12-01

    Dec 1, 2013 ... today, we have witness a lot of national security issues that risks the continued existence of the country as one ... lack of economic security such as Income security, Employment security, Job security, ..... In Australia, building and .... Table 4.2.8 Respondents by IT on Oil and Gas production and distribution.

  8. Cloud Testing Technology Research for Security Risks%面向安全风险的云计算测试技术研究

    Institute of Scientific and Technical Information of China (English)

    王娜娜

    2014-01-01

    In order to reduce security risks of cloud computing,cloud computing security,ensure the normal and reliable operation,based on the cloud computing oriented testing technology as the main object of study,firstly the definition of cloud computing,characteristics,types and development situation are briefly introduced. And security risk issues of cloud computing are analyzed and discussed on safety test technology,the cloud computing and its solution. At last,the related solutions are given.%为了降低云计算的安全风险,保证云计算的安全、正常、可靠的运行,以面向云计算测试技术为主要的研究对象,首先对云计算的定义、特征、类型以及其发展现状进行简要的介绍,其次对云计算的安全风险问题进行了分析和讨论,最后对云计算的安全测试技术和其解决的方案进行探讨,给出了相关的解决方案。

  9. Safeguards technology and computer security training

    Energy Technology Data Exchange (ETDEWEB)

    Hunteman, W.J.; Zack, N.R.

    1992-01-01

    The Los Alamos National Laboratory Safeguards Systems Group provides a variety of training services to the federal government and its contractors. The US Department of Energy sponsors a Safeguards Technology Training Program at Los Alamos in which seminars are offered concerning materials accounting for nuclear safeguards, measurement control for materials accounting, and variance propagation and systems analysis. These seminars provide guidance and techniques for accounting for nuclear material, developing and quantifying quality nuclear material measurements, and assessing overall accounting system performance. The Safeguards Systems Group also provides training in computer and data security applications; i.e., a workshop and the Los Alamos Vulnerability/Risk Assessment System (LAVA), computer system security officer training, and nuclear material safeguards for managers training, which are available on request. This paper describes the purpose, content, and expected benefits of the training activities that can be applied at nuclear materials facilities or where there are computer and/or data security concerns.

  10. Safeguards technology and computer security training

    Energy Technology Data Exchange (ETDEWEB)

    Hunteman, W.J.; Zack, N.R.

    1992-09-01

    The Los Alamos National Laboratory Safeguards Systems Group provides a variety of training services to the federal government and its contractors. The US Department of Energy sponsors a Safeguards Technology Training Program at Los Alamos in which seminars are offered concerning materials accounting for nuclear safeguards, measurement control for materials accounting, and variance propagation and systems analysis. These seminars provide guidance and techniques for accounting for nuclear material, developing and quantifying quality nuclear material measurements, and assessing overall accounting system performance. The Safeguards Systems Group also provides training in computer and data security applications; i.e., a workshop and the Los Alamos Vulnerability/Risk Assessment System (LAVA), computer system security officer training, and nuclear material safeguards for managers training, which are available on request. This paper describes the purpose, content, and expected benefits of the training activities that can be applied at nuclear materials facilities or where there are computer and/or data security concerns.

  11. Enterprise security IT security solutions : concepts, practical experiences, technologies

    CERN Document Server

    Fumy, Walter

    2013-01-01

    Addressing IT managers and staff, as well as CIOs and other executives dealing with corporate IT security, this book provides a broad knowledge on the major security issues affecting today's corporations and organizations, and presents state-of-the-art concepts and current trends for securing an enterprise.Areas covered include information security management, network and system security, identity and access management (IAM), authentication (including smart card based solutions and biometrics), and security certification. In-depth discussion of relevant technologies and standards (including cr

  12. Aerospace Communications Security Technologies Demonstrated

    Science.gov (United States)

    Griner, James H.; Martzaklis, Konstantinos S.

    2003-01-01

    In light of the events of September 11, 2001, NASA senior management requested an investigation of technologies and concepts to enhance aviation security. The investigation was to focus on near-term technologies that could be demonstrated within 90 days and implemented in less than 2 years. In response to this request, an internal NASA Glenn Research Center Communications, Navigation, and Surveillance Aviation Security Tiger Team was assembled. The 2-year plan developed by the team included an investigation of multiple aviation security concepts, multiple aircraft platforms, and extensively leveraged datalink communications technologies. It incorporated industry partners from NASA's Graphical Weather-in-the-Cockpit research, which is within NASA's Aviation Safety Program. Two concepts from the plan were selected for demonstration: remote "black box," and cockpit/cabin surveillance. The remote "black box" concept involves real-time downlinking of aircraft parameters for remote monitoring and archiving of aircraft data, which would assure access to the data following the loss or inaccessibility of an aircraft. The cockpit/cabin surveillance concept involves remote audio and/or visual surveillance of cockpit and cabin activity, which would allow immediate response to any security breach and would serve as a possible deterrent to such breaches. The datalink selected for the demonstrations was VDL Mode 2 (VHF digital link), the first digital datalink for air-ground communications designed for aircraft use. VDL Mode 2 is beginning to be implemented through the deployment of ground stations and aircraft avionics installations, with the goal of being operational in 2 years. The first demonstration was performed December 3, 2001, onboard the LearJet 25 at Glenn. NASA worked with Honeywell, Inc., for the broadcast VDL Mode 2 datalink capability and with actual Boeing 757 aircraft data. This demonstration used a cockpitmounted camera for video surveillance and a coupling to

  13. 75 FR 28275 - Homeland Security Science and Technology Advisory Committee

    Science.gov (United States)

    2010-05-20

    ... SECURITY Homeland Security Science and Technology Advisory Committee AGENCY: Science and Technology...: On April 12, 2010, the Homeland Security Science and Technology Advisory Committee announced in the... supplements that original meeting notice. DATES: The Homeland Security Science and Technology Advisory...

  14. 76 FR 4079 - Information Technology (IT) Security

    Science.gov (United States)

    2011-01-24

    ... SPACE ADMINISTRATION 48 CFR Parts 1804 and 1852 RIN 2700-AD46 Information Technology (IT) Security... NASA FAR Supplement (NFS) to update requirements related to Information Technology Security, consistent with Federal policies for the security of unclassified information and information systems. The...

  15. Technology-Enabled Crime, Policing and Security

    Science.gov (United States)

    McQuade, Sam

    2006-01-01

    Crime, policing and security are enabled by and co-evolve with technologies that make them possible. As criminals compete with security and policing officials for technological advantage perpetually complex crime, policing and security results in relatively confusing and therefore unmanageable threats to society. New, adaptive and ordinary crimes…

  16. Making Technology Work for Campus Security

    Science.gov (United States)

    Floreno, Jeff; Keil, Brad

    2010-01-01

    The challenges associated with securing schools from both on- and off-campus threats create constant pressure for law enforcement, campus security professionals, and administrators. And while security technology choices are plentiful, many colleges and universities are operating with limited dollars and information needed to select and integrate…

  17. Information technology - Security techniques - Information security management systems - Requirements

    CERN Document Server

    International Organization for Standardization. Geneva

    2005-01-01

    ISO/IEC 27001:2005 covers all types of organizations (e.g. commercial enterprises, government agencies, not-for profit organizations). ISO/IEC 27001:2005 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization's overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof. ISO/IEC 27001:2005 is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties. ISO/IEC 27001:2005 is intended to be suitable for several different types of use, including the following: use within organizations to formulate security requirements and objectives; use within organizations as a way to ensure that security risks are cost effectively managed; use within organizations to ensure comp...

  18. National Security Technology Incubator Business Plan

    Energy Technology Data Exchange (ETDEWEB)

    None, None

    2007-12-31

    This document contains a business plan for the National Security Technology Incubator (NSTI), developed as part of the National Security Preparedness Project (NSPP) and performed under a Department of Energy (DOE)/National Nuclear Security Administration (NNSA) grant. This business plan describes key features of the NSTI, including the vision and mission, organizational structure and staffing, services, evaluation criteria, marketing strategies, client processes, a budget, incubator evaluation criteria, and a development schedule. The purpose of the NSPP is to promote national security technologies through business incubation, technology demonstration and validation, and workforce development. The NSTI will focus on serving businesses with national security technology applications by nurturing them through critical stages of early development. The vision of the NSTI is to be a successful incubator of technologies and private enterprise that assist the NNSA in meeting new challenges in national safety, security, and protection of the homeland. The NSTI is operated and managed by the Arrowhead Center, responsible for leading the economic development mission of New Mexico State University (NMSU). The Arrowhead Center will recruit business with applications for national security technologies recruited for the NSTI program. The Arrowhead Center and its strategic partners will provide business incubation services, including hands-on mentoring in general business matters, marketing, proposal writing, management, accounting, and finance. Additionally, networking opportunities and technology development assistance will be provided.

  19. National Security Technology Incubator Evaluation Process

    Energy Technology Data Exchange (ETDEWEB)

    None, None

    2007-12-31

    This report describes the process by which the National Security Technology Incubator (NSTI) will be evaluated. The technology incubator is being developed as part of the National Security Preparedness Project (NSPP), funded by a Department of Energy (DOE)/National Nuclear Security Administration (NNSA) grant. This report includes a brief description of the components, steps, and measures of the proposed evaluation process. The purpose of the NSPP is to promote national security technologies through business incubation, technology demonstration and validation, and workforce development. The NSTI will focus on serving businesses with national security technology applications by nurturing them through critical stages of early development. An effective evaluation process of the NSTI is an important step as it can provide qualitative and quantitative information on incubator performance over a given period. The vision of the NSTI is to be a successful incubator of technologies and private enterprise that assist the NNSA in meeting new challenges in national safety and security. The mission of the NSTI is to identify, incubate, and accelerate technologies with national security applications at various stages of development by providing hands-on mentoring and business assistance to small businesses and emerging or growing companies. To achieve success for both incubator businesses and the NSTI program, an evaluation process is essential to effectively measure results and implement corrective processes in the incubation design if needed. The evaluation process design will collect and analyze qualitative and quantitative data through performance evaluation system.

  20. Security Technologies for Open Networking Environments (STONE)

    Energy Technology Data Exchange (ETDEWEB)

    Muftic, Sead

    2005-03-31

    Under this project SETECS performed research, created the design, and the initial prototype of three groups of security technologies: (a) middleware security platform, (b) Web services security, and (c) group security system. The results of the project indicate that the three types of security technologies can be used either individually or in combination, which enables effective and rapid deployment of a number of secure applications in open networking environments. The middleware security platform represents a set of object-oriented security components providing various functions to handle basic cryptography, X.509 certificates, S/MIME and PKCS No.7 encapsulation formats, secure communication protocols, and smart cards. The platform has been designed in the form of security engines, including a Registration Engine, Certification Engine, an Authorization Engine, and a Secure Group Applications Engine. By creating a middleware security platform consisting of multiple independent components the following advantages have been achieved - Object-oriented, Modularity, Simplified Development, and testing, Portability, and Simplified extensions. The middleware security platform has been fully designed and a preliminary Java-based prototype has been created for the Microsoft Windows operating system. The Web services security system, designed in the project, consists of technologies and applications that provide authentication (i.e., single sign), authorization, and federation of identities in an open networking environment. The system is based on OASIS SAML and XACML standards for secure Web services. Its topology comprises three major components: Domain Security Server (DSS) is the main building block of the system Secure Application Server (SAS) Secure Client In addition to the SAML and XACML engines, the authorization system consists of two sets of components An Authorization Administration System An Authorization Enforcement System Federation of identities in multi

  1. Review: Security in Wireless Technologies in Business

    Science.gov (United States)

    Sattarova, F. Y.; Kim, Tai-Hoon

    Wireless technology seems to be everywhere now - but it is still relatively in its infancy. New standards and protocols continue to emerge and problems and bugs are discovered. Nevertheless, wireless networks make many things much more convenient and it appears that wireless networks are here to stay. The differences and similarities of wireless and wired security, the new threats brought by mobility, the security of networks and devices and effects of security, or lack of it are shortly discussed in this review paper.

  2. Cyber security analytics, technology and automation

    CERN Document Server

    Neittaanmäki, Pekka

    2015-01-01

    Over the last two decades, the Internet and more broadly cyberspace has had a tremendous impact on all parts of society. Governments across the world have started to develop cyber security strategies and to consider cyberspace as an increasingly important international issue. The book, in addition to the cyber threats and technology, processes cyber security from many sides as a social phenomenon and how the implementation of the cyber security strategy is carried out. The book gives a profound idea of the most spoken phenomenon of this time. The book is suitable for a wide-ranging audience from graduate to professionals/practitioners and researchers. Relevant disciplines for the book are  Telecommunications / Network security, Applied mathematics / Data analysis, Mobile systems / Security, Engineering / Security of critical infrastructure and Military science / Security.

  3. An IOT Security Risk Autonomic Assessment Algorithm

    Directory of Open Access Journals (Sweden)

    Zhengchao Ma

    2013-02-01

    Full Text Available In terms of Internet of Things (IOT system with the possibility criterion of fuzziness and randomness security risk, we qualitatively analyze the security risk level of IOT security scene by describing generalization metrics the potential impact and likelihood of occurrence of every major threat scenarios. On this basis, we proposed self-assessment algorithm of IOT security risk, adopting three-dimensional normal cloud model integrated consideration of risk indicators, researching the multi-rule mapping relationship between the qualitative input of safety indicators and the quantitative reasoning of self-assessment. Finally, we build security risk assessment simulation platform, and verify the validity and accuracy of the algorithm in the premise of substantiating the risk level and the safety criterion domain.

  4. Securing the European ‘Homeland’: Profit, risk, authority

    NARCIS (Netherlands)

    Hoijtink, M.

    2016-01-01

    This thesis explores the emergence of a new European market for homeland security technology in the context of changing conceptions of risk. On the one hand, an important contribution of this study is that it focuses on the politics of the governmentality of risk and the role of industry and lobby

  5. New technology for food systems and security.

    Science.gov (United States)

    Yau, N J Newton

    2009-01-01

    In addition to product trade, technology trade has become one of the alternatives for globalization action around the world. Although not all technologies employed on the technology trade platform are innovative technologies, the data base of international technology trade still is a good indicator for observing innovative technologies around world. The technology trade data base from Sinew Consulting Group (SCG) Ltd. was employed as an example to lead the discussion on security or safety issues that may be caused by these innovative technologies. More technologies related to processing, functional ingredients and quality control technology of food were found in the data base of international technology trade platform. The review was conducted by categorizing technologies into the following subcategories in terms of safety and security issues: (1) agricultural materials/ingredients, (2) processing/engineering, (3) additives, (4) packaging/logistics, (5) functional ingredients, (6) miscellaneous (include detection technology). The author discusses examples listed for each subcategory, including GMO technology, nanotechnology, Chinese medicine based functional ingredients, as well as several innovative technologies. Currently, generation of innovative technology advance at a greater pace due to cross-area research and development activities. At the same time, more attention needs to be placed on the employment of these innovative technologies.

  6. Emerging Technology for School Security

    Science.gov (United States)

    Doss, Kevin T.

    2012-01-01

    Locks and keys ring up huge costs for education institutions. No wonder many facility directors and public-safety directors have turned to automated access-control systems with magnetic-stripe cards, proximity cards and, most recently, smart cards. Smart cards can provide a host of on- and off-campus services beyond security. In addition to…

  7. An immunity based network security risk estimation

    Institute of Scientific and Technical Information of China (English)

    LI Tao

    2005-01-01

    According to the relationship between the antibody concentration and the pathogen intrusion intensity, here we present an immunity-based model for the network security risk estimation (Insre). In Insre, the concepts and formal definitions of self,nonself, antibody, antigen and lymphocyte in the network security domain are given. Then the mathematical models of the self-tolerance, the clonal selection, the lifecycle of mature lymphocyte, immune memory and immune surveillance are established. Building upon the above models, a quantitative computation model for network security risk estimation,which is based on the calculation of antibody concentration, is thus presented. By using Insre, the types and intensity of network attacks, as well as the risk level of network security, can be calculated quantitatively and in real-time. Our theoretical analysis and experimental results show that Insre is a good solution to real-time risk evaluation for the network security.

  8. 75 FR 39955 - Homeland Security Science and Technology Advisory Committee

    Science.gov (United States)

    2010-07-13

    ... SECURITY Homeland Security Science and Technology Advisory Committee AGENCY: Science and Technology.... SUMMARY: The Homeland Security Science and Technology Advisory Committee (HSSTAC) will meet July 20-21... will be partially closed to the public. DATES: The Homeland Security Science and Technology Advisory...

  9. 75 FR 2555 - Homeland Security Science and Technology Advisory Committee

    Science.gov (United States)

    2010-01-15

    ... SECURITY Homeland Security Science and Technology Advisory Committee AGENCY: Science and Technology...: The Homeland Security Science and Technology Advisory Committee will meet January 26-28, 2010, at the... public. DATES: The Homeland Security Science and Technology Advisory Committee will meet January 26, 2010...

  10. 75 FR 18516 - Homeland Security Science and Technology Advisory Committee

    Science.gov (United States)

    2010-04-12

    ... SECURITY Homeland Security Science and Technology Advisory Committee AGENCY: Science and Technology...: The Homeland Security Science and Technology Advisory Committee will meet April 20-22, 2010 at the.... This meeting will be closed to the public. DATES: The Homeland Security Science and Technology Advisory...

  11. Security engineering: Phisical security measures for high-risk personnel

    Directory of Open Access Journals (Sweden)

    Jelena S. Cice

    2013-06-01

    Full Text Available The design of physical security measures is a specialized technical area that does not fall in the normal skill record and resume of commanders, architects, engineers, and project managers. This document provides guidance to those parties tasked with implementing existing and emerging physical protection system requirements: -    Creation of a single-source reference for the design and construction of physical security measures for high-risk personnel (HRP. -    Promulgation of multi-service standard recommendations and considerations. -    Potential increase of productivity of HRP and reduced temporary housing costs through clarification of considerations, guidance on planning, and provision of design solutions. -    Reduction of facility project costs. -    Better performance of modernized facilities, in terms of force protection, than original facilities. Throughout this process you must ensure: confidentiality, appropriate Public Relations, sustainability, compliance with all industrial guidelines and legal and regulatory requirement, constant review and revision to accommodate new circumstances or threats. Introduction Physical security is an extremely broad topic. It encompasses access control devices such as smart cards, air filtration and fireproofing. It is also heavily reliant on infrastructure. This means that many of the ideal physical security measures may not be economically or physically feasible for existing sites. Many businesses do not have the option of building their own facility from the ground up; thus physical security often must be integrated into an existing structure. This limits the overall set of security measures that can be installed. There is an aspect of physical security that is often overlooked; the humans that interact with it. Humans commit crime for a number of reasons. The document focuses on two building types: the HRP office and the HRP residence. HRP are personnel who are likely to be

  12. National Security Technology Incubator Operations Plan

    Energy Technology Data Exchange (ETDEWEB)

    None

    2008-04-30

    This report documents the operations plan for developing the National Security Technology Incubator (NSTI) program for southern New Mexico. The NSTI program will focus on serving businesses with national security technology applications by nurturing them through critical stages of early development. The NSTI program is being developed as part of the National Security Preparedness Project (NSPP), funded by Department of Energy (DOE)/National Nuclear Security Administration (NNSA). The operation plan includes detailed descriptions of the structure and organization, policies and procedures, scope, tactics, and logistics involved in sustainable functioning of the NSTI program. Additionally, the operations plan will provide detailed descriptions of continuous quality assurance measures based on recommended best practices in incubator development by the National Business Incubation Association (NBIA). Forms that assist in operations of NSTI have been drafted and can be found as an attachment to the document.

  13. National Security Technology Incubation Project Continuation Plan

    Energy Technology Data Exchange (ETDEWEB)

    None

    2008-09-30

    This document contains a project continuation plan for the National Security Technology Incubator (NSTI). The plan was developed as part of the National Security Preparedness Project (NSPP) funded by a Department of Energy (DOE)/National Nuclear Security Administration (NNSA) grant. This continuation plan describes the current status of NSTI (staffing and clients), long-term goals, strategies, and long-term financial solvency goals.The Arrowhead Center of New Mexico State University (NMSU) is the operator and manager of the NSTI. To realize the NSTI, Arrowhead Center must meet several performance objectives related to planning, development, execution, evaluation, and sustainability. This continuation plan is critical to the success of NSTI in its mission of incubating businesses with security technology products and services.

  14. Competition, Speculative Risks, and IT Security Outsourcing

    Science.gov (United States)

    Cezar, Asunur; Cavusoglu, Huseyin; Raghunathan, Srinivasan

    Information security management is becoming a more critical and, simultaneously, a challenging function for many firms. Even though many security managers are skeptical about outsourcing of IT security, others have cited reasons that are used for outsourcing of traditional IT functions for why security outsourcing is likely to increase. Our research offers a novel explanation, based on competitive externalities associated with IT security, for firms' decisions to outsource IT security. We show that if competitive externalities are ignored, then a firm will outsource security if and only if the MSSP offers a quality (or a cost) advantage over in-house operations, which is consistent with the traditional explanation for security outsourcing. However, a higher quality is neither a prerequisite nor a guarantee for a firm to outsource security. The competitive risk environment and the nature of the security function outsourced, in addition to quality, determine firms' outsourcing decisions. If the reward from the competitor's breach is higher than the loss from own breach, then even if the likelihood of a breach is higher under the MSSP the expected benefit from the competitive demand externality may offset the loss from the higher likelihood of breaches, resulting in one or both firms outsourcing security. The incentive to outsource security monitoring is higher than that of infrastructure management because the MSSP can reduce the likelihood of breach on both firms and thus enhance the demand externality effect. The incentive to outsource security monitoring (infrastructure management) is higher (lower) if either the likelihood of breach on both firms is lower (higher) when security is outsourced or the benefit (relative to loss) from the externality is higher (lower). The benefit from the demand externality arising out of a security breach is higher when more of the customers that leave the breached firm switch to the non-breached firm.

  15. Center for Coastline Security Technology, Year 3

    Science.gov (United States)

    2008-05-01

    Figure 2.6.8: Close-Up Photograph of RPUUV Tail Section. Figure 2.6.9: Force and moments applied on a hydrofoil . Figure 2.6.10: The NACA 21016... hydrofoil profile. Florida Atlantic University 4/28/08 Page 10 Center for Coastline Security Technology Year Three-Final Report Figure...as a 3D wing with a NACA 21016 hydrofoil profile (Figure 2.6.10) held by 3 cylinders (Figure 2.6.8). Center for Coastline Security Technology Year

  16. Security risks arising from portable storage devices

    CSIR Research Space (South Africa)

    Molotsi, K

    2012-10-01

    Full Text Available ? To identify and provide security countermeasures to help organisations and users to address the security risks from PSDs DEFINITION OF PORTABLE STORAGE DEVICES A PSD can be defined as: ? A small, lightweight device that is capable of storing... stream_source_info Molotsi_2012.pdf.txt stream_content_type text/plain stream_size 4841 Content-Encoding ISO-8859-1 stream_name Molotsi_2012.pdf.txt Content-Type text/plain; charset=ISO-8859-1 Security risks arising from...

  17. The Search for Security Technology Funding.

    Science.gov (United States)

    Fickes, Michael

    2003-01-01

    Explains that although it is difficult to find money to pay for school security technology, there are places to look. For example, the Department of Education has a list serve that summarizes various funding opportunities. There is also a Federal Register list serve and a site put out by the Department of Justice. A sidebar presents three…

  18. COMBINING REUSABLE TEST CASES AND CONTINUOUS SECURITY TESTING FOR REDUCING WEB APPS SECURITY RISKS

    Directory of Open Access Journals (Sweden)

    Sen-Tarng Lai

    2016-11-01

    Full Text Available In network communication age, information technology is being at the continuous and rapid evolutionprocess. Network access equipment, information system and Web Apps must rapidly and continuouslyupdate to meet the user interested requirements. Major challenge of Web Apps frequent changes is the security of user personal data and transactions information. Vulnerability scanning and penetration testing are the routine methods to improve the security of Web App. However, these two ways not only timeconsuming,but also require too many resources. For coping the continuous changes, in the limitedresources, security testing not only need to be timely completed, but also should concern testing quality.Otherwise, every change maintenance cannot avoid to cause the security risk of new version App. Based on reusable test cases, this paper proposes the continuous security testing procedure (CSTP, using test casesreusability to increase security test efficiency. In Web Apps maintenance process of limited resources, CSTPcan timely handle security testing and quickly identify Web Apps vulnerabilities and defects. Assisting Apps maintainer effectively repair security defects and concretely improve the security of user personal data and transaction information.

  19. Safety and Security Interface Technology Initiative

    Energy Technology Data Exchange (ETDEWEB)

    Dr. Michael A. Lehto; Kevin J. Carroll; Dr. Robert Lowrie

    2007-05-01

    Safety and Security Interface Technology Initiative Mr. Kevin J. Carroll Dr. Robert Lowrie, Dr. Micheal Lehto BWXT Y12 NSC Oak Ridge, TN 37831 865-576-2289/865-241-2772 carrollkj@y12.doe.gov Work Objective. Earlier this year, the Energy Facility Contractors Group (EFCOG) was asked to assist in developing options related to acceleration deployment of new security-related technologies to assist meeting design base threat (DBT) needs while also addressing the requirements of 10 CFR 830. NNSA NA-70, one of the working group participants, designated this effort the Safety and Security Interface Technology Initiative (SSIT). Relationship to Workshop Theme. “Supporting Excellence in Operations Through Safety Analysis,” (workshop theme) includes security and safety personnel working together to ensure effective and efficient operations. One of the specific workshop elements listed in the call for papers is “Safeguards/Security Integration with Safety.” This paper speaks directly to this theme. Description of Work. The EFCOG Safety Analysis Working Group (SAWG) and the EFCOG Security Working Group formed a core team to develop an integrated process involving both safety basis and security needs allowing achievement of the DBT objectives while ensuring safety is appropriately considered. This effort garnered significant interest, starting with a two day breakout session of 30 experts at the 2006 Safety Basis Workshop. A core team was formed, and a series of meetings were held to develop that process, including safety and security professionals, both contractor and federal personnel. A pilot exercise held at Idaho National Laboratory (INL) in mid-July 2006 was conducted as a feasibility of concept review. Work Results. The SSIT efforts resulted in a topical report transmitted from EFCOG to DOE/NNSA in August 2006. Elements of the report included: Drivers and Endstate, Control Selections Alternative Analysis Process, Terminology Crosswalk, Safety Basis/Security

  20. Security Risks in IP Telephony

    Directory of Open Access Journals (Sweden)

    Filip Rezac

    2010-01-01

    Full Text Available This paper deals with VoIP communication security and various techniques of VoIP attacks. We divided these threats in several categories according to their specific behaviour and their impact on the affected system. We also tried to find effective methods to prevent or mitigate these attacks. We focused our work on Spam over Internet Telephony (SPIT as a real threat for the future. We have developed both a tool generating SPIT attacks and AntiSPIT tool defending communication systems against SPIT attacks. AntiSPIT represents an effective protection based on statistical blacklist and works without participation of the called party which is a significant advantage.

  1. National Security Technology Incubator Action Plan

    Energy Technology Data Exchange (ETDEWEB)

    None, None

    2008-02-28

    This report documents the action plan for developing the National Security Technology Incubator (NSTI) program for southern New Mexico. The NSTI program is being developed as part of the National Security Preparedness Project (NSPP), funded by Department of Energy (DOE)/National Nuclear Security Administration (NNSA). This action plan serves as a tool in measuring progress in the development process and delivery of services for the NSTI program. Continuous review and evaluation of the action plan is necessary in the development process of the NSTI. The action plan includes detailed steps in developing the NSTI program based on recommended best practices in incubator development by the National Business Incubation Association (NBIA). Included are tasks required to implement the NSTI, developed within a work breakdown structure. In addition, a timeline is identified for each task.

  2. Infrared: A Key Technology for Security Systems

    Directory of Open Access Journals (Sweden)

    Carlo Corsi

    2012-01-01

    Full Text Available Infrared science and technology has been, since the first applications, mainly dedicated to security and surveillance especially in military field, besides specialized techniques in thermal imaging for medical diagnostic and building structures and recently in energy savings and aerospace context. Till recently the security applications were mainly based on thermal imaging as surveillance and warning military systems. In all these applications the advent of room temperature, more reliable due to the coolers avoidance, low cost, and, overall, completely integrable with Silicon technology FPAs, especially designed and tailored for specific applications, smart sensors, has really been impacted with revolutionary and new ideas and system concepts in all the infrared fields, especially for security applications. Lastly, the advent of reliable Infrared Solid State Laser Sources, operating up to the Long Infrared Wavelength Band and the new emerging techniques in Far Infrared Submillimeter Terahertz Bands, has opened wide and new areas for developing new, advanced security systems. A review of all the items with evidence of the weak and the strong points of each item, especially considering possible future developments, will be reported and discussed.

  3. Modern Quantum Technologies of Information Security

    CERN Document Server

    Korchenko, Oleksandr; Gnatyuk, Sergiy

    2010-01-01

    In the paper systematization and classification of modern quantum technologies of the information security against cyber-terrorist attack are carried out. The characteristic of the basic directions of quantum cryptography from the viewpoint of used quantum technologies is given. The qualitative analysis of advantages and disadvantages of concrete quantum protocols is made. The current status of a problem of practical quantum cryptography using in telecommunication networks is considered. In particular, the short review of existing commercial systems of quantum key distribution is given.

  4. Clean fuel technology for world energy security

    Energy Technology Data Exchange (ETDEWEB)

    Sunjay, Sunjay

    2010-09-15

    Clean fuel technology is the integral part of geoengineering and green engineering with a view to global warming mitigation. Optimal utilization of natural resources coal and integration of coal & associated fuels with hydrocarbon exploration and development activities is pertinent task before geoscientist with evergreen energy vision with a view to energy security & sustainable development. Value added technologies Coal gasification,underground coal gasification & surface coal gasification converts solid coal into a gas that can be used for power generation, chemical production, as well as the option of being converted into liquid fuels.

  5. Technology Foundations for Computational Evaluation of Software Security Attributes

    Science.gov (United States)

    2006-12-01

    Technology Foundations for Computational Evaluation of Software Security Attributes Gwendolyn H. Walton Thomas A. Longstaff Richard C...security attributes to the functional behavior of the software . The emergence of CERT’s new function extraction (FX) technology , unavailable to previous... software meets security requirements if they have been specified in behavioral terms. FX technology prescribes effective means to create and record

  6. Practical Methods for Information Security Risk Management

    Directory of Open Access Journals (Sweden)

    Cristian AMANCEI

    2011-01-01

    Full Text Available The purpose of this paper is to present some directions to perform the risk man-agement for information security. The article follows to practical methods through question-naire that asses the internal control, and through evaluation based on existing controls as part of vulnerability assessment. The methods presented contains all the key elements that concurs in risk management, through the elements proposed for evaluation questionnaire, list of threats, resource classification and evaluation, correlation between risks and controls and residual risk computation.

  7. Risk to Water Security on Small Islands

    Science.gov (United States)

    Holding, S. T.; Allen, D. M.

    2013-12-01

    The majority of fresh water available on small islands is shallow groundwater that forms a freshwater lens. Freshwater lenses are generally limited in extent and as such are vulnerable to many stressors that impact water security. These include stressors related to climate change, such as sea level rise, as well as those related to human impacts, such as contamination. Traditionally, water security assessments have focussed on indicators that provide a snapshot of the current condition. However, recent work suggests that in order to effectively manage the water system, it is also important to consider uncertain future impacts to the system by evaluating how different stressors might impact water security. In this study, a framework for assessing risk to water security was developed and tested on Andros Island in The Bahamas. The assessment comprises two main components that characterise the water system: numerical modelling studies and a hazard survey. A baseline numerical model of the freshwater lens throughout Andros Island was developed to simulate the morphology of the freshwater lens and estimate the freshwater resources currently available. The model was prepared using SEAWAT, a density-dependent flow and solute transport code. Various stressors were simulated in the model to evaluate the response of the freshwater lens to predicted future shifts in climate patterns, sea level rise, and changes in water use. A hazard survey was also conducted on the island to collect information related to the storage of contaminants, sanitation infrastructure, waste disposal practices and groundwater abstraction rates. The results of the survey form a geo-spatial database of the location and associated hazards to the freshwater lens. The resulting risk framework provides a ranking of overall risk to water security based on information from the numerical modelling and hazard survey. The risk framework is implemented in a Geographic Information System (GIS) and provides a map

  8. The Network's Data Security Risk Analysis

    Directory of Open Access Journals (Sweden)

    Emil BURTESCU

    2008-01-01

    Full Text Available Establishing the networks security risk can be a very difficult operation especially for the small companies which, from financial reasons can't appeal at specialist in this domain, or for the medium or large companies that don't have experience. The following method proposes not to use complex financial calculus to determine the loss level and the value of impact making the determination of risk level a lot easier.

  9. Risk Analysis and Security Countermeasure Selection

    CERN Document Server

    Norman, Thomas L

    2009-01-01

    Explains how to evaluate the appropriateness of security countermeasures, from a cost-effectiveness perspective. This title guides readers from basic principles to complex processes in a step-by-step fashion, evaluating DHS-approved risk assessment methods, including CARVER, API/NPRA, RAMCAP, and various Sandia methodologies

  10. An Overview of Computer Network security and Research Technology

    OpenAIRE

    Rathore, Vandana

    2016-01-01

    The rapid development in the field of computer networks and systems brings both convenience and security threats for users. Security threats include network security and data security. Network security refers to the reliability, confidentiality, integrity and availability of the information in the system. The main objective of network security is to maintain the authenticity, integrity, confidentiality, availability of the network. This paper introduces the details of the technologies used in...

  11. IT security risk management perceived it security risks in the context of cloud computing

    CERN Document Server

    Ackermann, Tobias

    2014-01-01

    This book provides a comprehensive conceptualization of perceived IT security risk in the Cloud Computing context that is based on six distinct risk dimensions grounded on a structured literature review, Q-sorting, expert interviews, and analysis of data collected from 356 organizations. Additionally, the effects of security risks on negative and positive attitudinal evaluations in IT executives' Cloud Computing adoption decisions are examined. The book's second part presents a mathematical risk quantification framework that can be used to support the IT risk management process of Cloud Comput

  12. Towards Agile Security Risk Management in RE and Beyond

    NARCIS (Netherlands)

    Franqueira, Virginia N.L.; Racheva, Zornitza; Tun, Thein Tan; Daneva, Maya

    2011-01-01

    Little attention has been given so far to the process of security risk management at the early stages of system development. Security has been addressed by isolated security assurance practices, some of which consider risks and mitigations but they do not provide an overview of the overall security

  13. The Threat of Security: Hindering Technology Integration in the Classroom

    Science.gov (United States)

    Robinson, LeAnne K.; Brown, Abbie; Green, Tim

    2007-01-01

    For the last year the authors have been gathering examples of how perceived "threats of security" are hampering the integration of technology in teaching and learning. They hope that educators will examine both the challenges of increased security demands and ways in which security might enhance, rather than detract from, the use of technology for…

  14. Using Common Sense to Effectively Integrate Security Technologies within a School's Security Strategy

    Energy Technology Data Exchange (ETDEWEB)

    Gree, M.W.

    1998-11-03

    Security technologies are not the answer to all school security problems. However, they can be an excellent tool for school administrators and security personnel when incorporated into a total security strategy involving personnel, procedures, and facility layout. Unfortunately, very few of the tougher security problems in schools have solutions that are affordable, effective, and acceptable. Like any other type of facility, a school's security staff must understand the strengths and limitations of the security measures they are csecurity practices, which will rarely increase new building costs if included in the initial planning.

  15. Secure Logistic Management System Using Wireless Technologies

    Directory of Open Access Journals (Sweden)

    K.R. Prasanna

    2012-06-01

    Full Text Available This study proposes an idea of solving problems arising in logistics management, with the aid of wireless communication technologies like RFID, GSM and GPS. This study includes the modules of goods delivery status, vehicle location tracking, overloading of goods, interlocking system and finding out the misplaced goods. The integrated system consists of RFID and GPS technology for goods count and vehicle tracking. Overloading of goods is identified with the help of the weight sensors. If the goods are misplaced, the secure system will indicate the authorized base station and will not allow the vehicle to move. If the wrong goods are taken out from the cargo the buzzer will be ON and the message will be intimated to the concerned person through GSM.

  16. Smart Door Lock System: Improving Home Security using Bluetooth Technology

    National Research Council Canada - National Science Library

    Jayant Dabhade; Amirush Javare; Tushar Ghayal; Ankur Shelar; Ankita Gupta

    2017-01-01

      In today's world, smart home control system is necessary in daily life. As the technology is emerging a lot it's time for us to be more technical related to home secure security and easy access to the user...

  17. Management of information security risks in a federal public institution: a case study

    Directory of Open Access Journals (Sweden)

    Jackson Gomes Soares Souza

    2016-11-01

    Full Text Available Public institutions bound to the Brazilian federal public sector must apply security measures, policies, procedures and guidelines as information assets protection measures. This case study sought to determine whether the management of information security risks is applied in a federal public institution according to Information Technology (I.T. managers perceptions and the results expose the importance of the roles played by people, responsibilities, policies, standards, procedures and their implementation aiming greater control of information security risks and opportunities related to information technology security.

  18. Restricted access processor - An application of computer security technology

    Science.gov (United States)

    Mcmahon, E. M.

    1985-01-01

    This paper describes a security guard device that is currently being developed by Computer Sciences Corporation (CSC). The methods used to provide assurance that the system meets its security requirements include the system architecture, a system security evaluation, and the application of formal and informal verification techniques. The combination of state-of-the-art technology and the incorporation of new verification procedures results in a demonstration of the feasibility of computer security technology for operational applications.

  19. RISK MANAGEMENT IN ENSURING AVIATION (TRANSPORT SECURITY

    Directory of Open Access Journals (Sweden)

    S. E. Prozorov

    2015-01-01

    Full Text Available The paper deals with risk management in aviation (transport security based on the three-level assessment of the current threat levels according to the method of application of countermeasures, presented by ICAO in the form of a matrix of risk management, as well as by the introduction of measures to ensure transport safety, depending on the category of transport infrastructure (or vehicle and the level of Iransport safety. The article illustrates the complementarity of the two approaches, suggesting a higher efficiency of relevant processes in their joint application.

  20. Information security risk management and incompatible parts of organization

    Directory of Open Access Journals (Sweden)

    Elham Talabeigi

    2016-11-01

    Full Text Available Purpose: we prepared a questionnaire to evaluate Incompatible parts and also risk management in University of Science and Technology E-Learning Center and studying the Incompatible parts impacts on utility of organization. Design/methodology/approach: By using coalitional game theory we present a new model to recognize the degrees of incompatibility among independent divisions of an organization with dependent security assets. Based on positive and negative interdependencies in the parts, the model provides how the organization can decrease the security risks through non-cooperation rather than cooperation. we implement the proposed model of this paper by analyzing the data which have been provided by questionnaires from different three managers' ideas of Iran University of Science and Technology E-Learning Center located in Iran University of Science and Technology, Tehran, Iran. Findings: In general, by collecting data and analyzing them, the survey showed that Incompatible parts of organizations have negative impacts on utility of organization risk management process. Furthermore, it adds values to other organizations and provides the best practices in planning, developing, implementing and monitoring risk management in organizations. Research limitations/implications: Since Information security and also Risk Management are still areas which need to improve in some Iranian universities, we couldn’t consider them in our analysis. On the other hand, due to questionnaire limitation, the study’s sample size is 1. This size may be considered large for our statistical analysis. Originality/value:  The main contribution of this paper is to propose a model for non-cooperation among a number of divisions in a organization and using risk management factors.

  1. 77 FR 1942 - Homeland Security Science and Technology Advisory Committee (HSSTAC)

    Science.gov (United States)

    2012-01-12

    ... as new developments in systems engineering, cyber- security, knowledge management and how best to... SECURITY Homeland Security Science and Technology Advisory Committee (HSSTAC) AGENCY: Department of Homeland Security Science and Technology Directorate (DHS S&T), Department of Homeland Security....

  2. Improving residual risk management through the use of security metrics

    OpenAIRE

    Pagett, Jonathan

    2012-01-01

    Introduction Reported security breaches over the last 3 years suggest that a large number of security procedures are not currently operating at full effectiveness. Security breaches have ranged from the loss of personal details of 25 million UK citizens to the disclosure of national security information assets. It is highly likely that the organisations involved in these security breaches performed risk assessments for their information assets and implemented a range of security contr...

  3. Aviation Security, Risk Assessment, and Risk Aversion for Public Decisionmaking

    Science.gov (United States)

    Stewart, Mark G.; Mueller, John

    2013-01-01

    This paper estimates risk reductions for each layer of security designed to prevent commercial passenger airliners from being commandeered by terrorists, kept under control for some time, and then crashed into specific targets. Probabilistic methods are used to characterize the uncertainty of rates of deterrence, detection, and disruption, as well…

  4. Input from Key Stakeholders in the National Security Technology Incubator

    Energy Technology Data Exchange (ETDEWEB)

    None

    2008-01-31

    This report documents the input from key stakeholders of the National Security Technology Incubator (NSTI) in developing a new technology incubator and related programs for southern New Mexico. The technology incubator is being developed as part of the National Security Preparedness Project (NSPP), funded by a Department of Energy (DOE)/National Nuclear Security Administration (NNSA) grant. This report includes identification of key stakeholders as well as a description and analysis of their input for the development of an incubator.

  5. 77 FR 56662 - Homeland Security Science and Technology Advisory Committee (HSSTAC)

    Science.gov (United States)

    2012-09-13

    ... Secretary for Science and Technology, such as new developments in systems engineering, cyber-security... SECURITY Homeland Security Science and Technology Advisory Committee (HSSTAC) AGENCY: Science and.... SUMMARY: The Homeland Security Science and Technology Advisory Committee (HSSTAC) will meet on...

  6. Emerging Technological Risk Underpinning the Risk of Technology Innovation

    CERN Document Server

    Anderson, Stuart

    2012-01-01

    Classes of socio-technical hazards allow a characterization of the risk in technology innovation and clarify the mechanisms underpinning emergent technological risk. Emerging Technological Risk provides an interdisciplinary account of risk in socio-technical systems including hazards which highlight: ·         How technological risk crosses organizational boundaries, ·         How technological trajectories and evolution develop from resolving tensions emerging between social aspects of organisations and technologies and ·         How social behaviour shapes, and is shaped by, technology. Addressing an audience from a range of academic and professional backgrounds, Emerging Technological Risk is a key source for those who wish to benefit from a detail and methodical exposure to multiple perspectives on technological risk. By providing a synthesis of recent work on risk that captures the complex mechanisms that characterize the emergence of risk in technology innovation, Emerging Tec...

  7. TWO-LAYER SECURE PREVENTION MECHANISM FOR REDUCING E-COMMERCE SECURITY RISKS

    Directory of Open Access Journals (Sweden)

    Sen-Tarng Lai

    2015-12-01

    Full Text Available E-commerce is an important information system in the network and digital age. However, the network intrusion, malicious users, virus attack and system security vulnerabilities have continued to threaten the operation of the e-commerce, making e-commerce security encounter serious test. How to improve ecommerce security has become a topic worthy of further exploration. Combining routine security test and security event detection procedures, this paper proposes the Two-Layer Secure Prevention Mechanism (TLSPM. Applying TLSPM, routine security test procedure can identify security vulnerability and defect, and develop repair operations. Security event detection procedure can timely detect security event, and assist follow repair. TLSPM can enhance the e-commerce security and effectively reduce the security risk of e-commerce critical data and asset.

  8. Information Security: Past, Present and Future - Impact of Developments in Information Technology on Security

    NARCIS (Netherlands)

    Overbeek, P.L.

    1991-01-01

    The development of information security is addressed in relation to the development of information technology. The leading question is: how has information security developed itself so far, and how should it progress to address tomorrow's security needs. An overwiew is given of the use of informatio

  9. Information Security: Past, Present and Future - Impact of Developments in Information Technology on Security

    NARCIS (Netherlands)

    Overbeek, P.L.

    1991-01-01

    The development of information security is addressed in relation to the development of information technology. The leading question is: how has information security developed itself so far, and how should it progress to address tomorrow's security needs. An overwiew is given of the use of

  10. Security Risk Scoring Incorporating Computers' Environment

    Directory of Open Access Journals (Sweden)

    Eli Weintraub

    2016-04-01

    Full Text Available A framework of a Continuous Monitoring System (CMS is presented, having new improved capabilities. The system uses the actual real-time configuration of the system and environment characterized by a Configuration Management Data Base (CMDB which includes detailed information of organizational database contents, security and privacy specifications. The Common Vulnerability Scoring Systems' (CVSS algorithm produces risk scores incorporating information from the CMDB. By using the real updated environmental characteristics the system enables achieving accurate scores compared to existing practices. Framework presentation includes systems' design and an illustration of scoring computations.

  11. Key Technologies and Applications of Secure Multiparty Computation

    Directory of Open Access Journals (Sweden)

    Xiaoqiang Guo

    2013-07-01

    Full Text Available With the advent of the information age, the network security is particularly important. The secure multiparty computation is a very important branch of cryptography. It is a hotspot in the field of information security. It expanded the scope of the traditional distributed computing and information security, provided a new computing model for the network collaborative computing. First we introduced several key technologies of secure multiparty computation: secret sharing and verifiable secret sharing, homomorphic public key cryptosystem, mix network, zero knowledge proof, oblivious transfer, millionaire protocol. Second we discussed the applications of secure multiparty computation in electronic voting, electronic auctions, threshold signature, database queries, data mining, mechanical engineering and other fields.

  12. International Energy Security Indicators and Turkey’s Energy Security Risk Score

    OpenAIRE

    2014-01-01

    Energy security has been a priority for many countries. What makes energy security that important is; its bilateral relationship with economic, political, social, environmental sustainability and military issues. As an inevitable consequence of globalization cooperation in the field has been a must and it is required international energy security indicators to make energy security risk evaluations in order to establish adequate policies. The aim of the study is to review energy security withi...

  13. The security and recent technology of quantum key distribution

    Institute of Scientific and Technical Information of China (English)

    WANG Xiang-bin; YING Hao; MA Huai-xing; PENG Cheng-zhi; YANG Tao; PAN Jian-wei

    2006-01-01

    In principle,quantum key distribution (QKD)can be used to make unconditionally secure private communication.However,the security of the existing real system for QKD needs to be carefully examined.Actually,the existing experiments based on weak coherent states are not secure under photon-number-splitting attack.Fortunately,the decoy-state method and the entanglement-distribution method can be used to realize the unconditionally secure QKD based on real-life systems with existing technology.

  14. Empirical analysis on risk of security investment

    Institute of Scientific and Technical Information of China (English)

    AN Peng; LI Sheng-hong

    2009-01-01

    The paper analyzes the theory and application of Markowitz Mean-Variance Model and CAPM model. Firstly, it explains the development process and standpoints of two models and deduces the whole process in detail. Then 30 stocks are choosen from Shangzheng 50 stocks and are testified whether the prices of Shanghai stocks conform to the two models. With the technique of time series and panel data analysis, the research on the stock risk and effective portfolio by ORIGIN and MATLAB software is conducted. The result shows that Shanghai stock market conforms to Markowitz Mean-Variance Model to a certain extent and can give investors reliable suggestion to gain higher return, but there is no positive relation between system risk and profit ratio and CAPM doesn't function well in China's security market.

  15. On the Horizon: New Advances in Security Technology

    Science.gov (United States)

    Gamble, Cheryl

    2005-01-01

    The worlds of security and technology have been on an intersecting course since the first published account of the use of fingerprint identification made news in 1880 (although unpublished reports suggest its use as early as 1858). In the three and one half years since the September 11 attacks, technological advances across the security field have…

  16. New Technology's Surprising Security Threats. Building Digital Libraries

    Science.gov (United States)

    Huwe, Terence

    2005-01-01

    In recent years, security issues have increasingly come to dominate the technological development process--although still in a more reactive than proactive mode. It now seems more important than ever to monitor security trends and policy developments, especially if technology is regarded as a potential community builder. This article suggests…

  17. Secure Multiparty Computation for Cooperative Cyber Risk Assessment

    Science.gov (United States)

    2016-11-01

    Secure Multiparty Computation for Cooperative Cyber Risk Assessment Kyle Hogan, Noah Luther, Nabil Schear, Emily Shen, Sophia Yakoubov, Arkady...Malacaria. How to spend it: Optimal investment for cyber security . In Proceedings of the 1st International Workshop on Agents and CyberSecurity...common problem organizations face is determining which security updates to perform and patches to apply to minimize the risk of potential vulnerabilities

  18. FlySec: a risk-based airport security management system based on security as a service concept

    Science.gov (United States)

    Kyriazanos, Dimitris M.; Segou, Olga E.; Zalonis, Andreas; Thomopoulos, Stelios C. A.

    2016-05-01

    Complementing the ACI/IATA efforts, the FLYSEC European H2020 Research and Innovation project (http://www.fly-sec.eu/) aims to develop and demonstrate an innovative, integrated and end-to-end airport security process for passengers, enabling a guided and streamlined procedure from the landside to airside and into the boarding gates, and offering for an operationally validated innovative concept for end-to-end aviation security. FLYSEC ambition turns through a well-structured work plan into: (i) innovative processes facilitating risk-based screening; (ii) deployment and integration of new technologies and repurposing existing solutions towards a risk-based Security paradigm shift; (iii) improvement of passenger facilitation and customer service, bringing security as a real service in the airport of tomorrow;(iv) achievement of measurable throughput improvement and a whole new level of Quality of Service; and (v) validation of the results through advanced "in-vitro" simulation and "in-vivo" pilots. On the technical side, FLYSEC achieves its ambitious goals by integrating new technologies on video surveillance, intelligent remote image processing and biometrics combined with big data analysis, open-source intelligence and crowdsourcing. Repurposing existing technologies is also in the FLYSEC objectives, such as mobile application technologies for improved passenger experience and positive boarding applications (i.e. services to facilitate boarding and landside/airside way finding) as well as RFID for carry-on luggage tracking and quick unattended luggage handling. In this paper, the authors will describe the risk based airport security management system which powers FLYSEC intelligence and serves as the backend on top of which FLYSEC's front end technologies reside for security services management, behaviour and risk analysis.

  19. Security Service Technology for Mobile Networks

    Institute of Scientific and Technical Information of China (English)

    Aiqun Hu; Tao Li; Mingfu Xue

    2011-01-01

    As mobile networks become high speed and attain an all-IP structure, more services are possible. This brings about many new security requirements that traditional security programs cannot handle. This paper analyzes security threats and the needs of 3G/4G mobile networks, and then proposes a novel protection scheme for them based on their whole structure. In this scheme, a trusted computing environment is constructed on the mobile terminal side by combining software validity verification with access control. At the security management center, security services such as validity verification and integrity check are provided to mobile terminals. In this way, terminals and the network as a whole are secured to a much greater extent. This paper also highlights problems to be addressed in future research and development.

  20. Common Structures of Asset-Backed Securities and Their Risks

    OpenAIRE

    Tarun Sabarwal

    2005-01-01

    In recent years, one area of growing concern in corporate governance is the accounting and transfer of risk using special purpose entities (or trusts). Such entities are used widely in issuing asset-backed securities. This paper provides an overview of the asset-backed securities market, and discusses the common structures used in this market to transform the risks associated with the underlying collateral into risks associated with the issued securities. Understanding these structures is ess...

  1. Reducing software security risk through an integrated approach research initiative model based verification of the Secure Socket Layer (SSL) Protocol

    Science.gov (United States)

    Powell, John D.

    2003-01-01

    This document discusses the verification of the Secure Socket Layer (SSL) communication protocol as a demonstration of the Model Based Verification (MBV) portion of the verification instrument set being developed under the Reducing Software Security Risk (RSSR) Trough an Integrated Approach research initiative. Code Q of the National Aeronautics and Space Administration (NASA) funds this project. The NASA Goddard Independent Verification and Validation (IV&V) facility manages this research program at the NASA agency level and the Assurance Technology Program Office (ATPO) manages the research locally at the Jet Propulsion Laboratory (California institute of Technology) where the research is being carried out.

  2. Reducing software security risk through an integrated approach research initiative model based verification of the Secure Socket Layer (SSL) Protocol

    Science.gov (United States)

    Powell, John D.

    2003-01-01

    This document discusses the verification of the Secure Socket Layer (SSL) communication protocol as a demonstration of the Model Based Verification (MBV) portion of the verification instrument set being developed under the Reducing Software Security Risk (RSSR) Trough an Integrated Approach research initiative. Code Q of the National Aeronautics and Space Administration (NASA) funds this project. The NASA Goddard Independent Verification and Validation (IV&V) facility manages this research program at the NASA agency level and the Assurance Technology Program Office (ATPO) manages the research locally at the Jet Propulsion Laboratory (California institute of Technology) where the research is being carried out.

  3. Agricultural Technology, Risk, and Gender

    DEFF Research Database (Denmark)

    Arndt, Channing; Tarp, Finn

    2000-01-01

    Interactions between agricultural technology improvements, risk-reducing behavior, and gender roles in agricultural production in Mozambique are examined. The analysis employs a computable general equilibrium (CGE) model that explicitly incorporates key features of the economy. These include......: detailed accounting of marketing margins, home consumption, risk, and gender roles in agricultural production. Our results show that agricultural technology improvements benefit both male and female occupants of rural households. Due to economic interactions, agricultural technology improvements...

  4. Web 2.0 Technologies and Social Networking Security Fears in Enterprises

    Directory of Open Access Journals (Sweden)

    Fernando Almeida

    2012-02-01

    Full Text Available Web 2.0 systems have drawn the attention of corporation, many of which now seek to adopt Web 2.0 technologies and transfer its benefits to their organizations. However, with the number of different social networking platforms appearing, privacy and security continuously has to be taken into account and looked at from different perspectives. This paper presents the most common security risks faced by the major Web 2.0 applications. Additionally, it introduces the most relevant paths and best practices to avoid these identified security risks in a corporate environment.

  5. Wearable Technology Devices Security and Privacy Vulnerability Analysis

    Directory of Open Access Journals (Sweden)

    Ke Wan Ching

    2016-05-01

    Full Text Available Wearable Technology also called wearable gadget, is acategory of technology devices with low processing capabilities that can be worn by a user with the aim to provide information and ease of access to the master devices its pairing with. Such examples are Google Glass and Smart watch. The impact of wearable technology becomes significant when people start their invention in wearable computing, where their mobile devices become one of the computation sources. However, wearable technology is not mature yet in term of device security and privacy acceptance of the public. There exists some security weakness that prompts such wearable devices vulnerable to attack. One of the critical attack on wearable technology is authentication issue. The low processing due to less computing power of wearable device causethe developer's inability to equip some complicated security mechanisms and algorithm on the device.In this study, an overview of security and privacy vulnerabilities on wearable devices is presented.

  6. 76 FR 78009 - Information Collection; Implementation of Information Technology Security Provision

    Science.gov (United States)

    2011-12-15

    ... ADMINISTRATION Information Collection; Implementation of Information Technology Security Provision AGENCY... new information collection requirement regarding Implementation of Information Technology Security... of Information Technology Security Provision,'' under the heading ``Enter Keyword or ID''...

  7. Risk Based Security Management at Research Reactors

    Energy Technology Data Exchange (ETDEWEB)

    Ek, David R. [Sandia National Laboratories (SNL-NM), Albuquerque, NM (United States)

    2015-09-01

    This presentation provides a background of what led to the international emphasis on nuclear security and describes how nuclear security is effectively implemented so as to preserve the societal benefits of nuclear and radioactive materials.

  8. Information Security Risk Management: An Intelligence-Driven Approach

    Directory of Open Access Journals (Sweden)

    Jeb Webb

    2014-11-01

    Full Text Available Three deficiencies exist in the organisational practice of information security risk management: risk assessments are commonly perfunctory, security risks are estimated without investigation; risk is assessed on an occasional (as opposed to continuous basis. These tendencies indicate that important data is being missed and that the situation awareness of decision-makers in many organisations is currently inadequate. This research-in-progress paper uses Endsley's situation awareness theory, and examines how the structure and functions of the US national security intelligence enterprise—a revelatory case of enterprise situation awareness development in security and risk management—correspond with Endsley’s theoretical model, and how facets of the US enterprise might be adapted to improve situation awareness in the information security risk management process of organisations.

  9. Crime and Security Risk: Background Information for Security Personnel

    Science.gov (United States)

    1993-08-01

    Monterey, CA: Defense Personnel Security Research and Education Center. 69. Hare, R. D., Hart, S. D., & Harpur, T. J. (1991). Psychopathy and the DSM-IV...Predictors of psychopathy and release outcome in a criminal population. Psycho- logical Assessment: A Journal of Consulting and Clinical Psychology, 4, 419

  10. A Risk Management Process for Consumers: The Next Step in Information Security

    NARCIS (Netherlands)

    van Cleeff, A.

    2010-01-01

    Simply by using information technology, consumers expose themselves to considerable security risks. Because no technical or legal solutions are readily available, and awareness programs have limited impact, the only remedy is to develop a risk management process for consumers. Consumers need to

  11. Improving organisational resilience through enterprise security risk management.

    Science.gov (United States)

    Petruzzi, John; Loyear, Rachelle

    Enterprise Security Risk Management (ESRM) is a new philosophy and method of managing security programmes through the use of traditional risk principles. As a philosophy and life cycle, ESRM is focused on creating a business partnership between security practitioners and business leaders to more effectively provide protection against security risks in line with acceptable risk tolerances as defined by business asset owners and stakeholders. This paper explores the basics of the ESRM philosophy and life cycle and also shows how embracing the ESRM philosophy and implementing a risk-based security management model in the business organisation can lead to higher levels of organisational resilience as desired by organisation leaders, executives and the board of directors.

  12. Agricultural Technology, Risk, and Gender

    DEFF Research Database (Denmark)

    Arndt, Channing; Tarp, Finn

    2000-01-01

    Interactions between agricultural technology improvements, risk-reducing behavior, and gender roles in agricultural production in Mozambique are examined. The analysis employs a computable general equilibrium (CGE) model that explicitly incorporates key features of the economy. These include...

  13. Security Risks and Protection in Online Learning: A Survey

    Directory of Open Access Journals (Sweden)

    Yong Chen

    2013-12-01

    Full Text Available This paper describes a survey of online learning which attempts to determine online learning providers’ awareness of potential security risks and the protection measures that will diminish them. The authors use a combination of two methods: blog mining and a traditional literature search. The findings indicate that, while scholars have identified diverse security risks and have proposed solutions to mitigate the security threats in online learning, bloggers have not discussed security in online learning with great frequency. The differences shown in the survey results generated by the two different methods confirm that online learning providers and practitioners have not considered security as a top priority. The paper also discusses the next generation of an online learning system: a safer personal learning environment which requires a one-stop solution for authentication, assures the security of online assessments, and balances security and usability.

  14. Database security and encryption technology research and application

    Science.gov (United States)

    Zhu, Li-juan

    2013-03-01

    The main purpose of this paper is to discuss the current database information leakage problem, and discuss the important role played by the message encryption techniques in database security, As well as MD5 encryption technology principle and the use in the field of website or application. This article is divided into introduction, the overview of the MD5 encryption technology, the use of MD5 encryption technology and the final summary. In the field of requirements and application, this paper makes readers more detailed and clearly understood the principle, the importance in database security, and the use of MD5 encryption technology.

  15. Secure messaging via the cloud and mobile devices: data security issues emerge with new technologies.

    Science.gov (United States)

    Prestigiacomo, Jennifer

    2011-05-01

    The secure messaging space is alive with new innovations that are moving the industry forward. Key in this space is the push toward moving secure messaging to the cloud and pushing it out to mobile devices. Among the examples are solutions that allow physicians to receive encrypted email on mobile devices, as well as ones that allow doctors to securely text-message each other to coordinate care. However, the security issues around these emerging technologies in this very active space must be further explored.

  16. A risk management model for securing virtual healthcare communities.

    Science.gov (United States)

    Chryssanthou, Anargyros; Varlamis, Iraklis; Latsiou, Charikleia

    2011-01-01

    Virtual healthcare communities aim to bring together healthcare professionals and patients, improve the quality of healthcare services and assist healthcare professionals and researchers in their everyday activities. In a secure and reliable environment, patients share their medical data with doctors, expect confidentiality and demand reliable medical consultation. Apart from a concrete policy framework, several ethical, legal and technical issues must be considered in order to build a trustful community. This research emphasises on security issues, which can arise inside a virtual healthcare community and relate to the communication and storage of data. It capitalises on a standardised risk management methodology and a prototype architecture for healthcare community portals and justifies a security model that allows the identification, estimation and evaluation of potential security risks for the community. A hypothetical virtual healthcare community is employed in order to portray security risks and the solutions that the security model provides.

  17. Applying New Network Security Technologies to SCADA Systems.

    Energy Technology Data Exchange (ETDEWEB)

    Hurd, Steven A; Stamp, Jason Edwin; Duggan, David P; Chavez, Adrian R.

    2006-11-01

    Supervisory Control and Data Acquisition (SCADA) systems for automation are very important for critical infrastructure and manufacturing operations. They have been implemented to work in a number of physical environments using a variety of hardware, software, networking protocols, and communications technologies, often before security issues became of paramount concern. To offer solutions to security shortcomings in the short/medium term, this project was to identify technologies used to secure "traditional" IT networks and systems, and then assess their efficacy with respect to SCADA systems. These proposed solutions must be relatively simple to implement, reliable, and acceptable to SCADA owners and operators. 4This page intentionally left blank.

  18. The Institute for Security Technology Studies (ISTS): overview

    Science.gov (United States)

    Kotz, David F.

    2004-09-01

    The Institute for Security Technology Studies (ISTS) was founded at Dartmouth College in 2000 as a national center of security research and development. The Institute conducts interdisciplinary research and development projects addressing the challenges of cyber and homeland security, to protect the integrity of the Internet, computer networks, and other interdependent information infrastructures. ISTS also develops technology for providing the information and tools necessary to assist communities and first responders with the evolving, complex security landscape. ISTS is a member of and administers the Institute for Information Infrastructure Protection (I3P), a consortium of 24 leading academic institutions, non-profits and federal laboratories that brings industry, academia and government together to articulate and focus on problems that need to be solved to help ensure the nation's information infrastructure is safe, secure, and robust.

  19. National security risks? Uncertainty, austerity and other logics of risk in the UK government’s National Security Strategy

    NARCIS (Netherlands)

    Hammerstad, A.; Boas, I.J.C.

    2015-01-01

    Risk scholars within Security Studies have argued that the concept of security has gone through a fundamental transformation away from a threat-based conceptualisation of defence, urgency
    and exceptionality to one of preparedness, precautions and prevention of future risks, some of which are cal

  20. Assessing security technology's impact: old tools for new problems.

    Science.gov (United States)

    Kreissl, Reinhard

    2014-09-01

    The general idea developed in this paper from a sociological perspective is that some of the foundational categories on which the debate about privacy, security and technology rests are blurring. This process is a consequence of a blurring of physical and digital worlds. In order to define limits for legitimate use of intrusive digital technologies, one has to refer to binary distinctions such as private versus public, human versus technical, security versus insecurity to draw differences determining limits for the use of surveillance technologies. These distinctions developed in the physical world and are rooted in a cultural understanding of pre-digital culture. Attempts to capture the problems emerging with the implementation of security technologies using legal reasoning encounter a number of problems since law is by definition oriented backwards, adapting new developments to existing traditions, whereas the intrusion of new technologies in the physical world produces changes and creates fundamentally new problems.

  1. A study of the security technology and a new security model for WiFi network

    Science.gov (United States)

    Huang, Jing

    2013-07-01

    The WiFi network is one of the most rapidly developing wireless communication networks, which makes wireless office and wireless life possible and greatly expands the application form and scope of the internet. At the same time, the WiFi network security has received wide attention, and this is also the key factor of WiFi network development. This paper makes a systematic introduction to the WiFi network and WiFi network security problems, and the WiFi network security technology are reviewed and compared. In order to solve the security problems in WiFi network, this paper presents a new WiFi network security model and the key exchange algorithm. Experiments are performed to test the performance of the model, the results show that the new security model can withstand external network attack and ensure stable and safe operation of WiFi network.

  2. Security breaches: tips for assessing and limiting your risks.

    Science.gov (United States)

    Coons, Leeanne R

    2011-01-01

    As part of their compliance planning, medical practices should undergo a risk assessment to determine any vulnerability within the practice relative to security breaches. Practices should also implement safeguards to limit their risks. Such safeguards include facility access controls, information and electronic media management, use of business associate agreements, and education and enforcement. Implementation of specific policies and procedures to address security incidents is another critical step that medical practices should take as part of their security incident prevention plan. Medical practices should not only develop policies and procedures to prevent, detect, contain, and correct security violations, but should make sure that such policies and procedures are actually implemented in their everyday operations.

  3. Applications of nuclear safety probabilistic risk assessment to nuclear security for optimized risk mitigation

    Energy Technology Data Exchange (ETDEWEB)

    Donnelly, S.K.; Harvey, S.B. [Amec Foster Wheeler, Toronto, Ontario (Canada)

    2016-06-15

    Critical infrastructure assets such as nuclear power generating stations are potential targets for malevolent acts. Probabilistic methodologies can be applied to evaluate the real-time security risk based upon intelligence and threat levels. By employing this approach, the application of security forces and other protective measures can be optimized. Existing probabilistic safety analysis (PSA) methodologies and tools employed. in the nuclear industry can be adapted to security applications for this purpose. Existing PSA models can also be adapted and enhanced to consider total plant risk, due to nuclear safety risks as well as security risks. By creating a Probabilistic Security Model (PSM), safety and security practitioners can maximize the safety and security of the plant while minimizing the significant costs associated with security upgrades and security forces. (author)

  4. Three Essays on Information Technology Security Management in Organizations

    Science.gov (United States)

    Gupta, Manish

    2011-01-01

    Increasing complexity and sophistication of ever evolving information technologies has spurred unique and unprecedented challenges for organizations to protect their information assets. Companies suffer significant financial and reputational damage due to ineffective information technology security management, which has extensively been shown to…

  5. Three Essays on Information Technology Security Management in Organizations

    Science.gov (United States)

    Gupta, Manish

    2011-01-01

    Increasing complexity and sophistication of ever evolving information technologies has spurred unique and unprecedented challenges for organizations to protect their information assets. Companies suffer significant financial and reputational damage due to ineffective information technology security management, which has extensively been shown to…

  6. Massachusetts Institute of Technology Security Studies Program

    Science.gov (United States)

    2006-01-01

    postdoctoral fellowships at the Olin Institute for Strategic Studies at Harvard University and the Center for International Security and Cooperation...government and business have frequently invited him to speak on Middle Eastern affairs. JEANNE GUILLEMIN’s training in sociology and anthropology led to her...been the recipient of several scholarships and awards, including two NATO Fellowships and two Fulbright Scholarships. In 1995, he was named to the

  7. Effective surveillance for homeland security balancing technology and social issues

    CERN Document Server

    Flammini, Francesco; Franceschetti, Giorgio

    2013-01-01

    Effective Surveillance for Homeland Security: Balancing Technology and Social Issues provides a comprehensive survey of state-of-the-art methods and tools for the surveillance and protection of citizens and critical infrastructures against natural and deliberate threats. Focusing on current technological challenges involving multi-disciplinary problem analysis and systems engineering approaches, it provides an overview of the most relevant aspects of surveillance systems in the framework of homeland security. Addressing both advanced surveillance technologies and the related socio-ethical issues, the book consists of 21 chapters written by international experts from the various sectors of homeland security. Part I, Surveillance and Society, focuses on the societal dimension of surveillance-stressing the importance of societal acceptability as a precondition to any surveillance system. Part II, Physical and Cyber Surveillance, presents advanced technologies for surveillance. It considers developing technologie...

  8. Dynamic security risk assessment and optimization of power transmission system

    Institute of Scientific and Technical Information of China (English)

    2008-01-01

    The paper presents a practical dynamic security region (PDSR) based dynamic security risk assessment and optimization model for power transmission system. The cost of comprehensive security control and the influence of uncertainties of power injections are considered in the model of dynamic security risk assessment. The transient stability constraints and uncertainties of power injections can be considered easily by PDSR in form of hyper-box. A method to define and classify contingency set is presented, and a risk control optimization model is given which takes total dynamic insecurity risk as the objective function for a dominant con-tingency set. An optimal solution of dynamic insecurity risk is obtained by opti-mizing preventive and emergency control cost and contingency set decomposition. The effectiveness of this model has been proved by test results on the New Eng-land 10-genarator 39-bus system.

  9. Interdependent Risk and Cyber Security: An Analysis of Security Investment and Cyber Insurance

    Science.gov (United States)

    Shim, Woohyun

    2010-01-01

    An increasing number of firms rely on highly interconnected information networks. In such environments, defense against cyber attacks is complicated by residual risks caused by the interdependence of information security decisions of firms. IT security is affected not only by a firm's own management strategies but also by those of others. This…

  10. Interdependent Risk and Cyber Security: An Analysis of Security Investment and Cyber Insurance

    Science.gov (United States)

    Shim, Woohyun

    2010-01-01

    An increasing number of firms rely on highly interconnected information networks. In such environments, defense against cyber attacks is complicated by residual risks caused by the interdependence of information security decisions of firms. IT security is affected not only by a firm's own management strategies but also by those of others. This…

  11. Management of information security risks in a federal public institution: a case study

    OpenAIRE

    Jackson Gomes Soares Souza; Carlos Hideo Arima; Renata Maria Nogueira de Oliveira; Getulio Akabane; Napoleão Verardi Galegale

    2016-01-01

    Public institutions bound to the Brazilian federal public sector must apply security measures, policies, procedures and guidelines as information assets protection measures. This case study sought to determine whether the management of information security risks is applied in a federal public institution according to Information Technology (I.T.) managers perceptions and the results expose the importance of the roles played by people, responsibilities, policies, standards, procedures and thei...

  12. Using Financial Instruments to Transfer the Information Security Risks

    Directory of Open Access Journals (Sweden)

    Pankaj Pandey

    2016-05-01

    Full Text Available For many individuals and organizations, cyber-insurance is the most practical and only way of handling a major financial impact of an information security event. However, the cyber-insurance market suffers from the problem of information asymmetry, lack of product diversity, illiquidity, high transaction cost, and so on. On the other hand, in theory, capital market-based financial instruments can provide a risk transfer mechanism with the ability to absorb the adverse impact of an information security event. Thus, this article addresses the limitations in the cyber-(reinsurance markets with a set of capital market-based financial instruments. This article presents a set of information security derivatives, namely options, vanilla options, swap, and futures that can be traded at an information security prediction market. Furthermore, this article demonstrates the usefulness of information security derivatives in a given scenario and presents an evaluation of the same in comparison with cyber-insurance. In our analysis, we found that the information security derivatives can at least be a partial solution to the problems in the cyber-insurance markets. The information security derivatives can be used as an effective tool for information elicitation and aggregation, cyber risk pricing, risk hedging, and strategic decision making for information security risk management.

  13. 76 FR 41278 - Cargo Security Risk Reduction; Public Listening Sessions

    Science.gov (United States)

    2011-07-13

    ... SECURITY Coast Guard Cargo Security Risk Reduction; Public Listening Sessions AGENCY: Coast Guard, DHS..., transfer, and storage of Certain Dangerous Cargo (CDC) in bulk within the U.S. Marine Transportation System....Bergan@uscg.mil . SUPPLEMENTARY INFORMATION: Background In September 2009, the Coast Guard held a...

  14. External Service Providers to the National Security Technology Incubator

    Energy Technology Data Exchange (ETDEWEB)

    None

    2008-02-28

    This report documents the identification and assessment of external service providers to the National Security Technology Incubator (NSTI) program for southern New Mexico. The NSTI is being developed as part of the National Security Preparedness Project (NSPP), funded by a Department of Energy (DOE)/National Nuclear Security Administration (NNSA) grant to Arrowhead Center, New Mexico State University. This report contains 1) a summary of the services to be provided by NSTI; 2) organizational descriptions of external service providers; and 3) a comparison of NSTI services and services offered by external providers.

  15. ArgueSecure: Out-of-the-box Risk Assessment

    NARCIS (Netherlands)

    Ionita, Dan; Kegel, Roeland; Wieringa, Roel; Baltuta, Andrei

    2016-01-01

    Most established security risk assessment methodologies aim to produce ranked lists of risks. But ranking requires quantification of risks, which in turn relies on data which may not be available or estimations which might not be accurate. As an alternative, we have previously proposed argumentation

  16. Information security risk management for ISO27001/ISO27002

    CERN Document Server

    Calder, A; Watkins, S

    2010-01-01

    Drawing on international best practice, including ISO/IEC 27005, NIST SP800-30 and BS7799-3, the book explains in practical detail how to carry out an information security risk assessment. It covers key topics, such as risk scales, threats and vulnerabilities, selection of controls, and roles and responsibilities, and includes advice on choosing risk assessment software.

  17. Acceptance Factors Influencing Adoption of National Institute of Standards and Technology Information Security Standards: A Quantitative Study

    Science.gov (United States)

    Kiriakou, Charles M.

    2012-01-01

    Adoption of a comprehensive information security governance model and security controls is the best option organizations may have to protect their information assets and comply with regulatory requirements. Understanding acceptance factors of the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) comprehensive…

  18. Acceptance Factors Influencing Adoption of National Institute of Standards and Technology Information Security Standards: A Quantitative Study

    Science.gov (United States)

    Kiriakou, Charles M.

    2012-01-01

    Adoption of a comprehensive information security governance model and security controls is the best option organizations may have to protect their information assets and comply with regulatory requirements. Understanding acceptance factors of the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) comprehensive…

  19. Technology for low-cost PIR security sensors

    Science.gov (United States)

    Liddiard, Kevin C.

    2008-03-01

    Current passive infrared (PIR) security sensors employing pyroelectric detectors are simple, cheap and reliable, but have several deficiencies. These sensors, developed two decades ago, are essentially short-range moving-target hotspot detectors. They cannot detect slow temperature changes, and thus are unable to respond to radiation stimuli indicating potential danger such as overheating electrical appliances and developing fires. They have a poor optical resolution and limited ability to recognize detected targets. Modern uncooled thermal infrared technology has vastly superior performance but as yet is too costly to challenge the PIR security sensor market. In this paper microbolometer technology will be discussed which can provide enhanced performance at acceptable cost. In addition to security sensing the technology has numerous applications in the military, industrial and domestic markets where target range is short and low cost is paramount.

  20. 78 FR 14101 - Homeland Security Science and Technology Advisory Committee (HSSTAC)

    Science.gov (United States)

    2013-03-04

    ... systems engineering, cyber-security, knowledge management and how best to leverage related technologies... Security and the evolution of the Cyber Security Division of DHS S&T. The committee will review the... SECURITY Homeland Security Science and Technology Advisory Committee (HSSTAC) AGENCY: Science...

  1. A SURVEY REPORT ON VPN SECURITY & ITS TECHNOLOGIES

    Directory of Open Access Journals (Sweden)

    JAYANTHI GOKULAKRISHNAN

    2014-08-01

    Full Text Available Virtual Private Network (VPN is a communication network which provides secure data transmission in an unsecured or public network by using any combination of technologies. A virtual connection is made across the users who are geographically dispersed and networks over a shared or public network, like the Internet. Even though the data is transmitted in a public network, VPN provides an impression as if the data is transmitted through private connection. This paper provides a survey report on VPN security and its technologies.

  2. Security Risk Assessment Process for UAS in the NAS CNPC Architecture

    Science.gov (United States)

    Iannicca, Dennis Christopher; Young, Daniel Paul; Suresh, Thadhani; Winter, Gilbert A.

    2013-01-01

    This informational paper discusses the risk assessment process conducted to analyze Control and Non-Payload Communications (CNPC) architectures for integrating civil Unmanned Aircraft Systems (UAS) into the National Airspace System (NAS). The assessment employs the National Institute of Standards and Technology (NIST) Risk Management framework to identify threats, vulnerabilities, and risks to these architectures and recommends corresponding mitigating security controls. This process builds upon earlier work performed by RTCA Special Committee (SC) 203 and the Federal Aviation Administration (FAA) to roadmap the risk assessment methodology and to identify categories of information security risks that pose a significant impact to aeronautical communications systems. A description of the deviations from the typical process is described in regards to this aeronautical communications system. Due to the sensitive nature of the information, data resulting from the risk assessment pertaining to threats, vulnerabilities, and risks is beyond the scope of this paper

  3. Cyber security evaluation of II&C technologies

    Energy Technology Data Exchange (ETDEWEB)

    Thomas, Ken [Idaho National Laboratory (INL), Idaho Falls, ID (United States)

    2014-11-01

    The Light Water Reactor Sustainability (LWRS) Program is a research and development program sponsored by the Department of Energy, which is conducted in close collaboration with industry to provide the technical foundations for licensing and managing the long-term, safe and economical operation of current nuclear power plants The LWRS Program serves to help the US nuclear industry adopt new technologies and engineering solutions that facilitate the continued safe operation of the plants and extension of the current operating licenses. Within the LWRS Program, the Advanced Instrumentation, Information, and Control (II&C) Systems Technologies Pathway conducts targeted research and development (R&D) to address aging and reliability concerns with the legacy instrumentation and control and related information systems of the U.S. operating light water reactor (LWR) fleet. The II&C Pathway is conducted by Idaho National Laboratory (INL). Cyber security is a common concern among nuclear utilities and other nuclear industry stakeholders regarding the digital technologies that are being developed under this program. This concern extends to the point of calling into question whether these types of technologies could ever be deployed in nuclear plants given the possibility that the information in them can be compromised and the technologies themselves can potentially be exploited to serve as attack vectors for adversaries. To this end, a cyber security evaluation has been conducted of these technologies to determine whether they constitute a threat beyond what the nuclear plants already manage within their regulatory-required cyber security programs. Specifically, the evaluation is based on NEI 08-09, which is the industry’s template for cyber security programs and evaluations, accepted by the Nuclear Regulatory Commission (NRC) as responsive to the requirements of the nuclear power plant cyber security regulation found in 10 CFR 73.54. The evaluation was conducted by a

  4. Cyber Security Evaluation of II&C Technologies

    Energy Technology Data Exchange (ETDEWEB)

    Ken Thomas

    2014-11-01

    The Light Water Reactor Sustainability (LWRS) Program is a research and development program sponsored by the Department of Energy, which is conducted in close collaboration with industry to provide the technical foundations for licensing and managing the long-term, safe and economical operation of current nuclear power plants The LWRS Program serves to help the US nuclear industry adopt new technologies and engineering solutions that facilitate the continued safe operation of the plants and extension of the current operating licenses. Within the LWRS Program, the Advanced Instrumentation, Information, and Control (II&C) Systems Technologies Pathway conducts targeted research and development (R&D) to address aging and reliability concerns with the legacy instrumentation and control and related information systems of the U.S. operating light water reactor (LWR) fleet. The II&C Pathway is conducted by Idaho National Laboratory (INL). Cyber security is a common concern among nuclear utilities and other nuclear industry stakeholders regarding the digital technologies that are being developed under this program. This concern extends to the point of calling into question whether these types of technologies could ever be deployed in nuclear plants given the possibility that the information in them can be compromised and the technologies themselves can potentially be exploited to serve as attack vectors for adversaries. To this end, a cyber security evaluation has been conducted of these technologies to determine whether they constitute a threat beyond what the nuclear plants already manage within their regulatory-required cyber security programs. Specifically, the evaluation is based on NEI 08-09, which is the industry’s template for cyber security programs and evaluations, accepted by the Nuclear Regulatory Commission (NRC) as responsive to the requirements of the nuclear power plant cyber security regulation found in 10 CFR 73.54. The evaluation was conducted by a

  5. Security Management System for Oilfield Based on GSM Technology

    Directory of Open Access Journals (Sweden)

    Batchu Spandana,

    2011-06-01

    Full Text Available Security Management at the industries mainly during the night times at the oil field is a critical task for the security people. Checking for the oil thefting, power failure, temperature range checking, tilt checking of the tanks, leakage of oil by rotating the pump done by the thieves is a critical task for the security people. To improve the security level by implantation of wireless embedded technology will solve this problem. By reducing the manual power, at the site locations, and by improving the security level with the help of GSM based wireless technology which consist of transmitter (GSM modem at the site location and receiver is the GSM mobile. Information transmitted by the GSM modem at the plant location will be sent to the respective person’s mobile as a text message. The security people will take appropriate action according to the problem. For this we are used LPC2148 (ARM7 based microcontroller, which is the current dominant microcontroller in mobile based products and Softwaredevelopment tools as Keil, flash magic for loading hex file into the microcontroller.

  6. A Model for an Information Security Risk Management (ISRM) Framework for Saudi Arabian Organisations

    Science.gov (United States)

    Alshareef, Naser

    2016-01-01

    Countries in the Gulf represent thriving, globally important commercial centres. They have embraced technology and modern management methods, often originating in the western countries. In adapting to quite different cultures these do not always operate as successfully. The adoption and practices of the Information Security Risk Management (ISRM)…

  7. Social Security and the Interactions Between Aggregate and Idiosyncratic Risk

    OpenAIRE

    Harenberg, Daniel; Ludwig, Alexander

    2014-01-01

    We ask whether a PAYG-financed social security system is welfare improving in an economy with idiosyncratic and aggregate risk. We argue that interactions between the two risks are important for this question. One is a direct interaction in the form of a countercyclical variance of idiosyncratic income risk. The other indirectly emerges over a household's life-cycle because retirement savings contain the history of idiosyncratic and aggregate shocks. We show that this leads to risk interactio...

  8. PERSEUS Technology: New Trends in Information and Communication Security

    CERN Document Server

    Filiol, Eric

    2011-01-01

    Using cryptography to protect information and communication has bacically two major drawbacks. First, the specific entropy profile of encrypted data makes their detection very easy. Second, the use of cryptography can be more or less regulated, not to say forbidden, according to the countries. If the right to freely protect our personal and private data is a fundamental right, it must not hinder the action of Nation States with respect to National security. Allowing encryption to citizens holds for bad guys as well. In this paper we propose a new approach in information and communication security that may solve all these issues, thus representing a rather interesting trade-off between apparently opposite security needs. We introduce the concept of scalable security based on computationnally hard problem of coding theory with the PERSEUS technology. The core idea is to encode date with variable punctured convolutional codes in such a way that any cryptanalytic attempt will require a time-consuming encoder reco...

  9. Security technologies and protocols for Asynchronous Transfer Mode networks

    Energy Technology Data Exchange (ETDEWEB)

    Tarman, T.D.

    1996-06-01

    Asynchronous Transfer Mode (ATM) is a new data communications technology that promises to integrate voice, video, and data traffic into a common network infrastructure. In order to fully utilize ATM`s ability to transfer real-time data at high rates, applications will start to access the ATM layer directly. As a result of this trend, security mechanisms at the ATM layer will be required. A number of research programs are currently in progress which seek to better understand the unique issues associated with ATM security. This paper describes some of these issues, and the approaches taken by various organizations in the design of ATM layer security mechanisms. Efforts within the ATM Forum to address the user communities need for ATM security are also described.

  10. Systems and technologies for enhanced coastal maritime security

    Science.gov (United States)

    Carapezza, Edward M.; Bucklin, Ann

    2008-04-01

    This paper describes a design for an innovative command and control system for an intelligent coastal maritime security system. The architecture for this intelligent coastal maritime security system is derived from the forth generation real-time control (RCS) system architecture1 developed by the National Institute of Science and Technology (NIST) over the past twenty years. This command and control system is a decision support system for real-time monitoring, response and training for security scenarios that can be hosted at various locations along the coast of the United States where homeland security surveillance and response activities are required. Additionally, this paper describes the design for a derivative real-time simulation based environment that can be used as a state-of-art test bed for developing new hardware and software components to be integrated into previous versions of deployed real-time control systems.

  11. Marketing Plan for the National Security Technology Incubator

    Energy Technology Data Exchange (ETDEWEB)

    None

    2008-03-31

    This marketing plan was developed as part of the National Security Preparedness Project by the Arrowhead Center of New Mexico State University. The vision of the National Security Technology Incubator program is to be a successful incubator of technologies and private enterprise that assist the NNSA in meeting new challenges in national safety and security. The plan defines important aspects of developing the incubator, such as defining the target market, marketing goals, and creating strategies to reach the target market while meeting those goals. The three main marketing goals of the incubator are: 1) developing marketing materials for the incubator program; 2) attracting businesses to become incubator participants; and 3) increasing name recognition of the incubator program on a national level.

  12. Adversarial risks in social experiments with new technologies

    NARCIS (Netherlands)

    Pieters, Wolter; Dechesne, Francien; van der Poel, Ibo; Asveld, Lotte; Mehos, Donna C.

    2017-01-01

    Studies that approach the deployment of new technologies as social experiments have mostly focused on unintentional effects, notably safety. We argue for the inclusion of adversarial risks or security aspects that are the result of intentional, strategic behavior of actors, who aim at using the tech

  13. Adversarial risks in social experiments with new technologies

    NARCIS (Netherlands)

    Pieters, Wolter; Dechesne, Francien; Poel, van de Ibo; Asveld, Lotte; Mehos, Donna C.

    2017-01-01

    Studies that approach the deployment of new technologies as social experiments have mostly focused on unintentional effects, notably safety. We argue for the inclusion of adversarial risks or security aspects that are the result of intentional, strategic behavior of actors, who aim at using the tech

  14. Adversarial risks in social experiments with new technologies

    NARCIS (Netherlands)

    Pieters, Wolter; Dechesne, Francien; van der Poel, Ibo; Asveld, Lotte; Mehos, Donna C.

    2017-01-01

    Studies that approach the deployment of new technologies as social experiments have mostly focused on unintentional effects, notably safety. We argue for the inclusion of adversarial risks or security aspects that are the result of intentional, strategic behavior of actors, who aim at using the

  15. National Security and Information Technology: The New Regulatory Option?

    Science.gov (United States)

    Irwin, Manley R.

    1987-01-01

    Summarizes recent developments in information technology research and development, telecommunication services, telephone manufacturing, telecommunication networks, information processing, and U.S. import/export policy. It is concluded that government regulation as a policy strategy depends on how one defines national security. (Author/CLB)

  16. Information Security / 2002 Command & Control Research & Technology Symposium

    OpenAIRE

    Buddenberg, Rex

    2002-01-01

    Approved for public display, distribution unlimited 2002 Command & Control Research & Technology Symposium, Naval Postgraduate School, Code IS/Bu, Monterey,CA,93943 Security in information systems is a complex problem. Single solutions to complex problems don't exist and matching the appropriate solution (or more accurately, a set of solutions) to a requirement is necessary.

  17. Satellite Technology Contribution to Water and Food Security

    Science.gov (United States)

    Brown, Molly E.

    2010-01-01

    This slide presentation reviews the issue of supplies of food, the relationship to food security, the ability of all people to attain sufficient food for an active and healthy life, and the ability to use satellite technology and remote sensing to assist with planning and act as an early warning system.

  18. MAVEN Information Security Governance, Risk Management, and Compliance (GRC): Lessons Learned

    Science.gov (United States)

    Takamura, Eduardo; Gomez-Rosa, Carlos A.; Mangum, Kevin; Wasiak, Fran

    2014-01-01

    As the first interplanetary mission managed by the NASA Goddard Space Flight Center, the Mars Atmosphere and Volatile EvolutioN (MAVEN) had three IT security goals for its ground system: COMPLIANCE, (IT) RISK REDUCTION, and COST REDUCTION. In a multiorganizational environment in which government, industry and academia work together in support of the ground system and mission operations, information security governance, risk management, and compliance (GRC) becomes a challenge as each component of the ground system has and follows its own set of IT security requirements. These requirements are not necessarily the same or even similar to each other's, making the auditing of the ground system security a challenging feat. A combination of standards-based information security management based on the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF), due diligence by the Mission's leadership, and effective collaboration among all elements of the ground system enabled MAVEN to successfully meet NASA's requirements for IT security, and therefore meet Federal Information Security Management Act (FISMA) mandate on the Agency. Throughout the implementation of GRC on MAVEN during the early stages of the mission development, the Project faced many challenges some of which have been identified in this paper. The purpose of this paper is to document these challenges, and provide a brief analysis of the lessons MAVEN learned. The historical information documented herein, derived from an internal pre-launch lessons learned analysis, can be used by current and future missions and organizations implementing and auditing GRC.

  19. Safeguards and Security Technology Development Directory. FY 1993

    Energy Technology Data Exchange (ETDEWEB)

    1993-06-01

    The Safeguards and Security Technology Development Directory is published annually by the Office of Safeguards and Security (OSS) of the US Department of Energy (DOE), and is Intended to inform recipients of the full scope of the OSS R&D program. It is distributed for use by DOE headquarters personnel, DOE program offices, DOE field offices, DOE operating contractors, national laboratories, other federal agencies, and foreign governments. Chapters 1 through 7 of the Directory provide general information regarding the Technology Development Program, including the mission, program description, organizational roles and responsibilities, technology development lifecycle, requirements analysis, program formulation, the task selection process, technology development infrastructure, technology transfer activities, and current research and development tasks. These chapters are followed by a series of appendices which contain more specific information on aspects of the Program. Appendix A is a summary of major technology development accomplishments made during FY 1992. Appendix B lists S&S technology development reports issued during FY 1992 which reflect work accomplished through the OSS Technology Development Program and other relevant activities outside the Program. Finally, Appendix C summarizes the individual task statements which comprise the FY 1993 Technology Development Program.

  20. Secure, Mobile, Wireless Network Technology Designed, Developed, and Demonstrated

    Science.gov (United States)

    Ivancic, William D.; Paulsen, Phillip E.

    2004-01-01

    The inability to seamlessly disseminate data securely over a high-integrity, wireless broadband network has been identified as a primary technical barrier to providing an order-of-magnitude increase in aviation capacity and safety. Secure, autonomous communications to and from aircraft will enable advanced, automated, data-intensive air traffic management concepts, increase National Air Space (NAS) capacity, and potentially reduce the overall cost of air travel operations. For the first time ever, secure, mobile, network technology was designed, developed, and demonstrated with state-ofthe- art protocols and applications by a diverse, cooperative Government-industry team led by the NASA Glenn Research Center. This revolutionary technology solution will make fundamentally new airplane system capabilities possible by enabling secure, seamless network connections from platforms in motion (e.g., cars, ships, aircraft, and satellites) to existing terrestrial systems without the need for manual reconfiguration. Called Mobile Router, the new technology autonomously connects and configures networks as they traverse from one operating theater to another. The Mobile Router demonstration aboard the Neah Bay, a U.S. Coast Guard vessel stationed in Cleveland, Ohio, accomplished secure, seamless interoperability of mobile network systems across multiple domains without manual system reconfiguration. The Neah Bay was chosen because of its low cost and communications mission similarity to low-Earth-orbiting satellite platforms. This technology was successfully advanced from technology readiness level (TRL) 2 (concept and/or application formation) to TRL 6 (system model or prototype demonstration in a relevant environment). The secure, seamless interoperability offered by the Mobile Router and encryption device will enable several new, vehicle-specific and systemwide technologies to perform such things as remote, autonomous aircraft performance monitoring and early detection and

  1. Assessing the Risk Situation of Network Security for Active Defense

    Institute of Scientific and Technical Information of China (English)

    ZHANG Xiang; YAO Shuping; TANG Chenghua

    2006-01-01

    The risk situation assessment and forecast technique of network security is a basic method of active defense techniques. In order to assess the risk of network security two methods were used to define the index of risk and forecast index in time series, they were analytical hierarchy process (AHP) and support vector regression (SVR). The module framework applied the methods above was also discussed. Experiment results showed the forecast values were so close to actual values and so it proved the approach is correct.

  2. Global water risks and national security: Building resilience (Invited)

    Science.gov (United States)

    Pulwarty, R. S.

    2013-12-01

    The UN defines water security as the capacity of a population to safeguard sustainable access to adequate quantities of acceptable quality water for sustaining livelihoods, human well-being, and socio-economic development, for ensuring protection against water-borne pollution and water-related disasters, and for preserving ecosystems in a climate of peace and political stability. This definition highlights complex and interconnected challenges and underscores the centrality of water for environmental services and human aactivities. Global risks are expressed at the national level. The 2010 Quadrennial Defense Review and the 2010 National Security Strategy identify climate change as likely to trigger outcomes that will threaten U.S. security including how freshwater resources can become a security issue. Impacts will be felt on the National Security interest through water, food and energy security, and critical infrastructure. This recognition focuses the need to consider the rates of change in climate extremes, in the context of more traditional political, economic, and social indicators that inform security analyses. There is a long-standing academic debate over the extent to which resource constraints and environmental challenges lead to inter-state conflict. It is generally recognized that water resources as a security issue to date exists mainly at the substate level and has not led to physical conflict between nation states. In conflict and disaster zones, threats to water security increase through inequitable and difficult access to water supply and related services, which may aggravate existing social fragility, tensions, violence, and conflict. This paper will (1) Outline the dimensions of water security and its links to national security (2) Analyze water footprints and management risks for key basins in the US and around the world, (3) map the link between global water security and national concerns, drawing lessons from the drought of 2012 and elsewhere

  3. Sustainable Phosphorus Measures: Strategies and Technologies for Achieving Phosphorus Security

    Directory of Open Access Journals (Sweden)

    Stuart White

    2013-01-01

    Full Text Available Phosphorus underpins the world’s food systems by ensuring soil fertility, maximising crop yields, supporting farmer livelihoods and ultimately food security. Yet increasing concerns around long-term availability and accessibility of the world’s main source of phosphorus—phosphate rock, means there is a need to investigate sustainable measures to buffer the world’s food systems against the long and short-term impacts of global phosphorus scarcity. While the timeline of phosphorus scarcity is contested, there is consensus that more efficient use and recycling of phosphorus is required. While the agricultural sector will be crucial in achieving this, sustainable phosphorus measures in sectors upstream and downstream of agriculture from mine to fork will also need to be addressed. This paper presents a comprehensive classification of all potential phosphorus supply- and demand-side measures to meet long-term phosphorus needs for food production. Examples range from increasing efficiency in the agricultural and mining sector, to technologies for recovering phosphorus from urine and food waste. Such measures are often undertaken in isolation from one another rather than linked in an integrated strategy. This integrated approach will enable scientists and policy-makers to take a systematic approach when identifying potential sustainable phosphorus measures. If a systematic approach is not taken, there is a risk of inappropriate investment in research and implementation of technologies and that will not ultimately ensure sufficient access to phosphorus to produce food in the future. The paper concludes by introducing a framework to assess and compare sustainable phosphorus measures and to determine the least cost options in a given context.

  4. Guidelines for developing NASA (National Aeronautics and Space Administration) ADP security risk management plans

    Science.gov (United States)

    Tompkins, F. G.

    1983-01-01

    This report presents guidance to NASA Computer security officials for developing ADP security risk management plans. The six components of the risk management process are identified and discussed. Guidance is presented on how to manage security risks that have been identified during a risk analysis performed at a data processing facility or during the security evaluation of an application system.

  5. An Investigation Of Organizational Information Security Risk Analysis

    Directory of Open Access Journals (Sweden)

    Zack Jourdan

    2010-12-01

    Full Text Available Despite a growing number and variety of information security threats, many organizations continue to neglect implementing information security policies and procedures.  The likelihood that an organization’s information systems can fall victim to these threats is known as information systems risk (Straub & Welke, 1998.  To combat these threats, an organization must undergo a rigorous process of self-analysis. To better understand the current state of this information security risk analysis (ISRA process, this study deployed a questionnaire using both open-ended and closed ended questions administered to a group of information security professionals (N=32.  The qualitative and quantitative results of this study show that organizations are beginning to conduct regularly scheduled ISRA processes.  However, the results also show that organizations still have room for improvement to create idyllic ISRA processes. 

  6. Survey of current technologies of security management for distributed information systems; Bunsangata joho system no security iji kanri hoshiki no genjo

    Energy Technology Data Exchange (ETDEWEB)

    Matsui, S. [Central Research Institute of Electric Power Industry, Tokyo (Japan)

    1997-05-01

    The latest situation of the security management for a distributed information system was examined and systematically summarized to indicate the management design in future. This paper describes the threat of the distributed information system to security, the risk for confidentiality, integrity, and availability due to the threat, and the measures to be taken. The basic technology of security management is classified into the `user certification to prevent an incorrect access` and the `encipherment to prevent data from being used incorrectly.` The technology for certification has been almost completed. It can be securely done using an expendable password or IC card system. In Internet, multiple enciphering technologies for constructing a virtual private network that can secure the almost the same security as for a private network can be used. In an electronic mail, the enciphering technology can also be used easily. The tool that manages the security of very many servers, clients, and networks is in the initial stage. 16 refs., 1 fig., 5 tabs.

  7. Biofuels. Environment, technology and food security

    Energy Technology Data Exchange (ETDEWEB)

    Escobar, Jose C.; Lora, Electo S.; Venturini, Osvaldo J. [NEST - Excellence Group in Thermal Power and Distributed Generation, Mechanical Engineering Institute, Universidade Federal de Itajuba (Brazil); Yanez, Edgar E. [CENIPALMA, Oil Palm Research Center - Cenipalma, Calle 21 42-C-47, Bogota (Colombia); Castillo, Edgar F. [CENICANA - Sugarcane Research Center of Colombia, Calle 58 N, 3BN-110, A.A., 9138 - Cali (Colombia); Almazan, Oscar [ICIDCA - Instituto Cubano de Investigaciones de los Derivados de la Cana de Azucar, Via Blanca y Carretera Central 804, San Miguel del Padron, A.P. 4036, La Habana (Cuba)

    2009-08-15

    The imminent decline of the world's oil production, its high market prices and environmental impacts have made the production of biofuels to reach unprecedent volumes over the last 10 years. This is why there have been intense debates among international organizations and political leaders in order to discuss the impacts of the biofuel use intensification. Besides assessing the causes of the rise in the demand and production of biofuels, this paper also shows the state of the art of their world's current production. It is also discussed different vegetable raw materials sources and technological paths to produce biofuels, as well as issues regarding production cost and the relation of their economic feasibility with oil international prices. The environmental impacts of programs that encourage biofuel production, farmland land requirements and the impacts on food production are also discussed, considering the life cycle analysis (LCA) as a tool. It is concluded that the rise in the use of biofuels is inevitable and that international cooperation, regulations and certification mechanisms must be established regarding the use of land, the mitigation of environmental and social impacts caused by biofuel production. It is also mandatory to establish appropriate working conditions and decent remuneration for workers of the biofuels production chain. (author)

  8. Using Science Driven Technologies for the Defense and Security Applications

    Science.gov (United States)

    Habib, Shahid; Zukor, Dorthy; Ambrose, Stephen D.

    2004-01-01

    For the past three decades, Earth science remote sensing technologies have been providing enormous amounts of useful data and information in broadening our understanding of our home planet as a system. This research, as it has expanded our learning process, has also generated additional questions. This has further resulted in establishing new science requirements, which have culminated in defining and pushing the state-of-the-art technology needs. NASA s Earth science program has deployed 18 highly complex satellites, with a total of 80 sensors, so far and is in a process of defining and launching multiple observing systems in the next decade. Due to the heightened security alert of the nation, researchers and technologists are paying serious attention to the use of these science driven technologies for dual use. In other words, how such sophisticated observing and measuring systems can be used in detecting multiple types of security concerns with a substantial lead time so that the appropriate law enforcement agencies can take adequate steps to defuse any potential risky scenarios. This paper examines numerous NASA technologies such as laser/lidar systems, microwave and millimeter wave technologies, optical observing systems, high performance computational techniques for rapid analyses, and imaging products that can have a tremendous pay off for security applications.

  9. 77 FR 59407 - Homeland Security Science and Technology Advisory Committee (HSSTAC)

    Science.gov (United States)

    2012-09-27

    ... Security Science and Technology Advisory Committee (HSSTAC) AGENCY: Science and Technology Directorate, DHS..., 56662-56663 that the Homeland Security Science and Technology Advisory Committee (HSSTAC) would meet on... will be held at the Department of Homeland Security (DHS), Science and Technology Directorate, 1120...

  10. Enabling National Security Through Dual-Use Technology

    Science.gov (United States)

    2014-04-30

    efforts. Kratz leads Lockheed Martin’s Automatic Identification Technology implementation, including RFID and UID. After successfully completing eight...bäÉîÉåíÜ=^ååì~ä=^Åèìáëáíáçå= oÉëÉ~êÅÜ=póãéçëáìã= qÜìêëÇ~ó=pÉëëáçåë= sçäìãÉ=ff= = Enabling National Security Through Dual-Use Technology Lou Kratz...Security Through Dual-Use Technology 5a. CONTRACT NUMBER 5b. GRANT NUMBER 5c. PROGRAM ELEMENT NUMBER 6. AUTHOR(S) 5d. PROJECT NUMBER 5e. TASK NUMBER

  11. RiskREP: Risk-Based Security Requirements Elicitation and Prioritization (extended version)

    NARCIS (Netherlands)

    Herrmann, Andrea; Morali, A.

    2010-01-01

    Today, companies are required to be in control of the security of their IT assets. This is especially challenging in the presence of limited budgets and conflicting requirements. Here, we present Risk-Based Requirements Elicitation and Prioritization (RiskREP), a method for managing IT security

  12. After Globalization Future Security in a Technology Rich World

    Energy Technology Data Exchange (ETDEWEB)

    Gilmartin,T J

    2001-08-17

    Over the course of the year 2000, five workshops were conducted by the Center for Global Security Research at the Lawrence Livermore National Laboratory on threats to international security in the 2015 to 2020 timeframe due to the global availability of advanced technology. These workshops focused on threats that are enabled by nuclear, missile, and space technology; military technology; information technology; bio technology; and geo systems technology. The participants included US national leaders and experts from the Department of Energy National Laboratories; the Department of Defense: Army, Navy, Air Force, Office of the Secretary of Defense, Defense Threat Reduction Agency, and Defense Advanced Research Projects Agency; the Department of State, NASA, Congressional technical staff, the intelligence community, universities and university study centers, think tanks, consultants on security issues, and private industry. For each workshop the process of analysis involved identification and prioritization of the participants' perceived most severe threat scenarios (worst nightmares), discussion of the technologies which enabled those threats, and ranking of the technologies' threat potentials. The threats ranged from local/regional to global, from intentional to unintended to natural, from merely economic to massively destructive, and from individual and group to state actions. We were not concerned in this exercise with defining responses to the threats, although our assessment of each threat's severity included consideration of the ease or difficulty with which it might be executed or countered. At the concluding review, we brought the various workshops' participants together, added senior participant/reviewers with broad experience and national responsibility, and discussed the workshop findings to determine what is most certain or uncertain, and what might be needed to resolve our uncertainties. This paper summarizes the consenses and

  13. Information Uncertainty to Compare Qualitative Reasoning Security Risk Assessment Results

    Energy Technology Data Exchange (ETDEWEB)

    Chavez, Gregory M [Los Alamos National Laboratory; Key, Brian P [Los Alamos National Laboratory; Zerkle, David K [Los Alamos National Laboratory; Shevitz, Daniel W [Los Alamos National Laboratory

    2009-01-01

    The security risk associated with malevolent acts such as those of terrorism are often void of the historical data required for a traditional PRA. Most information available to conduct security risk assessments for these malevolent acts is obtained from subject matter experts as subjective judgements. Qualitative reasoning approaches such as approximate reasoning and evidential reasoning are useful for modeling the predicted risk from information provided by subject matter experts. Absent from these approaches is a consistent means to compare the security risk assessment results. Associated with each predicted risk reasoning result is a quantifiable amount of information uncertainty which can be measured and used to compare the results. This paper explores using entropy measures to quantify the information uncertainty associated with conflict and non-specificity in the predicted reasoning results. The measured quantities of conflict and non-specificity can ultimately be used to compare qualitative reasoning results which are important in triage studies and ultimately resource allocation. Straight forward extensions of previous entropy measures are presented here to quantify the non-specificity and conflict associated with security risk assessment results obtained from qualitative reasoning models.

  14. 78 FR 17219 - Homeland Security Science and Technology Advisory Committee Meeting Cancellation

    Science.gov (United States)

    2013-03-20

    ..., such as new developments in systems engineering, cyber-security, ] knowledge management and how best to... SECURITY Homeland Security Science and Technology Advisory Committee Meeting Cancellation AGENCY: Science... Meeting for Homeland Security Science and Technology Advisory Committee (HSSTAC). SUMMARY: The meeting...

  15. 78 FR 45255 - Homeland Security Science and Technology Advisory Committee (HSSTAC)

    Science.gov (United States)

    2013-07-26

    ... engineering, cyber-security, knowledge management and how best to leverage related technologies funded by... SECURITY Homeland Security Science and Technology Advisory Committee (HSSTAC) ACTION: Notice of Federal Advisory Committee charter renewal. SUMMARY: The Secretary of Homeland Security has determined that...

  16. 76 FR 41274 - Committee Name: Homeland Security Science and Technology Advisory Committee (HSSTAC)

    Science.gov (United States)

    2011-07-13

    ... as new developments in systems engineering, cyber-security, knowledge management and how best to... SECURITY Committee Name: Homeland Security Science and Technology Advisory Committee (HSSTAC) ACTION... Homeland Security has determined that the renewal of the charter of the Homeland Security Science...

  17. 计算机网络安全技术%Security Technologies of Computer Network

    Institute of Scientific and Technical Information of China (English)

    罗明宇; 卢锡城; 卢泽新; 韩亚欣

    2000-01-01

    With the development of computer network,requirements of computer network security have been more and more urgent. In tills paper, goals of network security are reviewed. Several network attack methods,such as interruption,interception, modification, fabrication,are studied. Network security technologies,such as security mechan!sm,encryption,security detection,firewall,were discussed.

  18. Professional Autonomy and Security Risks of Journalists in Colombia

    Directory of Open Access Journals (Sweden)

    Miguel E. Garcés Prettel

    2017-01-01

    Full Text Available This paper analyzes the relationship between professional autonomy and security risks of journalists in Colombia. A correlational-transversal research was conducted with a sample of 751 journalists who filled out the questionnaire “Worlds of Journalism Study”. The results show significant differences on the attacks received by the journalists depending on gender, news beat, region, news media, years of experience, capacity and educational level of journalists. Attacks on journalists correlates positively with the autonomy to publish and write news on governments, armed forces, criminal gangs and structural social problems (poverty, status of ethnic minorities, socioeconomic inequality, environmental damage the latter being a predictor of high risk security.

  19. Risk assessment of climate systems for national security.

    Energy Technology Data Exchange (ETDEWEB)

    Backus, George A.; Boslough, Mark Bruce Elrick; Brown, Theresa Jean; Cai, Ximing; Conrad, Stephen Hamilton; Constantine, Paul G; Dalbey, Keith R.; Debusschere, Bert J.; Fields, Richard; Hart, David Blaine; Kalinina, Elena Arkadievna; Kerstein, Alan R.; Levy, Michael; Lowry, Thomas Stephen; Malczynski, Leonard A.; Najm, Habib N.; Overfelt, James Robert; Parks, Mancel Jordan; Peplinski, William J.; Safta, Cosmin; Sargsyan, Khachik; Stubblefield, William Anthony; Taylor, Mark A.; Tidwell, Vincent Carroll; Trucano, Timothy Guy; Villa, Daniel L.

    2012-10-01

    Climate change, through drought, flooding, storms, heat waves, and melting Arctic ice, affects the production and flow of resource within and among geographical regions. The interactions among governments, populations, and sectors of the economy require integrated assessment based on risk, through uncertainty quantification (UQ). This project evaluated the capabilities with Sandia National Laboratories to perform such integrated analyses, as they relate to (inter)national security. The combining of the UQ results from climate models with hydrological and economic/infrastructure impact modeling appears to offer the best capability for national security risk assessments.

  20. Security Risk Management - Approaches and Methodology

    Directory of Open Access Journals (Sweden)

    Elena Ramona STROIE

    2011-01-01

    Full Text Available In today’s economic context, organizations are looking for ways to improve their business, to keep head of the competition and grow revenue. To stay competitive and consolidate their position on the market, the companies must use all the information they have and process their information for better support of their missions. For this reason managers have to take into consideration risks that can affect the organization and they have to minimize their impact on the organization. Risk management helps managers to better control the business practices and improve the business process.

  1. After globalization future security in a technology rich world

    Energy Technology Data Exchange (ETDEWEB)

    Gilmartin, T J

    2000-02-12

    Over the course of the year 2000, five one-day workshops were conducted by the Center for Global Security Research at the Lawrence Livermore National Laboratory on threats that might come against the US and its allies in the 2015 to 2020 timeframe due to the global availability of advanced technology. These workshops focused on threats that are enabled by nuclear, missile, and space technology; military technology; information technology; bio technology; and geo systems technology. In December, an Integration Workshop and Senior Review before national leaders and experts were held. The participants and reviewers were invited from the DOE National Laboratories, the DOD Services, OSD, DTRA, and DARPA, the DOS, NASA, Congressional technical staff, the intelligence community, universities and university study centers, think tanks, consultants on national security issues, and private industry. For each workshop the process of analysis involved identification and prioritization of the participants' perceived most severe threat scenarios (worst nightmares), discussion of the technologies which enabled those threats, and ranking of the technologies' threat potentials. We were not concerned in this exercise with defining responses, although our assessment of each threat's severity included consideration of the ease or difficulty with which it might be countered. At the concluding Integration Workshop and Senior Panel Review, we brought the various workshops' participants together, added senior participant/reviewers with broad experience and responsibility, and discussed the workshop findings to determine what is most certain, and uncertain, and what might be needed to resolve our uncertainties. This document reports the consensus and important variations of both the reviewers and the participants. In all, 45 threats over a wide range of lethality and probability of occurrence were identified. Over 60 enabling technologies were also discussed. These are

  2. Insuring Life : Value, Security and Risk

    NARCIS (Netherlands)

    Lobo-Guerrero, Luis

    2016-01-01

    This book is a contribution to the scholarly engagement with the wider problem of governing through risk and the politics of uncertainty. It takes life insurance as an empirical site from which to ask: what is the kind of governance created through insurance an instance of, and how does it contribut

  3. Game Theoretic Risk Analysis of Security Threats

    CERN Document Server

    Bier, Vicki M

    2008-01-01

    Introduces reliability and risk analysis in the face of threats by intelligent agents. This book covers applications to networks, including problems in both telecommunications and transportation. It provides a set of tools for applying game theory TO reliability problems in the presence of intentional, intelligent threats

  4. 76 FR 31350 - Cruise Vessel Safety and Security Act of 2010, Available Technology

    Science.gov (United States)

    2011-05-31

    ... SECURITY Coast Guard Cruise Vessel Safety and Security Act of 2010, Available Technology AGENCY: Coast... technology to meet certain provisions of the Cruise Vessel Security and Safety Act of 2010(CVSSA), specifically related to video recording and overboard detection technologies. The Notice of request for...

  5. A Pure Theory of Job Security and Labour Income Risk

    OpenAIRE

    Bertola, Giuseppe

    2002-01-01

    Models of labour market equilibrium where forward-looking decisions maximize both profits and labour income on a risk-neutral basis, offer valuable insights into the effects of employment protection legislation. Since risk-neutral behaviour in the labour market presumes perfect insurance, however, job security provisions play no useful role in such models. This Paper studies a stylized model of dynamic labour market interactions where labour reallocation costs are partly financed by uninsured...

  6. Expert System for Data Security Risk Management for SMEs

    Directory of Open Access Journals (Sweden)

    Justinas Janulevičius

    2013-05-01

    Full Text Available Accessibility of expertise and expert inferences is one of the key factors for appropriate expert evaluation. Appropriate and timely expert information allows a smooth process of expertise. Small and medium enterprises (SMEs have limited possibilities to acquire professional expertise for data security risk analysis due to limited finances. A risk management expert system is developed for SMEs with the ability to adapt to various subject domains using ontologies of the field.Article in Lithuanian

  7. Asset-Centric Security Risk Assessment of Software Components

    OpenAIRE

    Rauter, Tobias; Höller, Andrea; Kajtazovic, Nermin; Kreiner, Christian

    2016-01-01

    Risk management is a crucial process for the development of secure systems. Valuable objects (assets) must be identified and protected. In order to prioritize the protection mechanisms, the values of assets need to be quantified. More valuable or exposed assets require more powerful protection. There are many risk assessment approaches that aim to provide a metric to generate this quantification for different domains. In software systems, these assets are reflected in res...

  8. Enterprise Architecture-Based Risk and Security Modelling and Analysis

    NARCIS (Netherlands)

    Jonkers, Henk; Quartel, Dick A.C.; Kordy, Barbara; Ekstedt, Mathias; Seong Kim, Deng

    2016-01-01

    The growing complexity of organizations and the increasing number of sophisticated cyber attacks asks for a systematic and integral approach to Enterprise Risk and Security Management (ERSM). As enterprise architecture offers the necessary integral perspective, including the business and IT aspects

  9. Managing climatic risks for enhanced food security: Key information capabilities

    NARCIS (Netherlands)

    Balaghi, R.; Badjeck, M.C.; Bakari, D.; Pauw, de E.D.; Wit, de A.J.W.; Defourny, P.; Donato, S.; Gommes, R.; Jlibene, M.; Ravelo, A.C.; Sivakumar, M.V.K.; Telahigue, N.; Tychon, B.

    2010-01-01

    Food security is expected to face increasing challenges from climatic risks that are more and more exacerbated by climate change, especially in the developing world. This document lists some of the main capabilities that have been recently developed, especially in the area of operational agroclimato

  10. A Taxonomy of Operational Cyber Security Risks Version 2

    Science.gov (United States)

    2014-05-01

    References 37 CMU/SEI-2014-TN-006 | ii CMU/SEI-2014-TN-006 | iii List of Figures Figure 1: Relationships Among Assets, Business Processes, and...draws upon the definition of operational risk adopted by the banking sector in the Basel II framework [BIS 2006]. Within the cyber security space

  11. Security Risks and Protection in Online Learning: A Survey

    Science.gov (United States)

    Chen, Yong; He, Wu

    2013-01-01

    This paper describes a survey of online learning which attempts to determine online learning providers' awareness of potential security risks and the protection measures that will diminish them. The authors use a combination of two methods: blog mining and a traditional literature search. The findings indicate that, while scholars have…

  12. Reconciling malicious and accidental risk in cyber security

    NARCIS (Netherlands)

    Pieters, Wolter; Lukszo, Zofia; Hadžiosmanović, Dina; Berg, van den Jan

    2014-01-01

    Consider the question whether a cyber security investment is cost-effective. The result will depend on the expected frequency of attacks. Contrary to what is referred to as threat event frequencies or hazard rates in safety risk management, frequencies of targeted attacks are not independent from sy

  13. Managing climatic risks for enhanced food security: Key information capabilities

    NARCIS (Netherlands)

    Balaghi, R.; Badjeck, M.C.; Bakari, D.; Pauw, de E.D.; Wit, de A.J.W.; Defourny, P.; Donato, S.; Gommes, R.; Jlibene, M.; Ravelo, A.C.; Sivakumar, M.V.K.; Telahigue, N.; Tychon, B.

    2010-01-01

    Food security is expected to face increasing challenges from climatic risks that are more and more exacerbated by climate change, especially in the developing world. This document lists some of the main capabilities that have been recently developed, especially in the area of operational agroclimato

  14. A RISK ASSESSMENT METHOD OF THE WIRELESS NETWORK SECURITY

    Institute of Scientific and Technical Information of China (English)

    Zhao Dongmei; Wang Changguang; Ma Jianfeng

    2007-01-01

    The core of network security is the risk assessment.In this letter,a risk assessment method is introduced to estimate the wireless network security.The method,which combines Analytic Hierarchy Process(AHP)method and fuzzy logical method,is applied to the risk assessment.Fuzzy logical method is applied to judge the important degree of each factor in the aspects of the probability,the influence and the uncontrollability,not to directly judge the important degree itself.The risk assessment is carved up 3 layers applying AHP method,the sort weight of the third layer is calculated by fuzzy logical method.Finally,the important degree is calculated by AHP method.By comparing the important degree of each factor,the risk which can be controlled by taking measures is known.The study of the case shows that the method can be easily used to the risk assessment of the wireless network security and its results conform to the actual situation.

  15. Emerging frontier technologies for food safety analysis and risk assessment

    Institute of Scientific and Technical Information of China (English)

    DONG Yi-yang; LIU Jia-hui; WANG Sai; CHEN Qi-long; GUO Tian-yang; ZHANG Li-ya; JIN Yong; SU Hai-jia; TAN Tian-wei

    2015-01-01

    Access to security and safe food is a basic human necessity and essential for a sustainable world. To perform hi-end food safety analysis and risk assessment with state of the art technologies is of utmost importance thereof. With applications as exempliifed by microlfuidic immunoassay, aptasensor, direct analysis in real time, high resolution mass spectrometry, benchmark dose and chemical speciifc adjustment factor, this review presents frontier food safety analysis and risk assess-ment technologies, from which both food quality and public health wil beneift undoubtedly in a foreseeable future.

  16. High-Performance Secure Database Access Technologies for HEP Grids

    Energy Technology Data Exchange (ETDEWEB)

    Matthew Vranicar; John Weicher

    2006-04-17

    The Large Hadron Collider (LHC) at the CERN Laboratory will become the largest scientific instrument in the world when it starts operations in 2007. Large Scale Analysis Computer Systems (computational grids) are required to extract rare signals of new physics from petabytes of LHC detector data. In addition to file-based event data, LHC data processing applications require access to large amounts of data in relational databases: detector conditions, calibrations, etc. U.S. high energy physicists demand efficient performance of grid computing applications in LHC physics research where world-wide remote participation is vital to their success. To empower physicists with data-intensive analysis capabilities a whole hyperinfrastructure of distributed databases cross-cuts a multi-tier hierarchy of computational grids. The crosscutting allows separation of concerns across both the global environment of a federation of computational grids and the local environment of a physicist’s computer used for analysis. Very few efforts are on-going in the area of database and grid integration research. Most of these are outside of the U.S. and rely on traditional approaches to secure database access via an extraneous security layer separate from the database system core, preventing efficient data transfers. Our findings are shared by the Database Access and Integration Services Working Group of the Global Grid Forum, who states that "Research and development activities relating to the Grid have generally focused on applications where data is stored in files. However, in many scientific and commercial domains, database management systems have a central role in data storage, access, organization, authorization, etc, for numerous applications.” There is a clear opportunity for a technological breakthrough, requiring innovative steps to provide high-performance secure database access technologies for grid computing. We believe that an innovative database architecture where the

  17. L-Band Digital Aeronautical Communications System Engineering - Initial Safety and Security Risk Assessment and Mitigation

    Science.gov (United States)

    Zelkin, Natalie; Henriksen, Stephen

    2011-01-01

    This document is being provided as part of ITT's NASA Glenn Research Center Aerospace Communication Systems Technical Support (ACSTS) contract NNC05CA85C, Task 7: "New ATM Requirements--Future Communications, C-Band and L-Band Communications Standard Development." ITT has completed a safety hazard analysis providing a preliminary safety assessment for the proposed L-band (960 to 1164 MHz) terrestrial en route communications system. The assessment was performed following the guidelines outlined in the Federal Aviation Administration Safety Risk Management Guidance for System Acquisitions document. The safety analysis did not identify any hazards with an unacceptable risk, though a number of hazards with a medium risk were documented. This effort represents a preliminary safety hazard analysis and notes the triggers for risk reassessment. A detailed safety hazards analysis is recommended as a follow-on activity to assess particular components of the L-band communication system after the technology is chosen and system rollout timing is determined. The security risk analysis resulted in identifying main security threats to the proposed system as well as noting additional threats recommended for a future security analysis conducted at a later stage in the system development process. The document discusses various security controls, including those suggested in the COCR Version 2.0.

  18. Science and Technology to Advance Regional Security in the Middle East and Central Asia

    Energy Technology Data Exchange (ETDEWEB)

    Tompson, A F B; Richardson, J H; Ragaini, R C; Knapp, R B; Rosenberg, N D; Smith, D K; Ball, D Y

    2002-10-09

    This paper is concerned with the promotion and advancement of regional security in the Middle East and Central Asia through the development of bilateral and multilateral cooperation on targeted scientific and technical projects. It is widely recognized that increasing tensions and instability in many parts of the world emphasize--or reemphasize--a need to seek and promote regional security in these areas. At the Lawrence Livermore National Laboratory (LLNL), a national security research facility operated for the US Department of Energy, we are pursuing an effort to use science and technology as a ''low risk'' means of engagement in regions of strategic importance to the United States. In particular, we are developing collaborations and cooperative projects among (and between) national laboratory scientists in the US and our various counterparts in the countries of interest.

  19. Physical security and IT convergence: Managing the cyber-related risks.

    Science.gov (United States)

    McCreight, Tim; Leece, Doug

    The convergence of physical security devices into the corporate network is increasing, due to the perceived economic benefits and efficiencies gained from using one enterprise network. Bringing these two networks together is not without risk. Physical devices like closed circuit television cameras (CCTV), card access readers, and heating, ventilation and air conditioning controllers (HVAC) are typically not secured to the standards we expect for corporate computer networks. These devices can pose significant risks to the corporate network by creating new avenues to exploit vulnerabilities in less-than-secure implementations of physical systems. The ASIS Information Technology Security Council (ITSC) developed a white paper describing steps organisations can take to reduce the risks this convergence can pose, and presented these concepts at the 2015 ASIS/ISC2 Congress in Anaheim, California.(1) This paper expands upon the six characteristics described by ITSC, and provides business continuity planners with information on how to apply these recommendations to physical security devices that use the corporate network.

  20. Risks of advanced technology - Nuclear: risk comparison

    Energy Technology Data Exchange (ETDEWEB)

    Latarjet, R. (Institut du Radium, Orsay (France))

    The author presents a general definition of the concept of risk and makes a distinction between the various types of risk - the absolute and the relative; the risk for oneself and for others. The quantitative comparison of risks presupposes their ''interchangeability''. In the case of major risks in the long term - or genotoxic risks - there is a certain degree of interchangeability which makes this quantitative comparison possible. It is expressed by the concept of rad-equivalence which the author defines and explains giving as a concrete example the work conducted on ethylene and ethylene oxide.

  1. The Algorithm Analysis of E-Commerce Security Issues for Online Payment Transaction System in Banking Technology

    OpenAIRE

    Raju Barskar; Anjana Jayant Deen; yoti Bharti; Gulfishan Firdose Ahmed

    2010-01-01

    E-Commerce offers the banking industry great opportunity, but also creates a set of new risks and vulnerability such as security threats. Information security, therefore, is an essential management and technical requirement for any efficient and effective Payment transaction activities over the internet. Still, its definition is a complex endeavor due to the constant technological and business change and requires a coordinated match of algorithm and technical solutions. Ecommerce is not appro...

  2. Microcontroller Based Home Security and Load Controlling Using Gsm Technology

    Directory of Open Access Journals (Sweden)

    Mustafijur Rahman

    2015-03-01

    Full Text Available "Home automation" referred to as 'Intelligent home' or 'automated home', indicates the automation of daily tasks with electrical devices used in homes. This could be the control of lights or more complex chores such as remote viewing of the house interiors for surveillance purposes. The emerging concept of smart homes offers a comfortable, convenient and safe and secure environment for occupants. These include automatic load controlling, fire detection, temperature sensing, and motion detection and lock system etc. Furthermore it has advanced security compared to other houses and can send a message to the user for action that occur inside his/her house while he/she is away from home. It can also allow a person to control appliances from a remote location by mobile phone using GSM technology.

  3. Building Psychological Contracts in Security-Risk Environments

    DEFF Research Database (Denmark)

    Ramirez, Jacobo; Madero, Sergio; Vélez-Zapata, Claudia

    2015-01-01

    This paper examines the reciprocal obligations between employers and employees that are framed as psychological contracts in security-risk environments. A total of 30 interviews based on psychological contract frameworks, duty-of-care strategies in terms of human resource management (HRM) systems...... sample. Duty-of-care strategies based on both HRM systems and the sensitivities of HR personnel and line managers to the narcoterrorism context, in combination with both explicit and implicit security policies, tend to be the sources of the content of psychological contracts. We propose a psychological...... contract model based on HRM systems and security and control policy in a narcoterrorism context for the further study of firms' duty-of-care strategies....

  4. The Common Risk Model for Dams: A Portfolio Approach to Security Risk Assessments

    Science.gov (United States)

    2013-06-01

    Portfolio Approach to Security Risk Assessments Yev Kirpichevsky Yazmin Seda -Sanabria, U.S. Army Corps of Engineers Enrique E. Matheu, U.S...Yev Kirpichevsky Yazmin Seda -Sanabria, U.S. Army Corps of Engineers Enrique E. Matheu, U.S. Department of Homeland Security Jason A. Dechant M...adaptive threats across a large portfolio [ Seda -Sanabria et al., 20111]. At the most basic level, risk is estimated for an attack scenario, defined as

  5. Risk assessment for sustainable food security in China according to integrated food security--taking Dongting Lake area for example.

    Science.gov (United States)

    Qi, Xiaoxing; Liu, Liming; Liu, Yabin; Yao, Lan

    2013-06-01

    Integrated food security covers three aspects: food quantity security, food quality security, and sustainable food security. Because sustainable food security requires that food security must be compatible with sustainable development, the risk assessment of sustainable food security is becoming one of the most important issues. This paper mainly focuses on the characteristics of sustainable food security problems in the major grain-producing areas in China. We establish an index system based on land resources and eco-environmental conditions and apply a dynamic assessment method based on status assessments and trend analysis models to overcome the shortcomings of the static evaluation method. Using fuzzy mathematics, the risks are categorized into four grades: negligible risk, low risk, medium risk, and high risk. A case study was conducted in one of China's major grain-producing areas: Dongting Lake area. The results predict that the status of the sustainable food security in the Dongting Lake area is unsatisfactory for the foreseeable future. The number of districts at the medium-risk range will increase from six to ten by 2015 due to increasing population pressure, a decrease in the cultivated area, and a decrease in the effective irrigation area. Therefore, appropriate policies and measures should be put forward to improve it. The results could also provide direct support for an early warning system-which could be used to monitor food security trends or nutritional status so to inform policy makers of impending food shortages-to prevent sustainable food security risk based on some classical systematic methods. This is the first research of sustainable food security in terms of risk assessment, from the perspective of resources and the environment, at the regional scale.

  6. 77 FR 57072 - Proposed Information Collection; Comment Request; National Security and Critical Technology...

    Science.gov (United States)

    2012-09-17

    ... Bureau of Industry and Security Proposed Information Collection; Comment Request; National Security and Critical Technology Assessments of the U.S. Industrial Base AGENCY: Bureau of Industry and Security... of U.S. industrial base sectors deemed critical to U.S. national security. The information gathered...

  7. Fuzzy Evaluation of the Risk of Investment in Securities in the Portfolio Optimization Problem

    OpenAIRE

    Siniavskaya, O. A.; Zhelezko, B. A.

    2007-01-01

    Investment in securities always associates with the risk, but in practice it is enough difficult to evaluate the risk quantitatively. There is no united opinion about quantitative evaluation of the risk in the theory of finance. Two models of the risk evaluation are the most popularized: Value-at-Risk (VaR) model and risk interpretation as standard deviation of the security return.

  8. Terahertz Technology for Defense and Security-Related Applications

    DEFF Research Database (Denmark)

    Iwaszczuk, Krzysztof

    This thesis deals with chosen aspects of terahertz (THz) technology that have potential in defense and security-related applications. A novel method for simultaneous data acquisition in time-resolved THz spectroscopy experiments is developed. This technique is demonstrated by extracting the sheet...... conductivity of photoexcited charge carriers in semi-insulating gallium arsenide. Comparison with results obtained using a standard data acquisition scheme shows that the new method minimizes errors originating from uctuations in the laser system output and timing errors in the THz pulse detection. Furthermore...

  9. AUTOCHTHONOUS APPROACHING IN THE MANAGEMENT OF THE SECURITY RISK

    Directory of Open Access Journals (Sweden)

    Burtescu Emil

    2008-05-01

    Full Text Available An optimal management for a corporation, no matter what size the corporation is, it must contain the management of the security risk. On the importance that is given to the risk management can depend the well functioning of the corporation. An important role in this process has the owner of the business and the way that this one understands the risk. A good understanding of the risk by the owner will have as effect the allocation of sufficient funds to implement controls meant to bring the risk level in order to be an acceptable one. The autochthonous corporations, in a great part even because of the inexistence of reglementations in this domain, have an empiric approach of the phenomena.

  10. Wireless Security

    CERN Document Server

    Osterhage, Wolfgang

    2011-01-01

    In the wake of the growing use of wireless communications, new types of security risks have evolved. Wireless Security covers the major topic of wireless communications with relevance both to organizations and private users. The technological background of these applications and protocols is laid out and presented in detail. Special emphasis is placed on the IEEE 802.11x-Standards that have been introduced for WLAN technology. Other technologies covered besides WLAN include: mobile phones, bluetooth and infrared. In each chapter a major part is devoted to security risks and provisions includin

  11. Public assessment of new surveillance-oriented security technologies: Beyond the trade-off between privacy and security.

    Science.gov (United States)

    Pavone, Vincenzo; Esposti, Sara Degli

    2012-07-01

    As surveillance-oriented security technologies (SOSTs) are considered security enhancing but also privacy infringing, citizens are expected to trade part of their privacy for higher security. Drawing from the PRISE project, this study casts some light on how citizens actually assess SOSTs through a combined analysis of focus groups and survey data. First, the outcomes suggest that people did not assess SOSTs in abstract terms but in relation to the specific institutional and social context of implementation. Second, from this embedded viewpoint, citizens either expressed concern about government's surveillance intentions and considered SOSTs mainly as privacy infringing, or trusted political institutions and believed that SOSTs effectively enhanced their security. None of them, however, seemed to trade privacy for security because concerned citizens saw their privacy being infringed without having their security enhanced, whilst trusting citizens saw their security being increased without their privacy being affected.

  12. Using Financial Instruments to Transfer the Information Security Risks

    OpenAIRE

    Pankaj Pandey; Einar Snekkenes

    2016-01-01

    For many individuals and organizations, cyber-insurance is the most practical and only way of handling a major financial impact of an information security event. However, the cyber-insurance market suffers from the problem of information asymmetry, lack of product diversity, illiquidity, high transaction cost, and so on. On the other hand, in theory, capital market-based financial instruments can provide a risk transfer mechanism with the ability to absorb the adverse impact of an information...

  13. Technologies for security, military police and professional policing organizations, the Department of Energy perspective

    Energy Technology Data Exchange (ETDEWEB)

    Steele, B.J.

    1996-12-31

    There are many technologies emerging from this decade that can be used to help the law enforcement community protect the public as well as public and private facilities against ever increasing threats to this country and its resources. These technologies include sensors, closed circuit television (CCTV), access control, contraband detection, communications, control and display, barriers, and various component and system modeling techniques. This paper will introduce some of the various technologies that have been examined for the Department of Energy that could be applied to various law enforcement applications. They include: (1) scannerless laser radar; (2) next generation security systems; (3) response force video information helmet system; (4) access delay technologies; (5) rapidly deployable intrusion detection systems; and (6) cost risk benefit analysis.

  14. Clinicians, security and information technology support services in practice settings--a pilot study.

    Science.gov (United States)

    Fernando, Juanita

    2010-01-01

    This case study of 9 information technology (IT) support staff in 3 Australian (Victoria) public hospitals juxtaposes their experiences at the user-level of eHealth security in the Natural Hospital Environment with that previously reported by 26 medical, nursing and allied healthcare clinicians. IT support responsibilities comprised the entire hospital, of which clinician eHealth security needs were only part. IT staff believed their support tasks were often fragmented while work responsibilities were hampered by resources shortages. They perceived clinicians as an ongoing security risk to private health information. By comparison clinicians believed IT staff would not adequately support the private and secure application of eHealth for patient care. Preliminary data analysis suggests the tension between these cohorts manifests as an eHealth environment where silos of clinical work are disconnected from silos of IT support work. The discipline-based silos hamper health privacy outcomes. Privacy and security policies, especially those influencing the audit process, will benefit by further research of this phenomenon.

  15. [Risk and (in)security in the police mission].

    Science.gov (United States)

    Minayo, Maria Cecília de Souza; Adorno, Sérgio

    2013-03-01

    This paper introduces a discussion on the history and use of the concepts of risk and security applied to the police officer's mission. The text is developed in an essay format that shows how both terms developed under the constitution of modern industrial societies. The authors begin with the assumption that the organizational structure of the police in various parts of the world retains the same logic since they were created during the eighteenth and nineteenth centuries and that this format is in crisis: whether it is because the concept of risk and current management thereof has now become much broader; or because the concept of security has also deepened and broadened, fleeing from the scope of the police institution. The crisis of the police apparatus is an international issue and the authors point to the case of the French police. Reverting to the thoughts of important authors in the sociological area, the authors resume the debate on some issues that they consider urgent: reformulation of the breadth of the concepts of risk and security to understand the police mission; enhancement of the police inside and outside corporations; review of the weight of the hierarchical rigidity or inflexibility on careers in a plural and flexible society.

  16. Philosophical Reflection on Risks of Transgenic Technology

    Institute of Scientific and Technical Information of China (English)

    Xiaolu WANG

    2012-01-01

    Abstract [Objective] The aim was to analyze risks of transgenic technology. [Method] Discussions on risks of transgenic technologies were conducted from per- spective of philosophy. [Result] Mechanistic philosophy and reductionism are causes of reflection on risks of transgenic technology. Considering transgene is an artificial choice taking place of natural choice, it is inevitable for risks of transgenic technolo- gy to be found, in addition, social system constitutes the root for out-of-control of transgenic technology, hence, mechanism risk is the primary cause of transgenic risks. [Conclusion] It is inescapable for science view to be changed from arbitrary and lopsided to reflective and comprehensive and for technology view to be changed from exterminative and genesic to protective and symbiotic.

  17. Evaluating Security Technologies Used to Enhance Physical Security Capabilities at Domestic and Deployed Bases

    Science.gov (United States)

    2013-07-01

    secure wireless communications, behavioral analysis , and installation access control 16. SECURITY CLASSIFICATION OF: 17. LIMITATION OF ABSTRACT...Secure Wireless Communications  Installation Access Control  Integrated Waterside Security  Behavioral Analysis , and  Other areas as prescribed...Wireless Communications  Installation Access Control  Situational Awareness  Behavioral Analysis  Integrated Waterside Security, and  Other areas

  18. Cyber security risk assessment for SCADA and DCS networks.

    Science.gov (United States)

    Ralston, P A S; Graham, J H; Hieb, J L

    2007-10-01

    The growing dependence of critical infrastructures and industrial automation on interconnected physical and cyber-based control systems has resulted in a growing and previously unforeseen cyber security threat to supervisory control and data acquisition (SCADA) and distributed control systems (DCSs). It is critical that engineers and managers understand these issues and know how to locate the information they need. This paper provides a broad overview of cyber security and risk assessment for SCADA and DCS, introduces the main industry organizations and government groups working in this area, and gives a comprehensive review of the literature to date. Major concepts related to the risk assessment methods are introduced with references cited for more detail. Included are risk assessment methods such as HHM, IIM, and RFRM which have been applied successfully to SCADA systems with many interdependencies and have highlighted the need for quantifiable metrics. Presented in broad terms is probability risk analysis (PRA) which includes methods such as FTA, ETA, and FEMA. The paper concludes with a general discussion of two recent methods (one based on compromise graphs and one on augmented vulnerability trees) that quantitatively determine the probability of an attack, the impact of the attack, and the reduction in risk associated with a particular countermeasure.

  19. Quantitative Security Risk Assessment and Management for Railway Transportation Infrastructures

    Science.gov (United States)

    Flammini, Francesco; Gaglione, Andrea; Mazzocca, Nicola; Pragliola, Concetta

    Scientists have been long investigating procedures, models and tools for the risk analysis in several domains, from economics to computer networks. This paper presents a quantitative method and a tool for the security risk assessment and management specifically tailored to the context of railway transportation systems, which are exposed to threats ranging from vandalism to terrorism. The method is based on a reference mathematical model and it is supported by a specifically developed tool. The tool allows for the management of data, including attributes of attack scenarios and effectiveness of protection mechanisms, and the computation of results, including risk and cost/benefit indices. The main focus is on the design of physical protection systems, but the analysis can be extended to logical threats as well. The cost/benefit analysis allows for the evaluation of the return on investment, which is a nowadays important issue to be addressed by risk analysts.

  20. Anticipating Interruptions. Security and risk in a liberalized electricity infrastructure

    Energy Technology Data Exchange (ETDEWEB)

    Silvast, A.

    2013-11-01

    During the past ten years, a number of social scientists have emphasized the importance of material infrastructures like electricity supply as a research topic for the social sciences. The developing of such new perspectives concerning infrastructures also includes uncertainties and risks. This research analyzes the management of uncertainties in the Finnish electricity infrastructure by posing the following research question: how are electricity interruptions, or blackouts, anticipated in Finland and how are these interruptions managed as risks? The main research methodology of the work is multi-sited field work. The empirical materials include interviews with experts and lay people (33 interviews); participant observation in two electricity control rooms; an electricity consumer survey (115 respondents); and also a number of infrastructure and security policy documents and observations from electricity security seminars. The materials were primarily gathered between 2004 and 2008. Social science research often links risks with major current social changes or socio-cultural risk perceptions. In recent international social science discussions, however, a new research topic has emerged - those styles of reasoning and techniques of governance that are deployed to manage risk as a practical matter. My study explores these themes empirically by focusing on the specific habitual practices of risk management in the Finnish electricity infrastructure. The work develops various also semi-ethnographic inquiries into infrastructure risk techniques like monitor screening of real-time risks in electricity control rooms; the management of risks in a liberalized electricity market; the emergence of Finnish reasoning about blackouts from a specific historical background; and the ways in which electricity consumers respond to blackouts in their homes. In addition, the work reflects upon the position of a risk researcher in those situations when the research subjects do not define

  1. The Algorithm Analysis of E-Commerce Security Issues for Online Payment Transaction System in Banking Technology

    CERN Document Server

    Barskar, Raju; Bharti, Jyoti; Ahmed, Gulfishan Firdose

    2010-01-01

    E-Commerce offers the banking industry great opportunity, but also creates a set of new risks and vulnerability such as security threats. Information security, therefore, is an essential management and technical requirement for any efficient and effective Payment transaction activities over the internet. Still, its definition is a complex endeavor due to the constant technological and business change and requires a coordinated match of algorithm and technical solutions. Ecommerce is not appropriate to all business transactions and, within e-commerce there is no one technology that can or should be appropriate to all requirements. E-commerce is not a new phenomenon; electronic markets, electronic data interchange and customer e-commerce. The use of electronic data interchanges as a universal and non-proprietary way of doing business. Through the electronic transaction the security is the most important phenomena to enhance the banking transaction security via payment transaction.

  2. Security Events and Vulnerability Data for Cybersecurity Risk Estimation.

    Science.gov (United States)

    Allodi, Luca; Massacci, Fabio

    2017-08-01

    Current industry standards for estimating cybersecurity risk are based on qualitative risk matrices as opposed to quantitative risk estimates. In contrast, risk assessment in most other industry sectors aims at deriving quantitative risk estimations (e.g., Basel II in Finance). This article presents a model and methodology to leverage on the large amount of data available from the IT infrastructure of an organization's security operation center to quantitatively estimate the probability of attack. Our methodology specifically addresses untargeted attacks delivered by automatic tools that make up the vast majority of attacks in the wild against users and organizations. We consider two-stage attacks whereby the attacker first breaches an Internet-facing system, and then escalates the attack to internal systems by exploiting local vulnerabilities in the target. Our methodology factors in the power of the attacker as the number of "weaponized" vulnerabilities he/she can exploit, and can be adjusted to match the risk appetite of the organization. We illustrate our methodology by using data from a large financial institution, and discuss the significant mismatch between traditional qualitative risk assessments and our quantitative approach. © 2017 Society for Risk Analysis.

  3. The research of network database security technology based on web service

    Science.gov (United States)

    Meng, Fanxing; Wen, Xiumei; Gao, Liting; Pang, Hui; Wang, Qinglin

    2013-03-01

    Database technology is one of the most widely applied computer technologies, its security is becoming more and more important. This paper introduced the database security, network database security level, studies the security technology of the network database, analyzes emphatically sub-key encryption algorithm, applies this algorithm into the campus-one-card system successfully. The realization process of the encryption algorithm is discussed, this method is widely used as reference in many fields, particularly in management information system security and e-commerce.

  4. Security risks in nuclear waste management: Exceptionalism, opaqueness and vulnerability.

    Science.gov (United States)

    Vander Beken, Tom; Dorn, Nicholas; Van Daele, Stijn

    2010-01-01

    This paper analyses some potential security risks, concerning terrorism or more mundane forms of crime, such as fraud, in management of nuclear waste using a PEST scan (of political, economic, social and technical issues) and some insights of criminologists on crime prevention. Nuclear waste arises as spent fuel from ongoing energy generation or other nuclear operations, operational contamination or emissions, and decommissioning of obsolescent facilities. In international and EU political contexts, nuclear waste management is a sensitive issue, regulated specifically as part of the nuclear industry as well as in terms of hazardous waste policies. The industry involves state, commercial and mixed public-private bodies. The social and cultural dimensions--risk, uncertainty, and future generations--resonate more deeply here than in any other aspect of waste management. The paper argues that certain tendencies in regulation of the industry, claimed to be justified on security grounds, are decreasing transparency and veracity of reporting, opening up invisible spaces for management frauds, and in doing allowing a culture of impunity in which more serious criminal or terrorist risks could arise. What is needed is analysis of this 'exceptional' industry in terms of the normal cannons of risk assessment - a task that this paper begins.

  5. Based on combination of L2TP and IPSec VPN security technology research

    Directory of Open Access Journals (Sweden)

    Ya-qin Fan

    2012-01-01

    Full Text Available This report is written to provide a method of building secure VPN by combination of L2TP and IPSec in order to meet the requirements of secure transmission of data and improve the VPN security technology. It remedies the secured short comes of L2TP Tunneling Protocol Tunneling Protocol and IPSec security. Simulation and analysis show that the construction method can improve the security of data transmission, and the simulation results of VPN is valuable for security professionals to refer.

  6. 48 CFR 652.239-70 - Information Technology Security Plan and Accreditation.

    Science.gov (United States)

    2010-10-01

    ... 48 Federal Acquisition Regulations System 4 2010-10-01 2010-10-01 false Information Technology... Clauses 652.239-70 Information Technology Security Plan and Accreditation. As prescribed in 639.107-70(a), insert the following provision: Information Technology Security Plan and Accreditation (SEP 2007)...

  7. 14 CFR 1274.937 - Security requirements for unclassified information technology resources.

    Science.gov (United States)

    2010-01-01

    ... information technology resources. 1274.937 Section 1274.937 Aeronautics and Space NATIONAL AERONAUTICS AND... Conditions § 1274.937 Security requirements for unclassified information technology resources. Security Requirements for Unclassified Information Technology Resources July 2002 (a) The Recipient shall be...

  8. 48 CFR 1252.239-71 - Information technology security plan and accreditation.

    Science.gov (United States)

    2010-10-01

    ... 48 Federal Acquisition Regulations System 5 2010-10-01 2010-10-01 false Information technology... Provisions and Clauses 1252.239-71 Information technology security plan and accreditation. As prescribed in (TAR) 48 CFR 1239.70, insert the following provision: Information Technology Security Plan...

  9. Review of Enabling Technologies to Facilitate Secure Compute Customization

    Energy Technology Data Exchange (ETDEWEB)

    Aderholdt, Ferrol [Tennessee Technological University; Caldwell, Blake A [ORNL; Hicks, Susan Elaine [ORNL; Koch, Scott M [ORNL; Naughton, III, Thomas J [ORNL; Pelfrey, Daniel S [ORNL; Pogge, James R [Tennessee Technological University; Scott, Stephen L [Tennessee Technological University; Shipman, Galen M [ORNL; Sorrillo, Lawrence [ORNL

    2014-12-01

    High performance computing environments are often used for a wide variety of workloads ranging from simulation, data transformation and analysis, and complex workflows to name just a few. These systems may process data for a variety of users, often requiring strong separation between job allocations. There are many challenges to establishing these secure enclaves within the shared infrastructure of high-performance computing (HPC) environments. The isolation mechanisms in the system software are the basic building blocks for enabling secure compute enclaves. There are a variety of approaches and the focus of this report is to review the different virtualization technologies that facilitate the creation of secure compute enclaves. The report reviews current operating system (OS) protection mechanisms and modern virtualization technologies to better understand the performance/isolation properties. We also examine the feasibility of running ``virtualized'' computing resources as non-privileged users, and providing controlled administrative permissions for standard users running within a virtualized context. Our examination includes technologies such as Linux containers (LXC [32], Docker [15]) and full virtualization (KVM [26], Xen [5]). We categorize these different approaches to virtualization into two broad groups: OS-level virtualization and system-level virtualization. The OS-level virtualization uses containers to allow a single OS kernel to be partitioned to create Virtual Environments (VE), e.g., LXC. The resources within the host's kernel are only virtualized in the sense of separate namespaces. In contrast, system-level virtualization uses hypervisors to manage multiple OS kernels and virtualize the physical resources (hardware) to create Virtual Machines (VM), e.g., Xen, KVM. This terminology of VE and VM, detailed in Section 2, is used throughout the report to distinguish between the two different approaches to providing virtualized execution

  10. Risk Management in Biologics Technology Transfer.

    Science.gov (United States)

    Toso, Robert; Tsang, Jonathan; Xie, Jasmina; Hohwald, Stephen; Bain, David; Willison-Parry, Derek

    Technology transfer of biological products is a complex process that is important for product commercialization. To achieve a successful technology transfer, the risks that arise from changes throughout the project must be managed. Iterative risk analysis and mitigation tools can be used to both evaluate and reduce risk. The technology transfer stage gate model is used as an example tool to help manage risks derived from both designed process change and unplanned changes that arise due to unforeseen circumstances. The strategy of risk assessment for a change can be tailored to the type of change. In addition, a cross-functional team and centralized documentation helps maximize risk management efficiency to achieve a successful technology transfer. © PDA, Inc. 2016.

  11. Cloud computing technology framework and reducing risks

    OpenAIRE

    Akrir, Khaled Ali Ahmed

    2015-01-01

    The thesis investigates, in a qualitative way, the vectors that contribute to cloud computing risks in the areas of security, business, and compliance. The focus of this research is on the identification of risk vectors that affect cloud computing and the creation of a framework that can help IT managers in their cloud adoption process. Economic pressures on businesses are creating a demand for an alternative delivery of the model that can provide flexible payments, dramatic cuts in capital i...

  12. How to use security risk assessments to manage risks, prevent violence and deal with new threats.

    Science.gov (United States)

    Ramsey-Hamilton, Caroline

    2015-01-01

    With a growing number of healthcare security requirements from states as well as regulators like FEMA, CMS, and DHS, the need to conduct comprehensive Security Risk Assessments has become essential, according to the author. In this article, she provides the basic elements of such assessments as well as guidance on how to apply them to a facility report and how to present the report to management.

  13. Terrorism risks and cost-benefit analysis of aviation security.

    Science.gov (United States)

    Stewart, Mark G; Mueller, John

    2013-05-01

    We evaluate, for the U.S. case, the costs and benefits of three security measures designed to reduce the likelihood of a direct replication of the 9/11 terrorist attacks. To do so, we assess risk reduction, losses, and security costs in the context of the full set of security layers. The three measures evaluated are installed physical secondary barriers (IPSB) to restrict access to the hardened cockpit door during door transitions, the Federal Air Marshal Service (FAMS), and the Federal Flight Deck Officer (FFDO) Program. In the process, we examine an alternate policy measure: doubling the budget of the FFDO program to $44 million per year, installing IPSBs in all U.S. aircraft at a cost of $13.5 million per year, and reducing funding for FAMS by 75% to $300 million per year. A break-even cost-benefit analysis then finds the minimum probability of an otherwise successful attack required for the benefit of each security measures to equal its cost. We find that the IPSB is costeffective if the annual attack probability of an otherwise successful attack exceeds 0.5% or one attack every 200 years. The FFDO program is costeffective if the annual attack probability exceeds 2%. On the other hand, more than two otherwise successful attacks per year are required for FAMS to be costeffective. A policy that includes IPSBs, an increased budget for FFDOs, and a reduced budget for FAMS may be a viable policy alternative, potentially saving hundreds of millions of dollars per year with consequences for security that are, at most, negligible.

  14. Intelligent Facial Recognition Systems: Technology advancements for security applications

    Energy Technology Data Exchange (ETDEWEB)

    Beer, C.L.

    1993-07-01

    Insider problems such as theft and sabotage can occur within the security and surveillance realm of operations when unauthorized people obtain access to sensitive areas. A possible solution to these problems is a means to identify individuals (not just credentials or badges) in a given sensitive area and provide full time personnel accountability. One approach desirable at Department of Energy facilities for access control and/or personnel identification is an Intelligent Facial Recognition System (IFRS) that is non-invasive to personnel. Automatic facial recognition does not require the active participation of the enrolled subjects, unlike most other biological measurement (biometric) systems (e.g., fingerprint, hand geometry, or eye retinal scan systems). It is this feature that makes an IFRS attractive for applications other than access control such as emergency evacuation verification, screening, and personnel tracking. This paper discusses current technology that shows promising results for DOE and other security applications. A survey of research and development in facial recognition identified several companies and universities that were interested and/or involved in the area. A few advanced prototype systems were also identified. Sandia National Laboratories is currently evaluating facial recognition systems that are in the advanced prototype stage. The initial application for the evaluation is access control in a controlled environment with a constant background and with cooperative subjects. Further evaluations will be conducted in a less controlled environment, which may include a cluttered background and subjects that are not looking towards the camera. The outcome of the evaluations will help identify areas of facial recognition systems that need further development and will help to determine the effectiveness of the current systems for security applications.

  15. Risk management in methodologies of information technology and communications projects

    Directory of Open Access Journals (Sweden)

    Jonathan Carrillo

    2013-12-01

    Full Text Available (Received: 2013/10/02 - Accepted: 2013/12/13At present there are methodologies that have several alternatives and methods to manage projects of Information and Communication Technologies. However, these do not cover a solution for the technology events that can occur in the industry, government, education, among others. In the technology market there are several models to identify and analyze risks according to relevant aspects of their area of specialty e.g. projects, in software development, communications, information security and business alignment. For this reason, this research conducted an evaluation of risk management activities of the methodologies used mostly to know which of them includes more correspondence with basic elements of IT using a rating scale.

  16. Countries at Risk: Heightened Human Security Risk to States With Transboundary Water Resources and Instability

    Science.gov (United States)

    Veilleux, J. C.; Sullivan, G. S.; Paola, C.; Starget, A.; Watson, J. E.; Hwang, Y. J.; Picucci, J. A.; Choi, C. S.

    2014-12-01

    The Countries at Risk project is a global assessment of countries with transboundary water resources that are at risk for conflict because of high human security instability. Building upon Basins at Risk (BAR) research, our team used updated Transboundary Freshwater Dispute Database georeferenced social and environmental data, quantitative data from global indices, and qualitative data from news media sources. Our assessment considered a combination of analyzing 15 global indices related to water or human security to identify which countries scored as highest risk in each index. From this information, we were able to assess the highest risk countries' human security risk by using a new human security measurement tool, as well as comparing this analysis to the World Bank's Fragile States Index and the experimental Human Security Index. In addition, we identified which countries have the highest number of shared basins, the highest percentage of territory covered by a transboundary basin, and the highest dependency of withdrawal from transboundary waters from outside their country boundaries. By synthesizing these social and environmental data assessments, we identified five countries to analyze as case studies. These five countries are Afghanistan, China, Iraq, Moldova, and Sudan. We created a series of 30 maps to spatial analyze the relationship between the transboundary basins and social and environmental parameters to include population, institutional capacity, and physical geography by country. Finally, we synthesized our spatial analysis, Human Security Key scores, and current events scored by using the BAR scale to determine what aspects and which basins are most at risk with each country in our case studies and how this concerns future global water resources.

  17. Augmenting Space Technology Program Management with Secure Cloud & Mobile Services

    Science.gov (United States)

    Hodson, Robert F.; Munk, Christopher; Helble, Adelle; Press, Martin T.; George, Cory; Johnson, David

    2017-01-01

    The National Aeronautics and Space Administration (NASA) Game Changing Development (GCD) program manages technology projects across all NASA centers and reports to NASA headquarters regularly on progress. Program stakeholders expect an up-to-date, accurate status and often have questions about the program's portfolio that requires a timely response. Historically, reporting, data collection, and analysis were done with manual processes that were inefficient and prone to error. To address these issues, GCD set out to develop a new business automation solution. In doing this, the program wanted to leverage the latest information technology platforms and decided to utilize traditional systems along with new cloud-based web services and gaming technology for a novel and interactive user environment. The team also set out to develop a mobile solution for anytime information access. This paper discusses a solution to these challenging goals and how the GCD team succeeded in developing and deploying such a system. The architecture and approach taken has proven to be effective and robust and can serve as a model for others looking to develop secure interactive mobile business solutions for government or enterprise business automation.

  18. Privacy and Security within Biobanking: The Role of Information Technology.

    Science.gov (United States)

    Heatherly, Raymond

    2016-03-01

    Along with technical issues, biobanking frequently raises important privacy and security issues that must be resolved as biobanks continue to grow in scale and scope. Consent mechanisms currently in use range from fine-grained to very broad, and in some cases participants are offered very few privacy protections. However, developments in information technology are bringing improvements. New programs and systems are being developed to allow researchers to conduct analyses without distributing the data itself offsite, either by allowing the investigator to communicate with a central computer, or by having each site participate in meta-analysis that results in a shared statistic or final significance result. The implementation of security protocols into the research biobanking setting requires three key elements: authentication, authorization, and auditing. Authentication is the process of making sure individuals are who they claim to be, frequently through the use of a password, a key fob, or a physical (i.e., retinal or fingerprint) scan. Authorization involves ensuring that every individual who attempts an action has permission to do that action. Finally, auditing allows for actions to be logged so that inappropriate or unethical actions can later be traced back to their source.

  19. Advanced Technologies for Intelligent Systems of National Border Security

    CERN Document Server

    Simek, Krzysztof; Świerniak, Andrzej

    2013-01-01

    One of the world’s leading problems in the field of national security is protection of borders and borderlands. This book addresses multiple issues on advanced innovative methods of multi-level control of both ground (UGVs) and aerial drones (UAVs). Those objects combined with innovative algorithms become autonomous objects capable of patrolling chosen borderland areas by themselves and automatically inform the operator of the system about potential place of detection of a specific incident. This is achieved by using sophisticated methods of generation of non-collision trajectory for those types of objects and enabling automatic integration of both ground and aerial unmanned vehicles. The topics included in this book also cover presentation of complete information and communication technology (ICT) systems capable of control, observation and detection of various types of incidents and threats. This book is a valuable source of information for constructors and developers of such solutions for uniformed servi...

  20. A tracking technology for security personnel and first responders

    Science.gov (United States)

    Womble, Phillip; Barzilov, Alexander; Paschal, Jon; Hopper, Lindsay; Music, Abe; Morgan, Timothy; Moore, Ryan; Pinson, Dudley; Schultz, Frederick; Maston, Michael J.; Kowalik, Robert

    2005-05-01

    Northwest Nuclear, LLC (NWN), the Applied Physics Institute (API) at Western Kentucky University, and Crisis Prep Services, LLC (CPS) have developed a tracking technology for first responders and security personnel based upon the AeroScout system (a product of AeroScout, Inc.) and technologies developed independently by NWN, API, and CPS. These systems provide location information using 802.11XXX architecture by measuring the time of arrival of packets from a set of active radio frequency (RF) tags to a set of location receivers. The system can track and graphically display the location on maps, drawings, floor plans or photographs of tagged items on any 802.11-compliant devices (PDAs, laptops, computers, WiFi telephones) situated both outside and inside structures. This location information would be vital for tracking the location of first responders, security, and other emergency personnel during rescue operations; particularly, under adverse conditions (e.g., fires). NWN, API, and CPS have been improving the precision of the location measurement to an uncertainty of 20 cm or 8 inches (under certain conditions) and also developing algorithms to increase the accuracy. NWN and API personnel have developed: 1) special tags which indicate tampering or sudden movement and transmit briefly under these conditions, and 2) permanent and portable systems which can be deployed rapidly. Additional software created by Crisis Prep Services, LLC allows response force personnel to be tracked and located inside a building in real time as well as use the software and tags as a training and rehersal system. The location of each person is depicted on a drawing of the building and is displayed on a laptop computer or any other browser capable device.

  1. National Security Science and Technology Initiative: Air Cargo Screening

    Energy Technology Data Exchange (ETDEWEB)

    Bingham, Philip R [ORNL; White, Tim [Pacific Northwest National Laboratory (PNNL); Cespedes, Ernesto [Idaho National Laboratory (INL); Bowerman, Biays [Brookhaven National Laboratory (BNL); Bush, John [Battelle

    2010-11-01

    The non-intrusive inspection (NII) of consolidated air cargo carried on commercial passenger aircraft continues to be a technically challenging, high-priority requirement of the Department of Homeland Security's Science and Technology Directorate (DHS S&T), the Transportation Security Agency and the Federal Aviation Administration. The goal of deploying a screening system that can reliably and cost-effectively detect explosive threats in consolidated cargo without adversely affecting the flow of commerce will require significant technical advances that will take years to develop. To address this critical National Security need, the Battelle Memorial Institute (Battelle), under a Cooperative Research and Development Agreement (CRADA) with four of its associated US Department of Energy (DOE) National Laboratories (Oak Ridge, Pacific Northwest, Idaho, and Brookhaven), conducted a research and development initiative focused on identifying, evaluating, and integrating technologies for screening consolidated air cargo for the presence of explosive threats. Battelle invested $8.5M of internal research and development funds during fiscal years 2007 through 2009. The primary results of this effort are described in this document and can be summarized as follows: (1) Completed a gap analysis that identified threat signatures and observables, candidate technologies for detection, their current state of development, and provided recommendations for improvements to meet air cargo screening requirements. (2) Defined a Commodity/Threat/Detection matrix that focuses modeling and experimental efforts, identifies technology gaps and game-changing opportunities, and provides a means of summarizing current and emerging capabilities. (3) Defined key properties (e.g., elemental composition, average density, effective atomic weight) for basic commodity and explosive benchmarks, developed virtual models of the physical distributions (pallets) of three commodity types and three

  2. National Security Science and Technology Initiative: Air Cargo Screening

    Energy Technology Data Exchange (ETDEWEB)

    Bingham, Philip R [ORNL; White, Tim [Pacific Northwest National Laboratory (PNNL); Cespedes, Ernesto [Idaho National Laboratory (INL); Bowerman, Biays [Brookhaven National Laboratory (BNL); Bush, John [Battelle

    2010-11-01

    The non-intrusive inspection (NII) of consolidated air cargo carried on commercial passenger aircraft continues to be a technically challenging, high-priority requirement of the Department of Homeland Security's Science and Technology Directorate (DHS S&T), the Transportation Security Agency and the Federal Aviation Administration. The goal of deploying a screening system that can reliably and cost-effectively detect explosive threats in consolidated cargo without adversely affecting the flow of commerce will require significant technical advances that will take years to develop. To address this critical National Security need, the Battelle Memorial Institute (Battelle), under a Cooperative Research and Development Agreement (CRADA) with four of its associated US Department of Energy (DOE) National Laboratories (Oak Ridge, Pacific Northwest, Idaho, and Brookhaven), conducted a research and development initiative focused on identifying, evaluating, and integrating technologies for screening consolidated air cargo for the presence of explosive threats. Battelle invested $8.5M of internal research and development funds during fiscal years 2007 through 2009. The primary results of this effort are described in this document and can be summarized as follows: (1) Completed a gap analysis that identified threat signatures and observables, candidate technologies for detection, their current state of development, and provided recommendations for improvements to meet air cargo screening requirements. (2) Defined a Commodity/Threat/Detection matrix that focuses modeling and experimental efforts, identifies technology gaps and game-changing opportunities, and provides a means of summarizing current and emerging capabilities. (3) Defined key properties (e.g., elemental composition, average density, effective atomic weight) for basic commodity and explosive benchmarks, developed virtual models of the physical distributions (pallets) of three commodity types and three

  3. HIPAA and information security risk: implementing an enterprise-wide risk management strategy

    Science.gov (United States)

    Alberts, Christopher J.; Dorofee, Audrey

    2001-08-01

    The Health Insurance Portability and Accountability Act (HIPAA) of 1996 effectively establishes a standard of due care for healthcare information security. One of the challenges of implementing policies, procedures, and practices consistent with HIPAA requirements in the Department of Defense Military Health System is the need for a method that can tailor the requirements to a variety of organizational contexts. This paper will describe a self- directed information security risk evaluation that will enable military healthcare providers to assess their risks and to develop mitigation strategies consistent with HIPAA guidelines.

  4. Information Technology Security Professionals' Knowledge and Use Intention Based on UTAUT Model

    Science.gov (United States)

    Kassa, Woldeloul

    2016-01-01

    Information technology (IT) security threats and vulnerabilities have become a major concern for organizations in the United States. However, there has been little research on assessing the effect of IT security professionals' knowledge on the use of IT security controls. This study examined the unified theory of acceptance and use of technology…

  5. Information Technology Security Professionals' Knowledge and Use Intention Based on UTAUT Model

    Science.gov (United States)

    Kassa, Woldeloul

    2016-01-01

    Information technology (IT) security threats and vulnerabilities have become a major concern for organizations in the United States. However, there has been little research on assessing the effect of IT security professionals' knowledge on the use of IT security controls. This study examined the unified theory of acceptance and use of technology…

  6. 军队医院网络安全风险与控制%Security Risk Analysis of Military Hospital Network Security and Practice on Security Operation

    Institute of Scientific and Technical Information of China (English)

    杨俊; 刘敏超

    2015-01-01

    Hospital network is a carrier of hospital information system. Building network security has the proper meaning of military hospital informatization. By analyzing the complexity and security risk of military hospital network, we summarized the network security operation scheme including physical isolation, physical security, access security, internet security, authorization and terminal security in practice.%医院网络是医院信息系统的载体,构建安全网络是军队医院信息化的题中之义。通过分析军队医院网络复杂性及其安全风险,总结我院构建网络隔离、物理安全、接入安全、互联安全、权限管理和终端安全的网络安全运维实践方案。

  7. 48 CFR 1804.470 - Security requirements for unclassified information technology (IT) resources.

    Science.gov (United States)

    2010-10-01

    ... unclassified information technology (IT) resources. 1804.470 Section 1804.470 Federal Acquisition Regulations... Classified Information Within Industry 1804.470 Security requirements for unclassified information technology (IT) resources....

  8. Intelligence-Led Risk Management for Homeland Security: A Collaborative Approach for a Common Goal

    Science.gov (United States)

    2011-12-01

    and how they will be disseminated. The intelligence analysis/production step and risk analysis/production step represent a codependent ...NEED FOR COLLABORATION IN RISK MANAGEMENT Risk management and intelligence within the homeland security context share a codependent relationship

  9. Science and Technology Resources on the Internet: Computer Security.

    Science.gov (United States)

    Kinkus, Jane F.

    2002-01-01

    Discusses issues related to computer security, including confidentiality, integrity, and authentication or availability; and presents a selected list of Web sites that cover the basic issues of computer security under subject headings that include ethics, privacy, kids, antivirus, policies, cryptography, operating system security, and biometrics.…

  10. Public Procurement of Security Technology : A multiple case study of Swedish municipalities and regions

    OpenAIRE

    Rolandsson, Rasmus

    2016-01-01

    Municipalities and regions in Sweden have an increasing need to purchase security technology to secure their properties and their operations. However this procurement process is strictly regulated by the Swedish procurement act (“Lagen om Offentlig Upphandling”, LoU), leading to a similar procurement process. However no academic studies have been done on the procurement of security technology in local authorities.This thesis explores and maps this process and the important aspects which affec...

  11. RiskREP: Risk-Based Security Requirements Elicitation and Prioritization

    NARCIS (Netherlands)

    Herrmann, Andrea; Morali, A.; Etalle, Sandro; Wieringa, Roelf J.; Niedrite, Laila; Strazdina, Renate; Wangler, Benkt

    2011-01-01

    Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement “good-enough security‿ but need to be able to justify their security investment plans. In this paper, we present a Risk-Based

  12. Respect for autonomy and technological risks

    NARCIS (Netherlands)

    Asveld, L.

    2008-01-01

    Technological developments can undermine the autonomy of the individual. Autonomy is one's ability to make and act upon decisions according to one's own moral framework. Respect for autonomy dictates that risks should not be imposed on the individual without her consent. Technological developments c

  13. Respect for autonomy and technological risks

    NARCIS (Netherlands)

    Asveld, L.

    2008-01-01

    Technological developments can undermine the autonomy of the individual. Autonomy is one's ability to make and act upon decisions according to one's own moral framework. Respect for autonomy dictates that risks should not be imposed on the individual without her consent. Technological developments c

  14. Review of Enabling Technologies to Facilitate Secure Compute Customization

    Energy Technology Data Exchange (ETDEWEB)

    Aderholdt, Ferrol [Tennessee Technological University; Caldwell, Blake A [ORNL; Hicks, Susan Elaine [ORNL; Koch, Scott M [ORNL; Naughton, III, Thomas J [ORNL; Pelfrey, Daniel S [ORNL; Pogge, James R [Tennessee Technological University; Scott, Stephen L [Tennessee Technological University; Shipman, Galen M [ORNL; Sorrillo, Lawrence [ORNL

    2014-12-01

    High performance computing environments are often used for a wide variety of workloads ranging from simulation, data transformation and analysis, and complex workflows to name just a few. These systems may process data for a variety of users, often requiring strong separation between job allocations. There are many challenges to establishing these secure enclaves within the shared infrastructure of high-performance computing (HPC) environments. The isolation mechanisms in the system software are the basic building blocks for enabling secure compute enclaves. There are a variety of approaches and the focus of this report is to review the different virtualization technologies that facilitate the creation of secure compute enclaves. The report reviews current operating system (OS) protection mechanisms and modern virtualization technologies to better understand the performance/isolation properties. We also examine the feasibility of running ``virtualized'' computing resources as non-privileged users, and providing controlled administrative permissions for standard users running within a virtualized context. Our examination includes technologies such as Linux containers (LXC [32], Docker [15]) and full virtualization (KVM [26], Xen [5]). We categorize these different approaches to virtualization into two broad groups: OS-level virtualization and system-level virtualization. The OS-level virtualization uses containers to allow a single OS kernel to be partitioned to create Virtual Environments (VE), e.g., LXC. The resources within the host's kernel are only virtualized in the sense of separate namespaces. In contrast, system-level virtualization uses hypervisors to manage multiple OS kernels and virtualize the physical resources (hardware) to create Virtual Machines (VM), e.g., Xen, KVM. This terminology of VE and VM, detailed in Section 2, is used throughout the report to distinguish between the two different approaches to providing virtualized execution

  15. Spent Nuclear Fuel Alternative Technology Risk Assessment

    Energy Technology Data Exchange (ETDEWEB)

    Perella, V.F.

    1999-11-29

    A Research Reactor Spent Nuclear Fuel Task Team (RRTT) was chartered by the Department of Energy (DOE) Office of Spent Fuel Management with the responsibility to recommend a course of action leading to a final technology selection for the interim management and ultimate disposition of the foreign and domestic aluminum-based research reactor spent nuclear fuel (SNF) under DOE''s jurisdiction. The RRTT evaluated eleven potential SNF management technologies and recommended that two technologies, direct co-disposal and an isotopic dilution alternative, either press and dilute or melt and dilute, be developed in parallel. Based upon that recommendation, the Westinghouse Savannah River Company (WSRC) organized the SNF Alternative Technology Program to further develop the direct co-disposal and melt and dilute technologies and provide a WSRC recommendation to DOE for a preferred SNF alternative management technology. A technology risk assessment was conducted as a first step in this recommendation process to determine if either, or both, of the technologies posed significant risks that would make them unsuitable for further development. This report provides the results of that technology risk assessment.

  16. Risks and threats of tax state security and methods of their neutralization

    Directory of Open Access Journals (Sweden)

    Y.V. Lebedzevych

    2016-12-01

    Full Text Available The article substantiates the relevance of the study to ensure security of the state tax. Scientists studied different approaches to defining the essence of the concept of "security tax" on the key features that would satisfy the interests of all subjects of tax relations and the necessity of legal consolidation of this concept. Analyzed the economic, social and legal nature of the existence of the security tax, identified key indicators of fiscal security of Ukraine. To determine the effectiveness of the tax administration in the interests of the tax security highlights the main threats, tax security risks caused by external and internal factors, and propose measures for their elimination and prevent the possibility of their occurrence. The stages of tax risk management with effective building security tax, designed structurally-logic of the tax risk management security.

  17. A cooperative model for IS security risk management in distributed environment.

    Science.gov (United States)

    Feng, Nan; Zheng, Chundong

    2014-01-01

    Given the increasing cooperation between organizations, the flexible exchange of security information across the allied organizations is critical to effectively manage information systems (IS) security in a distributed environment. In this paper, we develop a cooperative model for IS security risk management in a distributed environment. In the proposed model, the exchange of security information among the interconnected IS under distributed environment is supported by Bayesian networks (BNs). In addition, for an organization's IS, a BN is utilized to represent its security environment and dynamically predict its security risk level, by which the security manager can select an optimal action to safeguard the firm's information resources. The actual case studied illustrates the cooperative model presented in this paper and how it can be exploited to manage the distributed IS security risk effectively.

  18. Risks - in technology, society and the mind

    Energy Technology Data Exchange (ETDEWEB)

    Nielsen, T.H. [Oslo Univ. (Norway)

    1996-12-31

    Modern risks are neither determined by scientific-technological factors alone, nor mere social construction, nor arbitrary subjective perception. The three sources of risk have been described and emphasised recently by the three sociologists Ulrich Beck, Anthony Giddens and Niklas Luhmann respectively. A comprehensive concept of risk capable of explaining the public perception and avoiding misunderstandings between safety experts and lay people must, however, consider and combine elements from all three. (author).

  19. Evaluating Damage Potential in Security Risk Scoring Models

    Directory of Open Access Journals (Sweden)

    Eli Weintraub

    2016-05-01

    Full Text Available A Continuous Monitoring System (CMS model is presented, having new improved capabilities. The system is based on the actual real-time configuration of the system. Existing risk scoring models assume damage potential is estimated by systems' owner, thus rejecting the information relying in the technological configuration. The assumption underlying this research is based on users' ability to estimate business impacts relating to systems' external interfaces which they use regularly in their business activities, but are unable to assess business impacts relating to internal technological components. According to the proposed model systems' damage potential is calculated using technical information on systems' components using a directed graph. The graph is incorporated into the Common Vulnerability Scoring Systems' (CVSS algorithm to produce risk scoring measures. Framework presentation includes system design, damage potential scoring algorithm design and an illustration of scoring computations.

  20. Health risks in perspective: Judging health risks of energy technologies

    Energy Technology Data Exchange (ETDEWEB)

    Rowe, M.D.

    1992-09-18

    Almost daily, Americans receive reports from the mass news media about some new and frightening risk to health and welfare. Most such reports emphasize the newsworthiness of the risks -- the possibility of a crisis, disagreements among experts, how things happened, who is responsible for fixing them, how much will it cost, conflict among parties involved, etc. As a rule, the magnitudes of the risks, or the difficulty of estimating those magnitudes, have limited newsworthiness, and so they are not mentioned. Because of this emphasis in the news media, most people outside the risk assessment community must judge the relative significance of the various risks to which we all are exposed with only that information deemed newsworthy by reporters. This information is biased and shows risks in isolation. There is no basis for understanding and comparing the relative importance of risks among themselves, or for comparing one risk, perhaps a new or newly-discovered one, in the field of all risks. The purpose of this report is to provide perspective on the various risks to which we are routinely exposed. It serves as a basis for understanding the meaning of quantitative risk estimates and for comparing new or newly-discovered risks with other, better-understood risks. Specific emphasis is placed on health risks of energy technologies.

  1. A Dual Perspective on Risks and Security Within Research Assistantships

    Directory of Open Access Journals (Sweden)

    Johannes Petrus Rossouw

    2013-01-01

    Full Text Available Although research assistantships are considered research learning venues in graduate education, there is a scarcity of literature that examines ethical elements attached to the employment of graduate student research assistants or the position of their research supervisors. This article explores the need to implement formal regulations specific to research assistantships in order to increase security and decrease risks for research assistants and research supervisors. Relationships between research assistants and research supervisors have some similarities with regular employment relationships; yet some distinct differences arise due to the educational and developmental nature of research assistantships. The article is written from a dual perspective reflecting the authors’ roles (a research supervisor and a research assistant, respectively and institutional locations (Faculties of Education in South Africa and Canada. The authors draw from existing literature, an analysis of institutional policies and practices at their universities, and their personal and professional experiences to illustrate risks that research assistants and their supervisors may face within research assistantships. They assess the extent to which existing and proposed policies and practices influence working conditions and safeguard experiences within graduate research assistantships. The findings reveal that research assistantships are a unique form of employment focused on educational and professional development that requires specific documentation of expected standards of practice. The authors argue that lack of clear regulations exposes both parties to unnecessary risks and offer recommendations for creating a “Standards of Good Practice” document that will be useful for individuals engaged in research assistantships.

  2. Computer Network Security Protection Technology Analysis%计算机网络安全防护技术探析

    Institute of Scientific and Technical Information of China (English)

    宋朋鸽

    2015-01-01

    本文以计算机网络安全隐患以及网络安全特点作为出发点,分析了影响计算机网络安全的主要因素,并从加密技术、入侵检测技术、病毒防范技术等方面探讨了优化计算机网络安全保护途径,以期为构建计算机网络安全防护体系提供参考。%This article to computer network security risks and characteristics of network security as the starting point, analyzes the main factors that affect computer network security, and explore optimization of computer network security protection by encryp-tion technology, intrusion detection technology, virus protection technology. This paper hopes to provide reference for construction of computer network security protection system.

  3. 78 FR 56263 - HydroGen Corp., QueryObject Systems Corp., Security Intelligence Technologies, Inc., Skins, Inc...

    Science.gov (United States)

    2013-09-12

    ... From the Federal Register Online via the Government Publishing Office SECURITIES AND EXCHANGE COMMISSION HydroGen Corp., QueryObject Systems Corp., Security Intelligence Technologies, Inc., Skins, Inc... and accurate information concerning the securities of Security Intelligence Technologies, Inc. because...

  4. Development of a security system for assisted reproductive technology (ART).

    Science.gov (United States)

    Hur, Yong Soo; Ryu, Eun Kyung; Park, Sung Jin; Yoon, Jeong; Yoon, San Hyun; Yang, Gi Deok; Hur, Chang Young; Lee, Won Don; Lim, Jin Ho

    2015-01-01

    In the field of assisted reproductive technology (ART), medical accidents can result in serious legal and social consequences. This study was conducted to develop a security system (called IVF-guardian; IG) that could prevent mismatching or mix-ups in ART. A software program was developed in collaboration with outside computer programmers. A quick response (QR) code was used to identify the patients, gametes and embryos in a format that was printed on a label. There was a possibility that embryo development could be affected by volatile organic components (VOC) in the printing material and adhesive material in the label paper. Further, LED light was used as the light source to recognize the QR code. Using mouse embryos, the effects of the label paper and LED light were examined. The stability of IG was assessed when applied in clinical practice after developing the system. A total of 104 cycles formed the study group, and 82 cycles (from patients who did not want to use IG because of safety concerns and lack of confidence in the security system) to which IG was not applied comprised the control group. Many of the label paper samples were toxic to mouse embryo development. We selected a particular label paper (P touch label) that did not affect mouse embryo development. The LED lights were non-toxic to the development of the mouse embryos under any experimental conditions. There were no differences in the clinical pregnancy rates between the IG-applied group and the control group (40/104 = 38.5 % and 30/82 = 36.6 %, respectively). The application of IG in clinical practice did not affect human embryo development or clinical outcomes. The use of IG reduces the misspelling of patient names. Using IG, there was a disadvantage in that each treatment step became more complicated, but the medical staff improved and became sufficiently confident in ART to offset this disadvantage. Patients who received treatment using the IG system also went through a somewhat

  5. The impact of medical technology on sense of security in the palliative home care setting.

    Science.gov (United States)

    Munck, Berit; Sandgren, Anna

    2017-03-02

    The increase in the use of medical devices in palliative home care requires that patients and next-of-kin feel secure. Therefore, the aim was to describe medical technology's impact on the sense of security for patients, next-of-kin and district nurses. Deductive content analysis was conducted on data from three previous studies, using the theoretical framework 'palliative home care as a secure base'. The use of medical technology was shown to have an impact on the sense of security for all involved. A sense of control was promoted by trust in staff and their competence in managing the technology, which was linked to continuity. Inner peace and being in comfort implied effective symptom relief facilitated by pain pumps and being relieved of responsibility. Health care professionals need to have practical knowledge about medical technology, but at the same time have an awareness of how to create and maintain a sense of security.

  6. INFORMATION SECURITY RISKS OPTIMIZATION IN CLOUDY SERVICES ON THE BASIS OF LINEAR PROGRAMMING

    Directory of Open Access Journals (Sweden)

    I. A. Zikratov

    2013-01-01

    Full Text Available The paper discusses theoretical aspects of secure cloud services creation for information processing of various confidentiality degrees. A new approach to the reasoning of information security composition in distributed computing structures is suggested, presenting the problem of risk assessment as an extreme problem of decisionmaking. Linear programming method application is proved to minimize the risk of information security for given performance security in compliance with the economic balance for the maintenance of security facilities and cost of services. An example is given to illustrate the obtained theoretical results.

  7. Soils and food security | Nortcliff | Nigerian Journal of Technological ...

    African Journals Online (AJOL)

    Soils and food security. ... Whilst all these threats are important of particular significance is the loss of soil through ... A threat impacting on food security strongly in Africa is nutrient mining where insufficient nutrients are returned to the soil after ...

  8. Security risk assessment of the primary layer of wavelength division multiplexing passive optical network

    Science.gov (United States)

    Koudelka, Petr; Siska, Petr; Latal, Jan; Poboril, Radek; Hajek, Lukas; Kepak, Stanislav; Vasinek, Vladimir

    2015-01-01

    Next-generation passive optical access networks come to the fore nowadays. These optical next-generation networks are the response to the increasing qualitative requirements from end users. Technologies using Time Division Multiplexing include NG-PON (XG-PON 1 and XG-PON 2) and 10GEPON. Their advantage is the applicability to older topologies, which are operated by the original technology of passive optical access networks. Wavelength Division Multiplexing Passive Optical Network (WDM-PON) is an alternative also belonging to next-generation networks. Time Division Multiplexing is in this case replaced by Wavelength Division Multiplexing. Certain variants of WDM-PON use a combination of broadband light source, optical circulator, optical phased array and tunable FP laser. Construction of the terminal units (ONU) is advantageous because it can always tune in to the appropriate wavelength in the given optical DWDM channel (100 GHz). The disadvantage is the increased security risk on the primary layer due to channel crosstalk in an optical phased array (AWG). The aim of this paper is to assess the degree of security risk in real conditions. The article includes both simulation and real measurements in C + L bands with 100 GHz DWDM spacing.

  9. Understanding the Adoption Process of National Security Technology: An Integration of Diffusion of Innovations and Volitional Behavior Theories.

    Science.gov (United States)

    Iles, Irina A; Egnoto, Michael J; Fisher Liu, Brooke; Ackerman, Gary; Roberts, Holly; Smith, Daniel

    2017-03-01

    After the 9/11 terrorist attacks, the U.S. government initiated several national security technology adoption programs. The American public, however, has been skeptical about these initiatives and adoption of national security technologies has been mandated, rather than voluntary. We propose and test a voluntary behavioral intention formation model for the adoption of one type of new security technology: portable radiation detectors. Portable radiation detectors are an efficient way of detecting radiological and nuclear threats and could potentially prevent loss of life and damage to individuals' health. However, their functioning requires that a critical mass of individuals use them on a daily basis. We combine the explanatory advantages of diffusion of innovation with the predictive power of two volitional behavior frameworks: the theory of reasoned action and the health belief model. A large sample survey (N = 1,482) investigated the influence of factors identified in previous diffusion of innovation research on portable radiation detector adoption intention. Results indicated that nonfinancial incentives, as opposed to financial incentives, should be emphasized in persuasive communications aimed at fostering adoption. The research provides a new integration of diffusion of innovation elements with determinants of volitional behavior from persuasion literature, and offers recommendations on effective communication about new security technologies to motivate public adoption and enhance national safety. © 2017 Society for Risk Analysis.

  10. Information security risk management for computerized health information systems in hospitals: a case study of Iran.

    Science.gov (United States)

    Zarei, Javad; Sadoughi, Farahnaz

    2016-01-01

    In recent years, hospitals in Iran - similar to those in other countries - have experienced growing use of computerized health information systems (CHISs), which play a significant role in the operations of hospitals. But, the major challenge of CHIS use is information security. This study attempts to evaluate CHIS information security risk management at hospitals of Iran. This applied study is a descriptive and cross-sectional research that has been conducted in 2015. The data were collected from 551 hospitals of Iran. Based on literature review, experts' opinion, and observations at five hospitals, our intensive questionnaire was designed to assess security risk management for CHISs at the concerned hospitals, which was then sent to all hospitals in Iran by the Ministry of Health. Sixty-nine percent of the studied hospitals pursue information security policies and procedures in conformity with Iran Hospitals Accreditation Standards. At some hospitals, risk identification, risk evaluation, and risk estimation, as well as risk treatment, are unstructured without any specified approach or methodology. There is no significant structured approach to risk management at the studied hospitals. Information security risk management is not followed by Iran's hospitals and their information security policies. This problem can cause a large number of challenges for their CHIS security in future. Therefore, Iran's Ministry of Health should develop practical policies to improve information security risk management in the hospitals of Iran.

  11. Risk management and security services interaction--a must in today's health care environment.

    Science.gov (United States)

    Stultz, M S

    1990-01-01

    The author shows why risk managers and security directors are natural partners in the effort of a hospital to reduce risks from such occurrences as baby kidnappings, serial killers, thefts, and rapes/sexual assaults.

  12. An Integrated Framework For Power And ICT System Risk-Based Security Assessment

    Directory of Open Access Journals (Sweden)

    Emanuele Ciapessoni*,

    2014-01-01

    Full Text Available Power system (PS is exposed to natural and man-related threats which may affect the security of power supply, depending on the vulnerabilities of the system to the threats themselves as well as on the pre-fault operating conditions. Threats regard not only the power components, but also the Information and Communications Technology (ICT systems involved in PS control and protection. The resulting picture is characterized by significant uncertainties, especially as far as high impact, low probability (HILP events (typical causes of blackout events are concerned. These considerations call for the adoption of novel techniques to perform more in-depth security analyses, able to identify the contributions of the different threats and vulnerabilities to the overall operational risk. The paper describes a probabilistic risk-based methodology, developed within the European Union (EU research project AFTER (A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration, aiming to perform risk assessment (by means of hazard, vulnerability, and impact analysis of the integrated power and ICT systems. Initial results of the approach are described with reference to a test system.

  13. Advances in cyber security technology, operations, and experiences

    CERN Document Server

    Hsu, D Frank

    2013-01-01

    As you read this, your computer is in jeopardy of being hacked and your identity being stolen. Read this book to protect yourselves from this threat. The world's foremost cyber security experts, from Ruby Lee, Ph.D., the Forrest G. Hamrick professor of engineering and Director of the Princeton Architecture Laboratory for Multimedia and Security (PALMS) at Princeton University; to Nick Mankovich, Chief Information Security Officer of Royal Philips Electronics; to FBI Director Robert S. Mueller III; to Special Assistant to the President Howard A. Schmidt, share critical practical knowledge on ho

  14. Survey of Security Technologies on Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Qiuwei Yang

    2015-01-01

    Full Text Available Because of their low cost and adaptability, wireless sensor networks are widely used in civil, military, and commercial fields and other fields. However, since the sensor node in the calculation of the capacity, battery capacity, and storage capacity are restricted by the limitations and inherent characteristics of the sensor networks, compared to traditional networks, which makes wireless sensor networks face more security threats. This paper summarized research progress of sensor network security issues as three aspects, key management, authentication, and secure routing, analyzed and commented on these results advantages and disadvantages and pointed out the future direction of the hot research field.

  15. U.S.-Brazil security cooperation and the challenge of technology transfer

    OpenAIRE

    Storer, Robert J.

    2014-01-01

    Approved for public release; distribution is unlimited. Since 2010, the United States and Brazil have made efforts to expand security cooperation between the two countries with the signing of a defense cooperation agreement, a general security of military information agreement, and the establishment of a defense cooperation dialogue. Despite these positive steps, the issue of technology transfer threatens to impede greater U.S.-Brazil security cooperation. Brazilian defense policy identifi...

  16. Guidelines for contingency planning NASA (National Aeronautics and Space Administration) ADP security risk reduction decision studies

    Science.gov (United States)

    Tompkins, F. G.

    1984-01-01

    Guidance is presented to NASA Computer Security Officials for determining the acceptability or unacceptability of ADP security risks based on the technical, operational and economic feasibility of potential safeguards. The risk management process is reviewed as a specialized application of the systems approach to problem solving and information systems analysis and design. Reporting the results of the risk reduction analysis to management is considered. Report formats for the risk reduction study are provided.

  17. Book Review: Louise Amoore, The Politics of Possibility: Risk and Security Beyond Probability

    DEFF Research Database (Denmark)

    Grasten, Maj

    2016-01-01

    “The Politics of Possibility: Risk and Security beyond Probability” by Louise Amoore. Durham, NC; London: Duke University Press, 2013. 220 pp., £15.99, ISBN 9780822355601......“The Politics of Possibility: Risk and Security beyond Probability” by Louise Amoore. Durham, NC; London: Duke University Press, 2013. 220 pp., £15.99, ISBN 9780822355601...

  18. Water harvesting technologies in ensuring food security: Lessons ...

    African Journals Online (AJOL)

    Mo

    One of the success stories in water development and food security in the pastoral and agro-pastoral areas of Somali ... hydroelectric power, live animals for export, and tourist ... of overgrazing, land degradation and conflicts between clans.

  19. 48 CFR 652.239-71 - Security Requirements for Unclassified Information Technology Resources.

    Science.gov (United States)

    2010-10-01

    ... Unclassified Information Technology Resources. 652.239-71 Section 652.239-71 Federal Acquisition Regulations... Provisions and Clauses 652.239-71 Security Requirements for Unclassified Information Technology Resources. As... Technology Resources (SEP 2007) (a) General. The Contractor shall be responsible for information...

  20. 48 CFR 1252.239-70 - Security requirements for unclassified information technology resources.

    Science.gov (United States)

    2010-10-01

    ... unclassified information technology resources. 1252.239-70 Section 1252.239-70 Federal Acquisition Regulations... of Provisions and Clauses 1252.239-70 Security requirements for unclassified information technology... Unclassified Information Technology Resources (APR 2005) (a) The Contractor shall be responsible...

  1. An Analysis of Bluetooth Technology,Features,Future and Security

    OpenAIRE

    Ullah, Malik Zaka

    2009-01-01

    In this thesis I present my analysis on various aspects of Bluetooth wireless technology. The Bluetooth technology is relatively new as compared to other technologies and there is huge potential of its growth and practical application. Therefore during in this thesis I try to analysis the current status of this technology and issue which are related to this technology. The first section introduces Bluetooth technology, in which I discussed the architecture of Bluetooth and different terminolo...

  2. Adaptive security systems -- Combining expert systems with adaptive technologies

    Energy Technology Data Exchange (ETDEWEB)

    Argo, P.; Loveland, R.; Anderson, K. [and others

    1997-09-01

    The Adaptive Multisensor Integrated Security System (AMISS) uses a variety of computational intelligence techniques to reason from raw sensor data through an array of processing layers to arrive at an assessment for alarm/alert conditions based on human behavior within a secure facility. In this paper, the authors give an overview of the system and briefly describe some of the major components of the system. This system is currently under development and testing in a realistic facility setting.

  3. Reviews of computing technology: Securing network applications, Kerberos and RSA

    Energy Technology Data Exchange (ETDEWEB)

    Johnson, S.M.

    1992-06-01

    This paper will focus on the first step in establishing network security, authentication, and describe the basic function of both RSA and Kerberos as used to provide authentication and confidential data transfer services. It will also discuss the Digital Signature Standard and the market acceptance of each. Proper identification of the principals involved in a network dialog is a necessary first step in providing network-wide security comparable to that of stand-alone systems.

  4. Technology safeguards needed as security rule audits loom.

    Science.gov (United States)

    Gersh, Deborah; Hoey, Laura G; McCrystal, Timothy M; Tolley, David C

    2012-05-01

    The Department of Health and Human Services will conduct security rule audits that will involve on-site visits and include: Compliance-focused interviews with key organizational leaders. Scrutiny of physical operations controls, especially regarding storage, maintenance, and use of protected health information. Assessment of organizational policies and procedures to ensure compliance with privacy and security rules. Identification of regulatory compliance areas of concern.

  5. Research on mobile electronic commerce security technology based on WPKI

    Science.gov (United States)

    Zhang, Bo

    2013-07-01

    Through the in-depth study on the existing mobile e-commerce and WAP protocols, this paper presents a security solution of e-commerce system based on WPKI, and describes its implementation process and specific implementation details. This solution uniformly distributes the key used by the various participating entities , to fully ensure the confidentiality, authentication, fairness and integrity of mobile e-commerce payments, therefore has some pract ical value for improving the security of e-commerce system.

  6. 75 FR 3948 - Big Sky Energy Corp., Biomedical Waste Systems, Inc., Biometrics Security Technology, Inc...

    Science.gov (United States)

    2010-01-25

    ... COMMISSION Big Sky Energy Corp., Biomedical Waste Systems, Inc., Biometrics Security Technology, Inc., Biosys... Energy Corp. because it has not filed any periodic reports since the period ended December 31, 2006. It... concerning the securities of Biomedical Waste Systems, Inc. because it has not filed any periodic reports...

  7. Development of an Automated Security Risk Assessment Methodology Tool for Critical Infrastructures.

    Energy Technology Data Exchange (ETDEWEB)

    Jaeger, Calvin Dell; Roehrig, Nathaniel S.; Torres, Teresa M.

    2008-12-01

    This document presents the security automated Risk Assessment Methodology (RAM) prototype tool developed by Sandia National Laboratories (SNL). This work leverages SNL's capabilities and skills in security risk analysis and the development of vulnerability assessment/risk assessment methodologies to develop an automated prototype security RAM tool for critical infrastructures (RAM-CITM). The prototype automated RAM tool provides a user-friendly, systematic, and comprehensive risk-based tool to assist CI sector and security professionals in assessing and managing security risk from malevolent threats. The current tool is structured on the basic RAM framework developed by SNL. It is envisioned that this prototype tool will be adapted to meet the requirements of different CI sectors and thereby provide additional capabilities.

  8. Natural-technological risk assessment and management

    Science.gov (United States)

    Burova, Valentina; Frolova, Nina

    2016-04-01

    EM-DAT statistical data on human impact and economic damages in the 1st semester 2015 are the highest since 2011: 41% of disasters were floods, responsible for 39% of economic damage and 7% of events were earthquakes responsible for 59% of total death toll. This suggests that disaster risk assessment and management still need to be improved and stay the principle issue in national and international related programs. The paper investigates the risk assessment and management practice in the Russian Federation at different levels. The method is proposed to identify the territories characterized by integrated natural-technological hazard. The maps of the Russian Federation zoning according to the integrated natural-technological hazard level are presented, as well as the procedure of updating the integrated hazard level taking into account the activity of separate processes. Special attention is paid to data bases on past natural and technological processes consequences, which are used for verification of current hazard estimation. The examples of natural-technological risk zoning for the country and some regions territory are presented. Different output risk indexes: both social and economic, are estimated taking into account requirements of end-users. In order to increase the safety of population of the Russian Federation the trans-boundaries hazards are also taken into account.

  9. On Data and Virtualization Security Risks and Solutions of Cloud Computing

    Directory of Open Access Journals (Sweden)

    Xiangyang Luo

    2014-03-01

    Full Text Available Data security and virtualization security issues are two key bottlenecks restricting the application of cloud computing promoting and applications, especially for the Cloud-based media computing system. In this paper, states of the art of the techniques on cloud computing data security issues, such as data encryption, access control, integrity authentication and other issues is surveyed, on this basis, the key technical issues of the cloud computing data security should concern about and focus on are indicated, and some corresponding countermeasures and suggestions are presented. For the virtualization security problem introduced by private cloud computing, the security risks induced by virtualization are analyzed and classified, and then based on the divide-conquer idea, for each kind of security risk, some corresponding solutions are presented.

  10. AlphaCo: A Teaching Case on Information Technology Audit and Security

    Directory of Open Access Journals (Sweden)

    Hüseyin Tanriverdi

    2006-03-01

    Full Text Available Recent regulations in the United States (U.S. such as the Sarbanes-Oxley Act of 2002 require top management of a public firm to provide reasonable assurance that they institute internal controls that minimize risks over the firm’s operations and financial reporting. External auditors are required to attest to the management’s assertions over the effectiveness of those internal controls. As firms rely more on information technology (IT in conducting business, they also become more vulnerable to IT related risks. IT is critical for initiating, recording, processing, summarizing and reporting accurate financial and non-financial data. Thus, understanding IT related risks and instituting internal control mechanisms that minimize them have become important and created an urgent need for professionals who are equipped with IT audit and security skills and knowledge. However, there is severe shortage of teaching cases that can be used in courses aimed at training such professionals. This teaching case begins to address this gap by fostering classroom discussions around IT audit and security issues. It revolves around a hacking incident that compromised online order processing systems of AlphaCo and led to some fraudulent activity. The hacking incident raises a series of questions about IT security vulnerabilities, internal control deficiencies, integrity of financial statements, and independent auditors’ assessment of fraud in the context of the Sarbanes-Oxley Act. The case places students in the roles of executives, IT managers, and auditors and encourages them to discuss several important questions: how and why did the hacking incident happen; what harm did it cause to the firm; how can the firm prevent such hacking incidents in the future; if they do happen, how can the firm detect hacking incidents and fraud sooner; how do auditors assess the impact of such incidents in the context of a financial statement audit; and whether the management

  11. Investigate the Computer Information Network Security Technology and the Development Direction

    OpenAIRE

    Ping Teng

    2017-01-01

    After China’s accession to the WTO, the computer information network security technology of our country has a rapid development, bring many conveniences for the people’s life and work, indirectly changing their daily life and working mode. For the whole development situation of our country, the development direction of informatization is the inevitable trend of development in our country, while the using process of computer information network security technology in the society still exist ma...

  12. SECURED CLOUD SUPPORT FOR GLOBAL SOFTWARE REQUIREMENT RISK MANAGEMENT

    OpenAIRE

    Shruti Patil; Roshani Ade

    2014-01-01

    This paper presents core problem solution to security of Global Software Development Requirement Information. Currently the major issue deals with hacking of sensitive client information which may lead to major financial as well as social loss. To avoid this system provides cloud security by encryption of data as well as deployment of tool over the cloud will provide significant security to whole global content management system. The core findings are presented in terms of how hac...

  13. Technological stigmatism, risk perception, and truth

    Energy Technology Data Exchange (ETDEWEB)

    Garrick, B.John

    1998-01-01

    Technological stigmas can be a source of confusion and misunderstandings of the effect on public health and safety of technological activities. The result can be a gross waste of national resources to fix the 'stigma' rather than the real problem. Fueling technological stigmas has become a visible activity, especially among non-technical professionals. Further, it is not clear that these same critics are accountable for their influence on policy and practices that may adversely affect people's lives and financial resources. Their bad news of alleged high risk and incompetent technologists is more appealing to the press than the more technical and apparently boring news of finding engineering solutions to real problems. The issue of technological stigma is especially visible in relation to the environmental and safety effects of the nuclear and chemical industries. These industries are in an extremely defensive position because the stigmatizes put much more emphasis on their risks than on their benefits to society. There is the genuine threat of the denial of important technologies in the nuclear and chemical fields and a resulting loss of lives and resources. The actions required to better tell the whole cost-risk-benefit story of specific technologies have to come from all of the groups involved. The critics and stigmatizers need to be more accountable for their assertions, the technologists need to involve the public more in their consideration of technological solutions to environmental and safety issues, and the press needs to present all of the facts rather than just the sensational or 'outrage' part of the story.

  14. Risk Assessment Generated by Usage of ICT and Information Security Measures

    Directory of Open Access Journals (Sweden)

    Ilie TAMAS

    2006-01-01

    Full Text Available Information societies involve the usage of information technology and communications (ITC on a large scale. The dependence on ITC is an unquestionable problem in the present, because we assist to a generality of computers usage in all economic and social life activities. That is why organization information systems became accessible at the global level and there are permanently open for a quick exchange of information between different categories of users located by different geographical nods. The ITC usage involves the existing of some risks that should be known, evaluation and based on these, we must have information systems security measure. We consider that the risk is an indicator very important that must be permanently assess in the usage process of the information system based on ITC. Risk management suppose a permanently evaluation of these problems and also restrain by some practical actions who goes to the decrease of its effects. From the expose point of view, in this paper work it is presented the results of research based on specialty literature and current cases from practical activities, regarding the risks of ITC usage and their diminishing measure. There are distinguished the main factors (threat, vulnerability and impact who affect the information risk and on the other way, diminishing measure of the action to these factors for optimum working of an economic and social organism who use ITC. We consider that through proposed measures we assume safety in design process, implement and usage of the informational systems based on ITC.

  15. Justice Secured: Implementing a Risk-Based Approach to Court Security

    Science.gov (United States)

    2008-03-01

    51 Governor Arnold Schwarzenegger , 2006-07 Budget Act (Sacramento, CA, June 30, 2006). 22 A best practice in court security management is that...52 Griebel and Phillips, “Architectural Design for Security in Courthouse Facilities,” 123-124. 53 Governor Arnold Schwarzenneger, Governor’s Budget

  16. Security Risk Minimization for Desktop and Mobile Software Systems. An In-Depth Analysis

    Directory of Open Access Journals (Sweden)

    Florina Camelia PUICAN

    2014-01-01

    Full Text Available In an extremely rapid growing industry such as the information technology nowadays, continuous and efficient workflows need to be established within any integrated enterprise or consumer software system. Taking into consideration the actual trend of data and information migrating to mobile devices, which have became more than just simple gadgets, the security threats and vulnerabilities of software products have created a new playground for attackers, especially when the system offers cross-platform (desktop and mobile functionalities and applicability. In this context, the paper proposes an in depth analysis over some of the weaknesses software systems present, providing also a set of solutions for minimizing and mitigating the risks of any solution, be it mobile or desktop. Subsequently, even though consumer and enterprise systems have fundamentally different structures and architectures (due to the different needs of the end user, data loss or information leakage may and will affect any type of machine if proper securization of the systems is not taken into consideration, therefore risk minimization through an in-depth analysis of any integrated software system becomes mandatory and needs extensive care.

  17. The application of data encryption technology in computer network communication security

    Science.gov (United States)

    Gong, Lina; Zhang, Li; Zhang, Wei; Li, Xuhong; Wang, Xia; Pan, Wenwen

    2017-04-01

    With the rapid development of Intemet and the extensive application of computer technology, the security of information becomes more and more serious, and the information security technology with data encryption technology as the core has also been developed greatly. Data encryption technology not only can encrypt and decrypt data, but also can realize digital signature, authentication and authentication and other functions, thus ensuring the confidentiality, integrity and confirmation of data transmission over the network. In order to improve the security of data in network communication, in this paper, a hybrid encryption system is used to encrypt and decrypt the triple DES algorithm with high security, and the two keys are encrypted with RSA algorithm, thus ensuring the security of the triple DES key and solving the problem of key management; At the same time to realize digital signature using Java security software, to ensure data integrity and non-repudiation. Finally, the data encryption system is developed by Java language. The data encryption system is simple and effective, with good security and practicality.

  18. Making Our Buildings Safer: Security Management and Equipment Issues.

    Science.gov (United States)

    Clark, James H.

    1997-01-01

    Discusses three major components of library security: physical security of the environment; operating procedures for library staff, the public, and security personnel; and a contract security force (or campus security in academic institutions.) Topics include risk management; maintenance; appropriate technology, including security systems and…

  19. Information security risk management for computerized health information systems in hospitals: a case study of Iran

    Directory of Open Access Journals (Sweden)

    Zarei J

    2016-05-01

    Full Text Available Javad Zarei,1 Farahnaz Sadoughi2 1Health Information Management, Health Management and Economics Research Center, School of Health Management and Information Science, Iran University of Medical Sciences, Tehran, Islamic Republic of Iran, 2Health Information Management Department, School of Health Management and Information Science, Iran University of Medical Sciences, Tehran, Islamic Republic of Iran Background: In recent years, hospitals in Iran – similar to those in other countries – have experienced growing use of computerized health information systems (CHISs, which play a significant role in the operations of hospitals. But, the major challenge of CHIS use is information security. This study attempts to evaluate CHIS information security risk management at hospitals of Iran.Materials and methods: This applied study is a descriptive and cross-sectional research that has been conducted in 2015. The data were collected from 551 hospitals of Iran. Based on literature review, experts’ opinion, and observations at five hospitals, our intensive questionnaire was designed to assess security risk management for CHISs at the concerned hospitals, which was then sent to all hospitals in Iran by the Ministry of Health.Results: Sixty-nine percent of the studied hospitals pursue information security policies and procedures in conformity with Iran Hospitals Accreditation Standards. At some hospitals, risk identification, risk evaluation, and risk estimation, as well as risk treatment, are unstructured without any specified approach or methodology. There is no significant structured approach to risk management at the studied hospitals.Conclusion: Information security risk management is not followed by Iran’s hospitals and their information security policies. This problem can cause a large number of challenges for their CHIS security in future. Therefore, Iran’s Ministry of Health should develop practical policies to improve information security

  20. Beyond sectors, before the world : Finance, security and risk

    NARCIS (Netherlands)

    Kessler, Oliver

    2011-01-01

    While security and finance are certainly different social spheres, the fact that we can detect similar shifts in both points to the existence of something that precedes these 'realities'. If finance and security are said to be different, intertwined and related, the question then arises as to what i

  1. Aviation Security: A Case for Risk-Based Passenger Screening

    Science.gov (United States)

    2011-12-01

    airport security. Paper presented at the annual meeting of the ASC, San Francisco Marriott, San Francisco , California. Retrieved April 9, 2011...www.lexisnexis.com.libproxy.nps.edu/lnaucui2api/delivery/printdoc.do?job handle Prieto , D. B. (2009). Working paper—War about terror: Civil liberties and national security after

  2. Reducing risks to food security from climate change

    DEFF Research Database (Denmark)

    Campbell, Bruce Morgan; Vermeulen, Sonja Joy; Aggarwal, Pramod

    2016-01-01

    , with very little attention paid to more systems components of cropping, let alone other dimensions of food security. Given the serious threats to food security, attention should shift to an action-oriented research agenda, where we see four key challenges: (a) changing the culture of research; (b) deriving...

  3. Risk Unbound: Threat, Catastrophe, and the End of Homeland Security

    Science.gov (United States)

    2015-09-01

    something different of homeland security professionals. B. PROBLEM STATEMENT Three dominant pillars of homeland security theory and practice...term is that in which the price of copper and the rate of interest twenty years hence, all the obsolescence of a new invention are uncertain. About

  4. Risk monitoring and early-warning technology of coal mine production

    Institute of Scientific and Technical Information of China (English)

    CAO Qing-gui; ZHANG Hua; LIU Ji-kun; LIU Xiao-rong

    2007-01-01

    This article was written according to the security information theory and the security cybernetics basic principle, for reducing the accident risk effectively and safeguarding the production safety in coal mine. First, each kind of risk characteristic has carried on the earnest analysis to the coal-mining production process. Then it proposed entire wrap technology system of the risk management and the risk monitoring early warning in the coal-mining production process, and developed the application software-coal mine risk monitoring and the early warning system which runs on the local area network. The coal-mining production risk monitoring and early warning technology system includes risk information gathering, risk identification and management, risk information transmission;saving and analysis, early warning prompt of accident risk, safety dynamic monitoring, and safety control countermeasure and so on. The article specifies implementation method and step of this technology system, and introduces application situations in cooperating mine enterprise, e.g. Xiezhuang coal mine. It may supply the risk management and the accident prevention work of each kind of mine reference.

  5. 48 CFR 2452.239-71 - Information Technology Virus Security.

    Science.gov (United States)

    2010-10-01

    ... contractor shall include the following statement on deliveries of hardware, software, and data products... delivery of hardware, software, or data on diskettes under this contract. (d) This clause shall not limit... Virus Security. 2452.239-71 Section 2452.239-71 Federal Acquisition Regulations System DEPARTMENT...

  6. Using Automatic Identification System Technology to Improve Maritime Border Security

    Science.gov (United States)

    2014-12-01

    18 Dave Dixon et al., Security Modeling for Maritime Port Defense Resource Allocation ( Aiken , SC: Savannah River National Laboratory, 2010), 3...Maritime Port Defense Resource Allocation. Aiken , SC: Savannah River National Laboratory, 2010. Eggers, William D., and John O’Leary. If We Can Put a

  7. Audit and Evaluation of Computer Security. Computer Science and Technology.

    Science.gov (United States)

    Ruthberg, Zella G.

    This is a collection of consensus reports, each produced at a session of an invitational workshop sponsored by the National Bureau of Standards. The purpose of the workshop was to explore the state-of-the-art and define appropriate subjects for future research in the audit and evaluation of computer security. Leading experts in the audit and…

  8. Semiconductor Technology and U.S. National Security

    Science.gov (United States)

    2010-04-21

    international community to a nation that ―is focused not on the world but on itself.Ŝ While China’s efforts to expand its economic and military strengths are...26, 2009) 39 Lieberman, 5. 40 Department of Commerce Home Page, http://www.osec.doc.gov/ omo /dmp/default. 41 Bureau of Industry and Security

  9. Governance and Risk Management of Network and Information Security: The Role of Public Private Partnerships in Managing the Existing and Emerging Risks

    Science.gov (United States)

    Navare, Jyoti; Gemikonakli, Orhan

    Globalisation and new technology has opened the gates to more security risks. As the strategic importance of communication networks and information increased, threats to the security and safety of communication infrastructures, as well as information stored in and/or transmitted increased significantly. The development of the self replicating programmes has become a nightmare for Internet users. Leading companies, strategic organisations were not immune to attacks; they were also "hacked" and overtaken by intruders. Incidents of recent years have also shown that national/regional crisis may also trigger cyber attacks at large scale. Experts forecast that cyber wars are likely to take the stage as tension mounts between developed societies. New risks such as cyber-attacks, network terrorism and disintegration of traditional infrastructures has somewhat blurred the boundaries of operation and control. This paper seeks to consider the risk management and governance and looking more specifically at implications for emerging economies.

  10. Sécurité, justice et technologies Security, Justice and Technologies

    Directory of Open Access Journals (Sweden)

    Jean-Charles Froment

    2011-10-01

    Full Text Available Les réflexions qui structurent cet article sont issues de près de quinze années d’observation du développement du recours aux nouvelles technologies de contrôle dans le champ de la justice et de la sécurité. Elles s’appuient plus spécifiquement sur l’étude de deux d’entre elles, principalement le placement sous surveillance électronique et accessoirement la vidéosurveillance, qui ont vu leur champ d’application s’élargir considérablement en l’espace d’une vingtaine d’années. De ces travaux se dégagent neuf clés de lecture à partir desquelles on peut analyser les caractéristiques et l’impact du développement de ces technologies (la vitesse de circulation des modèles ; le jeu du marché ; la question du contrôle ; les formes de la désinstitutionnalisation du pouvoir ; la problématique des libertés ; la plasticité des usages ; les stratégies de légitimation ; les enjeux de régulation ; l’insuffisance d’évaluation.This analysis is based over 15 years of investigation about new technologies in the field of justice and security, and more specifically about electronic monitoring and CCTV which have known a strong development for the last twenty years... From these reflections, Jean-Charles Froment introduces nine analysis keys about the characteristics and the impact of the development of this technologies (speed of policy transfer; rules of market; progressive change towards a «society of control»; power conversions; human rights; plasticity of uses; legitimacy strategies; regulation challenges; weakness of evaluation.

  11. Overseas Risks to China’s Energy Security and Potential Countermeasures

    Directory of Open Access Journals (Sweden)

    Chi Zhang

    2014-12-01

    Full Text Available This article discusses the overseas risks to China’s energy security and provides suggestions for how to safeguard China’s energy security. The key to China’s energy security is supply security. This means obtaining enough and continued energy supply at affordable prices which can be divided into two factors: one is purchasing energy at reasonable prices; the other is having uninterrupted energy import. Accordingly, the major overseas challenges to China’s energy security are the surging international oil prices and the problem of safeguarding energy imports. There are both merits and shortcomings to the energy security concept of realism and that of neo-liberalism. Suggestions for how to secure China’s energy supply should be based on China’s conditions as well as a critique of the two theoretical perspectives and should include three aspects: energy diplomacy, military development and strategic oil reserves.

  12. Information Security Risks and Countermeasures of Mobile Internet%移动互联网的信息安全风险及对策

    Institute of Scientific and Technical Information of China (English)

    陈昱

    2015-01-01

    This paper briefly describes the development process of mobile communication security technology, analyze the security threats in mobile communication technology and intrusion detection technology, has conducted the research to the information security risk, and puts forward the Countermeasures of prevention and control of information security threats.%本文简述了移动通信安全技术的发展历程,分析了移动通信技术中的安全威胁和入侵检测技术,对信息安全风险进行了研究,并提出防制信息安全威胁对策。

  13. Technology Security Policy: From the Cold War to the New World Order

    Science.gov (United States)

    1993-12-01

    Mitchel B. Wallerstein , "Controlling Dual-Use Technologies in the New World Order," Issues in &ience and Technology, Summer 1991, pp. 74-5 and Aaron Karp...Relations and Armed Services, letter to Anthony Lake, the Assistant to the President for National Security Affairs, August 6, 1993. Wallerstein , Mitchell

  14. A 21st Century Science, Technology, and Innovation Strategy for Americas National Security

    Science.gov (United States)

    2016-05-01

    areas. Advanced Computing and Communications The exponential growth of the digital economy, driven by ubiquitous computing and communication...technologies, holds tremendous potential for innovation, economic competitiveness , and national security. New and rapidly evolving technological...weapons- focused R&D, many of the capabilities being developed have significant dual-use potential. Digital connectivity, for instance, brings

  15. 48 CFR 3052.204-70 - Security requirements for unclassified information technology resources.

    Science.gov (United States)

    2010-10-01

    ... unclassified information technology resources. 3052.204-70 Section 3052.204-70 Federal Acquisition Regulations... for unclassified information technology resources. As prescribed in (HSAR) 48 CFR 3004.470-3, insert a clause substantially the same as follows: Security Requirements for Unclassified Information...

  16. Information technology convergence security, robotics, automations and communication

    CERN Document Server

    Barolli, Leonard; Xhafa, Fatos; Jeong, Hwa-Young

    2013-01-01

    Information technology and its convergence issue is emerging rapidly as an exciting new paradigm with user-centric environment to provide computing and communication services. This area will be the most comprehensive topics with various aspects of advances in information technology and its convergence services. This book covers all topics as computational science and applications, electronics engineering, manufacturing technology, services, technical skill to control the robot, automatic operation and application, simulation and testing communication and many more.

  17. Wearable Technology Devices Security and Privacy Vulnerability Analysis

    OpenAIRE

    Ke Wan Ching; Manmeet Mahinderjit Singh

    2016-01-01

    Wearable Technology also called wearable gadget, is acategory of technology devices with low processing capabilities that can be worn by a user with the aim to provide information and ease of access to the master devices its pairing with. Such examples are Google Glass and Smart watch. The impact of wearable technology becomes significant when people start their invention in wearable computing, where their mobile devices become one of the computation sources. However, wearable tec...

  18. Survey of Collaboration Technologies in Multi-level Security Environments

    Science.gov (United States)

    2014-04-28

    Dickson. 1996. "Teams in Organizations: Recent Research on Performance and Effectiveness". Annual Review of Psychology , 47:307-338. [32] Hall, D.L... Psychology , 94, 2, 535-546. [48] Moore, J.A. (2002). JView: an information visualization paradigm. Proc. SPIE, Vol. 4716, 367-374. In Enabling...date. Multilevel security solutions like the Multi-Layer Access Solution were developed by Gestalt and MAXIM Systems before these companies became

  19. Microcontroller Based Home Security and Load Controlling Using Gsm Technology

    OpenAIRE

    Mustafijur Rahman; A. H. M. Zadidul Karim; Sultanur Nyeem; Faisal Khan; Golam Matin

    2015-01-01

    "Home automation" referred to as 'Intelligent home' or 'automated home', indicates the automation of daily tasks with electrical devices used in homes. This could be the control of lights or more complex chores such as remote viewing of the house interiors for surveillance purposes. The emerging concept of smart homes offers a comfortable, convenient and safe and secure environment for occupants. These include automatic load controlling, fire detection, temperature sensing, and motion detecti...

  20. Secure quantum signatures: a practical quantum technology (Conference Presentation)

    Science.gov (United States)

    Andersson, Erika

    2016-10-01

    Modern cryptography encompasses much more than encryption of secret messages. Signature schemes are widely used to guarantee that messages cannot be forged or tampered with, for example in e-mail, software updates and electronic commerce. Messages are also transferrable, which distinguishes digital signatures from message authentication. Transferability means that messages can be forwarded; in other words, that a sender is unlikely to be able to make one recipient accept a message which is subsequently rejected by another recipient if the message is forwarded. Similar to public-key encryption, the security of commonly used signature schemes relies on the assumed computational difficulty of problems such as finding discrete logarithms or factoring large primes. With quantum computers, such assumptions would no longer be valid. Partly for this reason, it is desirable to develop signature schemes with unconditional or information-theoretic security. Quantum signature schemes are one possible solution. Similar to quantum key distribution (QKD), their unconditional security relies only on the laws of quantum mechanics. Quantum signatures can be realized with the same system components as QKD, but are so far less investigated. This talk aims to provide an introduction to quantum signatures and to review theoretical and experimental progress so far.

  1. Europe, Middle East and North Africa Conference on Technology and Security to Support Learning 2016

    CERN Document Server

    Serrhini, Mohammed; Felgueiras, Carlos

    2017-01-01

    This book contains a selection of articles from The Europe, Middle East and North Africa Conference on Technology and Security to Support Learning 2016 (EMENA-TSSL'16), held between the 3th and 5th of October at Saidia, Oujda, Morocco. EMENA-TSSL'16 is a global forum for researchers and practitioners to present and discuss recent results and innovations, current trends, professional experiences and challenges in Information & Communication Technologies, and Security to support Learning. The main topics covered are: A) Online Education; B) Emerging Technologies in Education; C) Artificial Intelligence in Education; D) Gamification and Serious games; E) Network & Web Technologies Applications; F) Online experimentation and Virtual Laboratories; G) Multimedia Systems and Applications; H) Security and Privacy; I) Multimedia, Computer Vision and Image Processing; J) Cloud, Big Data Analytics and Applications; K) Human-Computer Interaction; L) Software Systems, Architectures, Applications and Tools; M) Onli...

  2. Lethal stakes: rig-hand killings show rising security risks abroad

    Energy Technology Data Exchange (ETDEWEB)

    Lorenz, A.

    1999-05-03

    The increasing demands for protection money from foreign exploration and pipeline construction companies by left-wing guerrilla groups in various South American countries led to greater attention being focused on security services. This paper discusses the various alternatives to consider when choosing a security service. The experience of a Canadian pipeline company with projects in South America, and in need of security services, is described. The company felt that it was important that the security firm have a Calgary presence. It ended up hiring Calgary Protection Concepts Corporation, which is run by former Canadian police and intelligence officers, who provide a wide range of security services. Staff spend time in the country involved to look over the local security situation, develop contacts with local intelligence officers, and contract overseas agents who arrange for bodyguards, escorts and armored cars. ProCon also helps companies develop crisis management plans, guiding senior personnel through scenarios such as kidnapping, extortion and civil strife. ProCon also has a 24-hour emergency assistance call centre to provide immediate advice, to notify personnel and family members and to monitor the situation. Trust is key to hiring an outside security service since the security firm becomes party to extremely confidential information. Top security firms usually specialize in either security work or political risk analysis, but not both. The reason for this is that there are big differences in mentality, training and capabilities between studying risks and actively guarding against hazards.

  3. Toward an Effective Information Security Risk Management of Universities’ Information Systems Using Multi Agent Systems, Itil, Iso 27002,Iso 27005

    Directory of Open Access Journals (Sweden)

    S. FARIS

    2014-07-01

    Full Text Available Universities in the public and private sectors depend on information technology and information systems to successfully carry out their missions and business functions. Information systems are subject to serious threats that can have adverse effects on organizational operations and assets, and individuals by exploiting both known and unknown vulnerabilities to compromise the confidentiality, integrity, or availability of the information being processes, stored or transmitted by those systems. Threats to information systems can include purposeful attacks, environmental disruptions, and human/machine errors, and can result in harm to the integrity of data. Therefore, it is imperative that all the actors at all levels in a university information system understand their responsibilities and are held accountable for managing information security risk-that is the risk associated with the operation and use of information systems that support the missions and business functions of their university. The purpose of this paper is to propose an information security toolkit namely URMIS (University Risk Management Information System based on multi agent systems and integrating with existing information security frameworks and standards, to enhance the security of universities information systems.

  4. SOCIAL SECURITY IN ROMANIA AFTER EU ACCESSION. RISKS AND TRENDS

    Directory of Open Access Journals (Sweden)

    Ciprian Panzaru

    2011-06-01

    Full Text Available This article reflects the evolution of the social security system in Romania after accession to the European Union. Social security states its specificity as a basic concept that encompasses all the collective measures established by legislation to maintain individual or family income, to provide income when some or all sources have been lost or exhausted or in cases where the individual must cope with increased expenses. From this perspective, social security is a system that takes into account both the protection of able-bodied people (by the social insurance system and of those who cannot work or are socially disadvantaged. For Romania, the social security system is currently profoundly affected due to the low ratio between the number of productive Romanian citizens, contributors to the public budget and social funds, and the beneficiaries of these funds. The study highlights this issue and focuses primarily on the effect produced on the social security component by the external labor migration, a phenomenon accentuated by Romania’s EU accession. Basically, Romania has registered, according to Eurostat, only after 2007, more than 1 million migrants, most constituting the economically active population, the phenomenon having a major impact on the sustainability of the social security system.

  5. Coping with global environmental change, disasters and security: threats, challenges, vulnerabilities and risks

    NARCIS (Netherlands)

    Brauch, H.G.; Oswald Spring, Ú.; Mesjasz, C.; Grin, J.; Kameri-Mbote, P.; Chourou, B.; Dunay, P.; Birkmann, J.

    2011-01-01

    This policy-focused Global Environmental and Human Security Handbook for the Anthropo-cene (GEHSHA) addresses new security threats, challenges, vulnerabilities and risks posed by global environmental change and disasters. In 6 forewords, 5 preface essays 95 peer reviewed chapcountries analyse in 10

  6. Coping with global environmental change, disasters and security: threats, challenges, vulnerabilities and risks

    NARCIS (Netherlands)

    Brauch, H.G.; Oswald Spring, Ú.; Mesjasz, C.; Grin, J.; Kameri-Mbote, P.; Chourou, B.; Dunay, P.; Birkmann, J.

    2011-01-01

    This policy-focused Global Environmental and Human Security Handbook for the Anthropo-cene (GEHSHA) addresses new security threats, challenges, vulnerabilities and risks posed by global environmental change and disasters. In 6 forewords, 5 preface essays 95 peer reviewed chapcountries analyse in 10

  7. A threat-vulnerability based risk analysis model for cyber physical system security

    CSIR Research Space (South Africa)

    Ledwaba, Lehlogonolo

    2017-01-01

    Full Text Available processes leaves CPSs vulnerable to security attacks. A threat-vulnerability based risk model is developed through a detailed analysis of CPS security attack structures and threats. The Stuxnet malware attack is used to test the viability of the proposed...

  8. Guidelines for Automatic Data Processing Physical Security and Risk Management. Federal Information Processing Standards Publication 31.

    Science.gov (United States)

    National Bureau of Standards (DOC), Washington, DC.

    These guidelines provide a handbook for use by federal organizations in structuring physical security and risk management programs for their automatic data processing facilities. This publication discusses security analysis, natural disasters, supporting utilities, system reliability, procedural measures and controls, off-site facilities,…

  9. Brief Report: Attachment Security in Infants At-Risk for Autism Spectrum Disorders

    Science.gov (United States)

    Haltigan, John D.; Ekas, Naomi V.; Seifer, Ronald; Messinger, Daniel S.

    2011-01-01

    Little is known about attachment security and disorganization in children who are at genetic risk for an Autism Spectrum Disorder (ASD) prior to a possible diagnosis. The present study examined distributions of attachment security and disorganization at 15-months of age in a sample of infant siblings of older children with (ASD-sibs; n = 51) or…

  10. Microsoft Windows Security Essentials

    CERN Document Server

    Gibson, Darril

    2011-01-01

    Windows security concepts and technologies for IT beginners IT security can be a complex topic, especially for those new to the field of IT. This full-color book, with a focus on the Microsoft Technology Associate (MTA) program, offers a clear and easy-to-understand approach to Windows security risks and attacks for newcomers to the world of IT. By paring down to just the essentials, beginners gain a solid foundation of security concepts upon which more advanced topics and technologies can be built. This straightforward guide begins each chapter by laying out a list of topics to be discussed,

  11. 75 FR 9007 - National Science and Technology Council, Committee on Technology Capstone Workshop Risk...

    Science.gov (United States)

    2010-02-26

    ... TECHNOLOGY POLICY National Science and Technology Council, Committee on Technology Capstone Workshop Risk Management Methods & Ethical, Legal, and Societal Implications of Nanotechnology: Public Meeting ACTION... the Nanoscale Science, Engineering, and Technology (NSET) Subcommittee of the Committee on...

  12. Relationship of food security with Type 2 diabetes and its risk factors in Tehranian adults

    Directory of Open Access Journals (Sweden)

    Majid Hasan-Ghomi

    2015-01-01

    Conclusions: There were no significant differences in food security levels of diabetic and non-diabetic groups. However, some risk factors of type 2 diabetes including sex, marital status, educational level, and obesity were associated with food insecurity.

  13. Information technology security at the Advanced Photon Source.

    Energy Technology Data Exchange (ETDEWEB)

    Sidorowicz, K. V.; McDowell, W.; APS Engineering Support Division

    2007-01-01

    The proliferation of 'botnets,' phishing schemes, denial-of-service attacks, root kits, and other cyber attack schemes designed to capture a system or network creates a climate of concern for system administrators, especially for those managing accelerator and large experimental-physics facilities, as they are very public targets. This paper will describe the steps being taken at the Advanced Photon Source (APS) to protect the infrastructure of the overall network with emphasis on security for the APS control system.

  14. Remodeling Strategic Staff Safety and Security Risks Management in Nigerian Tertiary Institutions

    Directory of Open Access Journals (Sweden)

    Sunday S. AKPAN

    2015-10-01

    Full Text Available This paper examined safety and security risk management in tertiary institutions in Nigeria. The frequent attacks at workplace, especially schools, have placed safety and security in the front burner of discussion in both business and political circles. This therefore, forms the imperative for the conduct of this study. The work adopted a cross sectional survey research design and collected data from respondents who are security personnel of the University of Uyo. Analysis of data was done with simple percentage statistics while the research hypotheses were tested with mean and simple regression and correlation statistics. The findings of the study revealed that assassination, kidnappings and bombings were principal risk incidents threatening the safety and security of staff in University of Uyo. A significant positive relationship was found between the funding of security management and workers’ performance. It was discovered specifically that employment screening, regular training of security personnel, regular safety and security meetings and strategic security policy formation were the main strategies for managing safety and security in University of Uyo. The paper concluded that safety and security management and control involves every worker (management and staff of University of Uyo. It was recommended, among others, that management should be more committed to safety and security management in the University by means of making safety and security issues an integral part of University’s strategic plan and also by adopting the management line model – one form of management structure-where safety and security are located, with other general management responsibilities. This way, the resurgent cases of kidnapping, hired assassination, etc. would be reduced if not completely eradicated in the University.

  15. Making Wireless Networks Secure for NASA Mission Critical Applications Using Virtual Private Network (VPN) Technology

    Science.gov (United States)

    Nichols, Kelvin F.; Best, Susan; Schneider, Larry

    2004-01-01

    With so many security issues involved with wireless networks, the technology has not been fully utilized in the area of mission critical applications. These applications would include the areas of telemetry, commanding, voice and video. Wireless networking would allow payload operators the mobility to take computers outside of the control room to their off ices and anywhere else in the facility that the wireless network was extended. But the risk is too great of having someone sit just inside of your wireless network coverage and intercept enough of your network traffic to steal proprietary data from a payload experiment or worse yet hack back into your system and do even greater harm by issuing harmful commands. Wired Equivalent Privacy (WEP) is improving but has a ways to go before it can be trusted to protect mission critical data. Today s hackers are becoming more aggressive and innovative, and in order to take advantage of the benefits that wireless networking offer, appropriate security measures need to be in place that will thwart hackers. The Virtual Private Network (VPN) offers a solution to the security problems that have kept wireless networks from being used for mission critical applications. VPN provides a level of encryption that will ensure that data is protected while it is being transmitted over a wireless local area network (LAN). The VPN allows a user to authenticate to the site that the user needs to access. Once this authentication has taken place the network traffic between that site and the user is encapsulated in VPN packets with the Triple Data Encryption Standard (3DES). 3DES is an encryption standard that uses a single secret key to encrypt and decrypt data. The length of the encryption key is 168 bits as opposed to its predecessor DES that has a 56-bit encryption key. Even though 3DES is the common encryption standard for today, the Advance Encryption Standard (AES), which provides even better encryption at a lower cycle cost is growing

  16. Making Wireless Networks Secure for NASA Mission Critical Applications Using Virtual Private Network (VPN) Technology

    Science.gov (United States)

    Nichols, Kelvin F.; Best, Susan; Schneider, Larry

    2004-01-01

    With so many security issues involved with wireless networks, the technology has not been fully utilized in the area of mission critical applications. These applications would include the areas of telemetry, commanding, voice and video. Wireless networking would allow payload operators the mobility to take computers outside of the control room to their off ices and anywhere else in the facility that the wireless network was extended. But the risk is too great of having someone sit just inside of your wireless network coverage and intercept enough of your network traffic to steal proprietary data from a payload experiment or worse yet hack back into your system and do even greater harm by issuing harmful commands. Wired Equivalent Privacy (WEP) is improving but has a ways to go before it can be trusted to protect mission critical data. Today s hackers are becoming more aggressive and innovative, and in order to take advantage of the benefits that wireless networking offer, appropriate security measures need to be in place that will thwart hackers. The Virtual Private Network (VPN) offers a solution to the security problems that have kept wireless networks from being used for mission critical applications. VPN provides a level of encryption that will ensure that data is protected while it is being transmitted over a wireless local area network (LAN). The VPN allows a user to authenticate to the site that the user needs to access. Once this authentication has taken place the network traffic between that site and the user is encapsulated in VPN packets with the Triple Data Encryption Standard (3DES). 3DES is an encryption standard that uses a single secret key to encrypt and decrypt data. The length of the encryption key is 168 bits as opposed to its predecessor DES that has a 56-bit encryption key. Even though 3DES is the common encryption standard for today, the Advance Encryption Standard (AES), which provides even better encryption at a lower cycle cost is growing

  17. Global risks and the economic security of Russia: problems of management

    Directory of Open Access Journals (Sweden)

    Solov'jov Anatolij Il'ich

    2015-10-01

    Full Text Available This paper proposes an approach to the study of the impact of global imbalances and external economic risks for the Russian economy and its level of economic security. This paper proposes an approach to the study of the influence of global imbalances and external economic risks for the economy of Russia and its level of economic security. The relevance of the study is that is not enough research to assess the impact of global imbalances and risks in terms of openness of Russian economy. The authors have perfected a method of quantitative assessment of global risks and proposed a method to estimate their impact on the Russian economy. Initial data are taken from a report on global risks for the World Economic Forum in 2014. The results characterize the role of global imbalances and the degree of influence of global risks on the Russian economy and its level of economic security.

  18. The Concept of Security Revisited New Approaches: Human Security and Risk Assessment

    OpenAIRE

    Adriana Mărgărit

    2009-01-01

    The field of study of security is confronted today with a proliferation of security relatedconcepts. In this regard we can mention various concepts, such as: “transnational security”, “extendedsecurity”, “human security”, “global security”, “cooperative security”, “international security”,“economic security” and many others. Ever since the end of the Cold War, the concept of humansecurity began to appear more often in the speeches of scholars, policy makers and even the media.Despite the more...

  19. COmmunications and Networking with QUantum operationally Secure Technology for Maritime Deployment (CONQUEST)

    Science.gov (United States)

    2016-12-02

    Networking with QUantum operationally-Secure Technology for Maritime Deployment (CONQUEST) Contract Period of Performance: 2 September 2016 – 1 September...potential of using advanced photonic integrated circuits to enable high- speed quantum-secure communications. Task 5: QKD network via un-trusted quantum...has a practical advantage in its imple- mentation since it can use conventional optical telecom components, and does not require cryostats to support

  20. Implementing Information Security and Its Technology: A LineManagement Perspective

    Energy Technology Data Exchange (ETDEWEB)

    Barletta, William A.

    2005-08-22

    Assuring the security and privacy of institutionalinformation assets is a complex task for the line manager responsible forinternational and multi-national transactions. In the face of an unsureand often conflicting international legal framework, the line managermust employ all available tools in an Integrated Security and PrivacyManagement framework that ranges from legal obligations, to policy, toprocedure, to cutting edge technology to counter the rapidly evolvingcyber threat to information assets and the physical systems thatinformation systems control.

  1. A Consistent Approach for Security Risk Assessments of Dams and Related Critical Infrastructure

    Science.gov (United States)

    2014-06-01

    Risk Assessments of Dams and Related Critical Infrastructure J. Darrell Morgeson Jason A. Dechant Yev Kirpichevsky Yazmin Seda -Sanabria, U.S...Kirpichevsky Yazmin Seda -Sanabria, U.S. Army Corps of Engineers Enrique E. Matheu, U.S. Department of Homeland Security A Consistent Approach...for Security Risk Assessments of Dams and Related Critical Infrastructure James D. Morgeson1, Yazmin Seda -Sanabria2, Yevgeniy Kirpichevsky3, Jason A

  2. Between Hype and Understatement: Reassessing Cyber Risks as a Security Strategy

    Directory of Open Access Journals (Sweden)

    Audrey Guinchard

    2011-01-01

    Full Text Available Most of the actions that fall under the trilogy of cyber crime, terrorism,and war exploit pre-existing weaknesses in the underlying technology.Because these vulnerabilities that exist in the network are not themselvesillegal, they tend to be overlooked in the debate on cyber security. A UKreport on the cost of cyber crime illustrates this approach. Its authors chose to exclude from their analysis the costs in anticipation of cyber crime, such as insurance costs and the costs of purchasing anti-virus software on the basis that "these are likely to be factored into normal day-to-day expenditures for the Government, businesses, and individuals. This article contends if these costs had been quantified and integrated into the cost of cyber crime, then the analysis would have revealed that what matters is not so much cyber crime, but the fertile terrain of vulnerabilities that unleash a range of possibilities to whomever wishes to exploit them. By downplaying the vulnerabilities, the threats represented by cyber war, cyber terrorism, and cyber crime are conversely inflated. Therefore, reassessing risk as a strategy for security in cyberspace must include acknowledgment of understated vulnerabilities, as well as a better distributed knowledge about the nature and character of the overhyped threats of cyber crime, cyber terrorism, and cyber war.

  3. Integrated Safety Mechanisms Based on Security Risks Minimization for the Distributed Computer Systems

    Directory of Open Access Journals (Sweden)

    Vadym Mukhin

    2013-02-01

    Full Text Available Today, there are known the basic principles of decision-making on the safety control of distributed computer systems in the face of uncertainty and risk. However, in this area there are no practical methods for the quantitative risk analysis and assessment, taking into account the dynamic changes of security threats, which is typical for distributed computer systems.In this paper is suggested an approach to assesment and minimization of the security risks, which allows to reduce the potential losses due to the realization of threats, to analyze the dynamics of intrusions into computer systems and to select the effective security tools.As a result, there is designed the structure of the tools for risk minimization in the distributed computer systems and are formalized the main functions of this structure. Also, in the paper is suggested the assessment of risk factors of the security threats and the probability of the threats realization, which are based on their division into appropriate groups. The proposed tools for security risk minimization allow effectively identify, classify and analyze threats to the security of the distributed computing systems.

  4. Research on Network Security Risk Model Based on the Information Security Level Protection Standards%基于信息安全等保标准的网络安全风险模型研究

    Institute of Scientific and Technical Information of China (English)

    李涛; 张驰

    2016-01-01

    信息安全等级保护是信息系统必不可少的安全保障,其要求不同安全等级的系统应具有不同的安全保护能力,通过在安全技术和安全管理上选用与安全等级相适应的安全控制来实现。文章着眼于三级信息系统安全等保测评的一个重要方面——网络安全,通过建立反映其安全状况和风险威胁的风险评估模型,对三级系统等保网络安全层面的安全控制模块进行风险评估分析研究,对不同安全侧重点的系统进行安全评价,反映系统的总体网络架构和各关键网络设备的安全保护情况,进而更精确地得到不同风险对系统的影响,可更有效地对安全风险进行控制和预防,为系统的安全决策提供有力支持和安全保障。%Information security level protection is an important guarantee of information system. It requires that different level information system should have the different security proctection which is realized by using suitable security control on security technology and system management. The paper focuses on an important aspect of the three information system security assessment of the level of protection assessment model, the three-tier grading system information network security level to protect the safety control module for risk assessment analysis to accurately focus on different security information systems security evaluation accurately reflects the overall network architecture and all critical information systems security of the network devices. Based on the assessment model, the most common major information systems - three information systems, "Network security risk assessment based on the information system security protection standards."Derived by analyzing three information systems risk assignment, and then get a more precise impact of different risk levels for each system can more effectively control security risks and prevention, provide strong support for the

  5. Study on Risk of Enterprise' Technology Innovation Based on ISM

    Science.gov (United States)

    Li, Hongyan

    The risk in the process of enterprise' technology innovation is concluted five subsystems: environmental risk, market risk, enterprise capacity risk, project risk and project management risk, 16 risk factors under each subsystem are identified. A Interpretative Structural Modeling(ISM) of of risk factors is established, the relationship and influence levels of them is confirmed, the purpose is to help enterprise assessing risks and taking countermeasure to minimize the potential loss and increase the innovation income.

  6. An Exploratory Risk Perception Study of Attitudes Toward Homeland Security Systems

    Energy Technology Data Exchange (ETDEWEB)

    Sanquist, Thomas F.; Mahy, Heidi A.; Morris, Fred A.

    2008-08-01

    Understanding the issues surrounding public acceptance of homeland security systems is important for balancing security needs and potential civil liberties infringements. A psychometric survey was used to measure attitudes regarding homeland security systems. Psychometric rating data were obtained from 182 respondents on psychological attributes associated with 12 distinct types of homeland security systems. An inverse relationship was observed for the overall rating attributes of acceptability and risk of civil liberties infringement. Principal components analysis yielded a two factor solution, with the rating scale loading pattern suggesting factors of Perceived Effectiveness and Perceived Intrusiveness. These factors also showed an inverse relationship. The 12 different homeland security systems showed significantly different scores on the rating scales and PCA factors, which were used to rank the systems in terms of overall acceptability. Difference scores for the rating scales and PCA factors were used to compute a single acceptability value reflecting the relative weight of risks and benefits. Of the 12 systems studied, airport screening, canine detectors and radiation monitoring at borders were found to be relatively acceptable, i.e., the perceived benefits for homeland security outweighed the perceived risks to civil liberties. Students rated several systems as more effective than professionals, but the overall pattern of results for both types of subjects was similar. The data suggest that risk perception research and the psychometric paradigm are useful approaches for quantifying attitudes regarding homeland security systems and policies, and can be used to anticipate potentially significant public acceptance issues.

  7. Information technology project risk management in Peru

    OpenAIRE

    Del Carpio Gallegos, Javier; Universidad Nacional Mayor de San Marcos

    2014-01-01

    This article shows how some principles, uses, and practices of risk management are applied in information technology projects in Peru; in the last four years, in representative sectors like manufacturing, banking, information and communications, academics institutions, construction, government, consulting, services, and others. El presente artículo muestra algunos principios, usos y prácticas de cómo la gestión de riesgos de proyectos de tecnología se ha llevado a cabo en los últimos cuatr...

  8. Hawai‘i Distributed Energy Resource Technologies for Energy Security

    Energy Technology Data Exchange (ETDEWEB)

    None, None

    2012-09-30

    HNEI has conducted research to address a number of issues important to move Hawai‘i to greater use of intermittent renewable and distributed energy resource (DER) technologies in order to facilitate greater use of Hawai‘i's indigenous renewable energy resources. Efforts have been concentrated on the Islands of Hawai‘i, Maui, and O‘ahu, focusing in three areas of endeavor: 1) Energy Modeling and Scenario Analysis (previously called Energy Road mapping); 2) Research, Development, and Validation of Renewable DER and Microgrid Technologies; and 3) Analysis and Policy. These efforts focused on analysis of the island energy systems and development of specific candidate technologies for future insertion into an integrated energy system, which would lead to a more robust transmission and distribution system in the state of Hawai‘i and eventually elsewhere in the nation.

  9. Cyber-Security Issues in Healthcare Information Technology.

    Science.gov (United States)

    Langer, Steve G

    2017-02-01

    In 1999-2003, SIIM (then SCAR) sponsored the creation of several special topic Primers, one of which was concerned with computer security. About the same time, a multi-society collaboration authored an ACR Guideline with a similar plot; the latter has recently been updated. The motivation for these efforts was the launch of Health Information Portability and Accountability Act (HIPAA). That legislation directed care providers to enable the portability of patient medical records across authorized medical centers, while simultaneously protecting patient confidentiality among unauthorized agents. These policy requirements resulted in the creation of numerous technical solutions which the above documents described. While the mathematical concepts and algorithms in those papers are as valid today as they were then, recent increases in the complexity of computer criminal applications (and defensive countermeasures) and the pervasiveness of Internet connected devices have raised the bar. This work examines how a medical center can adapt to these evolving threats.

  10. Leadership and New Technologies. New Security Issues for Management of Internet Connectivity and Remote Control in Automotive Industry

    Directory of Open Access Journals (Sweden)

    Cosmin Cătălin Olteanu

    2015-05-01

    Full Text Available The main purpose of the paper is to illustrate the importance of implementing new security policies for infotainment systems in automotive industry. A car is full of technology and is easier today to control car systems through an internet connection linked to car system infotainment. This is how it is possible to gain control of critical car systems. More than 84% of users doesn’t even know the risk of remote control of the car in the presence of Internet connection.

  11. Challenges of Information Technology Security in the NASA Environment

    Science.gov (United States)

    Santiago, S. S.

    2000-01-01

    A brief description of the NASA organization and how the CIO responsibilities are integrated into that organization followed by an introduction of the NASA ITS Program goals and objectives. An overview of the four major enterprises' cultures and how those cultures tie back to the Enterprises' missions. A description of the ITS challenges that exist stemming from the competing NASA Enterprises' requirements and how they have formed the basis of the NASA ITS Program. A talk will focus on policies and procedures and the technology being incorporated into the NASA infrastructure and how that technology ties back to the policies and procedures.

  12. Automated analysis of security requirements through risk-based argumentation

    NARCIS (Netherlands)

    Yu, Yijun; Nunes Leal Franqueira, V.; Tun, Thein Tan; Wieringa, Roelf J.; Nuseibeh, Bashar

    2015-01-01

    Computer-based systems are increasingly being exposed to evolving security threats, which often reveal new vulnerabilities. A formal analysis of the evolving threats is difficult due to a number of practical considerations such as incomplete knowledge about the design, limited information about

  13. The threat nets approach to information system security risk analysis

    NARCIS (Netherlands)

    Mirembe, Drake

    2015-01-01

    The growing demand for healthcare services is motivating hospitals to strengthen outpatient case management using information systems in order to serve more patients using the available resources. Though the use of information systems in outpatient case management raises patient data security

  14. Mitigating risks by integrating business continuity and security.

    Science.gov (United States)

    Shaw, Scott; Smith, Nicholas

    2010-11-01

    There has been much discussion regarding the topic of business continuity and security convergence. This paper provides a realistic overview of the union of the two disciplines and offers no/low-cost programme elements that may be used for organisations considering or in the midst of convergence efforts.

  15. The threat nets approach to information system security risk analysis

    NARCIS (Netherlands)

    Mirembe, Drake

    2015-01-01

    The growing demand for healthcare services is motivating hospitals to strengthen outpatient case management using information systems in order to serve more patients using the available resources. Though the use of information systems in outpatient case management raises patient data security concer

  16. Group Decision-Making Information Security Risk Assessment Based on AHP and Information Entropy

    Directory of Open Access Journals (Sweden)

    Zuowen Tan

    2012-08-01

    Full Text Available The phenomenon of over-reliance on subjective assignment is a challenging task in the information security risk assessment process. This study deals with this problem. We have presented a group decisionmaking information security risk assessment method by combining Analytic Hierarchy Process (AHP with Information entropy. When AHP is used to assess the security risk of information systems, the elements of the Criteria level are the risk probability, impact and uncontrollability. The priorities of the Alternatives as risk factors with respect to the Criteria level are determined by applying the group decision-making approach. And the experts’ weights are obtained through information entropy. The experts’ judgments are aggregated into a consensus matrix. The consensus matrix reduces the subjectivity of judgments due to the experts’ preferences.

  17. Security Concerns in Telecommuting within the Information Technology Industry

    Science.gov (United States)

    Chithambo, Loyce Maosa

    2011-01-01

    Since the availability of remote access technology, most companies have adopted telecommuting as part of business operations. Although some research has identified policies and procedures when individuals telecommute, limited research exists about existing policies and procedures for telecommuters. The purpose of this qualitative descriptive…

  18. Competitive Technologies for National Security: Review and Recommendations

    Science.gov (United States)

    2008-02-29

    Ibid. 13. SPG Media , “ABL YAL 1A Airborne Laser, USA,” at www.airforce-technology.com/projects/abl (March 15, 2006). 14. Press release, “Boeing Receives...the first quar- ter of 2005, almost all of the venture capital invested in the nanotech industry went to four companies: NanoTex ($33 millon

  19. Security Concerns in Telecommuting within the Information Technology Industry

    Science.gov (United States)

    Chithambo, Loyce Maosa

    2011-01-01

    Since the availability of remote access technology, most companies have adopted telecommuting as part of business operations. Although some research has identified policies and procedures when individuals telecommute, limited research exists about existing policies and procedures for telecommuters. The purpose of this qualitative descriptive…

  20. Managing security risks for inter-organisational information systems: a multiagent collaborative model

    Science.gov (United States)

    Feng, Nan; Wu, Harris; Li, Minqiang; Wu, Desheng; Chen, Fuzan; Tian, Jin

    2016-09-01

    Information sharing across organisations is critical to effectively managing the security risks of inter-organisational information systems. Nevertheless, few previous studies on information systems security have focused on inter-organisational information sharing, and none have studied the sharing of inferred beliefs versus factual observations. In this article, a multiagent collaborative model (MACM) is proposed as a practical solution to assess the risk level of each allied organisation's information system and support proactive security treatment by sharing beliefs on event probabilities as well as factual observations. In MACM, for each allied organisation's information system, we design four types of agents: inspection agent, analysis agent, control agent, and communication agent. By sharing soft findings (beliefs) in addition to hard findings (factual observations) among the organisations, each organisation's analysis agent is capable of dynamically predicting its security risk level using a Bayesian network. A real-world implementation illustrates how our model can be used to manage security risks in distributed information systems and that sharing soft findings leads to lower expected loss from security risks.

  1. How Secure Is Education in Information Technology? A Method for Evaluating Security Education in IT

    Science.gov (United States)

    Grover, Mark; Reinicke, Bryan; Cummings, Jeff

    2016-01-01

    As the popularity of Information Technology programs has expanded at many universities, there are a number of questions to be answered from a curriculum standpoint. As many of these programs are either interdisciplinary, or at least exist outside of the usual Computer Science and Information Systems programs, questions of what is appropriate for…

  2. Research on Security Evaluation and Risk Assessment for Internet of Things%物联网安全测评和风险评估技术研究*

    Institute of Scientific and Technical Information of China (English)

    雷王景

    2013-01-01

    The main technology,platform framework and system realization of Internet of Things(IOT)security test with evaluation and risk assessment service platform are presented,which is realized based on information security simulation,Internet of Things security test with evaluation,security risk assessment technology. The platform can test and evaluate the construction scheme,security technology means of Internet of Things,and can also promote China′s Internet of Things construction and security industry development.%  提出采用信息安全仿真、物联网安全测评和安全风险评估技术实现的物联网安全测评和风险评估服务平台的主要技术、平台结构和系统实现。此平台能够为物联网建设方案、安全技术手段进行测试与评估,推动我国物联网建设和物联网安全产业的发展。

  3. Mobile Security: A Systems Engineering Framework for Implementing Bring Your Own Device (BYOD) Security through the Combination of Policy Management and Technology

    Science.gov (United States)

    Zahadat, Nima

    2016-01-01

    With the rapid increase of smartphones and tablets, security concerns have also been on the rise. Traditionally, Information Technology (IT) departments set up devices, apply security, and monitor them. Such approaches do not apply to today's mobile devices due to a phenomenon called Bring Your Own Device or BYOD. Employees find it desirable to…

  4. Mobile Security: A Systems Engineering Framework for Implementing Bring Your Own Device (BYOD) Security through the Combination of Policy Management and Technology

    Science.gov (United States)

    Zahadat, Nima

    2016-01-01

    With the rapid increase of smartphones and tablets, security concerns have also been on the rise. Traditionally, Information Technology (IT) departments set up devices, apply security, and monitor them. Such approaches do not apply to today's mobile devices due to a phenomenon called Bring Your Own Device or BYOD. Employees find it desirable to…

  5. ICT security- aspects important for nuclear facilities; Information and Communication Technologies

    Energy Technology Data Exchange (ETDEWEB)

    Thunem, Atoosa P-J.

    2005-09-15

    Rapid application growth of complex Information and Communication Technologies (ICT) in every society and state infrastructure as well as industry has revealed vulnerabilities that eventually have given rise to serious security breaches. These vulnerabilities together with the course of the breaches from cause to consequence are gradually about to convince the field experts that ensuring the security of ICT-driven systems is no longer possible by only relying on the fundaments of computer science, IT, or telecommunications. Appropriating knowledge from other disciplines is not only beneficial, but indeed very necessary. At the same time, it is a common observation today that ICT-driven systems are used everywhere, from the nuclear, aviation, commerce and healthcare domains to camera-equipped web-enabled cellular phones. The increasing interdisciplinary and inter-sectoral aspects of ICT security worldwide have been providing updated and useful information to the nuclear domain, as one of the emerging users of ICT-driven systems. Nevertheless, such aspects have also contributed to new and complicated challenges, as ICT security for the nuclear domain is in a much more delicate manner than for any other domains related to the concept of safety, at least from the public standpoint. This report addresses some important aspects of ICT security that need to be considered at nuclear facilities. It deals with ICT security and the relationship between security and safety from a rather different perspective than usually observed and applied. The report especially highlights the influence on the security of ICT-driven systems by all other dependability factors, and on that basis suggests a framework for ICT security profiling, where several security profiles are assumed to be valid and used in parallel for each ICT-driven system, sub-system or unit at nuclear facilities. The report also covers a related research topic of the Halden Project with focus on cyber threats and

  6. Assistive Technologies and Issues Relating to Privacy, Ethics and Security

    Science.gov (United States)

    Martin, Suzanne; Bengtsson, Johan E.; Dröes, Rose-Marie

    Emerging technologies provide the opportunity to develop innovative sustainable service models, capable of supporting adults with dementia at home. Devices range from simple stand-alone components that can generate a responsive alarm call to complex interoperable systems that even can be remotely controlled. From these complex systems the paradigm of the ubiquitous or ambient smart home has emerged, integrating technology, environmental design and traditional care provision. The service context is often complex, involving a variety of stakeholders and a range of interested agencies. Against this backdrop, as anecdotal evidence and government policies spawn further innovation it is critical that due consideration is given to the potential ethical ramifications at an individual, organisational and societal level. Well-grounded ethical thinking and proactive ethical responses to this innovation are required. Explicit policy and practice should therefore emerge which engenders confidence in existing supported living option schemes for adults with dementia and informs further innovation.

  7. Hybrid rice technology for food security in the world

    Institute of Scientific and Technical Information of China (English)

    YUAN Long-ping

    2004-01-01

    @@ The current world population is over 6 billion and will reach 8 billion in 2030. Meanwhile, the annual loss of land to other use is 10 to 35 million ha, with half of this lost land coming from cropland.Facing such severe situation of population growth pressure plus cropland reduction, it is obvious that the only way to solve food shortage problem is to greatly enhance the yield level of food crops per unit land area through advance of science and technology.

  8. Report on Sensor Technology for Battlefield and Physical Security Applications.

    Science.gov (United States)

    1977-07-01

    END ITEMS, IT SHOULD BE USEFUL IF WE GET A HANDLE ON THE OVERALL MANAGEMENT CONCEPTo THE PROGRAM OBJECTIVES, AND THE ESTIMATED FUNDING LEVELS...LEARN MORE ABOUT THE DEVICES THAT WILL BE AVAILABLE ON THE OPEN MARKET . WE WOULD EXPECT SUCH A CENTER TO BE ACCESSABLE BY ALL FEDERAL AGENCIES AND TO...that the ported coaxial cable sensor technology does work and that it appears to work better than other sensors on the market . The ADM development

  9. Import Security: Assessing the Risks of Imported Food.

    Science.gov (United States)

    Welburn, Jonathan; Bier, Vicki; Hoerning, Steven

    2016-11-01

    We use data on food import violations from the FDA Operational and Administrative System for Import Support (OASIS) to address rising concerns associated with imported food, quantify import risks by product and by country of origin, and explore the usefulness of OASIS data for risk assessment. In particular, we assess whether there are significant trends in violations, whether import violations can be used to quantify risks by country and by product, and how import risks depend on economic factors of the country of origin. The results show that normalizing import violations by volume of imports provides a meaningful indicator of risk. We then use regression analysis to characterize import risks.  Using this model, we analyze import risks by product type, violation type, and economic factors of the country of origin.  We find that OASIS data are useful in quantifying food import risks, and that the rate of refusals provides a useful decision tool for risk management.  Furthermore, we find that some economic factors are significant indicators of food import risk by country. © 2016 Society for Risk Analysis.

  10. Innovation priorities optimization in the context of national technological security ensuring

    Directory of Open Access Journals (Sweden)

    V.A. Omelyanenko

    2016-12-01

    Full Text Available The aim of this article. The article is devoted to the main aspects of technological security providing through increasing the efficiency of innovation development priorities selection. The features of impact of technological security for national security and international experience of its software were analyzed. The scheme of determination of innovation priorities, based on the assessment of critical technologies and strategy of socio-economic development, were proposed. The scheme of innovation priorities based on “deployment policy” concept was developed. The results of the analysis. Based on analysis of possibilities of using the capacity of international environment, eliminating the technological gap between Ukraine and leading countries in framework of technological security provision should be implemented not by increasing the one-side transfer of foreign technologies, but with the improvement and development of national critical technologies based on foreign experience. Also positive balance of international technology transfer in future can’t be achieved the growth of dumping policy with the expansion of volumes of these technologies only when the country has to spend a resources, which is beneficial only for foreign partners. This balance should be focused on system-level processes, it is necessary to speed up the development of its own technology base, that can eliminate existing or possible “technological blockade”. Conclusions and perspectives for further research. The state’s ability to engage in complicated tech activities is a characteristic of scientific, technical and technological level of its development as well as has great impact on economic situation and national security and assists enhance its international prestige. However, the development of such industries and requires the creation of efficient innovation system and international cooperation mechanisms to compensate for negative effects of unilateral

  11. Defense Transportation’s EDI Program: A Security Risk Assessment

    Science.gov (United States)

    1993-05-01

    available when needed. One way to provide proof of system-security procedures is to follow the guide- lines in the Inteinal Management Control Program ( IMCP ...as mandated by the Federal Manager’s Financial Integrity Act (FMFIA). The IMCP prescribes both general and specific standards for maintaining...appropriate internal controls. For 12 example, the IMCP states that control systems shall be properly documented, trans- actions and other significant

  12. Enterprise Information Security Management Based on Context-Aware RBAC and Communication Monitoring Technology

    Directory of Open Access Journals (Sweden)

    Mei-Yu Wu

    2013-01-01

    Full Text Available Information technology has an enormous influence in many enterprises. Computers have not only become important devices that people rely on in their daily lives and work, but have also become essential tools for enterprises. More and more enterprises have shifted their focus to how to prevent outer forces from invading and stealing from networks. However, many enterprises have disregarded the significance of internal leaking, which also plays a vital role in information management. This research proposes an information security management approach that is based on context-aware role-based access control (RBAC and communication monitoring technology, in order to achieve enterprise information security management. In this work, it is suggested that an enterprise may, first, use an organizational chart to list job roles and corresponding permissions. RBAC is a model that focuses on different work tasks and duties. Subsequently, the enterprise may define a security policy to enforce the context-aware RBAC model. Finally, the enterprise may use communication monitoring technology in order to implement information security management. The main contribution of this work is the potential it provides to both reduce information security incidents, such as internal information leakage, and allow for effective cost control of information systems.

  13. Computer Network Security Technology%浅谈计算机网络安全技术

    Institute of Scientific and Technical Information of China (English)

    梁其烺

    2011-01-01

    从当前计算机网络安全现状入手,对主要的网络安全威胁进行了讨论。最后分析了计算机网络安全技术的类型,力图使网络设计者和使用者对网络安全有一个全面的认识,从而能正确采用成功对策。%The present situation of the current computer network security,network security of the main threats were discussed,the final analysis,the type of computer network security technology to try to make the network designers and users of network security with a comprehensive understanding, so that it can correctly the use of successful strategies.

  14. Security

    Science.gov (United States)

    Technology & Learning, 2008

    2008-01-01

    Anytime, anywhere, learning provides opportunities to create digital learning environments for new teaching styles and personalized learning. As part of making sure the program is effective, the safety and security of students and assets are essential--and mandated by law. The Children's Internet Protection Act (CIPA) addresses Internet content…

  15. Accident Precursor Analysis and Management: Reducing Technological Risk Through Diligence

    Science.gov (United States)

    Phimister, James R. (Editor); Bier, Vicki M. (Editor); Kunreuther, Howard C. (Editor)

    2004-01-01

    Almost every year there is at least one technological disaster that highlights the challenge of managing technological risk. On February 1, 2003, the space shuttle Columbia and her crew were lost during reentry into the atmosphere. In the summer of 2003, there was a blackout that left millions of people in the northeast United States without electricity. Forensic analyses, congressional hearings, investigations by scientific boards and panels, and journalistic and academic research have yielded a wealth of information about the events that led up to each disaster, and questions have arisen. Why were the events that led to the accident not recognized as harbingers? Why were risk-reducing steps not taken? This line of questioning is based on the assumption that signals before an accident can and should be recognized. To examine the validity of this assumption, the National Academy of Engineering (NAE) undertook the Accident Precursors Project in February 2003. The project was overseen by a committee of experts from the safety and risk-sciences communities. Rather than examining a single accident or incident, the committee decided to investigate how different organizations anticipate and assess the likelihood of accidents from accident precursors. The project culminated in a workshop held in Washington, D.C., in July 2003. This report includes the papers presented at the workshop, as well as findings and recommendations based on the workshop results and committee discussions. The papers describe precursor strategies in aviation, the chemical industry, health care, nuclear power and security operations. In addition to current practices, they also address some areas for future research.

  16. Finding the right technology solutions to secure our borders

    CSIR Research Space (South Africa)

    Venter, CP

    2015-10-01

    Full Text Available stream_source_info Venter-2015.pdf.txt stream_content_type text/plain stream_size 1509 Content-Encoding UTF-8 stream_name Venter-2015.pdf.txt Content-Type text/plain; charset=UTF-8 Finding the right technology solutions... • Real-life field conditions • Simulated events Maritime Scenario • Maritime and Harbour Protection in Saldanha area • Refugee Influx, Intertidal Poaching, Vessel Interception • Specific “Injects” – plausible events simulated • Various...

  17. Information Technology Convergence, Secure and Trust Computing, and Data Management ITCS 2012 & STA 2012

    CERN Document Server

    Kim, Jongsung; Zou, Deqing; Lee, Yang

    2012-01-01

    ITCS 2012 and STA 2012 address the various theories and practical applications of information technology convergence, secure and trust computing, and data management in future environments. It will present important results of significant value to solve the application services and various problems within the scope of ITCS 2012 & STA 2012. In addition, we expect it will trigger further related research and technology developments which will improve our lives in the future.

  18. Energy systems security

    CERN Document Server

    Voeller, John G

    2014-01-01

    Energy Systems Security features articles from the Wiley Handbook of Science and Technology for Homeland Security covering topics related to electricity transmission grids and their protection, risk assessment of energy systems, analysis of interdependent energy networks. Methods to manage electricity transmission disturbances so as to avoid blackouts are discussed, and self-healing energy system and a nano-enabled power source are presented.

  19. Gender Differences in the Field of Information Security Technology Management: A Qualitative, Phenomenological Study

    Science.gov (United States)

    Johnson, Marcia L.

    2013-01-01

    This qualitative study explored why there are so few senior women in the information security technology management field and whether gender played a part in the achievement of women in the field. Extensive interviews were performed to capture the lived experiences of successful women in the field regarding the obstacles and common denominators of…

  20. 76 FR 45645 - 10-Day Notice of Proposed Information Collection: Technology Security/Clearance Plans, Screening...

    Science.gov (United States)

    2011-07-29

    ...The Department of State has submitted the following information collection request to the Office of Management and Budget (OMB) for approval in accordance with the Paperwork Reduction Act of 1995. Title of Information Collection: Technology Security/ Clearance Plans, Screening Records, and Non-Disclosure Agreements Pursuant to 22 CFR 126.18. OMB Control Number: 1405-XXXX.......

  1. 78 FR 66949 - Homeland Security Science and Technology Advisory Committee (HSSTAC)

    Science.gov (United States)

    2013-11-07

    ... public comment period may end before the time indicated, following the last call for comments. To... Science and Technology, such as new developments in systems engineering, cyber-security, knowledge.... The agenda on December 5 focuses solely on the interaction between DHS S&T and Customs and...

  2. Gender Differences in the Field of Information Security Technology Management: A Qualitative, Phenomenological Study

    Science.gov (United States)

    Johnson, Marcia L.

    2013-01-01

    This qualitative study explored why there are so few senior women in the information security technology management field and whether gender played a part in the achievement of women in the field. Extensive interviews were performed to capture the lived experiences of successful women in the field regarding the obstacles and common denominators of…

  3. Attachment security in infants at-risk for autism spectrum disorders.

    Science.gov (United States)

    Haltigan, John D; Ekas, Naomi V; Seifer, Ronald; Messinger, Daniel S

    2011-07-01

    Little is known about attachment security and disorganization in children who are at genetic risk for an Autism Spectrum Disorder (ASD) prior to a possible diagnosis. The present study examined distributions of attachment security and disorganization at 15-months of age in a sample of infant siblings of older children with (ASD-sibs; n = 51) or without (COMP-sibs; n = 34) an ASD. ASD-sibs were not more or less likely to evince attachment insecurity or disorganization than COMP-sibs. However, relative to COMP-sibs, the rate of B1-B2 secure subclassifications was disproportionately larger in the ASD-sib group. Results suggest that ASD-sibs are not less likely to form secure affectional bonds with their caregivers than COMP-sibs, but may differ from COMP-sibs in their expression of attachment security.

  4. Exploration of technologies of use to civil security forces

    Energy Technology Data Exchange (ETDEWEB)

    Farnum, E.H.; Petrovic, J.; McClellan, K.; Trujillo, E.; Neuman, A.; Lounsbury, B. [Los Alamos National Lab., NM (United States); Mann, T. [Foster Miller, Inc., Waltham, MA (United States); Rousseau, R. [Ordnance Body Armor Company (United States)

    1998-12-01

    This is the final report of a two-year, Laboratory Directed Research and Development (LDRD) project at the Los Alamos National Laboratory (LANL). The objective was to determine whether armor tile technology could be used to solve problems of civil law enforcement as identified by the New Mexico State Police. Most of the effort focused on the design and construction of a lightweight, portable box that could contain the shrapnel and redirect the blast from a steel-pipe/black-powder bomb. The bomb box task was carried out in collaboration with two companies, Foster Miller, Inc. and Ordnance Body Armor Co., who constructed most of the boxes tested. The results of the tests indicated that soft, flexible fabrics are superior to hard tiles in containing the bomb fragments. Subsequent to these experiments, Foster Miller has developed a bomb container that is commercialized and is currently being sold to law enforcement agencies.

  5. Relationship of Food Security with Type 2 Diabetes and Its Risk Factors in Tehranian Adults.

    Science.gov (United States)

    Hasan-Ghomi, Majid; Ejtahed, Hanieh-Sadat; Mirmiran, Parvin; Hosseini-Esfahani, Firozeh; Sarbazi, Narges; Azizi, Fereidoun; Sadeghian, Saeed

    2015-01-01

    As food insecurity has negative effects on health, the aim of this study was to determine tahe relationship between household food security and type 2 diabetes mellitus and its related risk factors. In this case-control study, 200 individuals with and 200 individuals without type 2 diabetes mellitus, aged over 40 years, were randomly selected from among participants of the Tehran Lipid and Glucose Study. The questionnaire on household food security proposed by the United States Department of Agriculture was completed for them by trained personnel. Logistic regression was used to determine the variable that had the most significant relationship with food security status. The average of food security score was 2.38 ± 2.0 in non-diabetic and 2.25 ± 2.0 in diabetic individuals (P = 0.6). In both groups, the risk for food insecurity in women was more than in men. In the diabetic group, being single and having education levels below high school increased the risk of food insecurity. In the non-diabetic group, the risk of food insecurity in obese individuals was 3.3 times higher than normal individuals (odds ratio = 2.1, 95% confidence interval: 1.2-4.1). There were no significant differences in food security levels of diabetic and non-diabetic groups. However, some risk factors of type 2 diabetes including sex, marital status, educational level, and obesity were associated with food insecurity.

  6. Image-Based Vehicle Identification Technology for Homeland Security Applications

    Energy Technology Data Exchange (ETDEWEB)

    Clark, G A

    2002-10-08

    The threat of terrorist attacks against US civilian populations is a very real, near-term problem that must be addressed, especially in response to possible use of Weapons of Mass Destruction. Several programs are now being funded by the US Government to put into place means by which the effects of a terrorist attack could be averted or limited through the use of sensors and monitoring technology. Specialized systems that detect certain threat materials, while effective within certain performance limits, cannot generally be used efficiently to track a mobile threat such as a vehicle over a large urban area. The key elements of an effective system are an image feature-based vehicle identification technique and a networked sensor system. We have briefly examined current uses of image and feature recognition techniques to the urban tracking problem and set forth the outlines of a proposal for application of LLNL technologies to this critical problem. The primary contributions of the proposed work lie in filling important needs not addressed by the current program: (1) The ability to create vehicle ''fingerprints,'' or feature information from images to allow automatic identification of vehicles. Currently, the analysis task is done entirely by humans. The goal is to aid the analyst by reducing the amount of data he/she must analyze and reduce errors caused by inattention or lack of training. This capability has broad application to problems associated with extraction of useful features from large data sets. (2) Improvements in the effectiveness of LLNL's WATS (Wide Area Tracking System) by providing it accurate threat vehicle location and velocity. Model predictability is likely to be enhanced by use of more information related to different data sets. We believe that the LLNL can accomplish the proposed tasks and enhance the effectiveness of the system now under development.

  7. Predictors of mother-child interaction quality and child attachment security in at-risk families.

    Science.gov (United States)

    De Falco, Simona; Emer, Alessandra; Martini, Laura; Rigo, Paola; Pruner, Sonia; Venuti, Paola

    2014-01-01

    Child healthy development is largely influenced by parent-child interaction and a secure parent-child attachment is predictively associated with positive outcomes in numerous domains of child development. However, the parent-child relationship can be affected by several psychosocial and socio-demographic risk factors that undermine its quality and in turn play a negative role in short and long term child psychological health. Prevention and intervention programs that support parenting skills in at-risk families can efficiently reduce the impact of risk factors on mother and child psychological health. This study examines predictors of mother-child interaction quality and child attachment security in a sample of first-time mothers with psychosocial and/or socio-demographic risk factors. Forty primiparous women satisfying specific risk criteria participated in a longitudinal study with their children from pregnancy until 18 month of child age. A multiple psychological and socioeconomic assessment was performed. The Emotional Availability Scales were used to measure the quality of emotional exchanges between mother and child at 12 months and the Attachment Q-Sort served as a measure of child attachment security at 18 months. Results highlight both the effect of specific single factors, considered at a continuous level, and the cumulative risk effect of different co-occurring factors, considered at binary level, on mother-child interaction quality and child attachment security. Implication for the selection of inclusion criteria of intervention programs that support parenting skills in at-risk families are discussed.

  8. 78 FR 41954 - TA-W-82,634, Prudential Global Business Technology Solutions Central Security Services Dresher...

    Science.gov (United States)

    2013-07-12

    ... Employment and Training Administration TA-W-82,634, Prudential Global Business Technology Solutions Central Security Services Dresher, Pennsylvania; TA-W-82,634A, Prudential Global Business Technology Solutions Central Security Services Iselin, New Jersey; TA-W-82,634B, Prudential Global Business...

  9. Cyber security risk evaluation of a nuclear I and C using BN and ET

    Energy Technology Data Exchange (ETDEWEB)

    Shin, Jin Soo; Heo, Gyun Young [Dept. of Nuclear Engineering, Kyung Hee University, Yongin (Korea, Republic of); Son, Han Seong [Computer and Game Science, Joongbu University, Geumsan (Korea, Republic of)

    2017-04-15

    Cyber security is an important issue in the field of nuclear engineering because nuclear facilities use digital equipment and digital systems that can lead to serious hazards in the event of an accident. Regulatory agencies worldwide have announced guidelines for cyber security related to nuclear issues, including U.S. NRC Regulatory Guide 5.71. It is important to evaluate cyber security risk in accordance with these regulatory guides. In this study, we propose a cyber security risk evaluation model for nuclear instrumentation and control systems using a Bayesian network and event trees. As it is difficult to perform penetration tests on the systems, the evaluation model can inform research on cyber threats to cyber security systems for nuclear facilities through the use of prior and posterior information and backpropagation calculations. Furthermore, we suggest a methodology for the application of analytical results from the Bayesian network model to an event tree model, which is a probabilistic safety assessment method. The proposed method will provide insight into safety and cyber security risks.

  10. Cyber Security Risk Evaluation of a Nuclear I&C Using BN and ET

    Directory of Open Access Journals (Sweden)

    Jinsoo Shin

    2017-04-01

    Full Text Available Cyber security is an important issue in the field of nuclear engineering because nuclear facilities use digital equipment and digital systems that can lead to serious hazards in the event of an accident. Regulatory agencies worldwide have announced guidelines for cyber security related to nuclear issues, including U.S. NRC Regulatory Guide 5.71. It is important to evaluate cyber security risk in accordance with these regulatory guides. In this study, we propose a cyber security risk evaluation model for nuclear instrumentation and control systems using a Bayesian network and event trees. As it is difficult to perform penetration tests on the systems, the evaluation model can inform research on cyber threats to cyber security systems for nuclear facilities through the use of prior and posterior information and backpropagation calculations. Furthermore, we suggest a methodology for the application of analytical results from the Bayesian network model to an event tree model, which is a probabilistic safety assessment method. The proposed method will provide insight into safety and cyber security risks.

  11. Interest Rate Risk Management and the Use of Derivative Securities

    Directory of Open Access Journals (Sweden)

    Ioana-Diana PĂUN

    2013-12-01

    Full Text Available This study aims to demonstrate the utility of derivative financial instruments for the management of interest rate risk that is faced by banks and financial institutions, and to provide an efficient flow of monitoring and control thereof. Banking institutions can now use a combination of balance sheet and off balance sheet measures, i.e. gap method, of interest rate risk management, in order to control exposure of short-term rates and derivatives to control the residual interest rate exposures. The result of the study shows that banks can achieve better diversification and risk management using derivatives.

  12. Phishing Techniques and Mitigating the Associated Security Risks

    Directory of Open Access Journals (Sweden)

    Marc A. Rader

    2013-07-01

    Full Text Available Organizations invest heavily in technicalcontrols for their Information Assurance (IA infrastructure.These technical controls mitigate and reduce the risk of damage caused by outsider attacks. Mostorganizations rely on training to mitigate and reduce risk of non-technical attacks such as socialengineering. Organizations lump IA training into small modules that personnel typically rush throughbecause the training programs lack enough depth and creativity to keep a trainee engaged. The key toretaining knowledge is making the information memorable. This paper describes common and emergingattack vectors and how to lower and mitigate the associated risks.

  13. Interest Rate Risk Management and the Use of Derivative Securities

    National Research Council Canada - National Science Library

    Ioana-Diana PĂUN; Ramona GOGONCEA

    2013-01-01

    This study aims to demonstrate the utility of derivative financial instruments for the management of interest rate risk that is faced by banks and financial institutions, and to provide an efficient...

  14. Homeland security R&D roadmapping : risk-based methodological options.

    Energy Technology Data Exchange (ETDEWEB)

    Brandt, Larry D.

    2008-12-01

    The Department of Energy (DOE) National Laboratories support the Department of Homeland Security (DHS) in the development and execution of a research and development (R&D) strategy to improve the nation's preparedness against terrorist threats. Current approaches to planning and prioritization of DHS research decisions are informed by risk assessment tools and processes intended to allocate resources to programs that are likely to have the highest payoff. Early applications of such processes have faced challenges in several areas, including characterization of the intelligent adversary and linkage to strategic risk management decisions. The risk-based analysis initiatives at Sandia Laboratories could augment the methodologies currently being applied by the DHS and could support more credible R&D roadmapping for national homeland security programs. Implementation and execution issues facing homeland security R&D initiatives within the national laboratories emerged as a particular concern in this research.

  15. Relevance of Clean Coal Technology for India’s Energy Security: A Policy Perspective

    Science.gov (United States)

    Garg, Amit; Tiwari, Vineet; Vishwanathan, Saritha

    2017-07-01

    Climate change mitigation regimes are expected to impose constraints on the future use of fossil fuels in order to reduce greenhouse gas (GHG) emissions. In 2015, 41% of total final energy consumption and 64% of power generation in India came from coal. Although almost a sixth of the total coal based thermal power generation is now super critical pulverized coal technology, the average CO2 emissions from the Indian power sector are 0.82 kg-CO2/kWh, mainly driven by coal. India has large domestic coal reserves which give it adequate energy security. There is a need to find options that allow the continued use of coal while considering the need for GHG mitigation. This paper explores options of linking GHG emission mitigation and energy security from 2000 to 2050 using the AIM/Enduse model under Business-as-Usual scenario. Our simulation analysis suggests that advanced clean coal technologies options could provide promising solutions for reducing CO2 emissions by improving energy efficiencies. This paper concludes that integrating climate change security and energy security for India is possible with a large scale deployment of advanced coal combustion technologies in Indian energy systems along with other measures.

  16. Work-related violence against security guards--who is most at risk?

    Science.gov (United States)

    Leino, Tuula; Selin, Risto; Summala, Heikki; Virtanen, Marianna

    2011-01-01

    Studies on violence in the work of security guards are largely lacking. This study is unique in that it focuses on security guards (n=1,010) in Finland, and assesses the different forms, prevalence, and risk factors of the work-related violence they often face. Information to a survey instrument was obtained by first interviewing 30 volunteers. Then we made a cross-sectional mailed survey that was sent to a randomized group of 2,000 security guards. The response rate was 52. We found the prevalence of verbal aggression, threats of assault, and physical acts against security guards at least once a month to be 39%, 19%, and 15% respectively. As regards risk factors and who is most at risk, our results show that male gender, young age, low work experience, late working hours, and time pressure were associated with all three forms of work-related violence. Unlike other forms of violence, verbal aggression was highly prevalent outside the metropolitan area and directed towards both more and less experienced security guards. In prevention policies for violence, it is important to identify high-risk groups such as those who have less work experience.

  17. The Security Technology of E-commence——Intelligent Packet-filtering Firewalls

    Institute of Scientific and Technical Information of China (English)

    2002-01-01

    Research has revealed that, in the next ten to twen ty years, the implementation of E-commence will become a new basis of economic in crease of China and other countries in the world. And the essence of implementin g E-commerce is the credit standing among the banks, the sellers and the custom ers. But the credit standing in the net ultimately depends on the security of th e network. Firewall is a useful network security technology to keep a network fr om being intruded. The rational use of firewalls can...

  18. Security Expertise

    DEFF Research Database (Denmark)

    and to reflect on the impact and responsibility of security analysis. In science and technology studies, the study of security politics adds a challenging new case to the agenda of research on expertise and policy. The contributors investigate cases such as academic security studies, security think tanks...... will be of particular interest to students of critical security studies, sociology, science and technology studies, and IR/security studies in general....

  19. Optimisation of the securities portfolio as a part of the risk management process

    Directory of Open Access Journals (Sweden)

    Srečko Devjak

    2004-01-01

    Full Text Available Securities of Slovene companies are listed at the Ljubljana Stock Exchange. Market capitalisation at the Ljubljana Stock Exchange has been growing since 1996 due to new listings of equities. On the basis of financial data time series for listed equities, the financial investor can calculate a risk for each individual security with a selected risk measure and can determine an optimal portfolio, subject to selected constraints. In this paper, we shall consequently determine an optimal portfolio of equities for the financial investor, investing his assets only in selected equities listed at the Ljubljana Stock Exchange. Selecting an appropriate risk measure is especially important for a commercial bank in a risk management process. Commercial banks can use internal models in the risk management process and for the purpose of capital charges as well. An optimal portfolio will be calculated, using a non-linear mathematical model.

  20. Service Oriented Architecture Security Risks and their Mitigation

    Science.gov (United States)

    2012-10-01

    Vulnerability Description Language BPEL Business Process Execution Language COM Component Object Model CORBA Common Object Request Broker Architecture...to use COM (Component Object Model) or CORBA (Common Object Request Broker Architecture) as the implementation technology and there is no requirement

  1. Risk-Based Aviation Security: Diffusion and Acceptance

    Science.gov (United States)

    2012-03-01

    passengers, including pregnant women , children, and people with medical implants. 18 1. Millimeter Wave Millimeter wave technology bounces...its practical importance and applicability to a wide range of fields including communications, marketing, and political science (Singhal & Quinlan...terrorists posing as pilots (Hilkevitch, 2011). The article did not clearly articulate how a terrorist would overcome the multiple layers of

  2. New technologies for offshore wildlife risk studies

    Energy Technology Data Exchange (ETDEWEB)

    Gordon, Caleb

    2011-07-01

    Full text: Two research initiatives by Pandion Systems, funded by the US Bureau of Ocean Energy Management, Regulation, and Enforcement (BOEMRE), are addressing the enormous challenges of conducting offshore wind-wildlife risk/impact studies by providing new wildlife sensing technologies that surmount some of the limitations of previous techniques. Both initiatives rest on the shoulders of pioneering European studies and experience. One entails the development of a remote-operating acoustic/thermographic detector. This device, designed with input from the Danish National Environmental Research Institute (NERI) and Cornell Laboratory of Ornithology (CLO), will provide species-specific occurrence data, as well as flight altitude estimation, for vocalizing flying wildlife that flies within a detection beam that corresponds roughly to the rotor swept zone of a single, commercial marine wind turbine. While the detection beam is small and limitations exist for silently flying animals, this device will be capable of providing information on bats and on federally-listed bird species that has been difficult or impossible to achieve with other methods. A preliminary version of this device was developed in 2009-2010 in a BOEMRE-funded pilot study, and a sea-worthy device is currently being developed, scheduled for initial deployment on the US Atlantic Outer Continental Shelf (AOCS) in summer, 2011. A second initiative is targeted at developing a high-definition aerial survey protocol capable of providing a safe, cost-effective, reproducible snapshot of bird, marine mammal, and sea turtle distribution on the entire AOCS. This research, being conducted with a team of technologists and biologists including scientists from the British Trust for Ornithology (BTO), entails conducting a series of pilot experiments in spring, 2011 with a variety of different aircraft, cameras, flight altitudes, and image resolutions, to determine optimum protocols for the large-scale surveys. Both of

  3. Deciding Who Lives: Considered Risk Casualty Decisions in Homeland Security

    Science.gov (United States)

    2008-12-01

    into a burning inferno . Where to draw the line between role-related professional responsibilities and undue risk is a question [we] ... did not...doing so in infernos and, therefore, failed to realize that the time for further rescue efforts had passed. This dichotomy of experience created at

  4. An exploratory risk perception study of attitudes toward homeland security systems.

    Science.gov (United States)

    Sanquist, Thomas F; Mahy, Heidi; Morris, Frederic

    2008-08-01

    Understanding the issues surrounding public acceptance of homeland security systems is important for balancing security needs and potential civil liberties infringements. A psychometric survey was used in an exploratory study of attitudes regarding homeland security systems. Psychometric rating data were obtained from 182 respondents on psychological attributes associated with 12 distinct types of homeland security systems. An inverse relationship was observed for the overall rating attributes of acceptability and risk of civil liberties infringement. Principal components analysis (PCA) yielded a two-factor solution with the rating scale loading pattern suggesting factors of perceived effectiveness and perceived intrusiveness. These factors also showed an inverse relationship. The 12 different homeland security systems showed significantly different scores on the rating scales and PCA factors. Of the 12 systems studied, airport screening, canine detectors, and radiation monitoring at borders were found to be the most acceptable, while email monitoring, data mining, and global positioning satellite (GPS) tracking were found to be least acceptable. Students rated several systems as more effective than professionals, but the overall pattern of results for both types of subjects was similar. The data suggest that risk perception research and the psychometric paradigm are useful approaches for quantifying attitudes regarding homeland security systems and policies and can be used to anticipate potentially significant public acceptance issues.

  5. PACFEST 2004 : enabling technologies for maritime security in the Pacific region.

    Energy Technology Data Exchange (ETDEWEB)

    Moore, Judy Hennessey; Whitley, John B.; Chellis, Craig (Pacific Disaster Center, Kihei, HI)

    2005-06-01

    In October of 2003 experts involved in various aspects of homeland security from the Pacific region met to engage in a free-wheeling discussion and brainstorming (a 'fest') on the role that technology could play in winning the war on terrorism in the Pacific region. The result was a concise and relatively thorough definition of the terrorism problem in the Pacific region, emphasizing the issues unique to Island nations in the Pacific setting, along with an action plan for developing working demonstrations of advanced technological solutions to these issues. Since PacFest 2003, the maritime dimensions of the international security environment have garnered increased attention and interest. To this end, PacFest 2004 sought to identify gaps and enabling technologies for maritime domain awareness and responsive decision-making in the Asia-Pacific region. The PacFest 2004 participants concluded that the technologies and basic information building blocks exist to create a system that would enable the Pacific region government and private organizations to effectively collaborate and share their capabilities and information concerning maritime security. The proposed solution summarized in this report integrates national environments in real time, thereby enabling effective prevention and first response to natural and terrorist induced disasters through better use of national and regional investments in people, infrastructure, systems, processes and standards.

  6. Cyber security

    CERN Document Server

    Voeller, John G

    2014-01-01

    Cyber Security features articles from the Wiley Handbook of Science and Technology for Homeland Security covering topics related to cyber security metrics and measure  and related technologies that meet security needs. Specific applications to web services, the banking and the finance sector, and industrial process control systems are discussed.

  7. Marine and Hydrokinetic Technology Development Risk Management Framework

    Energy Technology Data Exchange (ETDEWEB)

    Snowberg, David [National Renewable Energy Lab. (NREL), Golden, CO (United States); Weber, Jochem [National Renewable Energy Lab. (NREL), Golden, CO (United States)

    2015-09-01

    Over the past decade, the global marine and hydrokinetic (MHK) industry has suffered a number of serious technological and commercial setbacks. To help reduce the risks of industry failures and advance the development of new technologies, the U.S. Department of Energy (DOE) and the National Renewable Energy Laboratory (NREL) developed an MHK Risk Management Framework. By addressing uncertainties, the MHK Risk Management Framework increases the likelihood of successful development of an MHK technology. It covers projects of any technical readiness level (TRL) or technical performance level (TPL) and all risk types (e.g. technological risk, regulatory risk, commercial risk) over the development cycle. This framework is intended for the development and deployment of a single MHK technology—not for multiple device deployments within a plant. This risk framework is intended to meet DOE’s risk management expectations for the MHK technology research and development efforts of the Water Power Program (see Appendix A). It also provides an overview of other relevant risk management tools and documentation.1 This framework emphasizes design and risk reviews as formal gates to ensure risks are managed throughout the technology development cycle. Section 1 presents the recommended technology development cycle, Sections 2 and 3 present tools to assess the TRL and TPL of the project, respectively. Section 4 presents a risk management process with design and risk reviews for actively managing risk within the project, and Section 5 presents a detailed description of a risk registry to collect the risk management information into one living document. Section 6 presents recommendations for collecting and using lessons learned throughout the development process.

  8. VOIP for Telerehabilitation: A Risk Analysis for Privacy, Security and HIPAA Compliance: Part II

    Directory of Open Access Journals (Sweden)

    Valerie J.M. Watzlaf

    2011-05-01

    Full Text Available In a previous publication the authors developed a privacy and security checklist to evaluate Voice over the Internet Protocol (VoIP videoconferencing software used between patients and therapists to provide telerehabilitation (TR therapy.  In this paper, the privacy and security checklist that was previously developed is used to perform a risk analysis of the top ten VoIP videoconferencing software to determine if their policies provide answers to the privacy and security checklist. Sixty percent of the companies claimed they do not listen into video-therapy calls unless maintenance is needed. Only 50% of the companies assessed use some form of encryption, and some did not specify what type of encryption was used. Seventy percent of the companies assessed did not specify any form of auditing on their servers. Statistically significant differences across company websites were found for sharing information outside of the country (p=0.010, encryption (p=0.006, and security evaluation (p=0.005. Healthcare providers considering use of VoIP software for TR services may consider using this privacy and security checklist before deciding to incorporate a VoIP software system for TR.  Other videoconferencing software that is specific for TR with strong encryption, good access controls, and hardware that meets privacy and security standards should be considered for use with TR.Keywords: Voice over the Internet Protocol (VOIP, telerehabilitation, HIPAA, privacy, security, evaluation

  9. A Comparative Analysis of University Information Systems within the Scope of the Information Security Risks

    Directory of Open Access Journals (Sweden)

    Rustu Yilmaz

    2016-05-01

    Full Text Available Universities are the leading institutions that are the sources of educated human population who both produce information and ensure to develop new products and new services by using information effectively, and who are needed in every area. Therefore, universities are expected to be institutions where information and information management are used efficiently. In the present study, the topics such as infrastructure, operation, application, information, policy and human-based information security at universities were examined within the scope of the information security standards which are highly required and intended to be available at each university today, and then a comparative analysis was conducted specific to Turkey. Within the present study, the Microsoft Security Assessment Tool developed by Microsoft was used as the risk analysis tool. The analyses aim to enable the universities to compare their information systems with the information systems of other universities within the scope of the information security awareness, and to make suggestions in this regard.

  10. Coping with global environmental change, disasters and security. Threats, challenges, vulnerabilities and risks

    Energy Technology Data Exchange (ETDEWEB)

    Brauch, Hans Guenter [Freie Univ. Berlin (Germany). Dept. of Political and Social Sciences; UNU-EHS, Bonn (DE). College of Associated Scientists and Advisors (CASA); Oswald Spring, Ursula [National Univ. of Mexico, Cuernavaca (MX). Regional Multidisciplinary Research Centre (CRIM); Mesjasz, Czeslaw [Cracow Univ. of Exonomics (Poland). Faculty of Management; Grin, John [Amsterdam Univ. (Netherlands). Dept. of Political Science; Dutch Knowledge network for Systems Innovations and Transitions (KSI), Amsterdam (Netherlands); Kameri-Mbote, Patricia [Strathmore Univ., Nairobi (Kenya). Dept. of Law; International Environmental Law Research Centre, Nairobi (Kenya); Chourou, Bechir [Univ. of Tunis-Carthage, Hammam-Chatt (Tunisia); Dunay, Pal [Geneva Centre for Security Policy (Switzerland). International Training Course in Security Policy; Birkmann, Joern (eds.) [United Nations Univ. (UNU), Bonn (DE). Inst. for Environment and Human Security (EHS)

    2011-07-01

    This policy-focused Global Environmental and Human Security Handbook for the Anthropo-cene (GEHSHA) addresses new security threats, challenges, vulnerabilities and risks posed by global environmental change and disasters. In 6 forewords, 5 preface essays 95 peer reviewed chapcountries analyse in 10 parts concepts of military and political hard security and economic, social, environmental soft security with a regional focus on the Near East, North and Sub-Sahara Africa and Asia and on hazards in urban centres. The major focus is on coping with global environmental change: climate change, desertification, water, food and health and with hazards and strategies on social vulnerability and resilience building and scientific, international, regional and national political strategies, policies and measures including early warning of conflicts and hazards. The book proposes a political geo-ecology and discusses a 'Fourth Green Revolution' for the Anthropocene era of earth history. (orig.)

  11. New technologies in the management of risk and violence in forensic settings.

    Science.gov (United States)

    Tully, John; Larkin, Fintan; Fahy, Thomas

    2015-06-01

    Novel technological interventions are increasingly used in mental health settings. In this article, we describe 3 novel technological strategies in use for management of risk and violence in 2 forensic psychiatry settings in the United Kingdom: electronic monitoring by GPS-based tracking devices of patients on leave from a medium secure service in London, and closed circuit television (CCTV) monitoring and motion sensor technology at Broadmoor high secure hospital. A common theme is the use of these technologies to improve the completeness and accuracy of data used by clinicians to make clinical decisions. Another common thread is that each of these strategies supports and improves current clinical approaches rather than drastically changing them. The technologies offer a broad range of benefits. These include less restrictive options for patients, improved accountability of both staff and patients, less invasive testing, improved automated record-keeping, and better assurance reporting. Services utilizing technologies need also be aware of limitations. Technologies may be seen as unduly restrictive by patients and advocates, and technical issues may reduce effectiveness. It is vital that the types of technological innovations described in this article should be subject to thorough evaluation that addresses cost effectiveness, qualitative analysis of patients' attitudes, safety, and ethical considerations.

  12. For telehealth to succeed, privacy and security risks must be identified and addressed.

    Science.gov (United States)

    Hall, Joseph L; McGraw, Deven

    2014-02-01

    The success of telehealth could be undermined if serious privacy and security risks are not addressed. For example, sensors that are located in a patient's home or that interface with the patient's body to detect safety issues or medical emergencies may inadvertently transmit sensitive information about household activities. Similarly, routine data transmissions from an app or medical device, such as an insulin pump, may be shared with third-party advertisers. Without adequate security and privacy protections for underlying telehealth data and systems, providers and patients will lack trust in the use of telehealth solutions. Although some federal and state guidelines for telehealth security and privacy have been established, many gaps remain. No federal agency currently has authority to enact privacy and security requirements to cover the telehealth ecosystem. This article examines privacy risks and security threats to telehealth applications and summarizes the extent to which technical controls and federal law adequately address these risks. We argue for a comprehensive federal regulatory framework for telehealth, developed and enforced by a single federal entity, the Federal Trade Commission, to bolster trust and fully realize the benefits of telehealth.

  13. The Application of ElGamal Encryption Technology to the Information Security of Digital Library

    Directory of Open Access Journals (Sweden)

    Zhang Fu jun

    2013-07-01

    Full Text Available     Nowadays, the construction and application of digital library leads a new era of the way people obtain knowledge and information, and promotes the academic exchanges and social progress. Digital library, however, also involves great risk, hacker attacks become the main threat of the information security of digital library, and may probably cause the loss and damage of the information resources in library. This article mainly introduces the advantages and the potential safety hazard of digital library, and then makes an analysis aiming at the information security of digital library, and finally puts forward an algorithm based on ElGamal encryption to protect library information encryptedly, and effectively guarantee the information security of digital library.

  14. SECURITY FOR DEVOPS DEPLOYMENT PROCESSES: DEFENSES, RISKS, RESEARCH DIRECTIONS

    OpenAIRE

    Norman Wilde; Brian Eddy; Khyati Patel; Nathan Cooper; Valeria Gamboa; Bhavyansh Mishra; Keenal Shah

    2016-01-01

    DevOps is an emerging collection of software management practices intended to shorten time to market for new software features and to reduce the risk of costly deployment errors. In this paper we examine thesecurity implications of two of the key DevOps practices, automation of the deployment pipeline using adeployment toolchain and infrastructure-as-code to specify the environment of the deployed software. Wefocus on identifying what changes when an organization moves from manual deployments...

  15. Avionics Collaborative Engineering Technology Delivery Order 0035: Secure Knowledge Management (SKM) Technology Research Roadmap - Technology Trends for Collaborative Information and Knowledge Management Research

    Science.gov (United States)

    2004-06-01

    International Corporation 4031 Colonel Glenn Highway Beavercreek, OH 45431-1673 Nikolaos G. Bourbakis Wright State University Information Technology...NUMBER 2432 5e. TASK NUMBER 04 6. AUTHOR(S) Russell F. Moody (Science Applications International Corporation) Nikolaos G. Bourbakis (Wright...modeling, retrieving, distributing, and publishing documents on the Web ( Bourbakis ) − Research cryptanalysis. − System security. − Self-healing

  16. An Overview Of The Security Concerns In Enterprise Cloud Computing

    OpenAIRE

    Anthony Bisong; Rahman, Syed M

    2011-01-01

    Deploying cloud computing in an enterprise infrastructure bring significant security concerns.Successful implementation of cloud computing in an enterprise requires proper planning andunderstanding of emerging risks, threats, vulnerabilities, and possible countermeasures. We believe enterprise should analyze the company/organization security risks, threats, and available countermeasures before adopting this technology. In this paper, we have discussed security risks and concerns in cloud comp...

  17. An Overview of the Security Concerns in Enterprise Cloud Computing

    OpenAIRE

    Bisong, Anthony; Syed; Rahman, M.

    2011-01-01

    Deploying cloud computing in an enterprise infrastructure bring significant security concerns. Successful implementation of cloud computing in an enterprise requires proper planning and understanding of emerging risks, threats, vulnerabilities, and possible countermeasures. We believe enterprise should analyze the company/organization security risks, threats, and available countermeasures before adopting this technology. In this paper, we have discussed security risks and concerns in cloud co...

  18. The Concept and Use of Human Security: A Critical Analysis of its Potentialities and Risks

    Directory of Open Access Journals (Sweden)

    Karlos Pérez de Armiño

    2007-02-01

    Full Text Available Bearing in mind the existence of different approaches to human security (the broad one and the restricted one, this article analyses the scope of this new paradigm based on a study of its contributions and potentialities, as well as the risks entailed in applying it. Among the positive contributions, it must be highlighted that: it focuses on the person as the subject of security, and not on the State; it is linked to human development and human rights; and it underscores the need for public policies and so-called ‘humanitarianinterventions’. On the other hand, the risks have grown following 9/11, with the paradigm being used more in its security dimension and less in its development-related aspect.

  19. Probabilistic risk analysis toward cost-effective 3S (safety, safeguards, security) implementation

    Science.gov (United States)

    Suzuki, Mitsutoshi; Mochiji, Toshiro

    2014-09-01

    Probabilistic Risk Analysis (PRA) has been introduced for several decades in safety and nuclear advanced countries have already used this methodology in their own regulatory systems. However, PRA has not been developed in safeguards and security so far because of inherent difficulties in intentional and malicious acts. In this paper, probabilistic proliferation and risk analysis based on random process is applied to hypothetical reprocessing process and physical protection system in nuclear reactor with the Markov model that was originally developed by the Proliferation Resistance and Physical Protection Working Group (PRPPWG) in Generation IV International Framework (GIF). Through the challenge to quantify the security risk with a frequency in this model, integrated risk notion among 3S to pursue the cost-effective installation of those countermeasures is discussed in a heroic manner.

  20. Systematic, appropriate, and cost-effective application of security technologies in U.S. public schools to reduce crime, violence, and drugs

    Energy Technology Data Exchange (ETDEWEB)

    Green, M.W.

    1996-12-31

    As problems of violence and crime become more prevalent in our schools (or at least the perception of their prevalence), more and more school districts will elect to use security technologies to control these problems. While the desired change in student and community attitudes will require significant systemic change through intense U.S. social programs, security technologies can greatly augment school staff today by providing services similar to having extra adults present. Technologies such as cameras, sensors, drug detection, biometric and personnel identification, lighting, barriers, weapon and explosives detection, anti-graffiti methods, and duress alarms can all be effective, given they are used in appropriate applications, with realistic expectations and an understanding of limitations. Similar to a high-risk government facility, schools must consider a systems (`big picture`) approach to security, which includes the use of personnel and procedures as well as security technologies, such that the synergy created by all these elements together contributes more to the general `order maintenance` of the facility than could be achieved by separate measures not integrated or related.

  1. Systematic, appropriate, and cost-effective application of security technologies in U.S. public schools to reduce crime, violence, and drugs

    Science.gov (United States)

    Green, Mary W.

    1997-01-01

    As problems of violence and crime become more prevalent in our schools, more and more school districts will elect to use security technologies to control these problems. While the desired change in student and community attitudes will require significant systemic change through intense US social programs, security technologies can greatly augment school staff today by providing services similar to having extra adults present. Technologies such as cameras, sensors, drug detection, biometric and personnel identification, lighting, barriers, weapon and explosives detection, anti- graffiti methods, and duress alarms can all be effective, given they are used in appropriate applications, with realistic expectations and an understanding of limitations. Similar to a high-risk government facility, schools must consider a systems approach to security, which includes the use of personnel and procedures as well as security technologies, such that the synergy created by all these elements together contributes more tot he general 'order maintenance' of the facility than could be achieved by separate measures not integrated or related.

  2. U.S.-Brazil Security Cooperation and the Challenge of Technology Transfer

    Science.gov (United States)

    2014-03-01

    direction throughout the process. xvi THIS PAGE INTENTIONALLY LEFT BLANK 1 I. INTRODUCTION A. MAJOR RESEARCH QUESTION Since 2010, the United...weapons systems to the Middle East. Regarding the industry’s success in that era, Luis Bitencourt notes: The reason they got that market was mainly due...31. 143 Luis Bitencourt, The Problems of Defence Industrialization for Developing States,” in Arms and Technology Transfers: Security and Economic

  3. Supported Liquid Membrane Extraction Technology and Its Application in Detection of Meat Security

    Institute of Scientific and Technical Information of China (English)

    LIU Jia; LI Weijin

    2010-01-01

    As a novel technology, supported liquid membrane extraction has gradually become the direction of the research of extraction, for the advantages of using little organic solvents, good selectivity and repeatability. This paper is based on describing the working principle, structure and influencing factors of supported liquid membrane, and research in domestic and foreign literatures which are in the same period, and give a review on the application of supported liquid membrane in meat security determination.

  4. Service Level Agreements as a Service - Towards Security Risks Aware SLA Management

    OpenAIRE

    2012-01-01

    Cloud computing has matured to become a valuable on demand alternative to traditional ownership models for the provisioning of services, platforms and infrastructure. However, this raises many issues for Governance, Risk and Compliance (GRC) and in particular in terms of Information Systems Security Risk Management (ISSRM). Considering such issues lack attention and knowledge, particularly for small and medium sized en- terprises (SMEs), and that cloud computing Service Level Agreements (SLA)...

  5. Students' Ontological Security and Agency in Science Education—An Example from Reasoning about the Use of Gene Technology

    Science.gov (United States)

    Lindahl, Mats Gunnar; Linder, Cedric

    2013-09-01

    This paper reports on a study of how students' reasoning about socioscientific issues is framed by three dynamics: societal structures, agency and how trust and security issues are handled. Examples from gene technology were used as the forum for interviews with 13 Swedish high-school students (year 11, age 17-18). A grid based on modalities from the societal structures described by Giddens was used to structure the analysis. The results illustrate how the participating students used both modalities for 'Legitimation' and 'Domination' to justify positions that accept or reject new technology. The analysis also showed how norms and knowledge can be used to justify opposing positions in relation to building trust in science and technology, or in democratic decisions expected to favour personal norms. Here, students accepted or rejected the authority of experts based on perceptions of the knowledge base that the authority was seen to be anchored in. Difficulty in discerning between material risks (reduced safety) and immaterial risks (loss of norms) was also found. These outcomes are used to draw attention to the educational challenges associated with students' using knowledge claims (Domination) to support norms (Legitimation) and how this is related to the development of a sense of agency in terms of sharing norms with experts or with laymen.

  6. An Actuarial Model for Assessment of Prison Violence Risk Among Maximum Security Inmates

    Science.gov (United States)

    Cunningham, Mark D.; Sorensen, Jon R.; Reidy, Thomas J.

    2005-01-01

    An experimental scale for the assessment of prison violence risk among maximum security inmates was developed from a logistic regression analysis involving inmates serving parole-eligible terms of varying length (n = 1,503), life-without-parole inmates (n = 960), and death-sentenced inmates who were mainstreamed into the general prison population…

  7. Developing a Comprehensive Approach Could Help DOD Better Manage National Security Risks in the Supply Chain

    Science.gov (United States)

    2016-02-01

    Manage National Security Risks in the Supply Chain Why GAO Did This Study DOD depends on... supply chain . In addition, we interviewed DOD and other agencies’ officials with knowledge of the defense industrial base and management of the...recommendations and acquisition policy guidance on supply chain management and supply chain vulnerability throughout the entire supply chain , from

  8. Model of Information Security Risk Assessment based on Improved Wavelet Neural Network

    Directory of Open Access Journals (Sweden)

    Gang Chen

    2013-09-01

    Full Text Available This paper concentrates on the information security risk assessment model utilizing the improved wavelet neural network. The structure of wavelet neural network is similar to the multi-layer neural network, which is a feed-forward neural network with one or more inputs. Afterwards, we point out that the training process of wavelet neural networks is made up of four steps until the value of error function can satisfy a pre-defined error criteria. In order to enhance the quality of information security risk assessment, we proposed a modified version of wavelet neural network which can effectively combine all influencing factors in assessing information security risk by linear integrating several weights. Furthermore, the proposed wavelet neural network is trained by the BP algorithm with batch mode, and the weight coefficients of the wavelet are modified with the adopting mode. Finally, a series of experiments are conduct to make performance evaluation. From the experimental results, we can see that the proposed model can assess information security risk accurately and rapidly

  9. 9 CFR 121.7 - Registration and related security risk assessments.

    Science.gov (United States)

    2010-01-01

    ..., changes in ownership or control of the entity, new researchers or graduate students, etc.) (2) The responsible official will be notified in writing if an application to amend a certificate of registration has..., including public accredited academic institutions, are exempt from the security risk assessments for...

  10. 9 CFR 121.10 - Restricting access to select agents and toxins; security risk assessments.

    Science.gov (United States)

    2010-01-01

    ... 9 Animals and Animal Products 1 2010-01-01 2010-01-01 false Restricting access to select agents and toxins; security risk assessments. 121.10 Section 121.10 Animals and Animal Products ANIMAL AND... intelligence agency of committing a crime set forth in 18 U.S.C. 2332b(g)(5); knowing involvement with...

  11. An Actuarial Model for Assessment of Prison Violence Risk Among Maximum Security Inmates

    Science.gov (United States)

    Cunningham, Mark D.; Sorensen, Jon R.; Reidy, Thomas J.

    2005-01-01

    An experimental scale for the assessment of prison violence risk among maximum security inmates was developed from a logistic regression analysis involving inmates serving parole-eligible terms of varying length (n = 1,503), life-without-parole inmates (n = 960), and death-sentenced inmates who were mainstreamed into the general prison population…

  12. 28 CFR 105.11 - Individuals not requiring a security risk assessment.

    Science.gov (United States)

    2010-07-01

    ... citizen or national of the United States prior to providing training in the operation of an aircraft with... BACKGROUND CHECKS Aviation Training for Aliens and Other Designated Individuals § 105.11 Individuals not requiring a security risk assessment. (a) Citizens and nationals of the United States. A citizen or...

  13. Energy Assurance: Essential Energy Technologies for Climate Protection and Energy Security

    Energy Technology Data Exchange (ETDEWEB)

    Greene, David L [ORNL; Boudreaux, Philip R [ORNL; Dean, David Jarvis [ORNL; Fulkerson, William [University of Tennessee, Knoxville (UTK); Gaddis, Abigail [University of Tennessee, Knoxville (UTK); Graham, Robin Lambert [ORNL; Graves, Ronald L [ORNL; Hopson, Dr Janet L [University of Tennessee, Knoxville (UTK); Hughes, Patrick [ORNL; Lapsa, Melissa Voss [ORNL; Mason, Thom [ORNL; Standaert, Robert F [ORNL; Wilbanks, Thomas J [ORNL; Zucker, Alexander [ORNL

    2009-12-01

    We present and apply a new method for analyzing the significance of advanced technology for achieving two important national energy goals: climate protection and energy security. Quantitative metrics for U.S. greenhouse gas emissions in 2050 and oil independence in 2030 are specified, and the impacts of 11 sets of energy technologies are analyzed using a model that employs the Kaya identity and incorporates the uncertainty of technological breakthroughs. The goals examined are a 50% to 80% reduction in CO2 emissions from energy use by 2050 and increased domestic hydrocarbon fuels supply and decreased demand that sum to 11 mmbd by 2030. The latter is intended to insure that the economic costs of oil dependence are not more than 1% of U.S. GDP with 95% probability by 2030. Perhaps the most important implication of the analysis is that meeting both energy goals requires a high probability of success (much greater than even odds) for all 11 technologies. Two technologies appear to be indispensable for accomplishment of both goals: carbon capture and storage, and advanced fossil liquid fuels. For reducing CO2 by more than 50% by 2050, biomass energy and electric drive (fuel cell or battery powered) vehicles also appear to be necessary. Every one of the 11 technologies has a powerful influence on the probability of achieving national energy goals. From the perspective of technology policy, conflict between the CO2 mitigation and energy security is negligible. These general results appear to be robust to a wide range of technology impact estimates; they are substantially unchanged by a Monte Carlo simulation that allows the impacts of technologies to vary by 20%.

  14. Trust, Perceived Risk, and Attitudes Toward Food Technologies

    NARCIS (Netherlands)

    Eiser, J.R.; Miles, S.; Frewer, L.J.

    2002-01-01

    There is substantial empirical evidence that both trust and risk perceptions influence public acceptance of new technologies. We reanalyzed 3 studies (on food technology) to compare whether (a) both trust and perceived risk are independently and directly associated with acceptance, or (b) the relati

  15. Evaluation of legal liability for technological risks in view of requirements for peaceful coexistence and progress.

    Science.gov (United States)

    Zandvoort, Henk

    2011-06-01

    Legal liability for risk-generating technological activities is evaluated in view of requirements that are necessary for peaceful human coexistence and progress in order to show possibilities for improvement. The requirements imply, given that political decision making about the activities proceeds on the basis of majority rule, that legal liability should be unconditional (absolute, strict) and unlimited (full). We analyze actual liability in international law for various risk-generating technological activities, to conclude that nowhere is the standard of unconditional and unlimited liability fully met. Apart from that there are enormous differences. Although significant international liability legislation is in place for some risk-generating technological activities, legislation is virtually absent for others. We discuss fundamental possibilities and limitations of liability and private insurance to secure credible and ethically sound risk assessment and risk management practices. The limitations stem from problems of establishing a causal link between an activity and a harm; compensating irreparable harm; financial warranty; moral hazard in insurance and in organizations; and discounting future damage to present value. As our requirements call for prior agreement among all who are subjected to the risks of an activity about the settlement of these difficult problems, precautionary ex ante regulation of risk-generating activities may be a more attractive option, either combined with liability stipulations or not. However, if ex ante regulation is not based on the consent of all subjected to the risks, it remains that the basis of liability in the law should be unconditional and unlimited liability.

  16. Development of Risk Management Technology/Development of Risk-Informed Application Technology

    Energy Technology Data Exchange (ETDEWEB)

    Yang, Joon Eon; Kim, K. Y.; Ahn, K. I.; Lee, Y. H.; Lim, H. G.; Jung, W. S.; Choi, S. Y.; Han, S. J.; Ha, J. J.; Hwang, M. J.; Park, S. Y.; Yoon, C

    2007-06-15

    This project aims at developing risk-informed application technologies to enhance the safety and economy of nuclear power plant altogether. For this, the Integrated Level 1 and 2 PSA model is developed. In addition, the fire and internal flooding PSA models are improved according to the PSA standard of U.S.A. To solve the issues of domestic PSA model, the best-estimate thermal hydraulic analyses are preformed for the ATWS and LSSB. In order to reduce the uncertainty of PSA, several new PSA technologies are developed: (1) more exact quantification of large fault tree, (2) importance measure including the effects of external PSA. As feasibility studies of Option 2 and 3, the class of 6 systems' SSC are re-classified based on the risk information and the sensitivity analyses is performed for the EDG starting time, respectively. It is also improved that the methodology to identify the vital area of NPP. The research results of this project can be used in the regulatory body and the industry projects for risk-informed applications.

  17. Factors affecting food security and contribution of modern technologies in food sustainability.

    Science.gov (United States)

    Premanandh, Jagadeesan

    2011-12-01

    The concept of food insecurity is complex and goes beyond the simplistic idea of a country's inability to feed its population. The global food situation is redefined by many driving forces such as population growth, availability of arable lands, water resources, climate change and food availability, accessibility and loss. The combined effect of these factors has undeniably impacted global food production and security. This article reviews the key factors influencing global food insecurity and emphasises the need to adapt science-based technological innovations to address the issue. Although anticipated benefits of modern technologies suggest a level of food production that will sustain the global population, both political will and sufficient investments in modern agriculture are needed to alleviate the food crisis in developing countries. In this globalised era of the 21st century, many determinants of food security are trans-boundary and require multilateral agreements and actions for an effective solution. Food security and hunger alleviation on a global scale are within reach provided that technological innovations are accepted and implemented at all levels.

  18. Enabling Technologies for Ultra-Safe and Secure Modular Nuclear Energy

    Energy Technology Data Exchange (ETDEWEB)

    Mendez Cruz, Carmen Margarita [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Rochau, Gary E. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Middleton, Bobby [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Rodriguez, Salvador B. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Rodriguez, Carmelo [General Atomics, San Diego, CA (United States); Schleicher, Robert [General Atomics, San Diego, CA (United States)

    2016-06-01

    Sandia National Laboratories and General Atomics are pleased to respond to the Advanced Research Projects Agency-Energy (ARPA-e)’s request for information on innovative developments that may overcome various current reactor-technology limitations. The RFI is particularly interested in innovations that enable ultra-safe and secure modular nuclear energy systems. Our response addresses the specific features for reactor designs called out in the RFI, including a brief assessment of the current state of the technologies that would enable each feature and the methods by which they could be best incorporated into a reactor design.

  19. Advances in AlGaInN laser diode technology for defence, security and sensing applications

    Science.gov (United States)

    Najda, S. P.; Perlin, P.; Suski, T.; Marona, L.; Boćkowski, M.; Leszczyński, M.; Wisnieski, P.; Czernecki, R.; Targowski, G.

    2016-10-01

    Laser diodes fabricated from the AlGaInN material system is an emerging technology for defence, security and sensing applications. The AlGaInN material system allows for laser diodes to be fabricated over a very wide range of wavelengths from u.v., 380nm, to the visible 530nm, by tuning the indium content of the laser GaInN quantum well, giving rise to new and novel applications including displays and imaging systems, free-space and underwater telecommunications and the latest quantum technologies such as optical atomic clocks and atom interferometry.

  20. Risk calculations in the manufacturing technology selection process

    DEFF Research Database (Denmark)

    Farooq, S.; O'Brien, C.

    2010-01-01

    and supports an industrial manager in achieving objective and comprehensive decisions regarding selection of a manufacturing technology. Originality/value - The paper explains the process of risk calculation in manufacturing technology selection by dividing the decision-making environment into manufacturing......Purpose - The purpose of this paper is to present result obtained from a developed technology selection framework and provide a detailed insight into the risk calculations and their implications in manufacturing technology selection process. Design/methodology/approach - The results illustrated...... in the paper are the outcome of an action research study that was conducted in an aerospace company. Findings - The paper highlights the role of risk calculations in manufacturing technology selection process by elaborating the contribution of risk associated with manufacturing technology alternatives...

  1. Risk-Based Prioritization of Research for Aviation Security Using Logic-Evolved Decision Analysis

    Science.gov (United States)

    Eisenhawer, S. W.; Bott, T. F.; Sorokach, M. R.; Jones, F. P.; Foggia, J. R.

    2004-01-01

    The National Aeronautics and Space Administration is developing advanced technologies to reduce terrorist risk for the air transportation system. Decision support tools are needed to help allocate assets to the most promising research. An approach to rank ordering technologies (using logic-evolved decision analysis), with risk reduction as the metric, is presented. The development of a spanning set of scenarios using a logic-gate tree is described. Baseline risk for these scenarios is evaluated with an approximate reasoning model. Illustrative risk and risk reduction results are presented.

  2. The Effect of Knowledge of Online Security Risks on Consumer Decision Making in B2C e-Commerce

    Science.gov (United States)

    Wang, Ping An

    2010-01-01

    This dissertation research studied how different degrees of knowledge of online security risks affect B2C (business-to-consumer) e-commerce consumer decision making. Online information security risks, such as identity theft, have increasingly become a major factor inhibiting the potential growth of e-commerce. On the other hand, e-commerce…

  3. The Effect of Knowledge of Online Security Risks on Consumer Decision Making in B2C e-Commerce

    Science.gov (United States)

    Wang, Ping An

    2010-01-01

    This dissertation research studied how different degrees of knowledge of online security risks affect B2C (business-to-consumer) e-commerce consumer decision making. Online information security risks, such as identity theft, have increasingly become a major factor inhibiting the potential growth of e-commerce. On the other hand, e-commerce…

  4. 31 CFR 358.9 - Who is responsible for the cost and risks associated with the shipment of securities?

    Science.gov (United States)

    2010-07-01

    ... § 358.9 Who is responsible for the cost and risks associated with the shipment of securities? The... 31 Money and Finance: Treasury 2 2010-07-01 2010-07-01 false Who is responsible for the cost and risks associated with the shipment of securities? 358.9 Section 358.9 Money and Finance: Treasury...

  5. Predictors of mother-child interaction quality and child attachment security in at-risk families

    Directory of Open Access Journals (Sweden)

    Simona eDe Falco

    2014-08-01

    Full Text Available Child healthy development is largely influenced by parent-child interaction and a secure parent-child attachment is predictively associated with positive outcomes in numerous domains of child development. However, the parent-child relationship can be affected by several psychosocial and socio-demographic risk factors that undermine its quality and in turn play a negative role in short and long term child psychological health. Prevention and intervention programs that support parenting skills in at-risk families can efficiently reduce the impact of risk factors on mother and child psychological health. This study examines predictors of mother-child interaction quality and child attachment security in a sample of first-time mothers with psychosocial and/or socio-demographic risk factors. Forty primiparous women satisfying specific risk criteria participated in a longitudinal study with their children from pregnancy until 18 month of child age. A multiple psychological and socioeconomic assessment was performed. The Emotional Availability Scales were used to measure the quality of emotional exchanges between mother and child at 12 months and the Attachment Q-Sort served as a measure of child attachment security at 18 months. Results highlight both the effect of specific single factors, considered at a continuous level, and the cumulative risk effect of different co-occurring factors, considered at binary level, on mother-child interaction quality and child attachment security. Implication for the selection of inclusion criteria of intervention programs that support parenting skills in at-risk families are discussed.

  6. VOIP for Telerehabilitation: A Risk Analysis for Privacy, Security and HIPAA Compliance: Part II.

    Science.gov (United States)

    Watzlaf, Valerie J M; Moeini, Sohrab; Matusow, Laura; Firouzan, Patti

    2011-01-01

    In a previous publication the authors developed a privacy and security checklist to evaluate Voice over Internet Protocol (VoIP) videoconferencing software used between patients and therapists to provide telerehabilitation (TR) therapy. In this paper, the privacy and security checklist that was previously developed is used to perform a risk analysis of the top ten VoIP videoconferencing software to determine if their policies provide answers to the privacy and security checklist. Sixty percent of the companies claimed they do not listen into video-therapy calls unless maintenance is needed. Only 50% of the companies assessed use some form of encryption, and some did not specify what type of encryption was used. Seventy percent of the companies assessed did not specify any form of auditing on their servers. Statistically significant differences across company websites were found for sharing information outside of the country (p=0.010), encryption (p=0.006), and security evaluation (p=0.005). Healthcare providers considering use of VoIP software for TR services may consider using this privacy and security checklist before deciding to incorporate a VoIP software system for TR. Other videoconferencing software that is specific for TR with strong encryption, good access controls, and hardware that meets privacy and security standards should be considered for use with TR.

  7. The Research on The Fusion Technology of Wireless LANs and Personal Area Networks for Emergency Secure in Coal Mine

    Science.gov (United States)

    Chiyuan, Li

    The author has provided craft brother with predictive wireless communication modality and imaginative solutions, and discussed the applied mode of amalgamation technology of wireless LANs and personal area networks for emergency secure in coal mine. The fire protection jobs of emergency secure will become more scientific, more efficient and more flexible in this circumstance. The study can supply bailout team with the situation of a disaster and the location of miner, enhance the efficiency of emergency secure in coal mine.

  8. Technologies for Assessing Behavioral and Cognitive Markers of Suicide Risk

    Science.gov (United States)

    2016-10-01

    AWARD NUMBER: W81XWH-15-1-0632 TITLE: Technologies for Assessing Behavioral and Cognitive Markers of Suicide Risk PRINCIPAL INVESTIGATOR: Brian...CONTRACT NUMBER Technologies for Assessing Behavioral and Cognitive Markers of Suicide Risk 5b. GRANT NUMBER W81XWH-15-1-0632 5c. PROGRAM ELEMENT...suicide risk and to evaluate the predictive utility of these markers over a one year period. We propose to achieve these aims by: (a) collecting

  9. A Fuzzy Set-Based Approach for Model-Based Internet-Banking System Security Risk Assessment

    Institute of Scientific and Technical Information of China (English)

    LI Hetian; LIU Yun; HE Dequan

    2006-01-01

    A fuzzy set-based evaluation approach is demonstrated to assess the security risks for Internet-banking System. The Internet-banking system is semi-formally described using Unified Modeling Language (UML) to specify the behavior and state of the system on the base of analyzing the existing qualitative risk assessment methods. And a quantitative method based on fuzzy set is used to measure security risks of the system. A case study was performed on the WEB server of the Internet-banking System using fuzzy-set based assessment algorithm to quantitatively compute the security risk severity. The numeric result also provides a method to decide the most critical component which should arouse the system administrator enough attention to take the appropriate security measure or controls to alleviate the risk severity. The experiments show this method can be used to quantify the security properties for the Internet-banking System in practice.

  10. Towards a framework for teaching about information technology risk in health care: Simulating threats to health data and patient safety

    Directory of Open Access Journals (Sweden)

    Elizabeth M. Borycki

    2015-09-01

    Full Text Available In this paper the author describes work towards developing an integrative framework for educating health information technology professionals about technology risk. The framework considers multiple sources of risk to health data quality and integrity that can result from the use of health information technology (HIT and can be used to teach health professional students about these risks when using health technologies. This framework encompasses issues and problems that may arise from varied sources, including intentional alterations (e.g. resulting from hacking and security breaches as well as unintentional breaches and corruption of data (e.g. resulting from technical problems, or from technology-induced errors. The framework that is described has several levels: the level of human factors and usability of HIT, the level of monitoring of security and accuracy, the HIT architectural level, the level of operational and physical checks, the level of healthcare quality assurance policies and the data risk management strategies level. Approaches to monitoring and simulation of risk are also discussed, including a discussion of an innovative approach to monitoring potential quality issues. This is followed by a discussion of the application (using computer simulations to educate both students and health information technology professionals about the impact and spread of technology-induced and related types of data errors involving HIT.

  11. Analysis of Data Security Protection Technology for Cloud Computing%分析面向云计算的数据安全保护关键技术

    Institute of Scientific and Technical Information of China (English)

    韦霞

    2015-01-01

    with the rapid development of science and technology, the height of the popularity of the Internet, network information technology has penetrated into people's daily life. More and more applications and large amounts of data to be transmitted to the computer data center, the data processing from the implementation of the processing model of personal computer to computer data processing center. Based computing data security risk factors in the analysis of cloud, focused on data security, data transmission from the security protection technology, data storage security protection technology and data security technology is discussed in three aspects of Cloud Computing Key Technologies Based on data security and protection. And puts forward the scheme of data centric security cloud computing model, important data security and cloud computing.%随着科学技术的高速发展,互联网的高度普及,网络信息技术已经深入到人们的日常生活中。越来越多的应用软件以及大量数据被传送到计算机数据中心,数据处理实现了从个人计算机的处理模型到大型计算机数据处理中心的转变。该文在分析云计算下数据安全危险因素的基础上,着重于数据安全,从数据传输安全保护技术、数据存储安全保护技术以及数据审计安全保护技术三方面探讨了基于云计算的数据安全保护关键技术。提出了云计算模式下的以数据为中心的安全解决方案,以及云计算的数据安全保护的重要意义。

  12. Truck shipment risks for assessing hazardous materials - a new paradigm incorporating safety and security

    Energy Technology Data Exchange (ETDEWEB)

    Greenberg, A.; McSweeney, T.; Allen, J.; Lepofsky, M. [Battelle Memorial Inst., Columbus, OH (United States); Abkowitz, M. [Dept. of Civil Engineering, Vanderbilt Univ., Nashville, TN (United States)

    2004-07-01

    Recent terrorist events, most notably September 11, 2001, have taught us that transportation risk management must be performed with a different lens to accommodate terrorism scenarios that would have previously been considered unlikely to warrant serious attention. Given these circumstances, a new paradigm is needed for managing the risks associated with highway transport of hazardous materials. In particular, this paradigm must: 1) more explicitly consider security threat and vulnerability, and 2) integrate security considerations into an overall framework for addressing natural and man-made disasters, be they accidental or planned. This paper summarizes the results of a study sponsored by the U.S. Department of Transportation, Federal Motor Carrier Safety Administration for the purpose of exploring how a paradigm might evolve in which both safety and security risks can be evaluated as a systematic, integrated process. The work was directed at developing a methodology for assessing the impacts of hazardous materials safety and security incident consequences when transported by highway. This included consideration of the manner in which these materials could be involved in initiating events as well as potential outcomes under a variety of release conditions. The methodology is subsequently applied to various classes of hazardous materials to establish an economic profile of the impacts that might be expected if a major release were to occur. The paper concludes with a discussion of the findings and implications associated with this effort.

  13. Spatio-temporal dynamics of security investments in an interdependent risk environment

    Science.gov (United States)

    Shafi, Kamran; Bender, Axel; Zhong, Weicai; Abbass, Hussein A.

    2012-10-01

    In a globalised world where risks spread through contagion, the decision of an entity to invest in securing its premises from stochastic risks no longer depends solely on its own actions but also on the actions of other interacting entities in the system. This phenomenon is commonly seen in many domains including airline, logistics and computer security and is referred to as Interdependent Security (IDS). An IDS game models this decision problem from a game-theoretic perspective and deals with the behavioural dynamics of risk-reduction investments in such settings. This paper enhances this model and investigates the spatio-temporal aspects of the IDS games. The spatio-temporal dynamics are studied using simple replicator dynamics on a variety of network structures and for various security cost tradeoffs that lead to different Nash equilibria in an IDS game. The simulation results show that the neighbourhood configuration has a greater effect on the IDS game dynamics than network structure. An in-depth empirical analysis of game dynamics is carried out on regular graphs, which leads to the articulation of necessary and sufficient conditions for dominance in IDS games under spatial constraints.

  14. Risk-based Security Assessment in Distribution Network with the Integration of Photovoltaic

    Directory of Open Access Journals (Sweden)

    Sheng Wanxing

    2016-01-01

    Full Text Available With the development of distribution network, distributed generation such as wind and photovoltaic (PV power will become increasingly prominent in the near future. PV is widely constructed because of advantages it has. However, the volatility and randomness of PV makes it more complex than traditional energy in the security assessment of distribution network. Based on risk theory, considering the randomness of PV, node low voltage risk index and line overload risk index are established in this paper. Also, K (N - 1 + 1 principle for distribution network which is developed from traditional (N-1 deterministic principle is applied to reflect the flexible structure of distribution network. IEEE three-feeder example system is utilized to investigate the influence of PV power on the security assessment of distribution network.

  15. Application of classification methods in assessment of NATO member countries' economic, security and political risks

    Science.gov (United States)

    Odehnal, Jakub

    2013-10-01

    The aim of this paper is to attempt possible quantification of determinants of military expenditure and their application to current NATO member countries. To analyse the economic, security and political risks of NATO member countries, author employ multivariate statistical techniques which take into consideration the multivariate properties of the data sets used as input variables. Classification of countries based on cluster analysis has made it possible to identify disparities between NATO member countries, and thus to describe diverse economic or security environment affecting the amount of military expenditure as a percentage of the respective countries' gross domestic product.

  16. Effectiveness of Using a Change Management Approach to Convey the Benefits of an Information Security Implementation to Technology Users

    Science.gov (United States)

    Bennett, Jeannine B.

    2012-01-01

    This study addressed the problems associated with users' understanding, accepting, and complying with requirements of security-oriented solutions. The goal of the research was not to dispute existing theory on IT project implementations, but rather to further the knowledge on the topic of technology user acceptance of security-oriented IT…

  17. Effectiveness of Using a Change Management Approach to Convey the Benefits of an Information Security Implementation to Technology Users

    Science.gov (United States)

    Bennett, Jeannine B.

    2012-01-01

    This study addressed the problems associated with users' understanding, accepting, and complying with requirements of security-oriented solutions. The goal of the research was not to dispute existing theory on IT project implementations, but rather to further the knowledge on the topic of technology user acceptance of security-oriented IT…

  18. Relationship between climate change and environmental risk's of forestry technologies

    Science.gov (United States)

    Pécsinger, Judit; Polgár, András

    2017-04-01

    Environmental risk analysis of the technological aspects of forestry is an important complement to the climate research. Commonly used forestry technologies, like cleaning cutting or final harvest, causes various environmental effects which presents different environmental risks. Based on their material and energy deductions and emissions, they can contribute in different ways to global environmental problems such as climate change. Using environmental risk assessment we explored the newly emerging environmental hazards of the typical forestry technologies due to climate change. These hazards are known in terms of their properties (eg. aridification, toxic load etc), but the spatial appearance is novel. We investigated the possible stressor-response relationships, then estimated the expected exposure. In the risk characterization, we summarized information received in the previous steps. As a result we set up the risk matrices of the working systems of intermediate cutting and final harvest in the stands of beech, oak and spruce. In the matrices, the technologies ranked by values of Global Warming Potential (GWP 100 years) were placed in relation of the average temperature change (dT [° C]) of climate change scenarios. We defined the environmental risks in text form, specifying classes of risks: - I. Class: high risk - II. Class: medium risk - III. Class: low risk. The use of a risk matrix is an important complement to climate change decision-making when selecting the forestry technologies. It serves as a guideline for both foresters and decision makers. Keywords: climate change / environmental risk / risk assessment / forest technology's risk matrix Acknowledgement: This research has been supported by the Agroclimate.2 VKSZ_12-1- 2013-0034 project.

  19. Strategic information security

    CERN Document Server

    Wylder, John

    2003-01-01

    Introduction to Strategic Information SecurityWhat Does It Mean to Be Strategic? Information Security Defined The Security Professional's View of Information Security The Business View of Information SecurityChanges Affecting Business and Risk Management Strategic Security Strategic Security or Security Strategy?Monitoring and MeasurementMoving Forward ORGANIZATIONAL ISSUESThe Life Cycles of Security ManagersIntroductionThe Information Security Manager's Responsibilities The Evolution of Data Security to Information SecurityThe Repository Concept Changing Job Requirements Business Life Cycles

  20. An analysis of security price risk and return among publicly traded pharmacy corporations.

    Science.gov (United States)

    Gilligan, Adrienne M; Skrepnek, Grant H

    2013-01-01

    Community pharmacies have been subject to intense and increasing competition in the past several decades. To determine the security price risk and rate of return of publicly traded pharmacy corporations present on the major U.S. stock exchanges from 1930 to 2009. The Center of Research in Security Prices (CRSP) database was used to examine monthly security-level stock market prices in this observational retrospective study. The primary outcome of interest was the equity risk premium, with analyses focusing upon financial metrics associated with risk and return based upon modern portfolio theory (MPT) including: abnormal returns (i.e., alpha), volatility (i.e., beta), and percentage of returns explained (i.e., adjusted R(2)). Three equilibrium models were estimated using random-effects generalized least squares (GLS): 1) the Capital Asset Pricing Model (CAPM); 2) Fama-French Three-Factor Model; and 3) Carhart Four-Factor Model. Seventy-five companies were examined from 1930 to 2009, with overall adjusted R(2) values ranging from 0.13 with the CAPM to 0.16 with the Four-Factor model. Alpha was not significant within any of the equilibrium models across the entire 80-year time period, though was found from 1999 to 2009 in the Three- and Four-Factor models to be associated with a large, significant, and negative risk-adjusted abnormal returns of -33.84%. Volatility varied across specific time periods based upon the financial model employed. This investigation of risk and return within publicly listed pharmacy corporations from 1930 to 2009 found that substantial losses were incurred particularly from 1999 to 2009, with risk-adjusted security valuations decreasing by one-third. Copyright © 2013 Elsevier Inc. All rights reserved.

  1. Societal risk perception of death among workers in a security company in Malaysia.

    Science.gov (United States)

    Jefferelli, S B; Rampal, K G; Aziz, A J; Salim, M B

    2003-12-01

    How people perceive risk influences their behaviour towards these risks. We do not know how workers perceive risk of dying from diseases or accidents. This study was conducted among 198 workers of a security company in Malaysia. The workers were asked to score on a Likert scale of 1 to 5 the perceived risk of death of Malaysians from selected causes of death. The highest perceived risks of death were, in order of ranking, motor vehicle accidents, cancer and diabetes mellitus whereas according to the certified causes of death in Malaysia the highest risks of death among the selected items were cardiovascular disease, cancer and stroke. The difference in perception and mortality data needs be addressed.

  2. Multi-Level Security for Automotive–RFID Based Technology with Lab VIEW Implementation

    Directory of Open Access Journals (Sweden)

    Priya Darshini .V

    2013-03-01

    Full Text Available Security has become a prominent parameter for all the electronic gadgets. This proposed paper aims at securing the automotive and also preventing the unauthorized persons from accessing it. The technologies such as Radio Frequency Identification (RFID, thumb registration system and face recognition will be applied for the security measures. This proposed system will also be implemented in LabVIEW using Educational Laboratory Virtual Instrumentation Suite II (ELVIS. Initially, the RFID system will be authenticated .The importance of this system is that, it gets verification from the Road Transportation Office (RTO.The user will require an authentication to get proceed to the thumb registration module by which the efficiency of the thumb is enhanced using Pattern Matching Algorithm (PMA. Face recognition system is a technique which will be used after the thumb registration system. At last, this system allows the user to drive the car. For emergency, a key insertion slot will be placed in the system through which the user can insert the key. During this emergency mode of operation the camera captures the driver’s image and sends it to the owner’s mobile as Multimedia Messaging Service (MMS. The owner will provide the authentication password; this in turn allows the user to drive the vehicle. Global System for Mobile communication (GSM module is also kept inbuilt for tracking purpose. Among the different technologies proposed, RFID technique is briefly discussed in this paper.

  3. Security inspection in ports by anomaly detection using hyperspectral imaging technology

    Science.gov (United States)

    Rivera, Javier; Valverde, Fernando; Saldaña, Manuel; Manian, Vidya

    2013-05-01

    Applying hyperspectral imaging technology in port security is crucial for the detection of possible threats or illegal activities. One of the most common problems that cargo suffers is tampering. This represents a danger to society because it creates a channel to smuggle illegal and hazardous products. If a cargo is altered, security inspections on that cargo should contain anomalies that reveal the nature of the tampering. Hyperspectral images can detect anomalies by gathering information through multiple electromagnetic bands. The spectrums extracted from these bands can be used to detect surface anomalies from different materials. Based on this technology, a scenario was built in which a hyperspectral camera was used to inspect the cargo for any surface anomalies and a user interface shows the results. The spectrum of items, altered by different materials that can be used to conceal illegal products, is analyzed and classified in order to provide information about the tampered cargo. The image is analyzed with a variety of techniques such as multiple features extracting algorithms, autonomous anomaly detection, and target spectrum detection. The results will be exported to a workstation or mobile device in order to show them in an easy -to-use interface. This process could enhance the current capabilities of security systems that are already implemented, providing a more complete approach to detect threats and illegal cargo.

  4. VOIP for Telerehabilitation: A Risk Analysis for Privacy, Security, and HIPAA Compliance

    Directory of Open Access Journals (Sweden)

    Valerie J.M. Watzlaf

    2010-10-01

    Full Text Available Voice over the Internet Protocol (VoIP systems such as Adobe ConnectNow, Skype, ooVoo, etc. may include the use of software applications for telerehabilitation (TR therapy that can provide voice and video teleconferencing between patients and therapists.  Privacy and security applications as well as HIPAA compliance within these protocols have been questioned by information technologists, providers of care, and other health care entities. This paper develops a privacy and security checklist that can be used within a VoIP system to determine if it meets privacy and security procedures and whether it is HIPAA compliant. Based on this analysis, specific HIPAA criteria that therapists and health care facilities should follow are outlined and discussed, and therapists must weigh the risks and benefits when deciding to use VoIP software for TR.   

  5. Integrating a flexible modeling framework (FMF) with the network security assessment instrument to reduce software security risk

    Science.gov (United States)

    Gilliam, D. P.; Powell, J. D.

    2002-01-01

    This paper presents a portion of an overall research project on the generation of the network security assessment instrument to aid developers in assessing and assuring the security of software in the development and maintenance lifecycles.

  6. Integrating a flexible modeling framework (FMF) with the network security assessment instrument to reduce software security risk

    Science.gov (United States)

    Gilliam, D. P.; Powell, J. D.

    2002-01-01

    This paper presents a portion of an overall research project on the generation of the network security assessment instrument to aid developers in assessing and assuring the security of software in the development and maintenance lifecycles.

  7. Design of Transparent Distributed IMS Network: Security Challenges Risk and Signaling Analysis

    Directory of Open Access Journals (Sweden)

    Hamid Allouch

    2013-01-01

    Full Text Available The IP Multimedia subsystem (IMS based on SIP as mechanism signalling and interfaces with otherservers using OSA (Open Service Access and CAMEL (Customized Applications for Mobile networkEnhanced Logic.Is responsible for the interconnection of IP packets with other network, IMS support datacommunication services, voice, video, messaging and web-based technologies. In this work we present adistributed design of architecture that turns up some challenges of transparent mobility on the secured IMSarchitecture. We introduced the architecture with clustering database HSS and automatic storage of datafiles that give a secure access to database. This paper gives an overview of classification of security in IMSnetwork and we show delay analysis comparison in signalling interworking with and without securingGateway (SEG in the registration of any UE in access network based IMS. We show that there is a tradeoffbetween the level of increasing system security and the potential delay incurred by mobility in AccessNetwork .we conclude that this architecture is suitable for operators and services providers for the newbusiness models delivering ,the services based IMS Everywhere, anytime and with any terminals.

  8. Field studies of safety security rescue technologies through training and response activities

    Science.gov (United States)

    Murphy, Robin R.; Stover, Sam

    2006-05-01

    This paper describes the field-oriented philosophy of the Institute for Safety Security Rescue Technology (iSSRT) and summarizes the activities and lessons learned during calendar year 2005 of its two centers: the Center for Robot-Assisted Search and Rescue and the NSF Safety Security Rescue industry/university cooperative research center. In 2005, iSSRT participated in four responses (La Conchita, CA, Mudslides, Hurricane Dennis, Hurricane Katrina, Hurricane Wilma) and conducted three field experiments (NJTF-1, Camp Hurricane, Richmond, MO). The lessons learned covered mobility, operator control units, wireless communications, and general reliability. The work has collectively identified six emerging issues for future work. Based on these studies, a 10-hour, 1 continuing education unit credit course on rescue robotics has been created and is available. Rescue robots and sensors are available for loan upon request.

  9. Analysis of Computer Network Security Technology%浅析计算机网络安全技术

    Institute of Scientific and Technical Information of China (English)

    岳建

    2011-01-01

    本文就网络安全面临的威胁和网络安全存在的问题作一些分析,最后有针对性的介绍了几种常用的加强网络安全的技术。为网络安全工作探索一条新思路。%In this paper,network security threats and network security problems for some analysis,and finally targeted introduction of several commonly used to enhance network security technology for network security to explore a new idea.

  10. 浅析计算机网络安全建设及安全技术策略%Computer Network Security Construction and Security Technology Strategies Analysis

    Institute of Scientific and Technical Information of China (English)

    岳慧平; 刘广; 刘建平

    2011-01-01

    With the computer technology and communication technology in all aspects of social life, the extensive application of computer network security issues and more and more prominent.This definition of network security from the start,details the threat to computer network security considerations,and proposed technical and management aspects of the corresponding preventive measures.%随着计算机技术和通信技术在社会生活各方面的广泛应用,计算机网络安全防护问题也愈来愈突出。本文从网络全定义入手,详细阐述了威胁计算机网络安全的因素,并在技术及管理方面提出了相应的防范对策。

  11. Gender and risk assessment in contraceptive technologies

    NARCIS (Netherlands)

    Kammen, van Jessika; Oudshoorn, Nelly

    2002-01-01

    This paper concerns a comparison of risk assessment practices of contraceptives for women and men. Our analysis shows how the evaluation of health risks of contraceptives does not simply reflect the specific effects of chemical compounds in the human body. Rather, we show how side-effects were rated

  12. Prospective Relations among Low-Income African American Adolescents’ Maternal Attachment Security, Self-Worth, and Risk Behaviors

    Science.gov (United States)

    Lockhart, Ginger; Phillips, Samantha; Bolland, Anneliese; Delgado, Melissa; Tietjen, Juliet; Bolland, John

    2017-01-01

    This study examined prospective mediating relations among mother-adolescent attachment security, self-worth, and risk behaviors, including substance use and violence, across ages 13–17 in a sample of 901 low-income African American adolescents. Path analyses revealed that self-worth was a significant mediator between attachment security and risk behaviors, such that earlier attachment security predicted self-worth 1 year later, which in turn, predicted substance use, weapon carrying, and fighting in the 3rd year. Implications for the role of the secure base concept within the context of urban poverty are discussed. PMID:28174548

  13. Cyber Security Status and Technology Development%网络安全现状与技术发展

    Institute of Scientific and Technical Information of China (English)

    宁向延; 张顺颐

    2012-01-01

    The developments of open, free, international cyber technologies bring many revolutionary changes to all countries of the world, all government organizations, all enterprise organizations and all aspects of our lives. With the improved efficiency and the conveniences, many threats and challenges have appeared on open networks. Thus cyber security has become an indispensable part of information networks. Based on the developing security theories, application technologies , management standards, and so on, cyber security technology system has been gradually formed and mature. With the development of network technologies , new information security technologies ( such as IPv6 security, wireless security and embedded system security) will become the mainstream of network security. Many security technologies will be a-malgamated, at the same time the security technology will be syncretized with other technologies, and monitoring technology will become the mainstream of cyber security technologies.%开放、自由、国际化的信息网络技术的发展给世界各国、政府机构、企事业机构和个人生活带来了革命性的变革.伴随着提高效率和提供各种便利的同时,人们要面对开放网络带来的信息安全方面的威胁和挑战,网络的安全问题成为信息网络健康发展必不可少的重要一环.有关网络安全的研究,在安全理论、应用技术、规范管理等方面不断深入,安全技术体系逐步形成并成熟起来.随着网络技术的发展变化,新兴信息安全技术(如IPv6安全、无线安全和嵌入式系统安全等)将成为主流,网络安全技术也将逐渐发展和变化.许多安全技术将由独立走向融合,同时安全技术开始与其他技术进行融合,监控技术将成为信息网络安全技术的主流.

  14. Development of Technology Readiness Level (TRL) Metrics and Risk Measures

    Energy Technology Data Exchange (ETDEWEB)

    Engel, David W.; Dalton, Angela C.; Anderson, K. K.; Sivaramakrishnan, Chandrika; Lansing, Carina

    2012-10-01

    This is an internal project milestone report to document the CCSI Element 7 team's progress on developing Technology Readiness Level (TRL) metrics and risk measures. In this report, we provide a brief overview of the current technology readiness assessment research, document the development of technology readiness levels (TRLs) specific to carbon capture technologies, describe the risk measures and uncertainty quantification approaches used in our research, and conclude by discussing the next steps that the CCSI Task 7 team aims to accomplish.

  15. PREFACE: 1st International Conference on Sensing for Industry, Control, Communication & Security Technologies

    Science.gov (United States)

    Shuja Syed, Ahmed

    2013-12-01

    The 1st International Conference on Sensing for Industry, Control, Communication & Security Technologies (ICSICCST-2013), took place in Karachi, Pakistan, from 24-26 June 2013. It was organized by Indus University, Karachi, in collaboration with HEJ Research Institute of Chemistry, University of Karachi, Karachi. More than 80 abstracts were submitted to the conference and were double blind-reviewed by an international scientific committee. The topics of the Conference were: Video, Image & Voice Sensing Sensing for Industry, Environment, and Health Automation and Controls Laser Sensors and Systems Displays for Innovative Applications Emerging Technologies Unmanned, Robotic, and Layered Systems Sensing for Defense, Homeland Security, and Law Enforcement The title of the conference, 'Sensing for Industry, Control, Communication & Security Technologies' is very apt in capturing the main issues facing the industry of Pakistan and the world. We believe the sensing industry, particularly in Pakistan, is currently at a critical juncture of its development. The future of the industry will depend on how the industry players choose to respond to the challenge of global competition and opportunities arising from strong growth in the Asian region for which we are pleased to note that the conference covered a comprehensive spectrum of issues with an international perspective. This will certainly assist industry players to make informed decisions in shaping the future of the industry. The conference gathered qualified researchers from developed countries like USA, UK, Sweden, Saudi Arabia, China, South Korea and Malaysia etc whose expertise resulting from the research can be drawn upon to build an exploitable area of new technology that has potential Defense, Homeland Security, and Military applicability. More than 250 researchers/students attended the event and made the event great success as the turnout was 100%. An exceptional line-up of speakers spoke at the occasion. We want

  16. Assessing and managing security risk in IT systems a structured methodology

    CERN Document Server

    McCumber, John

    2004-01-01

    SECURITY CONCEPTSUsing ModelsIntroduction: Understanding, Selecting, and Applying Models Understanding AssetsLayered Security Using Models in Security Security Models for Information Systems Shortcomings of Models in SecuritySecurity in Context Reference Defining Information SecurityConfidentiality, Integrity, and Availability Information AttributesIntrinsic versus Imputed Value Information as an Asset The Elements of Security Security Is Security Only in Context Information as an Asset Introduction Determining Value Managing Information Resources ReferencesUnderstanding Threat and Its Relatio

  17. Research on Assessment Model of Information System Security Based on Various Security Factors

    Institute of Scientific and Technical Information of China (English)

    2007-01-01

    With the rapid development of network technology, the meaning of layers and attributes in respect of information system security must be extended based on the understanding of the concept of information system security. The layering model (LM) of information system security and the five-attribute model (FAM) based on security factors were put forward to perfect the description and modeling of the information system security framework. An effective framework system of risk calculation and assessment was proposed, which is based on FAM.

  18. Discursive Overlap and Conflictive Fragmentation of Risk and Security in the Geopolitics of Energy

    Directory of Open Access Journals (Sweden)

    Julio E. Rubio

    2013-03-01

    Full Text Available As it touches all aspects of human activity and society in general, energy has become an object of discourse. Two main discourses have formed on the use of energy: risk discourse and security discourse. While environmental changes and oil depletion continue, a new application for the term security has appeared: energy security. This concept can be interpreted within the terms of risk discourse, which is oriented towards rational consensus and decision making, or as an exercise of power, sovereignty and hegemony. The boundaries between interpretations are often unclear. Thus, in an institutional framework that has fragmented principles, norms and rules, opposing discourses will overlap. Political agents and institutions deploy strategies based on these discourses. With this overlapping of discourses, the performative powers of different institutions clash, thus creating conflictive fragmentation in a governance architecture. The purpose of this investigation is to analyze the use of, replication of, and ambiguities surrounding the concept of energy security, so as to understand how and why these discourses overlap and the profound consequences that this overlap may have for present and future energy use, environmental negotiations, and political climate.

  19. The spectre of uncertainty in communicating technological risk

    Energy Technology Data Exchange (ETDEWEB)

    Broesius, M.T.

    1993-12-01

    The literature does not clearly describe the potential moral and ethical conflicts that can exist between technology sponsors and the technical communicators whose job it is to present potentially risky technology to the non-technical people most likely to be imperiled by such risk. Equally important, the literature does not address the issue of uncertainty -- not the uncertainty likely to be experienced by the community at risk, but the unreliable processes and methodologies used by technology sponsors to define, quantify, and develop strategies to mitigate technological risks. In this paper, the author goes beyond a description of risk communication, the nature of the generally predictable interaction between technology advocates and non-technically trained individuals, and current trends in the field. Although that kind of information is critical to the success of any risk communication activity, and he has included it when necessary to provide background and perspective, without knowing how and why risk assessment is done, it has limited practical applicability outside the sterile, value-free vacuum in which it is usually framed. Technical communicators, particularly those responsible for communicating potential technological risk, must also understand the social, political, economic, statistical, and ethical issues they will invariably encounter.

  20. Evaluating the influence of information and communications technology on food security

    Directory of Open Access Journals (Sweden)

    Ntabeni J. Jere

    2017-01-01

    Full Text Available Background: This study integrates the diffusion of innovation, technology acceptance model and Hofstede’s cultural dimensions theory to assess the role that information and communications technology (ICT plays in ensuring food security. A survey of smallholder farmers from the iLembe district municipality of the KwaZulu-Natal Province of South Africa was conducted, and the data were used to test the proposed model.Objectives: The study evaluates the influence of ICTs in improving food security in KwaZulu-Natal Province. A theoretical framework was developed as the lens through which diffusion and adoption of ICTs can be understood. The theorised model was developed using constructs from the diffusion of innovation (DOI theory, technology acceptance model (TAM and Hofstede’s cultural dimensions theory.Method: Survey data from 517 smallholder farmers from the district municipality of iLembe were collected using a questionnaire. A quantitative approach was followed, and the developed theorised model was analysed using structural equation modelling techniques.Results: This study proposes that ICT influence on food security is associated with culture, perceived usefulness and perceived ease of use. The study further finds that perceived ease of use of ICTs has the most significant effect with regard to ICT adoption and diffusion amongst smallholder farmers in iLembe district municipality. There are, however, no associations found with perceived attributes of innovation and the nature of social systems. The study consisted of a largely homogeneous social system; therefore, the researcher could not make any comparisons.Conclusion: The proposed framework for evaluating the influence of ICTs on food security put forward in this study highlights a number of issues. Firstly, there is need for further study to be conducted to understand adoption of ICTs specifically for food security. This would help in creating more accurate adoption strategies

  1. NGNP Risk Management through Assessing Technology Readiness

    Energy Technology Data Exchange (ETDEWEB)

    John W. Collins

    2010-08-01

    Throughout the Next Generation Nuclear Plant (NGNP) project life cycle, technical risks are identified, analyzed, and mitigated and decisions are made regarding the design and selection of plant and sub-system configurations, components and their fabrication materials, and operating conditions. Risk resolution and decision making are key elements that help achieve project completion within budget and schedule constraints and desired plant availability. To achieve this objective, a formal decision-making and risk management process was developed for NGNP, based on proven systems engineering principles that have guided aerospace and military applications.

  2. Exploring the Application of Shared Ledger Technology to Safeguards and other National Security Topics

    Energy Technology Data Exchange (ETDEWEB)

    Frazar, Sarah L.; Winters, Samuel T.; Kreyling, Sean J.; Joslyn, Cliff A.; West, Curtis L.; Schanfein, Mark J.; Sayre, Amanda M.

    2017-07-17

    In 2016, the Office of International Nuclear Safeguards at the National Nuclear Security Administration (NNSA) within the Department of Energy (DOE) commissioned the Pacific Northwest National Laboratory (PNNL) to explore the potential implications of the digital currency bitcoin and its underlying technologies on the safeguards system. The authors found that one category of technologies referred to as Shared Ledger Technology (SLT) offers a spectrum of benefits to the safeguards system. While further research is needed to validate assumptions and findings in the paper, preliminary analysis suggests that both the International Atomic Energy Agency (IAEA) and Member States can use SLT to promote efficient, effective, accurate, and timely reporting, and increase transparency in the safeguards system without sacrificing confidentiality of safeguards data. This increased transparency and involvement of Member States in certain safeguards transactions could lead to increased trust and cooperation among States and the public, which generates a number of benefits. This paper describes these benefits and the analytical framework for assessing SLT applications for specific safeguards problems. The paper will also describe other national security areas where SLT could provide benefits.

  3. Digital Watermark-based Security Technology for Geo-spatial Graphics Data

    Institute of Scientific and Technical Information of China (English)

    JIA Peihong; CHEN Yunzhen; MA Jinsong; ZHU Dakui

    2006-01-01

    The paper presents a set of techniques of digital watermarking by which copyright and user rights messages are hidden into geo-spatial graphics data, as well as techniques of compressing and encrypting the watermarked geo-spatial graphics data. The technology aims at tracing and resisting the illegal distribution and duplication of the geo-spatial graphics data product, so as to effectively protect the data producer's rights as well as to facilitate the secure sharing of geo-spatial graphics data. So far in the GIS field throughout the world, few researches have been made on digital watermarking. The research is a novel exploration both in the field of security management of geo-spatial graphics data and in the applications of digital watermarking technique. An application software employing the proposed technology has been developed. A number of experimental tests on the 1:500,000 digital bathymetric chart of the South China Sea and 1:10,000 digital topographic map of Jiangsu Province have been conducted to verify the feasibility of the proposed technology.

  4. [Security of the medicinal therapy: Cartography of risks a priori within service of orthopaedic surgery].

    Science.gov (United States)

    Razurel, A; Bertrand, É; Deranlot, J; Benhamou, F; Tritz, T; Le Mercier, F; Hardy, P

    2015-11-01

    Security and quality of the Medicinal Therapy are one of the most important objectives of the April 6th, 2011 order. The objective is to realize this study of the risks incurred by patients related to management and security of medicinal therapy in order to establish a plan to reduce the risks of drug's dispensation. The method of the Preliminary Risk Analysis (PRA) has been implemented by a multidisciplinary group in a hospital service of orthopaedic surgery. The study focused on the dispensation phase of medicinal circuit. This analysis revealed 148 scenarii, 35 were criticality unacceptable. Fifty-four initial risk control actions were proposed and their stress levels to put them in place were evaluated. The main measures of risk management are: training, information, communication, computerization, automation, dual control, updating the documentation system, drug reconciliation and respect for Best Practices Hospitallers (BPH). Risk management requires a significant human and financial investment as well as, material resources and multidisciplinary expertise in order to offer the best solutions. Copyright © 2015 Académie Nationale de Pharmacie. Published by Elsevier Masson SAS. All rights reserved.

  5. Security Risks of Cloud Computing and Its Emergence as 5th Utility Service

    Science.gov (United States)

    Ahmad, Mushtaq

    Cloud Computing is being projected by the major cloud services provider IT companies such as IBM, Google, Yahoo, Amazon and others as fifth utility where clients will have access for processing those applications and or software projects which need very high processing speed for compute intensive and huge data capacity for scientific, engineering research problems and also e- business and data content network applications. These services for different types of clients are provided under DASM-Direct Access Service Management based on virtualization of hardware, software and very high bandwidth Internet (Web 2.0) communication. The paper reviews these developments for Cloud Computing and Hardware/Software configuration of the cloud paradigm. The paper also examines the vital aspects of security risks projected by IT Industry experts, cloud clients. The paper also highlights the cloud provider's response to cloud security risks.

  6. 移动支付网络安全技术研究与应用%Mobile Payment Network Security Technology Research and Application

    Institute of Scientific and Technical Information of China (English)

    赵其朋

    2014-01-01

    简要介绍了翼支付业务网络概况,分析了移动支付的安全风险和安全技术,提出了端到端整体安全解决方案。指出在移动支付中交易过程和手机终端比网络基础设施的风险可控性更弱,需要交易参与方重点去完善解决。%It presents an overview of the payment service network, analyzes the risks of mobile payment and security technology, sums up the end-to-end security solutions. It points out that transaction processes and mobile terminal have weaker risk control than network infrastructure in mobile payment, and it need participants to improve them.

  7. Technology and Risk Sciences Program. FY99 Annual Report

    Energy Technology Data Exchange (ETDEWEB)

    Regens, James L.

    2000-01-01

    In making the transition from weapons production to environmental restoration, DOE has found that it needs to develop reliable means of defining and understanding health and environmental risks and of selecting cost-efficient environmental management technologies so that cleanup activities can be appropriately directed. Through the Technology and Risk Sciences Project, the Entergy Spatial Analysis Research Laboratory attempts to provide DOE with products that incorporate spatial analysis techniques in the risk assessment, communication, and management processes; design and evaluate methods for evaluating innovative environmental technologies; and collaborate and access technical information on risk assessment methodologies, including multimedia modeling and environmental technologies in Russia and the Ukraine, while in addition training and developing the skills of the next generation of scientists and environmental professionals.

  8. Risk and Argument: A Risk-based Argumentation Method for Practical Security

    NARCIS (Netherlands)

    Nunes Leal Franqueira, V.; Tun, Thein Tan; Yu, Yijun; Wieringa, Roelf J.; Nuseibeh, Bashar

    When showing that a software system meets certain security requirements, it is often necessary to work with formal and informal descriptions of the system behavior, vulnerabilities, and threats from potential attackers. In earlier work, Haley et al. [1] showed structured argumentation could deal

  9. Managing the Perception of Advanced Technology Risks in Mission Proposals

    Science.gov (United States)

    Bellisario, Sebastian Nickolai

    2012-01-01

    Through my work in the project proposal office I became interested in how technology advancement efforts affect competitive mission proposals. Technology development allows for new instruments and functionality. However, including technology advancement in a mission proposal often increases perceived risk. Risk mitigation has a major impact on the overall evaluation of the proposal and whether the mission is selected. In order to evaluate the different approaches proposals took I compared the proposals claims of heritage and technology advancement to the sponsor feedback provided in the NASA debriefs. I examined a set of Discovery 2010 Mission proposals to draw patterns in how they were evaluated and come up with a set of recommendations for future mission proposals in how they should approach technology advancement to reduce the perceived risk.

  10. Universal Banking and the Pricing of Securities Risk: Historical Evidence from Germany

    OpenAIRE

    Peter Bossaerts; Caroline Fohlin

    2000-01-01

    This paper investigates the importance of financial institutions, particularly universal banks, in the pricing of risk in securities markets. Recent research on modern economies, finds that three factors explain the cross-section of average stock returns: (i) a stock's sensitivity to market-wide price movements (``beta''), (ii) market capitalization, and (iii) book value of equity relative to its market price (the value effect). The German financial system of the pre-World War I period is a p...

  11. Predictors of mother–child interaction quality and child attachment security in at-risk families

    OpenAIRE

    2014-01-01

    Child healthy development is largely influenced by parent–child interaction and a secure parent–child attachment is predictively associated with positive outcomes in numerous domains of child development. However, the parent–child relationship can be affected by several psychosocial and socio-demographic risk factors that undermine its quality and in turn play a negative role in short and long term child psychological health. Prevention and intervention programs that support parenting skills ...

  12. Aviation Security: Biometric Technology and Risk Based Security Aviation Passenger Screening Program

    Science.gov (United States)

    2012-12-01

    9.4 billion to airlines, $5.6 billion to hotels , $3.1 billion to restaurants, and $4.2 billion in federal, state and local tax revenues. A similar...spoof multiple biometric traits of a legitimately enrolled individual. 4. Multibiometric systems also effectively address the problem of noisy data...When the biometric signal acquired from a single trait is corrupted with noise, the availability of other (less noisy ) traits may aid in the reliable

  13. Nanotechnology risk perceptions and communication: emerging technologies, emerging challenges.

    Science.gov (United States)

    Pidgeon, Nick; Harthorn, Barbara; Satterfield, Terre

    2011-11-01

    Nanotechnology involves the fabrication, manipulation, and control of materials at the atomic level and may also bring novel uncertainties and risks. Potential parallels with other controversial technologies mean there is a need to develop a comprehensive understanding of processes of public perception of nanotechnology uncertainties, risks, and benefits, alongside related communication issues. Study of perceptions, at so early a stage in the development trajectory of a technology, is probably unique in the risk perception and communication field. As such it also brings new methodological and conceptual challenges. These include: dealing with the inherent diversity of the nanotechnology field itself; the unfamiliar and intangible nature of the concept, with few analogies to anchor mental models or risk perceptions; and the ethical and value questions underlying many nanotechnology debates. Utilizing the lens of social amplification of risk, and drawing upon the various contributions to this special issue of Risk Analysis on Nanotechnology Risk Perceptions and Communication, nanotechnology may at present be an attenuated hazard. The generic idea of "upstream public engagement" for emerging technologies such as nanotechnology is also discussed, alongside its importance for future work with emerging technologies in the risk communication field. © 2011 Society for Risk Analysis.

  14. Potential Technologies for Assessing Risk Associated with a Mesoscale Forecast

    Science.gov (United States)

    2015-10-01

    the actual model-forecast error—the 500-hPa root-mean-square error (RMSE) height error. Future work should also consider other forecast metrics such...ARL-TN-0708 ● OCT 2015 US Army Research Laboratory Potential Technologies for Assessing Risk Associated with a Mesoscale...OCT 2015 US Army Research Laboratory Potential Technologies for Assessing Risk Associated with a Mesoscale Forecast by Patrick A

  15. Risk Reduction Technologies in General Practice and Social Work

    Directory of Open Access Journals (Sweden)

    Devin Rexvid

    2012-12-01

    Full Text Available General practitioners (GPs and social workers (SWs are professions whose professional autonomy and discretion have changed in the so-called risk and audit society. The aim of this article is to compare GPs’ and SWs’ responses to Evidence-Based and Organizational Risk Reduction Technologies (ERRT and ORRT. It is based on a content analysis of 54 peer-reviewed empirical articles. The results show that both professions held ambivalent positions towards ERRT. The response towards ORRT differed in that GPs were sceptical whilst SWs took a more pragmatic view. Furthermore the results suggest that SWs might experience professional benefits by adopting an adherent approach to the increased dissemination of risk reduction technologies (RRT. GPs, however, did not seem to experience such benefits. Keywords: Profession, risk, social worker, general practitioner, risk reduction technologies, evidence-based practice/medicine 

  16. Mapping the environmental risk of a tourist harbor in order to foster environmental security: Objective vs. subjective assessments.

    Science.gov (United States)

    Petrosillo, Irene; Irene, Petrosillo; Vassallo, Paolo; Paolo, Vassallo; Valente, Donatella; Donatella, Valente; Mensa, Jean Alberto; Alberto, Mensa Jean; Fabiano, Mauro; Mauro, Fabiano; Zurlini, Giovanni; Giovanni, Zurlini

    2010-07-01

    A new definition of environmental security gives equal importance to the objective and subjective assessments of environmental risk. In this framework, the management of tourist harbors has to take into account managers' perceptions. The subject of the present study is a tourist harbor in southern Italy where six different managers are present. This paper aims to assess subjectively and objectively the environmental risks associated with the harbor, and to compare the results to provide estimates of environmental security. Hereby managers have been interviewed and a simple model is used for making preliminary assessment of environmental risks. The comparison of the results highlighted a common mismatch between risk perception and risk assessment. We demonstrated that the old part of the harbor is less secure than the new part. In addition, one specific manager representing a public authority showed a leading role in ensuring the environmental security of the whole harbor.

  17. Financial security

    NARCIS (Netherlands)

    de Goede, M.; Burgess, J.P.

    2010-01-01

    1. Introduction J. Peter Burgess Part 1: New Security Concepts 2. Civilizational Security Brett Bowden 3. Risk Oliver Kessler 4. Small Arms Keith Krause 5. Critical Human Security Taylor Owen 6. Critical Geopolitics Simon Dalby Part 2: New Security Subjects 7. Biopolitics Michael Dillon 8. Gendered

  18. Financial security

    NARCIS (Netherlands)

    de Goede, M.; Burgess, J.P.

    2010-01-01

    1. Introduction J. Peter Burgess Part 1: New Security Concepts 2. Civilizational Security Brett Bowden 3. Risk Oliver Kessler 4. Small Arms Keith Krause 5. Critical Human Security Taylor Owen 6. Critical Geopolitics Simon Dalby Part 2: New Security Subjects 7. Biopolitics Michael Dillon 8. Gendered

  19. Research Market Gap in Law Enforcement Technology: Lessons from Czech Security Research Funding Programmes

    Directory of Open Access Journals (Sweden)

    Luděk Moravec

    2014-12-01

    Full Text Available While security research funding schemes are nothing new to the EU (Horizon 2020 and FP7, or to several Member States, their priorities and procedures are usually decided administratively or shaped by advisory groups of varying membership. Only recently did the EU shift its focus to the role of end users in security research programmes, seeking their input in order to maximise the utility of funded solutions. Such a hint to limited usefulness of some industrial solutions is not exactly inconspicuous. This paper discusses the gap between the stated needs of law enforcement agencies in terms of R&D funding and the grant project applications in the area of law enforcement. It aims to define and describe the gap, and consequently the market opportunities, between the supply and demand sides represented by industry-driven grant project applications and end-user-formulated calls. The study is based on empirical data from two Czech security research funding programmes that have been running since 2010 and should deliver their results by 2015. It seeks to contribute some preliminary observations about the structure of both end user needs and industry capabilities in such a particular area as law enforcement technology.

  20. Top management turnover and firm default risk:Evidence from the Chinese securities market

    Institute of Scientific and Technical Information of China (English)

    Wei; Ting

    2011-01-01

    China has moved rapidly from a socialist planned economy to a market economy.As a result,many enterprises in China are seeking talented top management to increase their performance and decrease their default risk.Studies abound regarding top management turnover and its relationship with firm performance,however,few studies have connected top management turnover with firm default risk.In China,a market with extensive financial fraud,firm default risk is an important factor and thus we explore this relationship in the Chinese securities market.Our results indicate that firms with higher default risk are more likely to change their top management in the next financial reporting period.In addition,following changes in top management,such firms default less than other companies.