Information Technology (IT) Security Risk Management is a critical task for the organization to protect against the loss of confidentiality, integrity and availability of IT resources. As systems bgecome more complex and diverse and and attacks from intrusions and malicious content increase, it is becoming increasingly difficult to manage IT security risk. This paper describes a two-pronged approach in addressing IT security risk and risk management in the organization: 1) an institutional enterprise appraoch, and 2) a project life cycle approach.
Data loss/leakage protection (DLP) technology seeks to improve data security by answering three fundamental questions: > Where are confidential data stored? > Who is accessing the information? > How are data being handled?
Full Text Available With the increasing development of computer and communications technology growth and increasing needs and development of information systems security. The problem of security must be approached with greater caution. With the development of computer and communication technologies have developed numerous tools to protect files and other information. A set of tools, procedures, policies and solutions to defend against attacks are collectively referred to as computer network security. It is necessary above all to define and learn about the concepts of attack, risk, threat, vulnerability and asset value. During the design and implementation of information systems should primarily take into account a set of measures to increase security and maintenance at an acceptable level of risk. In any case, there is a need to know the risks in the information system. Sources of potential security problems are challenges and attacks, while the risk relates to the probable outcome and its associated costs due to occurrence of certain events. There are numerous techniques help protect your computer: cryptography, authentication, checked the software, licenses and certificates, valid authorization... This paper explains some of the procedures and potential threats to break into the network and computers as well as potential programs that are used. Guidance and explanation of these programs is not to cause a break-in at someone else's computer, but to highlight the vulnerability of the computer's capabilities.
This paper critically examines the security and risk management technologies that are being used to conduct and pre-empt the behaviour of football supporters. It is shown how, in the Netherlands, pre-emptive risk management in the governing of football supporters involves a dispersed and fragmented
The three pillars of Internet Security are Infrastructure, Applications and People. In this series of lectures we will examine those three pillars and how vital it is for individuals to understand the vulnerabilities of this technology so they can made informed decisions about risks and how they can reduce those risks for themselves and their colleagues.First we will focus on the infrastructure: network; servers; operating systems and all those things that are mostly invisible. Moving up a level, into the visible realm, we discuss the application and see things like buffer overflows, viruses and how as application developers and users we can protect ourselves. Finally, it's all about people. The strongest security technology in the world is easily defeated if people don't understand their role in the whole system.
The world of security technology holds great promise, but it is fraught with opportunities for expensive missteps and misapplications. The quality of the security technology consultants and system integrators one uses will have a direct bearing on how well his school masters this complex subject. Security technology consultants help determine…
Scaglione, Bernard J
Digital security technology is making great strides in replacing analog and other traditional security systems including CCTV card access, personal identification and alarm monitoring applications. Like any new technology, the author says, it is important to understand its benefits and limitations before purchasing and installing, to ensure its proper operation and effectiveness. This article is a primer for security directors on how digital technology works. It provides an understanding of the key components which make up the foundation for digital security systems, focusing on three key aspects of the digital security world: the security network, IP cameras and IP recorders.
Over the past decade electronic security technology has evolved from an exotic possibility into an essential safety consideration. Before resorting to high-tech security solutions, school officials should think carefully about the potential for unintended consequences. Technological fixes may be mismatched to the problems being addressed. They can…
Warren, Drake Edward [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Backus, George A. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Jones, Wendell [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Nelson, Thomas R. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Skocypec, Russell D. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)
“Technology empowerment” means that innovation is increasingly accessible to ordinary people of limited means. As powerful technologies become more affordable and accessible, and as people are increasingly connected around the world, ordinary people are empowered to participate in the process of innovation and share the fruits of collaborative innovation. This annotated briefing describes technology empowerment and focuses on how empowerment may create challenges to U.S. national security. U.S. defense research as a share of global innovation has dwindled in recent years. With technology empowerment, the role of U.S. defense research is likely to shrink even further while technology empowerment will continue to increase the speed of innovation. To avoid falling too far behind potential technology threats to U.S. national security, U.S. national security institutions will need to adopt many of the tools of technology empowerment.
WHY DO I NEED SECURITY? Introduction The Importance of an Effective Security Infrastructure People, Process, and Technology What Are You Protecting Against? Types of Attacks Types of Attackers Security as a Competitive Advantage Choosing a Solution Finding Security Employees The Layered Approach UNDERSTANDING REQUIREMENTS AND RISK What Is Risk? Embracing Risk Information Security Risk Assessment Assessing Risk Insurance SECURITY POLICIES AND PROCEDURES Internal Focus Is Key Security Awareness and Education Policy Life Cycle Developing Policies Components of a Security Policy Sample Security Po
A methodology is described for system engineering security into large information technology systems under development. The methodology is an integration of a risk management process and a generic system development life cycle process. The methodology is to be used by Security System Engineers to effectively engineer and integrate information technology security into a target system as it progresses through the development life cycle. The methodology can also be used to re-engineer security into a legacy system.
Henriksen, Eva; Burkow, Tatjana M; Johnsen, Elin; Vognild, Lars K
Privacy and information security are important for all healthcare services, including home-based services. We have designed and implemented a prototype technology platform for providing home-based healthcare services. It supports a personal electronic health diary and enables secure and reliable communication and interaction with peers and healthcare personnel. The platform runs on a small computer with a dedicated remote control. It is connected to the patient's TV and to a broadband Internet. The platform has been tested with home-based rehabilitation and education programs for chronic obstructive pulmonary disease and diabetes. As part of our work, a risk assessment of privacy and security aspects has been performed, to reveal actual risks and to ensure adequate information security in this technical platform. Risk assessment was performed in an iterative manner during the development process. Thus, security solutions have been incorporated into the design from an early stage instead of being included as an add-on to a nearly completed system. We have adapted existing risk management methods to our own environment, thus creating our own method. Our method conforms to ISO's standard for information security risk management. A total of approximately 50 threats and possible unwanted incidents were identified and analysed. Among the threats to the four information security aspects: confidentiality, integrity, availability, and quality; confidentiality threats were identified as most serious, with one threat given an unacceptable level of High risk. This is because health-related personal information is regarded as sensitive. Availability threats were analysed as low risk, as the aim of the home programmes is to provide education and rehabilitation services; not for use in acute situations or for continuous health monitoring. Most of the identified threats are applicable for healthcare services intended for patients or citizens in their own homes. Confidentiality
Denning, Dorothy E.
in Grave New World: Global Dangers in the 21st Century (Michael Brown ed.), Georgetown Press, 2003. (.pdf of prepublication version) This paper examines key trends and developments in information technology, and the implications of those developments on stability and security. Focus is on cyber threats to computer networks, including information theft and sabotage, and acts that disrupt or deny services. Seven trend areas are examined: ubiquity, mobility, hacking tools, perform...
Roques, F.A.; Newbery, D.M.; Nuttall, W.J.; Neufville, R. de
Recent tension in the oil and gas markets has brought back the concept of energy offer diversification. Electrical production technology diversification in a country helps improve the security of supply and make up for the negative effects of hydrocarbons price variations. The portfolio and real options theories help to quantify the optimum diversification level for a country or a power company. The cover value of a nuclear investment for a power company facing cost uncertainties (price of gas and of carbon dioxide emission permit) and proceeds (price of electricity) is assessed. A strong link between the prices of gas and electricity reduces incentives to private producers to diversify, disputing the capacity of a liberalized electrical market to achieve optimum technology diversity from a domestic point of view. (authors)
No one would propose ineffective security forces. Applied technology always has, as its purpose, to increase effectiveness. Evidence exists, however, that poorly conceived or executed technological solutions can actually do more harm than good. The author argues for improved human factor considerations in physical security applied technology -- especially in the area of security console operations
Full Text Available This study investigates whether aspiring and professional accountants understand the benefits and security challenges brought by emerging technologies such as: Big Data, data analytics, cloud computing and mobile technologies. 115 participants took part in a survey during January and February 2017, all having at least one year of practical experience in accounting or audit and 80% of them being affiliated with national or international accounting professional bodies. The research has three key findings: (1 Professional accountants and auditors are having in average a theoretical knowledge of the emerging technologies in the accounting field, but they still need to enhance their skills to exploit them efficiently, (2 Mobile technologies started to be adopted by the Romanian practitioners and (3 The profession has become aware of the security risks brought by emerging technologies in the digital accounting. The accounting profession is on the verge of change and the practitioners do not yet possess sufficient skills regarding the analyzed emerging technologies. As per this, the professional bodies and academic environment should reassess their curricula to enforce the necessary changes for preparing practitioners to successfully face the future challenges and avoid their replacement by other professions more qualified.
Klinke, A.; Renn, O.
The empirical part about the technological risks deals with different technologies: nuclear energy, early warning systems of nuclear weapons and NBC-weapons, and electromagnetic fields. The potential of damage, the contemporary management strategies and the relevant characteristics will be described for each technology: risks of nuclear energy; risks of early warning systems of nuclear weapons and NBC-weapons; risks of electromagnetic fields. (authors)
Klinke, A.; Renn, O. [Center of Technology Assessment in Baden-Wuerttemberg, Stuttgart (Germany)
The empirical part about the technological risks deals with different technologies: nuclear energy, early warning systems of nuclear weapons and NBC-weapons, and electromagnetic fields. The potential of damage, the contemporary management strategies and the relevant characteristics will be described for each technology: risks of nuclear energy; risks of early warning systems of nuclear weapons and NBC-weapons; risks of electromagnetic fields. (authors)
Howard, Doug; Schneier, Bruce
Identify real security risks and skip the hype After years of focusing on IT security, we find that hackers are as active and effective as ever. This book gives application developers, networking and security professionals, those that create standards, and CIOs a straightforward look at the reality of today's IT security and a sobering forecast of what to expect in the next decade. It debunks the media hype and unnecessary concerns while focusing on the knowledge you need to combat and prioritize the actual risks of today and beyond.IT security needs are constantly evolving; this guide examine
Thompson, Eleanor Elizabeth
That organizations face threats to the security of their computer systems from external hackers is well documented. Intentional or unintentional behaviors by organizational insiders can severely compromise computer security as well. Less is known, however, about the nature of this threat from insiders. The purpose of this study was to bridge this…
Ghani, Saud; Aljabri, Hareb; El Kharbotly, Ali
CENG held a seminar on “Food Security, Technology and Techniques” on November 9, in collaboration with the Ministry of Municipality and Environment (MME). The event aimed to discuss the main techniques that should be followed to enhance food security through investing in technology.
This research paper presentation will feature current frameworks to addressing risk and security modeling and metrics. The paper will analyze technical level risk and security metrics of Common Criteria/ISO15408, Centre for Internet Security guidelines, NSA configuration guidelines and metrics used at this level. Information IT operational standards view on security metrics such as GMITS/ISO13335, ITIL/ITMS and architectural guidelines such as ISO7498-2 will be explained. Business process level standards such as ISO17799, COSO and CobiT will be presented with their control approach to security metrics. Top level, the maturity standards such as SSE-CMM/ISO21827, NSA Infosec Assessment and CobiT will be explored and reviewed. For each defined level of security metrics the research presentation will explore the appropriate usage of these standards. The paper will discuss standards approaches to conducting the risk and security metrics. The research findings will demonstrate the need for common baseline for both risk and security metrics. This paper will show the relation between the attribute based common baseline and corporate assets and controls for risk and security metrics. IT will be shown that such approach spans over all mentioned standards. The proposed approach 3D visual presentation and development of the Information Security Model will be analyzed and postulated. Presentation will clearly demonstrate the benefits of proposed attributes based approach and defined risk and security space for modeling and measuring.
A. G. Beltov
Full Text Available The article provides an overview of security problems which exist in the mobile devices. The main technologies aimed to protect the phones from various types of attacks are considered. The authors justify the necessity of developing new improved tools and methods to ensure the safety of such devices.
In their efforts to enhance the safety and security of citizens, governments and law enforcement agencies look to scientists and engineers to produce modern methods for preventing, detecting, and prosecuting criminal activities. Whole body scanners, lie detection technologies, biometrics, etc., are all being developed for incorporation into the criminal justice apparatus. Yet despite their purported security benefits these technologies often evoke social resistance. Concerns over privacy, ethics, and function-creep appear repeatedly in analyses of these technologies. It is argued here that scientists and engineers continue to pay insufficient attention to this resistance; acknowledging the presence of these social concerns yet failing to meaningfully address them. In so doing they place at risk the very technologies and techniques they are seeking to develop, for socially controversial security technologies face restrictions and in some cases outright banning. By identifying sources of potential social resistance early in the research and design process, scientists can both engage with the public in meaningful debate and modify their security technologies before deployment so as to minimize social resistance and enhance uptake.
manaOptimizing risk to information to protect the enterprise as well as to satisfy government and industry mandates is a core function of most information security departments. Risk management is the discipline that is focused on assessing, mitigating, monitoring and optimizing risks to information. Risk assessments and analyses are critical…
An Dehai; Xu Rongsheng; Liu Baoxu
The author introduces a method which can realize the most powerful network security prevention by the network security integrated technologies such as firewall, realtime monitor, network scanner, Web detection and security, etc
Peltier, Thomas R
Effective Risk AnalysisQualitative Risk AnalysisValue AnalysisOther Qualitative MethodsFacilitated Risk Analysis Process (FRAP)Other Uses of Qualitative Risk AnalysisCase StudyAppendix A: QuestionnaireAppendix B: Facilitated Risk Analysis Process FormsAppendix C: Business Impact Analysis FormsAppendix D: Sample of ReportAppendix E: Threat DefinitionsAppendix F: Other Risk Analysis OpinionsIndex
Griner, James H.; Martzaklis, Konstantinos S.
In light of the events of September 11, 2001, NASA senior management requested an investigation of technologies and concepts to enhance aviation security. The investigation was to focus on near-term technologies that could be demonstrated within 90 days and implemented in less than 2 years. In response to this request, an internal NASA Glenn Research Center Communications, Navigation, and Surveillance Aviation Security Tiger Team was assembled. The 2-year plan developed by the team included an investigation of multiple aviation security concepts, multiple aircraft platforms, and extensively leveraged datalink communications technologies. It incorporated industry partners from NASA's Graphical Weather-in-the-Cockpit research, which is within NASA's Aviation Safety Program. Two concepts from the plan were selected for demonstration: remote "black box," and cockpit/cabin surveillance. The remote "black box" concept involves real-time downlinking of aircraft parameters for remote monitoring and archiving of aircraft data, which would assure access to the data following the loss or inaccessibility of an aircraft. The cockpit/cabin surveillance concept involves remote audio and/or visual surveillance of cockpit and cabin activity, which would allow immediate response to any security breach and would serve as a possible deterrent to such breaches. The datalink selected for the demonstrations was VDL Mode 2 (VHF digital link), the first digital datalink for air-ground communications designed for aircraft use. VDL Mode 2 is beginning to be implemented through the deployment of ground stations and aircraft avionics installations, with the goal of being operational in 2 years. The first demonstration was performed December 3, 2001, onboard the LearJet 25 at Glenn. NASA worked with Honeywell, Inc., for the broadcast VDL Mode 2 datalink capability and with actual Boeing 757 aircraft data. This demonstration used a cockpitmounted camera for video surveillance and a coupling to
Peltier, Thomas R
Offers readers with the knowledge and the skill-set needed to achieve a highly effective risk analysis assessment. This title demonstrates how to identify threats and then determine if those threats pose a real risk. It is suitable for industry and academia professionals.
Addressing IT managers and staff, as well as CIOs and other executives dealing with corporate IT security, this book provides a broad knowledge on the major security issues affecting today's corporations and organizations, and presents state-of-the-art concepts and current trends for securing an enterprise.Areas covered include information security management, network and system security, identity and access management (IAM), authentication (including smart card based solutions and biometrics), and security certification. In-depth discussion of relevant technologies and standards (including cr
The problems presented by security considerations to the transfer of nuclear energy technology are examined. In the case of fusion, the national security barrier associated with the laser and E-beam approaches is discussed; for fission, the international security requirements, due to the possibility of the theft or diversion of special nuclear materials or sabotage of nuclear facilities, are highlighted. The paper outlines the nuclear fuel cycle and terrorist threat, examples of security barriers, and the current approaches to transferring technology. (auth)
...: NASA is revising the NASA FAR Supplement (NFS) to update requirements related to Information Technology... Security clause. However, due to the critical importance of protecting the Agency's Information Technology...) Insert the clause at 1852.204-76, Security Requirements for Unclassified Information Technology Resources...
Großmann, Jürgen; Seehusen, Fredrik
Complex networked systems have become an integral part of our supply infrastructure. Mobile devices, home automation, smart grids and even vehicles are connected via the Internet and becoming accessible and thus vulnerable to hacker attacks. While the number of security incidents drastically increases, we are more than ever dependent on a secure and mature ICT infrastructure. One of the keys to maintain such a secure and dependable infrastructure are mature, systematic and capable proactive m...
McHenry, Mark P.
The fundamental role of policymakers when considering Advanced Metering Infrastructure (AMI), or ‘smart meters for energy and water infrastructure is to investigate a broad range of complex interrelated issues. These include alternative technical and non-technical options and deployment needs, the cost and benefits of the infrastructure (risks and mitigation measures), and the impact of a number of stakeholders: consumers, distributors, retailers, competitive market operators, competing technology companies, etc. The scale and number of potential variables in the AMI space is an almost unprecedented challenge to policymakers, with the anticipation of new ancillary products and services, associated market contestability, related regulatory and policy amendments, and the adequacy of consumer protection, education, and safety considerations requiring utmost due-diligence. Embarking on AMI investment entails significant technical, implementation, and strategic risk for governments and administering bodies, and an active effort is required to ensure AMI governance and planning maximises the potential benefits, and minimise uncertainties, costs, and risks to stakeholders. This work seeks to clarify AMI fundamentals and discusses the technical and related governance considerations from a dispassionate perspective, yet acknowledges many stakeholders tend to dichotomise debate, and obfuscate both advantages and benefits, and the converse. - Highlights: • AMI presents an almost unprecedented technical and governance policy challenge. • AMI enables vertical integration of electricity, gas, water, IT, and telco entities • AMI investments involve major technical, implementation, and strategic decisions. • Adequacy of consumer education, safety, privacy, and protection is paramount. • Policy must maximise AMI benefits and minimise uncertainties, costs, and risks
Ayatollahi, Haleh; Shagerdi, Ghazal
To date, many efforts have been made to classify information security threats, especially in the healthcare area. However, there are still many unknown risks which may threat the security of health information and their resources especially in the hospitals. The aim of this study was to assess the risks threatening information security in the hospitals located in one of the northwest cities of Iran. This study was completed in 2014. The participants were information technology managers who worked in the hospitals (n=27). The research instrument was a questionnaire composed of a number of open and closed questions. The content validity of the questionnaire was confirmed, and the reliability of the closed questions was measured by using the test-retest method (r =0.78). The results showed that among the information security risks, fire found to be a high probability/high impact risk factor. Human and physical/environmental threats were among the low probability risk factors. Regarding the information security safeguards used in the hospitals, the results showed that the use of the technical safeguards was the most frequent one (n =22, 91.7%) compared to the administrative (n =21, 87.5%) and the physical safeguards (n =16, 66.7%). The high probability risk factors require quick corrective actions to be taken. Therefore, the underlying causes of such threats should be identified and controlled before experiencing adverse effects. It is also important to note that information security in health care systems needs to be considered at a macro level with respect to the national interests and policies.
Floreno, Jeff; Keil, Brad
The challenges associated with securing schools from both on- and off-campus threats create constant pressure for law enforcement, campus security professionals, and administrators. And while security technology choices are plentiful, many colleges and universities are operating with limited dollars and information needed to select and integrate…
Amer A. Al-Rawas
Full Text Available This paper is concerned with issues relating to security in the provision of information systems (IS services within a campus environment. It is based on experiences with a specific known environment; namely Sultan Qaboos University. In considering the risks and challenges that face us in the provision of IS services we need to consider a number of interwoven subject areas. These are: the importance of information to campus communities, the types of information utilised, and the risk factors that relate to the provision of IS services. Based on our discussion of the risk factors identified within this paper, we make a number of recommendations for improving security within any environment that wishes to take the matter seriously. These recommendations are classified into three main groups: general, which are applicable to the entire institution; social, aimed at the work attitudes of staff and students; and technical, addressing the skills and technologies required.
Liu Baoxu; Wang Xiaozhen
With the rapidly development of the computer network technology and informationize working of our Country, Network and Information Security issues becomes the focal point problem that people shows solicitude for. On the basis analysing security threat and challenge of network information and their developing trend. This paper briefly analyses and discusses the main relatively study direction and content about the theory, technology and practice of Network and Information Security. (authors)
Yang, Zhao; Xie, Weiwei; Huang, Lei; Wei, Zhiqiang
With the development of marine observation technology and network technology, the volume of marine data growing rapidly. This brings new challenges for data storage and transmission. How to protect data security of marine big data has become an urgent problem. The traditional information security methods’ characteristic is centralization. These technologies cannot provide whole process protection, e.g., data storage, data management and application of data. The blockchain technology is a novel technology, which can keep the data security and reliability by using decentralized methodology. It has aroused wide interest in the financial field. In this paper, we describe the concept, characteristics and key technologies of blockchain technology and introduce it into the field of marine data security.
International Organization for Standardization. Geneva
ISO/IEC 27001:2005 covers all types of organizations (e.g. commercial enterprises, government agencies, not-for profit organizations). ISO/IEC 27001:2005 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization's overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof. ISO/IEC 27001:2005 is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties. ISO/IEC 27001:2005 is intended to be suitable for several different types of use, including the following: use within organizations to formulate security requirements and objectives; use within organizations as a way to ensure that security risks are cost effectively managed; use within organizations to ensure comp...
This document contains a business plan for the National Security Technology Incubator (NSTI), developed as part of the National Security Preparedness Project (NSPP) and performed under a Department of Energy (DOE)/National Nuclear Security Administration (NNSA) grant. This business plan describes key features of the NSTI, including the vision and mission, organizational structure and staffing, services, evaluation criteria, marketing strategies, client processes, a budget, incubator evaluation criteria, and a development schedule. The purpose of the NSPP is to promote national security technologies through business incubation, technology demonstration and validation, and workforce development. The NSTI will focus on serving businesses with national security technology applications by nurturing them through critical stages of early development. The vision of the NSTI is to be a successful incubator of technologies and private enterprise that assist the NNSA in meeting new challenges in national safety, security, and protection of the homeland. The NSTI is operated and managed by the Arrowhead Center, responsible for leading the economic development mission of New Mexico State University (NMSU). The Arrowhead Center will recruit business with applications for national security technologies recruited for the NSTI program. The Arrowhead Center and its strategic partners will provide business incubation services, including hands-on mentoring in general business matters, marketing, proposal writing, management, accounting, and finance. Additionally, networking opportunities and technology development assistance will be provided.
Under this project SETECS performed research, created the design, and the initial prototype of three groups of security technologies: (a) middleware security platform, (b) Web services security, and (c) group security system. The results of the project indicate that the three types of security technologies can be used either individually or in combination, which enables effective and rapid deployment of a number of secure applications in open networking environments. The middleware security platform represents a set of object-oriented security components providing various functions to handle basic cryptography, X.509 certificates, S/MIME and PKCS No.7 encapsulation formats, secure communication protocols, and smart cards. The platform has been designed in the form of security engines, including a Registration Engine, Certification Engine, an Authorization Engine, and a Secure Group Applications Engine. By creating a middleware security platform consisting of multiple independent components the following advantages have been achieved - Object-oriented, Modularity, Simplified Development, and testing, Portability, and Simplified extensions. The middleware security platform has been fully designed and a preliminary Java-based prototype has been created for the Microsoft Windows operating system. The Web services security system, designed in the project, consists of technologies and applications that provide authentication (i.e., single sign), authorization, and federation of identities in an open networking environment. The system is based on OASIS SAML and XACML standards for secure Web services. Its topology comprises three major components: Domain Security Server (DSS) is the main building block of the system Secure Application Server (SAS) Secure Client In addition to the SAML and XACML engines, the authorization system consists of two sets of components An Authorization Administration System An Authorization Enforcement System Federation of identities in multi
Over the last two decades, the Internet and more broadly cyberspace has had a tremendous impact on all parts of society. Governments across the world have started to develop cyber security strategies and to consider cyberspace as an increasingly important international issue. The book, in addition to the cyber threats and technology, processes cyber security from many sides as a social phenomenon and how the implementation of the cyber security strategy is carried out. The book gives a profound idea of the most spoken phenomenon of this time. The book is suitable for a wide-ranging audience from graduate to professionals/practitioners and researchers. Relevant disciplines for the book are Telecommunications / Network security, Applied mathematics / Data analysis, Mobile systems / Security, Engineering / Security of critical infrastructure and Military science / Security.
Vitaly Eduardovich Dorokhov
Full Text Available The article deals with accounting reputational risks arising through information security breaches in the management of a business entity. Security breach incidents which results to the loss of reputation are identified. Based on this analysis the definition of reputational risk in information security is given.
PROF. O. E. OSUAGWU
Dec 1, 2013 ... a major component of economic growth and innovation in other areas of society and the economy. As the President's. Council of Advisors on Science and. Technology acknowledged in ... America's security, economy, and quality of life, The .... Sharing will greatly improve the ability of the security agencies ...
The Aviation and Transportation Security Act (ATSA) makes TSA responsible for security in all modes of transportation, and requires that TSA assess threats to transportation, enforce security-related regulations and requirements, and ensure the adequacy of security measures at airports and other transportation facilities. Today, TSA faces a significant challenge and must address a wide range of commercial, military grade, and homemade explosives and these can be presented in an infinite number of configurations and from multiple vectors. TSA screens 2 million passengers and crew, and screens almost 5 million carry-on items and 1.2 million checked bags daily. As TSA explores new technologies for improving efficiency and security, those on the forefront of research and development can help identify unique and advanced methods to combat terrorism. Research and Development (R&D) drives the development of future technology investments that can address an evolving adversary and aviation threat. The goal is to rethink the aviation security regime in its entirety, and rather than focusing security at particular points in the enterprise, distribute security from the time a reservation is made to the time a passenger boards the aircraft. The ultimate objective is to reengineer aviation security from top to bottom with a continued focus on increasing security throughout the system.
... $5.2 million in the Equipment in Use account on its trial balance. Starting with FY 1996, Defense Technology Security Administration financial data will be included in consolidated DoD financial statements...
Doss, Kevin T.
Locks and keys ring up huge costs for education institutions. No wonder many facility directors and public-safety directors have turned to automated access-control systems with magnetic-stripe cards, proximity cards and, most recently, smart cards. Smart cards can provide a host of on- and off-campus services beyond security. In addition to…
The problem of economic insecurity is a global threat to national security. In Nigeria today, we have witness a lot of national security issues that risks the continued existence of the country as one indivisible political entity with many calling for disintegration. Hitherto, many terrorist networks have sprang up in many parts of ...
PROF. O. E. OSUAGWU
Dec 1, 2013 ... Abstract. The problem of economic insecurity is a global threat to national security. In Nigeria today, we have witness a lot of national security issues that risks the continued existence of the country as one indivisible political entity with many calling for disintegration. Hitherto, many terrorist networks have ...
Yau, N J Newton
In addition to product trade, technology trade has become one of the alternatives for globalization action around the world. Although not all technologies employed on the technology trade platform are innovative technologies, the data base of international technology trade still is a good indicator for observing innovative technologies around world. The technology trade data base from Sinew Consulting Group (SCG) Ltd. was employed as an example to lead the discussion on security or safety issues that may be caused by these innovative technologies. More technologies related to processing, functional ingredients and quality control technology of food were found in the data base of international technology trade platform. The review was conducted by categorizing technologies into the following subcategories in terms of safety and security issues: (1) agricultural materials/ingredients, (2) processing/engineering, (3) additives, (4) packaging/logistics, (5) functional ingredients, (6) miscellaneous (include detection technology). The author discusses examples listed for each subcategory, including GMO technology, nanotechnology, Chinese medicine based functional ingredients, as well as several innovative technologies. Currently, generation of innovative technology advance at a greater pace due to cross-area research and development activities. At the same time, more attention needs to be placed on the employment of these innovative technologies.
This report documents the operations plan for developing the National Security Technology Incubator (NSTI) program for southern New Mexico. The NSTI program will focus on serving businesses with national security technology applications by nurturing them through critical stages of early development. The NSTI program is being developed as part of the National Security Preparedness Project (NSPP), funded by Department of Energy (DOE)/National Nuclear Security Administration (NNSA). The operation plan includes detailed descriptions of the structure and organization, policies and procedures, scope, tactics, and logistics involved in sustainable functioning of the NSTI program. Additionally, the operations plan will provide detailed descriptions of continuous quality assurance measures based on recommended best practices in incubator development by the National Business Incubation Association (NBIA). Forms that assist in operations of NSTI have been drafted and can be found as an attachment to the document.
Figure 2.6.8: Close-Up Photograph of RPUUV Tail Section. Figure 2.6.9: Force and moments applied on a hydrofoil . Figure 2.6.10: The NACA 21016... hydrofoil profile. Florida Atlantic University 4/28/08 Page 10 Center for Coastline Security Technology Year Three-Final Report Figure...as a 3D wing with a NACA 21016 hydrofoil profile (Figure 2.6.10) held by 3 cylinders (Figure 2.6.8). Center for Coastline Security Technology Year
Dr. Michael A. Lehto; Kevin J. Carroll; Dr. Robert Lowrie
Earlier this year, the Energy Facility Contractors Group (EFCOG) was asked to assist in developing options related to acceleration deployment of new security-related technologies to assist meeting design base threat (DBT) needs while also addressing the requirements of 10 CFR 830. NNSA NA-70, one of the working group participants, designated this effort the Safety and Security Interface Technology Initiative (SSIT). Relationship to Workshop Theme. ''Supporting Excellence in Operations Through Safety Analysis'', (workshop theme) includes security and safety personnel working together to ensure effective and efficient operations. One of the specific workshop elements listed in the call for papers is ''Safeguards/Security Integration with Safety''. This paper speaks directly to this theme. Description of Work. The EFCOG Safety Analysis Working Group (SAWG) and the EFCOG Security Working Group formed a core team to develop an integrated process involving both safety basis and security needs allowing achievement of the DBT objectives while ensuring safety is appropriately considered. This effort garnered significant interest, starting with a two day breakout session of 30 experts at the 2006 Safety Basis Workshop. A core team was formed, and a series of meetings were held to develop that process, including safety and security professionals, both contractor and federal personnel. A pilot exercise held at Idaho National Laboratory (INL) in mid-July 2006 was conducted as a feasibility of concept review. Work Results. The SSIT efforts resulted in a topical report transmitted from EFCOG to DOE/NNSA in August 2006. Elements of the report included: Drivers and Endstate, Control Selections Alternative Analysis Process, Terminology Crosswalk, Safety Basis/Security Documentation Integration, Configuration Control, and development of a shared ''tool box'' of information/successes. Specific Benefits. The expectation or end state resulting from the topical report and associated
Explains that although it is difficult to find money to pay for school security technology, there are places to look. For example, the Department of Education has a list serve that summarizes various funding opportunities. There is also a Federal Register list serve and a site put out by the Department of Justice. A sidebar presents three…
...: The Homeland Security Science and Technology Advisory Committee met on April 20, 2010 from 8:30 a.m... and Technology Directorate, Department of Homeland Security, 245 Murray Lane, Bldg. 410, Washington... for the Under Secretary of Homeland Security for Science and Technology. The Homeland Security Science...
Jelena S. Cice
Full Text Available The design of physical security measures is a specialized technical area that does not fall in the normal skill record and resume of commanders, architects, engineers, and project managers. This document provides guidance to those parties tasked with implementing existing and emerging physical protection system requirements: - Creation of a single-source reference for the design and construction of physical security measures for high-risk personnel (HRP. - Promulgation of multi-service standard recommendations and considerations. - Potential increase of productivity of HRP and reduced temporary housing costs through clarification of considerations, guidance on planning, and provision of design solutions. - Reduction of facility project costs. - Better performance of modernized facilities, in terms of force protection, than original facilities. Throughout this process you must ensure: confidentiality, appropriate Public Relations, sustainability, compliance with all industrial guidelines and legal and regulatory requirement, constant review and revision to accommodate new circumstances or threats. Introduction Physical security is an extremely broad topic. It encompasses access control devices such as smart cards, air filtration and fireproofing. It is also heavily reliant on infrastructure. This means that many of the ideal physical security measures may not be economically or physically feasible for existing sites. Many businesses do not have the option of building their own facility from the ground up; thus physical security often must be integrated into an existing structure. This limits the overall set of security measures that can be installed. There is an aspect of physical security that is often overlooked; the humans that interact with it. Humans commit crime for a number of reasons. The document focuses on two building types: the HRP office and the HRP residence. HRP are personnel who are likely to be
Even though there has been an increased concern over providing adequate security during the past decade, and even though some aspects of existing security systems have been enhanced during this period, much remains to be done to provide that balance which is so necessary to have all elements function as an effective unit. The area that primarily has been neglected is the delay element - the part of the system which makes possible the needed time for the security force to respond after an intrustion is detected and prior to the adversary attaining his desired goal. The purpose of this paper is to address the vulnerabilities of a security system which exist without the proper delay elements and to suggest how current technology can provide, through the use of activated barriers, that needed delay time to bring the system into balance. Security managers desire reliability and effectiveness; plant managers require safety, non-interference with operations, cost considerate capability, and aesthetic application - these characteristics will be addressed in the context of providing the required delay. This paper, hopefully, will set the stage for dialogue between developer and user, yielding a mutally acceptable approach to balanced security protection
Dr. Michael A. Lehto; Kevin J. Carroll; Dr. Robert Lowrie
Safety and Security Interface Technology Initiative Mr. Kevin J. Carroll Dr. Robert Lowrie, Dr. Micheal Lehto BWXT Y12 NSC Oak Ridge, TN 37831 865-576-2289/865-241-2772 email@example.com Work Objective. Earlier this year, the Energy Facility Contractors Group (EFCOG) was asked to assist in developing options related to acceleration deployment of new security-related technologies to assist meeting design base threat (DBT) needs while also addressing the requirements of 10 CFR 830. NNSA NA-70, one of the working group participants, designated this effort the Safety and Security Interface Technology Initiative (SSIT). Relationship to Workshop Theme. “Supporting Excellence in Operations Through Safety Analysis,” (workshop theme) includes security and safety personnel working together to ensure effective and efficient operations. One of the specific workshop elements listed in the call for papers is “Safeguards/Security Integration with Safety.” This paper speaks directly to this theme. Description of Work. The EFCOG Safety Analysis Working Group (SAWG) and the EFCOG Security Working Group formed a core team to develop an integrated process involving both safety basis and security needs allowing achievement of the DBT objectives while ensuring safety is appropriately considered. This effort garnered significant interest, starting with a two day breakout session of 30 experts at the 2006 Safety Basis Workshop. A core team was formed, and a series of meetings were held to develop that process, including safety and security professionals, both contractor and federal personnel. A pilot exercise held at Idaho National Laboratory (INL) in mid-July 2006 was conducted as a feasibility of concept review. Work Results. The SSIT efforts resulted in a topical report transmitted from EFCOG to DOE/NNSA in August 2006. Elements of the report included: Drivers and Endstate, Control Selections Alternative Analysis Process, Terminology Crosswalk, Safety Basis/Security
Full Text Available Infrared science and technology has been, since the first applications, mainly dedicated to security and surveillance especially in military field, besides specialized techniques in thermal imaging for medical diagnostic and building structures and recently in energy savings and aerospace context. Till recently the security applications were mainly based on thermal imaging as surveillance and warning military systems. In all these applications the advent of room temperature, more reliable due to the coolers avoidance, low cost, and, overall, completely integrable with Silicon technology FPAs, especially designed and tailored for specific applications, smart sensors, has really been impacted with revolutionary and new ideas and system concepts in all the infrared fields, especially for security applications. Lastly, the advent of reliable Infrared Solid State Laser Sources, operating up to the Long Infrared Wavelength Band and the new emerging techniques in Far Infrared Submillimeter Terahertz Bands, has opened wide and new areas for developing new, advanced security systems. A review of all the items with evidence of the weak and the strong points of each item, especially considering possible future developments, will be reported and discussed.
Tamasi, Galileo; Demichela, Micaela
Following the 9/11 terrorists attacks in New York a strong economical effort was made to improve and adapt aviation security, both in infrastructures as in airplanes. National and international guidelines were promptly developed with the objective of creating a security management system able to supervise the identification of risks and the definition and optimization of control measures. Risk assessment techniques are thus crucial in the above process, since an incorrect risk identification and quantification can strongly affect both the security level as the investments needed to reach it. The paper proposes a set of methodologies to qualitatively and quantitatively assess the risk in the security of civil aviation and the risk assessment process based on the threats, criticality and vulnerabilities concepts, highlighting their correlation in determining the level of risk. RAMS techniques are applied to the airport security system in order to analyze the protection equipment for critical facilities located in air-side, allowing also the estimation of the importance of the security improving measures vs. their effectiveness.
Clean fuel technology is the integral part of geoengineering and green engineering with a view to global warming mitigation. Optimal utilization of natural resources coal and integration of coal & associated fuels with hydrocarbon exploration and development activities is pertinent task before geoscientist with evergreen energy vision with a view to energy security & sustainable development. Value added technologies Coal gasification,underground coal gasification & surface coal gasification converts solid coal into a gas that can be used for power generation, chemical production, as well as the option of being converted into liquid fuels.
...; notice of closed Federal Advisory Committee meeting SUMMARY: The Homeland Security Science and Technology.... DATES: The Homeland Security Science and Technology Advisory Committee will meet April 20, 2010 from 8...: Ms. Tiwanda Burse, Science and Technology Directorate, Department of Homeland Security, 245 Murray...
... Homeland Security Science and Technology Advisory Committee meeting will be open to the public on July 20th... Burse, Science and Technology Directorate, Department of Homeland Security, 245 Murray Lane, Bldg. 410... Protection programs in Science & Technology and updates on homeland security sensitive Federally Funded...
... Technology Advisory Committee will meet January 26-28, 2010, at the Department of Homeland Security, 1120..., Science and Technology Directorate, Department of Homeland Security, 245 Murray Lane, Bldg. 410... Burse, Science and Technology Directorate, Department of Homeland Security, 245 Murray Lane, Bldg. 410...
Climate change impacts national security in three ways: through changes in the operating environments of the military; by increasing risks to security infrastructure, specifically bases and training ranges; and by exacerbating and accelerating the risks of state collapse and conflict in regions that are already fragile and unstable. Additionally there will be unique security challenges in the Arctic as sea-ice melts out and human activities increase across multiple dimensions. Military forces will also likely see increased demand for Humanitarian Assistance and Disaster Relief resulting from a combination of increased human population, rising sea-level, and potentially stronger and wetter storms. The talk will explore some of the lesser known aspects of these changes, examine selected climate-driven 'wild cards' that have the potential to disrupt regional and global security, and explore how migration in the face of a changing climate may heighten security issues. I will assess the positions U.S. executive and legislative branches with respect to climate & security, and how those positions have evolved since the November 2016 election, sometimes in counter-intuitive ways. The talk will close with some recommended courses of action the security enterprise can take to manage this climate risk.
Full Text Available This paper deals with VoIP communication security and various techniques of VoIP attacks. We divided these threats in several categories according to their specific behaviour and their impact on the affected system. We also tried to find effective methods to prevent or mitigate these attacks. We focused our work on Spam over Internet Telephony (SPIT as a real threat for the future. We have developed both a tool generating SPIT attacks and AntiSPIT tool defending communication systems against SPIT attacks. AntiSPIT represents an effective protection based on statistical blacklist and works without participation of the called party which is a significant advantage.
Řezáč, Filip; Vozňák, Miroslav
This paper deals with VoIP communication security and various techniques of VoIP attacks. We divided these threats in several categories according to their specific behaviour and their impact on the affected system. We also tried to find effective methods to prevent or mitigate these attacks. We focused our work on Spam over Internet Telephony (SPIT) as a real threat for the future. We have developed both a tool generating SPIT attacks and AntiSPIT tool defending communication systems against...
Peter Adole; Joseph M. Môm; Gabriel A. Igwue
The security challenges being encountered in many places today require electronic means of controlling access to secured premises in addition to the available security personnel. Various technologies were used in different forms to solve these challenges. The Radio Frequency Identification (RFID) Based Access Control Security system with GSM technology presented in this work helps to prevent unauthorized access to controlled environments (secured premises). This is achieved mainly...
The rapid development in the field of computer networks and systems brings both convenience and security threats for users. Security threats include network security and data security. Network security refers to the reliability, confidentiality, integrity and availability of the information in the system. The main objective of network security is to maintain the authenticity, integrity, confidentiality, availability of the network. This paper introduces the details of the technologies used in...
As the world moves towards the close of the twentieth century, three technological trends will strongly influence security. In order of importance they are: first, the increasing globalization of the ability to develop and use high technology, much of which has both civilian and military applications; secondly, the broad dissemination of militarily-relevant technology world-wide; and thirdly, the continued development by the United States and the USSR (and a few other nations) of advanced technology for military applications. The military balance between the super-Powers and their allies has been strongly rooted in advancing military technology. Great changes in technology have resulted in adjustments -mostly in limited aspects such as the armour/ anti-armour balance - but have not caused it to change wildly. This seems likely to remain the case for the foreseeable future. There are arguments that Western technology has been a prime causative factor behind Soviet willingness to engage in negotiations to reduce forces. They claim that fear of the Strategic Defense Initiative is behind progress in the Strategic Arms Reduction Talks, and that perceived Western mastery of the technology for systems combining quick reaction, deep strike and high kill probabilities led the Soviet Union to reassess its potential for a successful land campaign in Europe. If current arms control negotiations are successful, the momentum is maintained, and other political changes take hold, the military balance could be taken to a point where ft would not be very sensitive to technological change. One should be aware that the arms control negotiations are very complex, primarily because of technological issues, and we should not yet bank on it all working out well. If it fails, the military technical competition will heat up again. Even under a strict arms control regime we can expect the competition to continue as each side seeks to develop counters to what ft sees as the other side
Robinson, LeAnne K.; Brown, Abbie; Green, Tim
For the last year the authors have been gathering examples of how perceived "threats of security" are hampering the integration of technology in teaching and learning. They hope that educators will examine both the challenges of increased security demands and ways in which security might enhance, rather than detract from, the use of technology for…
Security technologies are not the answer to all school security problems. However, they can be an excellent tool for school administrators and security personnel when incorporated into a total security strategy involving personnel, procedures, and facility layout. Unfortunately, very few of the tougher security problems in schools have solutions that are affordable, effective, and acceptable. Like any other type of facility, a school's security staff must understand the strengths and limitations of the security measures they are c
Full Text Available The purpose of this paper is to present some directions to perform the risk man-agement for information security. The article follows to practical methods through question-naire that asses the internal control, and through evaluation based on existing controls as part of vulnerability assessment. The methods presented contains all the key elements that concurs in risk management, through the elements proposed for evaluation questionnaire, list of threats, resource classification and evaluation, correlation between risks and controls and residual risk computation.
Norman, Thomas L
Explains how to evaluate the appropriateness of security countermeasures, from a cost-effectiveness perspective. This title guides readers from basic principles to complex processes in a step-by-step fashion, evaluating DHS-approved risk assessment methods, including CARVER, API/NPRA, RAMCAP, and various Sandia methodologies
The purpose of the Engineering Principles for Information Technology (IT) Security (HP-ITS) is to present a list of system-level security principles to he considered in the design, development, and operation of an information system...
Mcmahon, E. M.
This paper describes a security guard device that is currently being developed by Computer Sciences Corporation (CSC). The methods used to provide assurance that the system meets its security requirements include the system architecture, a system security evaluation, and the application of formal and informal verification techniques. The combination of state-of-the-art technology and the incorporation of new verification procedures results in a demonstration of the feasibility of computer security technology for operational applications.
The development of information security is addressed in relation to the development of information technology. The leading question is: how has information security developed itself so far, and how should it progress to address tomorrow's security needs. An overwiew is given of the use of information technology in the past, present and expectations for the future. For each period, the security requirements and solutions are discussed, It is made clear that the developments in information tech...
... 48 Federal Acquisition Regulations System 6 2010-10-01 2010-10-01 true Information Technology... Provisions and Clauses 2452.239-71 Information Technology Virus Security. As prescribed in 2439.107(b), insert the following clause: Information Technology Virus Security (FEB 2006) (a) The contractor hereby...
This report documents the input from key stakeholders of the National Security Technology Incubator (NSTI) in developing a new technology incubator and related programs for southern New Mexico. The technology incubator is being developed as part of the National Security Preparedness Project (NSPP), funded by a Department of Energy (DOE)/National Nuclear Security Administration (NNSA) grant. This report includes identification of key stakeholders as well as a description and analysis of their input for the development of an incubator.
Nunes Leal Franqueira, V.; Bakalova, Z.; Tun, Thein Tan; Daneva, Maia
Little attention has been given so far to the process of security risk management at the early stages of system development. Security has been addressed by isolated security assurance practices, some of which consider risks and mitigations but they do not provide an overview of the overall security
Full Text Available Risk management has emerged ever since the appearance of human communities and it has developed at a slow rate. Over time, a significant improvement was made, from accepting hazards to the identification, evaluation and control of unwanted events, threat prevention and exploitation of opportunities through scientific risk management actions. The fundamental role of research in cyber security is to concentrate the efforts on those contexts and conditions which determine the way in which key players reach a common understanding of the way to conceive and eventually answer to certain challenges in cyber security. In order to build a clear perception of these effects, this work presents the main elements which define cyber space, to come to the aid of turning the management process into an efficient one, especially when talking about cyber space as a space for conflicts, both economic and political.
The development of information security is addressed in relation to the development of information technology. The leading question is: how has information security developed itself so far, and how should it progress to address tomorrow's security needs. An overwiew is given of the use of
Jackson Gomes Soares Souza
Full Text Available Public institutions bound to the Brazilian federal public sector must apply security measures, policies, procedures and guidelines as information assets protection measures. This case study sought to determine whether the management of information security risks is applied in a federal public institution according to Information Technology (I.T. managers perceptions and the results expose the importance of the roles played by people, responsibilities, policies, standards, procedures and their implementation aiming greater control of information security risks and opportunities related to information technology security.
Talabeigi, E.; Naeeini, S.G.J.
Purpose: we prepared a questionnaire to evaluate Incompatible parts and also risk management in University of Science and Technology E-Learning Center and studying the Incompatible parts impacts on utility of organization. Design/methodology/approach: By using coalitional game theory we present a new model to recognize the degrees of incompatibility among independent divisions of an organization with dependent security assets. Based on positive and negative interdependencies in the parts, the model provides how the organization can decrease the security risks through non-cooperation rather than cooperation. we implement the proposed model of this paper by analyzing the data which have been provided by questionnaires from different three managers' ideas of Iran University of Science and Technology E-Learning Center located in Iran University of Science and Technology, Tehran, Iran. Findings: In general, by collecting data and analyzing them, the survey showed that Incompatible parts of organizations have negative impacts on utility of organization risk management process. Furthermore, it adds values to other organizations and provides the best practices in planning, developing, implementing and monitoring risk management in organizations. Research limitations/implications: Since Information security and also Risk Management are still areas which need to improve in some Iranian universities, we couldn’t consider them in our analysis. On the other hand, due to questionnaire limitation, the study’s sample size is 1. This size may be considered large for our statistical analysis. Originality/value: The main contribution of this paper is to propose a model for non-cooperation among a number of divisions in a organization and using risk management factors.
Full Text Available Purpose: we prepared a questionnaire to evaluate Incompatible parts and also risk management in University of Science and Technology E-Learning Center and studying the Incompatible parts impacts on utility of organization. Design/methodology/approach: By using coalitional game theory we present a new model to recognize the degrees of incompatibility among independent divisions of an organization with dependent security assets. Based on positive and negative interdependencies in the parts, the model provides how the organization can decrease the security risks through non-cooperation rather than cooperation. we implement the proposed model of this paper by analyzing the data which have been provided by questionnaires from different three managers' ideas of Iran University of Science and Technology E-Learning Center located in Iran University of Science and Technology, Tehran, Iran. Findings: In general, by collecting data and analyzing them, the survey showed that Incompatible parts of organizations have negative impacts on utility of organization risk management process. Furthermore, it adds values to other organizations and provides the best practices in planning, developing, implementing and monitoring risk management in organizations. Research limitations/implications: Since Information security and also Risk Management are still areas which need to improve in some Iranian universities, we couldn’t consider them in our analysis. On the other hand, due to questionnaire limitation, the study’s sample size is 1. This size may be considered large for our statistical analysis. Originality/value: The main contribution of this paper is to propose a model for non-cooperation among a number of divisions in a organization and using risk management factors.
Talabeigi, E.; Naeeini, S.G.J.
Purpose: we prepared a questionnaire to evaluate Incompatible parts and also risk management in University of Science and Technology E-Learning Center and studying the Incompatible parts impacts on utility of organization. Design/methodology/approach: By using coalitional game theory we present a new model to recognize the degrees of incompatibility among independent divisions of an organization with dependent security assets. Based on positive and negative interdependencies in the parts, the model provides how the organization can decrease the security risks through non-cooperation rather than cooperation. we implement the proposed model of this paper by analyzing the data which have been provided by questionnaires from different three managers' ideas of Iran University of Science and Technology E-Learning Center located in Iran University of Science and Technology, Tehran, Iran. Findings: In general, by collecting data and analyzing them, the survey showed that Incompatible parts of organizations have negative impacts on utility of organization risk management process. Furthermore, it adds values to other organizations and provides the best practices in planning, developing, implementing and monitoring risk management in organizations. Research limitations/implications: Since Information security and also Risk Management are still areas which need to improve in some Iranian universities, we couldn’t consider them in our analysis. On the other hand, due to questionnaire limitation, the study’s sample size is 1. This size may be considered large for our statistical analysis. Originality/value: The main contribution of this paper is to propose a model for non-cooperation among a number of divisions in a organization and using risk management factors.
Classes of socio-technical hazards allow a characterization of the risk in technology innovation and clarify the mechanisms underpinning emergent technological risk. Emerging Technological Risk provides an interdisciplinary account of risk in socio-technical systems including hazards which highlight: · How technological risk crosses organizational boundaries, · How technological trajectories and evolution develop from resolving tensions emerging between social aspects of organisations and technologies and · How social behaviour shapes, and is shaped by, technology. Addressing an audience from a range of academic and professional backgrounds, Emerging Technological Risk is a key source for those who wish to benefit from a detail and methodical exposure to multiple perspectives on technological risk. By providing a synthesis of recent work on risk that captures the complex mechanisms that characterize the emergence of risk in technology innovation, Emerging Tec...
The worlds of security and technology have been on an intersecting course since the first published account of the use of fingerprint identification made news in 1880 (although unpublished reports suggest its use as early as 1858). In the three and one half years since the September 11 attacks, technological advances across the security field have…
In recent years, security issues have increasingly come to dominate the technological development process--although still in a more reactive than proactive mode. It now seems more important than ever to monitor security trends and policy developments, especially if technology is regarded as a potential community builder. This article suggests…
Ellis, D.; Steele, B.
Full text: In the US, physical security research and development (R and D) during the 1970s and 1980s created a body of technology and systems engineering that largely defined the industry for several decades. However, despite today's terrorists threats and risks, the overall funding of new and innovative physical security solutions is relatively very small. Such factors constraining physical security R and D include the expansion of overall security responsibilities, the emphasis on programmatic and business performance, in addition to evolving (mis)perceptions that 'the problem has been solved' or that 'anyone can do security'. Underlying these factors, the lack of robust standards and certifications has limited the development and application of physical security products, systems, and services. The research and development of new security technologies must be evaluated against very demanding constraints - including costs/benefits, emerging threats, and policies. Going forward, the goal will be to create a more comprehensive approach to physical security of nuclear material facilities that matches evolving threats and that will complement the transition to an integrated security/operations management environment. Such a management model evaluates the additional value of increasing security alternatives in addition to determining trade-offs between the programmatic mission and security issues. Correspondingly, more explicit and strategically useful measures must be developed to determine importance that, in turn, will influence security-related R and D efforts. The research and development of security technologies should be based upon identified needs and requirements resulting from a systematic analysis of the threat and other conditions. In particular, security technologies and systems must be evaluated in terms of current and long-term impacts. Such needs are (will be) diverse and will depend upon sustained research investments in a broad range of technologies
... Technology Advisory Committee (HSSTAC) AGENCY: Department of Homeland Security Science and Technology... for appointment to Homeland Security Science and Technology Advisory Committee (HSSTAC). SUMMARY: The... serving on the Homeland Security Science and Technology Advisory Committee (HSSTAC). The HSSTAC gives...
incoming SSP Directors. Among other notables who have called Belmont home are Vannevar Bush, Winslow Homer, Talcott Parsons , the John Birch Society...Researchers 15 Affiliates 26 Seminar Series 33 Special Events 34 Field Trip 36 Publications 41 SSP Teaching 42 Courses 48 Professional Education 50 SSP...STUDIES PROGRAM MIT SECURITY STUDIES PROGRAM SECURITY STUDIES PROGRAM 1 he Security Studies Program (SSP) is a graduate level research and educational
Stewart, Mark G.; Mueller, John
This paper estimates risk reductions for each layer of security designed to prevent commercial passenger airliners from being commandeered by terrorists, kept under control for some time, and then crashed into specific targets. Probabilistic methods are used to characterize the uncertainty of rates of deterrence, detection, and disruption, as well…
use of such techniques to protect plants and animals against disease and pests means many more farmers can produce enough food to feed their own families and to sell on markets. Ultimately, fewer people go hungry. The IAEA collaborates with the United Nations Food and Agriculture Organization (FAO) in providing support through a joint division in Vienna. ''While our profile is modest, the size of our footprint is significant,'' said Qu Liang, Director of the Joint FAO/IAEA Division of Nuclear Techniques. ''We are putting the benefits of tried and tested nuclear technologies into the hands of farmers, particularly small producers in poorer countries, to improve their food security and livelihood.'' ''The assistance is driven by advanced technologies,'' Liang added. ''But what we are delivering has to be appropriate to farmers' needs. That means crops that can flourish in changing and often harsher conditions, pest control without a chemical legacy and protection for livestock.'' The Scientific Forum will be opened by the IAEA Director General and ministers from Indonesia, Kenya and Vietnam. FAO Director General Graziano da Silva will deliver a video address. The Forum will address IAEA activities in the fields of food production, food protection and food safety. Each session features a panel of experts who will present and discuss the benefits of nuclear techniques in food and agriculture. A moderator will guide the discussions. (IAEA)
Daniel F. García; Adrián Fernández
Today, computer systems are more and more complex and support growing security risks. The security managers need to find effective security risk assessment methodologies that allow modeling well the increasing complexity of current computer systems but also maintaining low the complexity of the assessment procedure. This paper provides a brief analysis of common security risk assessment methodologies leading to the selection of a proper methodology to fulfill these requirements. Then, a detai...
Cherry, R.C.; Wheelock, A.J.
This paper reports that strategic planning for safeguards and security within the Department of Energy emphasizes the contributions of advanced technologies to the achievement of Departmental protection program goals. The Safeguards and Security Technology Development Program provides state-of-the-art technologies, systems and technical services in support of the policies and programmatic requirements for the protection of Departmental assets. The Program encompasses research and development in physical security, nuclear material control and accountability, information security and personnel security, and the integration of these disciplines in advanced applications. Technology development tasks serve goals that range from the maintenance of an effective technology base to the development, testing and evaluation of applications to meet field needs. A variety of factors, from the evolving threat to reconfiguration of the DOE complex and the technical requirements of new facilities, are expected to influence safeguards and security technology requirements and development efforts. Implementation of the Program is based on the systematic identification, prioritization and alignment of technology development tasks and needs. Initiatives currently underway are aimed at enhancing technology development project management. Increased management attention is also being placed on efforts to promote the benefits of the Program through technology transfer and interagency liaison
V. S. Oladko
Full Text Available The article deals with the problem assessment of information security risks in the ERP-system. ERP-system functions and architecture are studied. The model malicious impacts on levels of ERP-system architecture are composed. Model-based risk assessment, which is the quantitative and qualitative approach to risk assessment, built on the partial unification 3 methods for studying the risks of information security - security models with full overlapping technique CRAMM and FRAP techniques developed.
The Office of Safeguards and Security (OSS) sponsors research and development activities based on identified field and headquarters customer requirements. Annually, a formal solicitation of safeguards and security user needs is conducted. Currently, there are over 300 valid safeguards and security deficiencies that have been identified. These user needs serve as the basis for formulating the OSS Technology Development Program (TDP). Due to budget constraints, the TDP can only address approximately 47% of these needs in FY 1996. This paper will discuss, in a general sense, the current deficiencies and how the TDP is responding to each. Specifically, the paper will highlight technologies in the areas of Material Control and Accounting, Physical Security, and Information Security. A brief discussion of unfulfilled user requirements will also be presented as a catalyst for leveraging available or developing technologies from other similar programs or from private industry
... the Department of Homeland Security (DHS), Science and Technology Directorate, 1120 Vermont Avenue NW... Director, Science and Technology Directorate, Department of Homeland Security, 245 Murray Lane, Bldg. 410... Hanson, HSSTAC Executive Director, Science and Technology Directorate, Department of Homeland Security...
...] Information Collection; Implementation of Information Technology Security Provision AGENCY: General Services... collection requirement regarding Implementation of Information Technology Security Provision. Public comments... Information Collection 3090- 0294, Implementation of Information Technology Security Provision, by any of the...
Full Text Available The article introduces against technical defects of traditional network access control system, detail NAC, NAP, UAC and TNC four kinds of new network security access technology, and this article analyzes and compares them. Security framework for wireless sensor networks SPINS defines the mechanism and algorithm of complete and effective in confidentiality, point-to-point message authentication, integrity, authentication, broadcast authentication.
A threat impacting on food security strongly in Africa is nutrient mining where insufficient nutrients are returned to the soil after crop production. The impacts of global change on food security and the potential impacts of global markets for food and land are also briefly discussed. Nigerian Journal of Technological Research ...
Arndt, Channing; Tarp, Finn
Interactions between agricultural technology improvements, risk-reducing behavior, and gender roles in agricultural production in Mozambique are examined. The analysis employs a computable general equilibrium (CGE) model that explicitly incorporates key features of the economy. These include......: detailed accounting of marketing margins, home consumption, risk, and gender roles in agricultural production. Our results show that agricultural technology improvements benefit both male and female occupants of rural households. Due to economic interactions, agricultural technology improvements...
Carafano, James J; Gudgel, Andew; Kochems, Alane
.... Innovation will always be a national security wild card. New technologies may unleash or accelerate social and cultural changes that affect how nations protect themselves on battlefields and behind the scenes...
Berry, William; Coffey, Timothy; DeYoung, Donald; Kadtke, James; Loeb, Cheryl
A strong science and technology (S&T) program has been vitally important to American national security since World War II and has to date given the United States a strategic advantage over competitors...
Laskowski Piotr Paweł
Full Text Available The article describes selected issues related to user safety on the Internet. This safety consists of a number of factors such as the technology that we use to communicate and to browse the Internet, and habits and behaviors that we have acquired and through which we can identify at least some typical hazards encountered on the Web. Knowledge of software and the ability to use it and to configure it properly as well as checking regularly for security updates reduces the risk of data loss or identity theft. Public awareness of threats continues to grow, but there are also new, previously unknown threats; that is why it is so important to inform of the dangers by all available channels of communication.
Powell, John D.
This document discusses the verification of the Secure Socket Layer (SSL) communication protocol as a demonstration of the Model Based Verification (MBV) portion of the verification instrument set being developed under the Reducing Software Security Risk (RSSR) Trough an Integrated Approach research initiative. Code Q of the National Aeronautics and Space Administration (NASA) funds this project. The NASA Goddard Independent Verification and Validation (IV&V) facility manages this research program at the NASA agency level and the Assurance Technology Program Office (ATPO) manages the research locally at the Jet Propulsion Laboratory (California institute of Technology) where the research is being carried out.
Sandia National Laboratories was a member of the Weapons Complex Reconfiguration (WCR) Safeguards and Security (S ampersand S) team providing assistance to the Department of Energy's (DOE) Office of Weapons Complex Reconfiguration. The physical security systems in the new and upgraded facilities being considered for the WCR had to meet DOE orders and other requirements set forth in the WCR Programmatic Design Criteria (PDC), incorporate the latest physical security technologies using proven state-of-the-art systems and meet fundamental security principles. The outcome was to avoid costly retrofits and provide effective and comprehensive protection against current and projected threats with minimal impact on operations, costs and schedule. Physical security requirements for WCR facilities include: (1) reducing S ampersand S life-cycle costs, (2) where feasible automating S ampersand S functions to minimize operational costs, access to critical assets and exposure of people to hazardous environments, (3) increasing the amount of delay to outsider adversary attack, (4) compartmentalizing the facility to minimize the number of personnel requiring access to critical areas and (5) having reliable and maintainable systems. To be most effective against threats physical security must be integrated with facility operations, safety and other S ampersand S activities, such as material control and accountability, nuclear measurements and computer and information security. This paper will discuss the S ampersand S issues, requirements, technology opportunities and needs. Physical security technologies and systems considered in the design effort of the Weapons Complex Reconfiguration facilities will be reviewed
Hurd, Steven A; Stamp, Jason Edwin; Duggan, David P; Chavez, Adrian R.
Supervisory Control and Data Acquisition (SCADA) systems for automation are very important for critical infrastructure and manufacturing operations. They have been implemented to work in a number of physical environments using a variety of hardware, software, networking protocols, and communications technologies, often before security issues became of paramount concern. To offer solutions to security shortcomings in the short/medium term, this project was to identify technologies used to secure "traditional" IT networks and systems, and then assess their efficacy with respect to SCADA systems. These proposed solutions must be relatively simple to implement, reliable, and acceptable to SCADA owners and operators. 4This page intentionally left blank.
The secure messaging space is alive with new innovations that are moving the industry forward. Key in this space is the push toward moving secure messaging to the cloud and pushing it out to mobile devices. Among the examples are solutions that allow physicians to receive encrypted email on mobile devices, as well as ones that allow doctors to securely text-message each other to coordinate care. However, the security issues around these emerging technologies in this very active space must be further explored.
The general idea developed in this paper from a sociological perspective is that some of the foundational categories on which the debate about privacy, security and technology rests are blurring. This process is a consequence of a blurring of physical and digital worlds. In order to define limits for legitimate use of intrusive digital technologies, one has to refer to binary distinctions such as private versus public, human versus technical, security versus insecurity to draw differences determining limits for the use of surveillance technologies. These distinctions developed in the physical world and are rooted in a cultural understanding of pre-digital culture. Attempts to capture the problems emerging with the implementation of security technologies using legal reasoning encounter a number of problems since law is by definition oriented backwards, adapting new developments to existing traditions, whereas the intrusion of new technologies in the physical world produces changes and creates fundamentally new problems.
Neerup Themsen, Tim; Skærbæk, Peter
This article examines the long-term dynamics among a best-practice risk management framework, risk management technologies and the translation of uncertainties into risks by using a longitudinal case study of a large mega-project. We show that the framework and technologies through the visual power...... of impure risks challenges the predictions of the framework causing a false sense of security for the project objectives, and that the continuous readjustment of technologies, in particular, is necessary to ensure the long-term realisation of these predictions. Finally, this article contributes...... to the literature on performativity by showing how technologies serve as buffers to shield failing economic frameworks against criticism....
Shin, Jinsoo; Son, Hanseong; Khalil ur, Rahman; Heo, Gyunyoung
Cyber security is an emerging safety issue in the nuclear industry, especially in the instrumentation and control (I and C) field. To address the cyber security issue systematically, a model that can be used for cyber security evaluation is required. In this work, a cyber security risk model based on a Bayesian network is suggested for evaluating cyber security for nuclear facilities in an integrated manner. The suggested model enables the evaluation of both the procedural and technical aspects of cyber security, which are related to compliance with regulatory guides and system architectures, respectively. The activity-quality analysis model was developed to evaluate how well people and/or organizations comply with the regulatory guidance associated with cyber security. The architecture analysis model was created to evaluate vulnerabilities and mitigation measures with respect to their effect on cyber security. The two models are integrated into a single model, which is called the cyber security risk model, so that cyber security can be evaluated from procedural and technical viewpoints at the same time. The model was applied to evaluate the cyber security risk of the reactor protection system (RPS) of a research reactor and to demonstrate its usefulness and feasibility. - Highlights: • We developed the cyber security risk model can be find the weak point of cyber security integrated two cyber analysis models by using Bayesian Network. • One is the activity-quality model signifies how people and/or organization comply with the cyber security regulatory guide. • Other is the architecture model represents the probability of cyber-attack on RPS architecture. • The cyber security risk model can provide evidence that is able to determine the key element for cyber security for RPS of a research reactor
The survival of a library depends to a large extent on how secured its collections are. Security of collections constitutes a critical challenge facing academic libraries in Nigeria. It is against this background that this study investigated the security risks management in selected academic libraries in Osun State, Nigeria.
Gilliam, David; Powell, John; Haugh, Eric; Bishop, Matt
The NASA Office of Safety and Mission Assurance (OSMA) has funded the Jet Propulsion Laboratory (JPL) with a Center Initiative, 'Reducing Software Security Risk through an Integrated Approach' (RSSR), to address this need. The Initiative is a formal approach to addressing software security in the life cycle through the instantiation of a Software Security Assessment Instrument (SSAI) for the development and maintenance life cycles.
Ek, David R. [Sandia National Laboratories (SNL-NM), Albuquerque, NM (United States)
This presentation provides a background of what led to the international emphasis on nuclear security and describes how nuclear security is effectively implemented so as to preserve the societal benefits of nuclear and radioactive materials.
Increasing complexity and sophistication of ever evolving information technologies has spurred unique and unprecedented challenges for organizations to protect their information assets. Companies suffer significant financial and reputational damage due to ineffective information technology security management, which has extensively been shown to…
Francisco Soares de Lima
Full Text Available This article analyzes the technical efficiency, the Total Factor Productivity (TFP and the technological gap in public security services in Brazilian States. The order—m frontier is used for results estimation. The TFP variation is built by decomposing the Malmquist productivity index into technical efficiency, scale efficiency and technological variation. More than 50% of the federative units were considered technically inefficient. Out of the 27 federative units, 12 presented a positive total productivity while all others suffered total productivity losses. Productivity gains in public security are more related to scale aspects than to efficiency improvements and technological progress.
The Colver Power Project in Cambria County, PA, looked good in nearly all aspects, but lenders had concerns about startup problems encountered by earlier waste coal circulating fluidized bed projects. Nevertheless, a closer look at the operating history of the earlier plants showed possible risks could be handled
Flammini, Francesco; Franceschetti, Giorgio
Effective Surveillance for Homeland Security: Balancing Technology and Social Issues provides a comprehensive survey of state-of-the-art methods and tools for the surveillance and protection of citizens and critical infrastructures against natural and deliberate threats. Focusing on current technological challenges involving multi-disciplinary problem analysis and systems engineering approaches, it provides an overview of the most relevant aspects of surveillance systems in the framework of homeland security. Addressing both advanced surveillance technologies and the related socio-ethical issues, the book consists of 21 chapters written by international experts from the various sectors of homeland security. Part I, Surveillance and Society, focuses on the societal dimension of surveillance-stressing the importance of societal acceptability as a precondition to any surveillance system. Part II, Physical and Cyber Surveillance, presents advanced technologies for surveillance. It considers developing technologie...
The National Printing Bureau of Japan has been developing new anti-counterfeiting technologies as a banknote printer. Some of our technologies have already been effectively introduced into Japan's new banknote series. Anti-counterfeiting technologies can be applied not only to banknotes but also to other security documents depending on desired features. In this presentation, I will introduce three of our newly developed overt and covert security techniques, which are intended for document security and brand protection, as well as banknotes. "Metallic View" is mainly for offset printing. "Copy Check" (micro-structural lines involving luminescence) is for plate making technology. "ImageSwitch" is for a new security solution which has unlimited printing applications. All three techniques create "latent images" (some of which may be better known as "carrier screen images") that are useful in preventing counterfeiting. While each of the techniques is effective by itself, all are more effective when applied together. Combining these techniques could make all security documents harder to copy using IT scanners, and provide cost-effective anti-counterfeiting solutions for all security users.
Gilliam, David P.
A formal approach to managing and mitigating security risks in the software life cycle is requisite to developing software that has a higher degree of assurance that it is free of security defects which pose risk to the computing environment and the organization. Due to its criticality, security should be integrated as a formal approach in the software life cycle. Both a software security checklist and assessment tools should be incorporated into this life cycle process and integrated with a security risk assessment and mitigation tool. The current research at JPL addresses these areas through the development of a Sotfware Security Assessment Instrument (SSAI) and integrating it with a Defect Detection and Prevention (DDP) risk management tool.
... From the Federal Register Online via the Government Publishing Office DEPARTMENT OF HOMELAND SECURITY Homeland Security Science and Technology Advisory Committee Meeting Cancellation AGENCY: Science... Meeting for Homeland Security Science and Technology Advisory Committee (HSSTAC). SUMMARY: The meeting of...
Sun, Fuxiong; Pi, Juntao; Lv, Jin; Cao, Tian
Network security risk assessment technology can be found in advance of the network problems and related vulnerabilities, it has become an important means to solve the problem of network security. Based on attack graph and Markov chain, this paper provides a Network Security Risk Assessment Model (NSRAM). Based on the network infiltration tests, NSRAM generates the attack graph by the breadth traversal algorithm. Combines with the international standard CVSS, the attack probability of atomic nodes are counted, and then the attack transition probabilities of ones are calculated by Markov chain. NSRAM selects the optimal attack path after comprehensive measurement to assessment network security risk. The simulation results show that NSRAM can reflect the actual situation of network security objectively.
Mrowca, B.; Eltawila, F.
Safety-security interface is a term that is used as part of the commercial nuclear power security framework to promote coordination of the many potentially adverse interactions between plant security and plant safety. Its object is to prevent the compromise of either. It is also used to describe the concept of building security into a plant's design similar to the long standing practices used for safety therefore reducing the complexity of the operational security while maintaining or enhancing overall security. With this in mind, the concept of safety-security interface, when fully implemented, can influence a plant's design, operation and maintenance. It brings the approach use for plant security to one that is similar to that used for safety. Also, as with safety, the application of risk-informed techniques to fully implement and integrate safety and security is important. Just as designers and operators have applied these techniques to enhance and focus safety, these same techniques can be applied to security to not only enhance and focus the security but also to aid in the implementation of effective techniques to address the safety-security interfaces. Implementing this safety-security concept early within the design process can prevent or reduce security vulnerabilities through low cost solutions that often become difficult and expensive to retrofit later in the design and/or post construction period. These security considerations address many of the same issues as safety in ensuring that the response of equipment and plant personnel are adequate. That is, both safety and security are focused on reaching safe shutdown and preventing radiological release. However, the initiation of challenges and the progression of actions in response these challenges and even the definitions of safe shutdown can be considerably different. This paper explores the techniques and limitations that are employed to fully implement a risk-informed, safety-security
Milovanov, Alexander; Bukshpun, Leonid; Pradhan, Ranjit; Jannson, Tomasz
A novel technology that significantly enhances security and trust in wireless and wired communication networks has been developed. It is based on integration of a novel encryption mechanism and novel data packet structure with enhanced security tools. This novel data packet structure results in an unprecedented level of security and trust, while at the same time reducing power consumption and computing/communication overhead in networks. As a result, networks are provided with protection against intrusion, exploitation, and cyber attacks and posses self-building, self-awareness, self-configuring, self-healing, and self-protecting intelligence.
van Cleeff, A.
Simply by using information technology, consumers expose themselves to considerable security risks. Because no technical or legal solutions are readily available, and awareness programs have limited impact, the only remedy is to develop a risk management process for consumers. Consumers need to
Petruzzi, John; Loyear, Rachelle
Enterprise Security Risk Management (ESRM) is a new philosophy and method of managing security programmes through the use of traditional risk principles. As a philosophy and life cycle, ESRM is focused on creating a business partnership between security practitioners and business leaders to more effectively provide protection against security risks in line with acceptable risk tolerances as defined by business asset owners and stakeholders. This paper explores the basics of the ESRM philosophy and life cycle and also shows how embracing the ESRM philosophy and implementing a risk-based security management model in the business organisation can lead to higher levels of organisational resilience as desired by organisation leaders, executives and the board of directors.
Full Text Available This paper describes a survey of online learning which attempts to determine online learning providers’ awareness of potential security risks and the protection measures that will diminish them. The authors use a combination of two methods: blog mining and a traditional literature search. The findings indicate that, while scholars have identified diverse security risks and have proposed solutions to mitigate the security threats in online learning, bloggers have not discussed security in online learning with great frequency. The differences shown in the survey results generated by the two different methods confirm that online learning providers and practitioners have not considered security as a top priority. The paper also discusses the next generation of an online learning system: a safer personal learning environment which requires a one-stop solution for authentication, assures the security of online assessments, and balances security and usability.
Wilson, Charlie; Hargreaves, Tom; Hauxwell-Baldwin, Richard
Smart homes are a priority area of strategic energy planning and national policy. The market adoption of smart home technologies (SHTs) relies on prospective users perceiving clear benefits with acceptable levels of risk. This paper characterises the perceived benefits and risks of SHTs from multiple perspectives. A representative national survey of UK homeowners (n=1025) finds prospective users have positive perceptions of the multiple functionality of SHTs including energy management. Ceding autonomy and independence in the home for increased technological control are the main perceived risks. An additional survey of actual SHT users (n=42) participating in a smart home field trial identifies the key role of early adopters in lowering perceived SHT risks for the mass market. Content analysis of SHT marketing material (n=62) finds the SHT industry are insufficiently emphasising measures to build consumer confidence on data security and privacy. Policymakers can play an important role in mitigating perceived risks, and supporting the energy-management potential of a smart-home future. Policy measures to support SHT market development include design and operating standards, guidelines on data and privacy, quality control, and in situ research programmes. Policy experiences with domestic energy efficiency technologies and with national smart meter roll-outs offer useful precedents. - Highlights: • Representative national survey of prospective smart home users. • Comparative analysis of three datasets to analyse perceived benefits and risks of smart home technologies. • Distinctive characteristics identified of early adopters who seed market growth. • Comparison of user perceptions with industry marketing. • Detailed policy recommendations to support energy benefits of smart home technologies.
Meingast, Marci; Roosta, Tanya; Sastry, Shankar
The face of health care is changing as new technologies are being incorporated into the existing infrastructure. Electronic patient records and sensor networks for in-home patient monitoring are at the current forefront of new technologies. Paper-based patient records are being put in electronic format enabling patients to access their records via the Internet. Remote patient monitoring is becoming more feasible as specialized sensors can be placed inside homes. The combination of these technologies will improve the quality of health care by making it more personalized and reducing costs and medical errors. While there are benefits to technologies, associated privacy and security issues need to be analyzed to make these systems socially acceptable. In this paper we explore the privacy and security implications of these next-generation health care technologies. We describe existing methods for handling issues as well as discussing which issues need further consideration.
Jackson, David P.
CHDS State/Local The concept of risk management provides the foundation of the homeland security enterprise. The United States of America faces numerous complex risks ranging from a series of natural hazards, pandemic disease, technological hazards, transnational criminal enterprises and acts of terrorism perpetrated by intelligent adversaries. The management of these risks requires a strategic collaborative effort from the intelligence and risk analysis communities and many stakeholders a...
Practical possibilities are discussed of seismic modifications of power plant structures and systems with a view to ancillary equipment providing such modifications. Briefly outlined are the possibilities of reinforcing technological equipment and systems operating at normal temperatures, where the basic precondition of seismic resistance is strong and reliable anchorage. Attention is paid to equipment handling high temperature media. In these cases, in selecting seismic protection thermal expansion should be considered as an accompanying effect. Different types are described in detail of hydraulic and mechanical limiters of foreign makes. It is stated on the basis of practical experience that hydraulic limiters involve a number of problems. Mechanical limiters seem to be more appropriate in spite of the complexity of their operation. Viscous dampers are another suitable element for the seismic protection of power plant technological equipment. (Z.M.). 22 figs., 3 tabs., 19 refs
The objective of my research is to improve and support the process of Information security Risk Assessment by designing a scalable Risk argumentation framework for socio-digital-technical Risk. Due to the various types of IT systems, diversity of architectures and dynamic nature of Risk, there is no
Thomas, Ken [Idaho National Laboratory (INL), Idaho Falls, ID (United States)
The Light Water Reactor Sustainability (LWRS) Program is a research and development program sponsored by the Department of Energy, which is conducted in close collaboration with industry to provide the technical foundations for licensing and managing the long-term, safe and economical operation of current nuclear power plants The LWRS Program serves to help the US nuclear industry adopt new technologies and engineering solutions that facilitate the continued safe operation of the plants and extension of the current operating licenses. Within the LWRS Program, the Advanced Instrumentation, Information, and Control (II&C) Systems Technologies Pathway conducts targeted research and development (R&D) to address aging and reliability concerns with the legacy instrumentation and control and related information systems of the U.S. operating light water reactor (LWR) fleet. The II&C Pathway is conducted by Idaho National Laboratory (INL). Cyber security is a common concern among nuclear utilities and other nuclear industry stakeholders regarding the digital technologies that are being developed under this program. This concern extends to the point of calling into question whether these types of technologies could ever be deployed in nuclear plants given the possibility that the information in them can be compromised and the technologies themselves can potentially be exploited to serve as attack vectors for adversaries. To this end, a cyber security evaluation has been conducted of these technologies to determine whether they constitute a threat beyond what the nuclear plants already manage within their regulatory-required cyber security programs. Specifically, the evaluation is based on NEI 08-09, which is the industry’s template for cyber security programs and evaluations, accepted by the Nuclear Regulatory Commission (NRC) as responsive to the requirements of the nuclear power plant cyber security regulation found in 10 CFR 73.54. The evaluation was conducted by a
Conrad, J.; Krebsbach-Gnath, C.
Research on acceptance, perception and assessment of risks clearly shows that perception of risk by the public is based more on subjective assessments than on scientifically objective risk values. Risk perception by the public is influenced by a number of factors. Risk is still a central point in the conflict and always plays a major role in the opposition toward dangerous technologies. Risk forms the thematic focus for the controversy. The development of the actual conflict, the positions, interests, adaptation problems and processes of the various societal institutions, the conditions, prospects, and forms of antinuclear protest and the subjects and structures, symmetries and changes of argument in the public discussion on nuclear energy are analyzed and represented in detail in this report. (orig./HSCH) [de
Kiriakou, Charles M.
Adoption of a comprehensive information security governance model and security controls is the best option organizations may have to protect their information assets and comply with regulatory requirements. Understanding acceptance factors of the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) comprehensive…
Donnelly, S.K.; Harvey, S.B. [Amec Foster Wheeler, Toronto, Ontario (Canada)
Critical infrastructure assets such as nuclear power generating stations are potential targets for malevolent acts. Probabilistic methodologies can be applied to evaluate the real-time security risk based upon intelligence and threat levels. By employing this approach, the application of security forces and other protective measures can be optimized. Existing probabilistic safety analysis (PSA) methodologies and tools employed. in the nuclear industry can be adapted to security applications for this purpose. Existing PSA models can also be adapted and enhanced to consider total plant risk, due to nuclear safety risks as well as security risks. By creating a Probabilistic Security Model (PSM), safety and security practitioners can maximize the safety and security of the plant while minimizing the significant costs associated with security upgrades and security forces. (author)
Morellas, Vassilios; Johnson, Andrew; Johnston, Chris; Roberts, Sharon D.; Francisco, Glen L.
Thermal imaging is rightfully a real-world technology proven to bring confidence to daytime, night-time and all weather security surveillance. Automatic image processing intrusion detection algorithms are also a real world technology proven to bring confidence to system surveillance security solutions. Together, day, night and all weather video imagery sensors and automated intrusion detection software systems create the real power to protect early against crime, providing real-time global homeland protection, rather than simply being able to monitor and record activities for post event analysis. These solutions, whether providing automatic security system surveillance at airports (to automatically detect unauthorized aircraft takeoff and landing activities) or at high risk private, public or government facilities (to automatically detect unauthorized people or vehicle intrusion activities) are on the move to provide end users the power to protect people, capital equipment and intellectual property against acts of vandalism and terrorism. As with any technology, infrared sensors and automatic image intrusion detection systems for global homeland security protection have clear technological strengths and limitations compared to other more common day and night vision technologies or more traditional manual man-in-the-loop intrusion detection security systems. This paper addresses these strength and limitation capabilities. False Alarm (FAR) and False Positive Rate (FPR) is an example of some of the key customer system acceptability metrics and Noise Equivalent Temperature Difference (NETD) and Minimum Resolvable Temperature are examples of some of the sensor level performance acceptability metrics. (authors)
This marketing plan was developed as part of the National Security Preparedness Project by the Arrowhead Center of New Mexico State University. The vision of the National Security Technology Incubator program is to be a successful incubator of technologies and private enterprise that assist the NNSA in meeting new challenges in national safety and security. The plan defines important aspects of developing the incubator, such as defining the target market, marketing goals, and creating strategies to reach the target market while meeting those goals. The three main marketing goals of the incubator are: 1) developing marketing materials for the incubator program; 2) attracting businesses to become incubator participants; and 3) increasing name recognition of the incubator program on a national level.
An increasing number of firms rely on highly interconnected information networks. In such environments, defense against cyber attacks is complicated by residual risks caused by the interdependence of information security decisions of firms. IT security is affected not only by a firm's own management strategies but also by those of others. This…
Steele, Basil J.
There are many emerging technologies that can be used to help the law enforcement community protect the public as well as public and private facilities against ever increasing threats to this country and its resources. These technologies include sensors, closed circuit television (CCTV), access control, contraband detection, communications, control and display, barriers, and various component and system modeling techniques. This paper will introduce some of the various technologies that have been examined for the Department of Energy that could be applied to various law enforcement applications. They include: scannerless laser radar; next generation security systems; response force video information helmet system; access delay technologies; rapidly deployable intrusion detection systems; cost risk benefit analysis.
The Safeguards and Security Technology Development Directory is published annually by the Office of Safeguards and Security (OSS) of the US Department of Energy (DOE), and is Intended to inform recipients of the full scope of the OSS R&D program. It is distributed for use by DOE headquarters personnel, DOE program offices, DOE field offices, DOE operating contractors, national laboratories, other federal agencies, and foreign governments. Chapters 1 through 7 of the Directory provide general information regarding the Technology Development Program, including the mission, program description, organizational roles and responsibilities, technology development lifecycle, requirements analysis, program formulation, the task selection process, technology development infrastructure, technology transfer activities, and current research and development tasks. These chapters are followed by a series of appendices which contain more specific information on aspects of the Program. Appendix A is a summary of major technology development accomplishments made during FY 1992. Appendix B lists S&S technology development reports issued during FY 1992 which reflect work accomplished through the OSS Technology Development Program and other relevant activities outside the Program. Finally, Appendix C summarizes the individual task statements which comprise the FY 1993 Technology Development Program.
Moore, David A
The world of safety and security in the chemical process industries has certainly changed since 11 September, but the biggest challenges may be yet to come. This paper will explain that there is a new risk management paradigm for chemical security, discuss the differences in interpreting this risk versus accidental risk, and identify the challenges we can anticipate will occur in the future on this issue. Companies need to be ready to manage the new chemical security responsibilities and to exceed the expectations of the public and regulators. This paper will outline the challenge and a suggested course of action.
Brown, Molly E.
This slide presentation reviews the issue of supplies of food, the relationship to food security, the ability of all people to attain sufficient food for an active and healthy life, and the ability to use satellite technology and remote sensing to assist with planning and act as an early warning system.
... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] Big Sky Energy Corp., Biomedical Waste Systems, Inc., Biometrics Security Technology, Inc., Biosys, Inc., Bolder Technologies Corp., Boyds Wheels, Inc... securities of Biometrics Security Technology, Inc. because it has not filed any periodic reports since...
Escobar, Jose C.; Lora, Electo S.; Venturini, Osvaldo J. [NEST - Excellence Group in Thermal Power and Distributed Generation, Mechanical Engineering Institute, Universidade Federal de Itajuba (Brazil); Yanez, Edgar E. [CENIPALMA, Oil Palm Research Center - Cenipalma, Calle 21 42-C-47, Bogota (Colombia); Castillo, Edgar F. [CENICANA - Sugarcane Research Center of Colombia, Calle 58 N, 3BN-110, A.A., 9138 - Cali (Colombia); Almazan, Oscar [ICIDCA - Instituto Cubano de Investigaciones de los Derivados de la Cana de Azucar, Via Blanca y Carretera Central 804, San Miguel del Padron, A.P. 4036, La Habana (Cuba)
The imminent decline of the world's oil production, its high market prices and environmental impacts have made the production of biofuels to reach unprecedent volumes over the last 10 years. This is why there have been intense debates among international organizations and political leaders in order to discuss the impacts of the biofuel use intensification. Besides assessing the causes of the rise in the demand and production of biofuels, this paper also shows the state of the art of their world's current production. It is also discussed different vegetable raw materials sources and technological paths to produce biofuels, as well as issues regarding production cost and the relation of their economic feasibility with oil international prices. The environmental impacts of programs that encourage biofuel production, farmland land requirements and the impacts on food production are also discussed, considering the life cycle analysis (LCA) as a tool. It is concluded that the rise in the use of biofuels is inevitable and that international cooperation, regulations and certification mechanisms must be established regarding the use of land, the mitigation of environmental and social impacts caused by biofuel production. It is also mandatory to establish appropriate working conditions and decent remuneration for workers of the biofuels production chain. (author)
Ivancic, William D.; Paulsen, Phillip E.
The inability to seamlessly disseminate data securely over a high-integrity, wireless broadband network has been identified as a primary technical barrier to providing an order-of-magnitude increase in aviation capacity and safety. Secure, autonomous communications to and from aircraft will enable advanced, automated, data-intensive air traffic management concepts, increase National Air Space (NAS) capacity, and potentially reduce the overall cost of air travel operations. For the first time ever, secure, mobile, network technology was designed, developed, and demonstrated with state-ofthe- art protocols and applications by a diverse, cooperative Government-industry team led by the NASA Glenn Research Center. This revolutionary technology solution will make fundamentally new airplane system capabilities possible by enabling secure, seamless network connections from platforms in motion (e.g., cars, ships, aircraft, and satellites) to existing terrestrial systems without the need for manual reconfiguration. Called Mobile Router, the new technology autonomously connects and configures networks as they traverse from one operating theater to another. The Mobile Router demonstration aboard the Neah Bay, a U.S. Coast Guard vessel stationed in Cleveland, Ohio, accomplished secure, seamless interoperability of mobile network systems across multiple domains without manual system reconfiguration. The Neah Bay was chosen because of its low cost and communications mission similarity to low-Earth-orbiting satellite platforms. This technology was successfully advanced from technology readiness level (TRL) 2 (concept and/or application formation) to TRL 6 (system model or prototype demonstration in a relevant environment). The secure, seamless interoperability offered by the Mobile Router and encryption device will enable several new, vehicle-specific and systemwide technologies to perform such things as remote, autonomous aircraft performance monitoring and early detection and
System security assessment tools are either restricted to manual risk evaluation methodologies that are not appropriate for real-time application or used to determine the impact of certain events on the security status of networked systems. In this paper, we determine the strength of computer systems from the perspective of ...
Full Text Available For many individuals and organizations, cyber-insurance is the most practical and only way of handling a major financial impact of an information security event. However, the cyber-insurance market suffers from the problem of information asymmetry, lack of product diversity, illiquidity, high transaction cost, and so on. On the other hand, in theory, capital market-based financial instruments can provide a risk transfer mechanism with the ability to absorb the adverse impact of an information security event. Thus, this article addresses the limitations in the cyber-(reinsurance markets with a set of capital market-based financial instruments. This article presents a set of information security derivatives, namely options, vanilla options, swap, and futures that can be traded at an information security prediction market. Furthermore, this article demonstrates the usefulness of information security derivatives in a given scenario and presents an evaluation of the same in comparison with cyber-insurance. In our analysis, we found that the information security derivatives can at least be a partial solution to the problems in the cyber-insurance markets. The information security derivatives can be used as an effective tool for information elicitation and aggregation, cyber risk pricing, risk hedging, and strategic decision making for information security risk management.
Full Text Available Phosphorus underpins the world’s food systems by ensuring soil fertility, maximising crop yields, supporting farmer livelihoods and ultimately food security. Yet increasing concerns around long-term availability and accessibility of the world’s main source of phosphorus—phosphate rock, means there is a need to investigate sustainable measures to buffer the world’s food systems against the long and short-term impacts of global phosphorus scarcity. While the timeline of phosphorus scarcity is contested, there is consensus that more efficient use and recycling of phosphorus is required. While the agricultural sector will be crucial in achieving this, sustainable phosphorus measures in sectors upstream and downstream of agriculture from mine to fork will also need to be addressed. This paper presents a comprehensive classification of all potential phosphorus supply- and demand-side measures to meet long-term phosphorus needs for food production. Examples range from increasing efficiency in the agricultural and mining sector, to technologies for recovering phosphorus from urine and food waste. Such measures are often undertaken in isolation from one another rather than linked in an integrated strategy. This integrated approach will enable scientists and policy-makers to take a systematic approach when identifying potential sustainable phosphorus measures. If a systematic approach is not taken, there is a risk of inappropriate investment in research and implementation of technologies and that will not ultimately ensure sufficient access to phosphorus to produce food in the future. The paper concludes by introducing a framework to assess and compare sustainable phosphorus measures and to determine the least cost options in a given context.
This article addresses the art of living in a technological culture as the active engagement with technomoral change. It argues that this engagement does not just take the form of overt deliberation. It shows in more modest ways as reflection-in-action, an experimental process in which new technology is fitted into existing practices. In this process challenged values are re-articulated in pragmatic solutions to the problem of working with new technology. This art of working with technology is also modest in the sense that it is not oriented to shaping one's own subjectivity in relation to technology. It emanates from human existence as relational and aims at securing good relationships. The argument will be developed in relation to a case study of the ways in which homecare workers engaged with the value of privacy, challenged by tele-monitoring technology that was newly introduced into their work.
Habib, Shahid; Zukor, Dorthy; Ambrose, Stephen D.
For the past three decades, Earth science remote sensing technologies have been providing enormous amounts of useful data and information in broadening our understanding of our home planet as a system. This research, as it has expanded our learning process, has also generated additional questions. This has further resulted in establishing new science requirements, which have culminated in defining and pushing the state-of-the-art technology needs. NASA s Earth science program has deployed 18 highly complex satellites, with a total of 80 sensors, so far and is in a process of defining and launching multiple observing systems in the next decade. Due to the heightened security alert of the nation, researchers and technologists are paying serious attention to the use of these science driven technologies for dual use. In other words, how such sophisticated observing and measuring systems can be used in detecting multiple types of security concerns with a substantial lead time so that the appropriate law enforcement agencies can take adequate steps to defuse any potential risky scenarios. This paper examines numerous NASA technologies such as laser/lidar systems, microwave and millimeter wave technologies, optical observing systems, high performance computational techniques for rapid analyses, and imaging products that can have a tremendous pay off for security applications.
This paper investigates the computation of Value-at-Risk (VaR) measures for mortgage backed securities (MBSs) using data for the Danish MBS market. The current RiskMetrics proposal from J.P. Morgan is used as a reference point throughout, but the study diverge somewhat from their proposal...... provided in the RiskMetrics dataset might yield better results....
Ionita, Dan; Kegel, Roeland Hendrik,Pieter; Wieringa, Roelf J.; Baltuta, Andrei
Most established security risk assessment methodologies aim to produce ranked lists of risks. But ranking requires quantification of risks, which in turn relies on data which may not be available or estimations which might not be accurate. As an alternative, we have previously proposed
Peng, Xiaolong; Xu, Honglei; Tian, Xiaojun
The popularization of home medical equipment facilitates the treatment and management of many diseases, improving the patient compliance. However, due to the absence of medical background, most of their users have various security risk in the course of reorganization, choosing, using and maintenance of the products. This paper analyzed the property of security risk in home medical equipment, and described the matters needing attention in the using of several common products.
Travis, C.C.; Etnier, E.L.
This volume examines occupational, public health, and environmental risks of the coal fuel cycle, the nuclear fuel cycle, and unconventional energy technologies. The 6 chapters explore in detail the relationship between energy economics and risk analysis, assess the problems of applying traditional cost-benefit analysis to long-term environmental problems (such as global carbon dioxide levels), and consider questions about the public's perception and acceptance of risk. Also included is an examination of the global risks associated with current and proposed levels of energy production and comsumption from all major sources. A separate abstract was prepared for each of the 6 chapters; all are included in Energy Abstracts for Policy Analysis (EAPA) and four in Energy Research Abstracts
White, Donald E
Safety/security risk assessments no longer need to spook nor baffle healthcare safety/security managers. This grid template provides at-at-glance quick lookup of the possible threats, the affected people and things, a priority ranking of these risks, and a workable solution for each risk. Using the standard document, spreadsheet, or graphics software already available on your computer, you can easily use a scientific method to produce professional looking risk assessments that get quickly understood by both senior managers and first responders alike!
Pieters, Wolter; Dechesne, Francien; van der Poel, Ibo; Asveld, Lotte; Mehos, Donna C.
Studies that approach the deployment of new technologies as social experiments have mostly focused on unintentional effects, notably safety. We argue for the inclusion of adversarial risks or security aspects that are the result of intentional, strategic behavior of actors, who aim at using the
Matsui, S. [Central Research Institute of Electric Power Industry, Tokyo (Japan)
The latest situation of the security management for a distributed information system was examined and systematically summarized to indicate the management design in future. This paper describes the threat of the distributed information system to security, the risk for confidentiality, integrity, and availability due to the threat, and the measures to be taken. The basic technology of security management is classified into the `user certification to prevent an incorrect access` and the `encipherment to prevent data from being used incorrectly.` The technology for certification has been almost completed. It can be securely done using an expendable password or IC card system. In Internet, multiple enciphering technologies for constructing a virtual private network that can secure the almost the same security as for a private network can be used. In an electronic mail, the enciphering technology can also be used easily. The tool that manages the security of very many servers, clients, and networks is in the initial stage. 16 refs., 1 fig., 5 tabs.
Countries in the Gulf represent thriving, globally important commercial centres. They have embraced technology and modern management methods, often originating in the western countries. In adapting to quite different cultures these do not always operate as successfully. The adoption and practices of the Information Security Risk Management (ISRM)…
Iannicca, Dennis Christopher; Young, Daniel Paul; Suresh, Thadhani; Winter, Gilbert A.
This informational paper discusses the risk assessment process conducted to analyze Control and Non-Payload Communications (CNPC) architectures for integrating civil Unmanned Aircraft Systems (UAS) into the National Airspace System (NAS). The assessment employs the National Institute of Standards and Technology (NIST) Risk Management framework to identify threats, vulnerabilities, and risks to these architectures and recommends corresponding mitigating security controls. This process builds upon earlier work performed by RTCA Special Committee (SC) 203 and the Federal Aviation Administration (FAA) to roadmap the risk assessment methodology and to identify categories of information security risks that pose a significant impact to aeronautical communications systems. A description of the deviations from the typical process is described in regards to this aeronautical communications system. Due to the sensitive nature of the information, data resulting from the risk assessment pertaining to threats, vulnerabilities, and risks is beyond the scope of this paper
van Schaik, Paul; Jeske, Debora; Onibokun, Joseph; Coventry, Lynne; Jansen, Jurjen; Kusev, Petko
A quantitative empirical online study examined a set of 16 security hazards on the Internet and two comparisons in 436 UK- and US students, measuring perceptions of risk and other risk dimensions. First, perceived risk was highest for identity theft, keylogger, cyber-bullying and social engineering. Second, consistent with existing theory, significant predictors of perceived risk were voluntariness, immediacy, catastrophic potential, dread, severity of consequences and control, as well as Int...
Conrad, J.; Krebsbach-Gnath, C.
This volume of materials is part of the report on 'Technological risks and social conflicts. Political risk strategies in the field of nuclear power'. The interested reader who wants to deepen his knowledge on the results and reasoning of the main report, will here find detailed explanations and brief drafts of subprojects; fundamental aspects of problems are presented in detail, and theoretical-conceptional, methodological and scientific-political points of view are explained. Furthermore it contains general reflections on the application-oriented research by order, a review of the status of risk research, historical considerations on the nuclear energy conflict, and finally explanations are attempted for the nuclear energy conflict. (orig./HSCH) [de
Full Text Available Cloud computing is one of the rising technologies that takes set of connections users to the next level. Cloud is a technology where resources are paid as per usage rather than owned. One of the major challenges in this technology is Security. Biometric systems provide the answer to ensure that the rendered services are accessed only by a legal user or an authorized user and no one else. Biometric systems recognize users based on behavioral or physiological characteristics. The advantages of such systems over traditional validation methods such as passwords and IDs are well known and hence biometric systems are progressively gaining ground in terms of usage. This paper brings about a new replica of a security system where in users have to offer multiple biometric finger prints during Enrollment for a service. These templates are stored at the cloud providers section. The users are authenticated based on these finger print designed templates which have to be provided in the order of arbitrary numbers or imaginary numbers that are generated every time continuously. Both finger prints templates and images are present and they provided every time duration are encrypted or modified for enhanced security.
Pulwarty, R. S.
The UN defines water security as the capacity of a population to safeguard sustainable access to adequate quantities of acceptable quality water for sustaining livelihoods, human well-being, and socio-economic development, for ensuring protection against water-borne pollution and water-related disasters, and for preserving ecosystems in a climate of peace and political stability. This definition highlights complex and interconnected challenges and underscores the centrality of water for environmental services and human aactivities. Global risks are expressed at the national level. The 2010 Quadrennial Defense Review and the 2010 National Security Strategy identify climate change as likely to trigger outcomes that will threaten U.S. security including how freshwater resources can become a security issue. Impacts will be felt on the National Security interest through water, food and energy security, and critical infrastructure. This recognition focuses the need to consider the rates of change in climate extremes, in the context of more traditional political, economic, and social indicators that inform security analyses. There is a long-standing academic debate over the extent to which resource constraints and environmental challenges lead to inter-state conflict. It is generally recognized that water resources as a security issue to date exists mainly at the substate level and has not led to physical conflict between nation states. In conflict and disaster zones, threats to water security increase through inequitable and difficult access to water supply and related services, which may aggravate existing social fragility, tensions, violence, and conflict. This paper will (1) Outline the dimensions of water security and its links to national security (2) Analyze water footprints and management risks for key basins in the US and around the world, (3) map the link between global water security and national concerns, drawing lessons from the drought of 2012 and elsewhere
Takamura, Eduardo; Gomez-Rosa, Carlos A.; Mangum, Kevin; Wasiak, Fran
As the first interplanetary mission managed by the NASA Goddard Space Flight Center, the Mars Atmosphere and Volatile EvolutioN (MAVEN) had three IT security goals for its ground system: COMPLIANCE, (IT) RISK REDUCTION, and COST REDUCTION. In a multiorganizational environment in which government, industry and academia work together in support of the ground system and mission operations, information security governance, risk management, and compliance (GRC) becomes a challenge as each component of the ground system has and follows its own set of IT security requirements. These requirements are not necessarily the same or even similar to each other's, making the auditing of the ground system security a challenging feat. A combination of standards-based information security management based on the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF), due diligence by the Mission's leadership, and effective collaboration among all elements of the ground system enabled MAVEN to successfully meet NASA's requirements for IT security, and therefore meet Federal Information Security Management Act (FISMA) mandate on the Agency. Throughout the implementation of GRC on MAVEN during the early stages of the mission development, the Project faced many challenges some of which have been identified in this paper. The purpose of this paper is to document these challenges, and provide a brief analysis of the lessons MAVEN learned. The historical information documented herein, derived from an internal pre-launch lessons learned analysis, can be used by current and future missions and organizations implementing and auditing GRC.
Udell, C.J.; Carlson, R.L.
The Risk Evaluation System (RES) is an integrated approach to determining safeguards and security effectiveness and risk. RES combines the planning and technical analysis into a format that promotes an orderly development of protection strategies, planing assumptions, facility targets, vulnerability and risk determination, enhancement planning, and implementation. In addition, the RES computer database program enhances the capability of the analyst to perform a risk evaluation of the facility. The computer database is menu driven using data input screens and contains an algorithm for determining the probability of adversary defeat and risk. Also, base case and adjusted risk data records can be maintained and accessed easily
... renewal of the charter of the Homeland Security Science and Technology Advisory Committee (HSSTAC) is... Director, Science and Technology Directorate, Department of Homeland Security, 245 Murray Lane, Bldg. 410..., cyber-security, knowledge management and how best to leverage related technologies funded by other...
...: Technology Security/Clearance Plans, Screening Records, and Non-Disclosure Agreements ACTION: Notice of...: Technology Security/ Clearance Plans, Screening Records, and Non-Disclosure Agreements Pursuant to 22 CFR 126... by the consignee or end-user. Section 126.18 also provides that the technology security/clearance...
...: Technology Security/Clearance Plans, Screening Records, and Non-Disclosure Agreements ACTION: Notice of... Information Collection: Technology Security/ Clearance Plans, Screening Records, and Non-Disclosure Agreements... consignee or end-user. Section 126.18 also provides that the technology security/clearance plan, screening...
... Security Science and Technology Advisory Committee (HSSTAC) is necessary and in the public interest in connection with the Department of Homeland Security, Science and Technology Directorate's performance of its... Technology Directorate, Department of Homeland Security, 245 Murray Lane, Bldg. 410, Washington, DC 20528...
... Security Science and Technology Advisory Committee (HSSTAC) would meet on September 27-28, 2012 in... of Homeland Security (DHS), Science and Technology Directorate, 1120 Vermont Avenue NW., (Room 5-212... Hanson, HSSTAC Executive Director, Science and Technology Directorate, Department of Homeland Security...
... Executive Director, Science and Technology Directorate, Department of Homeland Security, 245 Murray Lane... Director, Science and Technology Directorate, Department of Homeland Security, 245 Murray Lane, Bldg. 410... Technology, such as new developments in systems engineering, cyber-security, knowledge management and how...
... after Sept. 12: http://www.dhs.gov/homeland-security-science-and-technology-advisory-committee-hsstac... Director, Science and Technology Directorate, Department of Homeland Security, 245 Murray Lane, Bldg. 410..., Science and Technology Directorate, Department of Homeland Security, 245 Murray Lane, Bldg. 410...
great weakness of these risk management methodologies becomes their inability for providing specifics to program manager and cyber security...Cyber Espionage Units. 18 Feb 2013. www.mandiant.com (accessed 1 Oct 2014), 15. The Open Web Application Security Project. OWASP Top Ten 2013...Skulls of the 92nd: Defending the front lines of cyber warfare.” http://www.24af.af.mil/news/story.asp?id=123307567 (accessed 20 March 2015). OWASP
Vranicar, Matthew; Weicher, John
The Large Hadron Collider (LHC) at the CERN Laboratory will become the largest scientific instrument in the world when it starts operations in 2007. Large Scale Analysis Computer Systems (computational grids) are required to extract rare signals of new physics from petabytes of LHC detector data. In addition to file-based event data, LHC data processing applications require access to large amounts of data in relational databases: detector conditions, calibrations, etc. U.S. high energy physicists demand efficient performance of grid computing applications in LHC physics research where world-wide remote participation is vital to their success. To empower physicists with data-intensive analysis capabilities a whole hyperinfrastructure of distributed databases cross-cuts a multi-tier hierarchy of computational grids. The crosscutting allows separation of concerns across both the global environment of a federation of computational grids and the local environment of a physicist's computer used for analysis. Very few efforts are on-going in the area of database and grid integration research. Most of these are outside of the U.S. and rely on traditional approaches to secure database access via an extraneous security layer separate from the database system core, preventing efficient data transfers. Our findings are shared by the Database Access and Integration Services Working Group of the Global Grid Forum, who states that 'Research and development activities relating to the Grid have generally focused on applications where data is stored in files. However, in many scientific and commercial domains, database management systems have a central role in data storage, access, organization, authorization, etc, for numerous applications'. There is a clear opportunity for a technological breakthrough, requiring innovative steps to provide high-performance secure database access technologies for grid computing. We believe that an innovative database architecture where the secure
Matthew Vranicar; John Weicher
The Large Hadron Collider (LHC) at the CERN Laboratory will become the largest scientific instrument in the world when it starts operations in 2007. Large Scale Analysis Computer Systems (computational grids) are required to extract rare signals of new physics from petabytes of LHC detector data. In addition to file-based event data, LHC data processing applications require access to large amounts of data in relational databases: detector conditions, calibrations, etc. U.S. high energy physicists demand efficient performance of grid computing applications in LHC physics research where world-wide remote participation is vital to their success. To empower physicists with data-intensive analysis capabilities a whole hyperinfrastructure of distributed databases cross-cuts a multi-tier hierarchy of computational grids. The crosscutting allows separation of concerns across both the global environment of a federation of computational grids and the local environment of a physicist’s computer used for analysis. Very few efforts are on-going in the area of database and grid integration research. Most of these are outside of the U.S. and rely on traditional approaches to secure database access via an extraneous security layer separate from the database system core, preventing efficient data transfers. Our findings are shared by the Database Access and Integration Services Working Group of the Global Grid Forum, who states that "Research and development activities relating to the Grid have generally focused on applications where data is stored in files. However, in many scientific and commercial domains, database management systems have a central role in data storage, access, organization, authorization, etc, for numerous applications.” There is a clear opportunity for a technological breakthrough, requiring innovative steps to provide high-performance secure database access technologies for grid computing. We believe that an innovative database architecture where the
Malboeuf, Sylvie; Sandberg-Maitland, William; Dziadyk, William; Bacic, Eugen
.... The study provides a history of Canada's initiatives with respect to risk management and investigates how Canada can augment the Working Group with its experiences and its future initiatives and opportunities...
Investigative report, science committee of Aggregate corporation Radiological technologist society of the Oita prefecture. Questionnaires research on security control of department of radiological technology of medical facilities in the Oita prefecture. The second report. Research on high risk incident measures
Eto, Yoshihiro; Mano, Isao; Takagi, Ikuya; Murakami, Yasunori; Sueyoshi, Seiji; Yoshimoto, Asahi
Oita association of radiological technologists carried out the questionnaires about the measures against high lisk incidental in department of radiological technology at the medical facilities in Oita. We distributed the questionnaire to 102 facilities, which are worked by the technologists (member), and got response from 91 facilities (89%). Research contents are Patient verification method'' ''Input and verification of patient attribute'' ''Infection in hospital'' ''Stumbles and falls of patient'' Contrast enhancement CT'' ''Something related to pacemaker'' ''MRI inspection and the magnetic substance'' ''Remedy mistake'' and ''Risk management''. The Result, Low level recognition contents of medical accident measures are ''Contrast enhancement CT'' ''Stumbles and falls of patient'' Risk management of department of radiological technology''. (author)
DOE, through its contractor EG and G Energy Measurements, Inc., has developed a state-of-the-art interactive-video system for use at the Department of Energy's Central Training Academy. Called the Security Training and Evaluation Shooting System (STRESS), the computer-driven decision shooting system employs the latest is laservideo-disk technology. STRESS is designed to provide realistic and stressful training for security inspectors employed by the DOE and its contractors. The system uses wide-screen video projection, sophisticated scenario-branching technology, and customized video scenarios especially designed for the DOE. Firing a weapon that has been modified to shoot ''laser bullets,'' and wearing a special vest that detects ''hits'': the security inspector encounters adversaries on the wide screen who can shoot or be shot by the inspector in scenarios that demand fast decisions. Based on those decisions, the computer provides instantaneous branching to different scenes, giving the inspector confrontational training with the realism and variability of real life
Chavez, Gregory M [Los Alamos National Laboratory; Key, Brian P [Los Alamos National Laboratory; Zerkle, David K [Los Alamos National Laboratory; Shevitz, Daniel W [Los Alamos National Laboratory
The security risk associated with malevolent acts such as those of terrorism are often void of the historical data required for a traditional PRA. Most information available to conduct security risk assessments for these malevolent acts is obtained from subject matter experts as subjective judgements. Qualitative reasoning approaches such as approximate reasoning and evidential reasoning are useful for modeling the predicted risk from information provided by subject matter experts. Absent from these approaches is a consistent means to compare the security risk assessment results. Associated with each predicted risk reasoning result is a quantifiable amount of information uncertainty which can be measured and used to compare the results. This paper explores using entropy measures to quantify the information uncertainty associated with conflict and non-specificity in the predicted reasoning results. The measured quantities of conflict and non-specificity can ultimately be used to compare qualitative reasoning results which are important in triage studies and ultimately resource allocation. Straight forward extensions of previous entropy measures are presented here to quantify the non-specificity and conflict associated with security risk assessment results obtained from qualitative reasoning models.
This book is a contribution to the scholarly engagement with the wider problem of governing through risk and the politics of uncertainty. It takes life insurance as an empirical site from which to ask: what is the kind of governance created through insurance an instance of, and how does it
Miguel E. Garcés Prettel
Full Text Available This paper analyzes the relationship between professional autonomy and security risks of journalists in Colombia. A correlational-transversal research was conducted with a sample of 751 journalists who filled out the questionnaire “Worlds of Journalism Study”. The results show significant differences on the attacks received by the journalists depending on gender, news beat, region, news media, years of experience, capacity and educational level of journalists. Attacks on journalists correlates positively with the autonomy to publish and write news on governments, armed forces, criminal gangs and structural social problems (poverty, status of ethnic minorities, socioeconomic inequality, environmental damage the latter being a predictor of high risk security.
Backus, George A.; Boslough, Mark Bruce Elrick; Brown, Theresa Jean; Cai, Ximing; Conrad, Stephen Hamilton; Constantine, Paul G; Dalbey, Keith R.; Debusschere, Bert J.; Fields, Richard; Hart, David Blaine; Kalinina, Elena Arkadievna; Kerstein, Alan R.; Levy, Michael; Lowry, Thomas Stephen; Malczynski, Leonard A.; Najm, Habib N.; Overfelt, James Robert; Parks, Mancel Jordan; Peplinski, William J.; Safta, Cosmin; Sargsyan, Khachik; Stubblefield, William Anthony; Taylor, Mark A.; Tidwell, Vincent Carroll; Trucano, Timothy Guy; Villa, Daniel L.
Climate change, through drought, flooding, storms, heat waves, and melting Arctic ice, affects the production and flow of resource within and among geographical regions. The interactions among governments, populations, and sectors of the economy require integrated assessment based on risk, through uncertainty quantification (UQ). This project evaluated the capabilities with Sandia National Laboratories to perform such integrated analyses, as they relate to (inter)national security. The combining of the UQ results from climate models with hydrological and economic/infrastructure impact modeling appears to offer the best capability for national security risk assessments.
Water security and emergent environmental risks are among the most significant societal concerns. They are highly interlinked to other global risks such as those related to climate, human health, food, human migration, biodiversity loss, urban sustainability, etc. Emergent risks result from the confluence of unanticipated interactions from evolving interdependencies between complex systems, such as those embedded in the water cycle. They are associated with the novelty of dynamical possibilities that have significant potential consequences to human and ecological systems, and not with probabilities based on historical precedence. To ensure water security we need to be able to anticipate the likelihood of risk possibilities as they present the prospect of the most impact through cascade of vulnerabilities. They arise due to a confluence of nonstationary drivers that include growing population, climate change, demographic shifts, urban growth, and economic expansion, among others, which create novel interdependencies leading to a potential of cascading network effects. Hydrocomplexity aims to address water security and emergent risks through the development of science, methods, and practices with the potential to foster a "Blue Revolution" akin to the Green revolution for food security. It blends both hard infrastructure based solution with soft knowledge driven solutions to increase the range of planning and design, management, mitigation and adaptation strategies. It provides a conceptual and synthetic framework to enable us to integrate discovery science and engineering, observational and information science, computational and communication systems, and social and institutional approaches to address consequential water and environmental challenges.
Barskar, Raju; Deen, Anjana Jayant; Bharti, Jyoti; Ahmed, Gulfishan Firdose
E-Commerce offers the banking industry great opportunity, but also creates a set of new risks and vulnerability such as security threats. Information security, therefore, is an essential management and technical requirement for any efficient and effective Payment transaction activities over the internet. Still, its definition is a complex endeavor due to the constant technological and business change and requires a coordinated match of algorithm and technical solutions. Ecommerce is not appro...
Jonkers, Henk; Quartel, Dick; Kordy, Barbara; Ekstedt, Mathias; Seong Kim, Deng
The growing complexity of organizations and the increasing number of sophisticated cyber attacks asks for a systematic and integral approach to Enterprise Risk and Security Management (ERSM). As enterprise architecture offers the necessary integral perspective, including the business and IT aspects
Chen, Yong; He, Wu
This paper describes a survey of online learning which attempts to determine online learning providers' awareness of potential security risks and the protection measures that will diminish them. The authors use a combination of two methods: blog mining and a traditional literature search. The findings indicate that, while scholars have…
Janssen, S.A.M.; Sharpans'kykh, Alexei; Bajo, J.; Vale, Z.; Hallenborg, K.; Rocha, A.P.; Mathieu, P.; Pawlewski, P.; Del Val, E.; Novais, P.; Lopes, F.; Duque Méndez, N.D.; Julián, V.; Holmgren, J.
Security Risk Assessment is commonly performed by using traditional methods based on linear probabilistic tools and informal expert judgements. These methods lack the capability to take the inherent dynamic and intelligent nature of attackers into account. To partially address the limitations,
Pieters, Wolter; Lukszo, Zofia; Hadziosmanovic, D.; van den Berg, Jan
Consider the question whether a cyber security investment is cost-effective. The result will depend on the expected frequency of attacks. Contrary to what is referred to as threat event frequencies or hazard rates in safety risk management, frequencies of targeted attacks are not independent from
Balaghi, R.; Badjeck, M.C.; Bakari, D.; Pauw, de E.D.; Wit, de A.J.W.; Defourny, P.; Donato, S.; Gommes, R.; Jlibene, M.; Ravelo, A.C.; Sivakumar, M.V.K.; Telahigue, N.; Tychon, B.
Food security is expected to face increasing challenges from climatic risks that are more and more exacerbated by climate change, especially in the developing world. This document lists some of the main capabilities that have been recently developed, especially in the area of operational
Smith, G.D.; Pocratsky, C.A.
The US DOE has had a program that develops technologies to protect sensitive nuclear weapons facilities for more than thirty years. The mission of the program is overwhelmingly diverse, as it must be to protect an array of assets such as nuclear weapons, special nuclear material in various forms, components of nuclear weapons, and classified nuclear weapons design information. Considering that the nuclear weapons complex consists of dozens of facilities that are scattered all over the US, the technology development mission is very challenging. Complicating matters further is the ever uncertain future of the DOE. Some examples of dramatic Departmental mission changes that directly impact their security technology development program are given. A few development efforts are highlighted as examples of efforts currently being sponsored. They are: automated sensor testing devices to help reduce the requirement for personnel to enter vaults containing highly radioactive nuclear materials; a vehicle inspection portal to screen vehicles for hidden passengers, nuclear material, explosives, and other contraband; non-lead and short-range ammunition as an environmentally safe alternative to lead ammunition; a complex-wide visitor access control system to allow all DOE employees to travel to all sites with a commonly recognized credential; automated nuclear material monitoring technologies to provide assurance that material in storage has not been tampered with; laser radar as a potential solution to early warning deficiencies throughout the Department; performance testing standards for many security products to include an automated and consistent standard for assessing the quality of video; low temperature pyrotechnic smoke as a possible adversary delay mechanism; modular vaults to provide temporary protection for nuclear material during D and D activities, and a protection approach for restricted passage areas such as the volume above a tiled ceiling or within a crawl space
Latarjet, R. (Institut du Radium, Orsay (France))
The author presents a general definition of the concept of risk and makes a distinction between the various types of risk - the absolute and the relative; the risk for oneself and for others. The quantitative comparison of risks presupposes their ''interchangeability''. In the case of major risks in the long term - or genotoxic risks - there is a certain degree of interchangeability which makes this quantitative comparison possible. It is expressed by the concept of rad-equivalence which the author defines and explains giving as a concrete example the work conducted on ethylene and ethylene oxide.
The author presents a general definition of the concept of risk and makes a distinction between the various types of risk - the absolute and the relative; the risk for oneself and for others. The quantitative comparison of risks presupposes their ''interchangeability''. In the case of major risks in the long term - or genotoxic risks - there is a certain degree of interchangeability which makes this quantitative comparison possible. It is expressed by the concept of rad-equivalence which the author defines and explains giving as a concrete example the work conducted on ethylene and ethylene oxide [fr
The focus of this paper is on the potential role of the Nigerian Agricultural Insurance Scheme (NAIS) in protecting the farmer from the plethora of risks associated with the transfer and introduction of modern technologies. The scheme can improve farmers' access to credit when the insurance contract is used as collateral for ...
Pavone, Vincenzo; Esposti, Sara Degli
As surveillance-oriented security technologies (SOSTs) are considered security enhancing but also privacy infringing, citizens are expected to trade part of their privacy for higher security. Drawing from the PRISE project, this study casts some light on how citizens actually assess SOSTs through a combined analysis of focus groups and survey data. First, the outcomes suggest that people did not assess SOSTs in abstract terms but in relation to the specific institutional and social context of implementation. Second, from this embedded viewpoint, citizens either expressed concern about government's surveillance intentions and considered SOSTs mainly as privacy infringing, or trusted political institutions and believed that SOSTs effectively enhanced their security. None of them, however, seemed to trade privacy for security because concerned citizens saw their privacy being infringed without having their security enhanced, whilst trusting citizens saw their security being increased without their privacy being affected.
There are many technologies emerging from this decade that can be used to help the law enforcement community protect the public as well as public and private facilities against ever increasing threats to this country and its resources. These technologies include sensors, closed circuit television (CCTV), access control, contraband detection, communications, control and display, barriers, and various component and system modeling techniques. This paper will introduce some of the various technologies that have been examined for the Department of Energy that could be applied to various law enforcement applications. They include: (1) scannerless laser radar; (2) next generation security systems; (3) response force video information helmet system; (4) access delay technologies; (5) rapidly deployable intrusion detection systems; and (6) cost risk benefit analysis
This case study of 9 information technology (IT) support staff in 3 Australian (Victoria) public hospitals juxtaposes their experiences at the user-level of eHealth security in the Natural Hospital Environment with that previously reported by 26 medical, nursing and allied healthcare clinicians. IT support responsibilities comprised the entire hospital, of which clinician eHealth security needs were only part. IT staff believed their support tasks were often fragmented while work responsibilities were hampered by resources shortages. They perceived clinicians as an ongoing security risk to private health information. By comparison clinicians believed IT staff would not adequately support the private and secure application of eHealth for patient care. Preliminary data analysis suggests the tension between these cohorts manifests as an eHealth environment where silos of clinical work are disconnected from silos of IT support work. The discipline-based silos hamper health privacy outcomes. Privacy and security policies, especially those influencing the audit process, will benefit by further research of this phenomenon.
Zelkin, Natalie; Henriksen, Stephen
This document is being provided as part of ITT's NASA Glenn Research Center Aerospace Communication Systems Technical Support (ACSTS) contract NNC05CA85C, Task 7: "New ATM Requirements--Future Communications, C-Band and L-Band Communications Standard Development." ITT has completed a safety hazard analysis providing a preliminary safety assessment for the proposed L-band (960 to 1164 MHz) terrestrial en route communications system. The assessment was performed following the guidelines outlined in the Federal Aviation Administration Safety Risk Management Guidance for System Acquisitions document. The safety analysis did not identify any hazards with an unacceptable risk, though a number of hazards with a medium risk were documented. This effort represents a preliminary safety hazard analysis and notes the triggers for risk reassessment. A detailed safety hazards analysis is recommended as a follow-on activity to assess particular components of the L-band communication system after the technology is chosen and system rollout timing is determined. The security risk analysis resulted in identifying main security threats to the proposed system as well as noting additional threats recommended for a future security analysis conducted at a later stage in the system development process. The document discusses various security controls, including those suggested in the COCR Version 2.0.
Full Text Available Cloud computing has attracted more and more attention as it reduces the cost of IT infrastructure of organizations. In our country, business Cloud services, such as Alibaba Cloud, Huawei Cloud, QingCloud, UCloud and so on are gaining more and more uses, especially small or median organizations. In the cloud service scenario, the program and data are migrating into cloud, resulting the lack of trust between customers and cloud service providers. However, the recent study on Cloud computing is mainly focused on the service side, while the data security and trust have not been sufficiently studied yet. This paper investigates into the data security issues from data life cycle which includes five steps when an organization uses Cloud computing. A data management framework is given out, including not only the data classification but also the risk management framework. Concretely, the data is divided into two varieties, business and personal information. And then, four classification levels (high, medium, low, normal according to the different extent of the potential adverse effect is introduced. With the help of classification, the administrators can identify the application or data to implement corresponding security controls. At last, the administrators conduct the risk assessment to alleviate the risk of data security. The trust between customers and cloud service providers will be strengthen through this way.
McCreight, Tim; Leece, Doug
The convergence of physical security devices into the corporate network is increasing, due to the perceived economic benefits and efficiencies gained from using one enterprise network. Bringing these two networks together is not without risk. Physical devices like closed circuit television cameras (CCTV), card access readers, and heating, ventilation and air conditioning controllers (HVAC) are typically not secured to the standards we expect for corporate computer networks. These devices can pose significant risks to the corporate network by creating new avenues to exploit vulnerabilities in less-than-secure implementations of physical systems. The ASIS Information Technology Security Council (ITSC) developed a white paper describing steps organisations can take to reduce the risks this convergence can pose, and presented these concepts at the 2015 ASIS/ISC2 Congress in Anaheim, California. 1 This paper expands upon the six characteristics described by ITSC, and provides business continuity planners with information on how to apply these recommendations to physical security devices that use the corporate network.
Beck, J.; Metzger, R.; Hingray, B.; Musy, A.
Risk is a human perception: a given risk may be considered as acceptable or unac- ceptable depending on the group that has to face that risk. Flood risk analysis of- ten estimates economic losses from damages, but neglects the question of accept- able/unacceptable risk. With input from land use managers, politicians and other stakeholders, risk assessment based on security deficit analysis determines objects with unacceptable risk and their degree of security deficit. Such a risk assessment methodology, initially developed by the Swiss federal authorities, is illustrated by its application on a reach of the Alzette River (Luxembourg) in the framework of the IRMA-SPONGE FRHYMAP project. Flood risk assessment always involves a flood hazard analysis, an exposed object vulnerability analysis, and an analysis combing the results of these two previous analyses. The flood hazard analysis was done with the quasi-2D hydraulic model FldPln to produce flood intensity maps. Flood intensity was determined by the water height and velocity. Object data for the vulnerability analysis, provided by the Luxembourg government, were classified according to their potential damage. Potential damage is expressed in terms of direct, human life and secondary losses. A thematic map was produced to show the object classification. Protection goals were then attributed to the object classes. Protection goals are assigned in terms of an acceptable flood intensity for a certain flood frequency. This is where input from land use managers and politicians comes into play. The perception of risk in the re- gion or country influences the protection goal assignment. Protection goals as used in Switzerland were used in this project. Thematic maps showing the protection goals of each object in the case study area for a given flood frequency were produced. Com- parison between an object's protection goal and the intensity of the flood that touched the object determine the acceptability of the risk and the
Smith, S.T.; Lim, J.J.
Computers, the invisible backbone of nuclear safeguards, monitor and control plant operations and support many materials accounting systems. Our automated procedure to assess computer security effectiveness differs from traditional risk analysis methods. The system is modeled as an interactive questionnaire, fully automated on a portable microcomputer. A set of modular event trees links the questionnaire to the risk assessment. Qualitative scores are obtained for target vulnerability, and qualitative impact measures are evaluated for a spectrum of threat-target pairs. These are then combined by a linguistic algebra to provide an accurate and meaningful risk measure. 12 references, 7 figures
Lee, C. K.; Park, G. Y.; Lee, Y. J.; Choi, J. G.; Kim, D. H.; Lee, D. Y.; Kwon, K. C.
In the Korea Nuclear I and C Systems Development (KNICS) project the platforms for plant protection systems are developed, which function as a reactor shutdown, actuation of engineered safety features and a control of the related equipment. Those are fully digitalized through the use of safety-grade programmable logic controllers (PLCs) and communication networks. In 2006 the Regulatory Guide 1.152 (Rev. 02) was published by the U.S. NRC and it describes the application of a cyber security to the safety systems in the Nuclear Power Plant (NPP). Therefore it is required that the new requirements are incorporated into the developed platforms to apply to NPP, and a cyber security risk assessment is performed. The results of the assessment were input for establishing the cyber security policies and planning the work breakdown to incorporate them
Insider problems such as theft and sabotage can occur within the security and surveillance realm of operations when unauthorized people obtain access to sensitive areas. A possible solution to these problems is a means to identify individuals (not just credentials or badges) in a given sensitive area and provide full time personnel accountability. One approach desirable at Department of Energy facilities for access control and/or personnel identification is an Intelligent Facial Recognition System (IFRS) that is non-invasive to personnel. Automatic facial recognition does not require the active participation of the enrolled subjects, unlike most other biological measurement (biometric) systems (e.g., fingerprint, hand geometry, or eye retinal scan systems). It is this feature that makes an IFRS attractive for applications other than access control such as emergency evacuation verification, screening, and personnel tracking. This paper discusses current technology that shows promising results for DOE and other security applications. A survey of research and development in facial recognition identified several companies and universities that were interested and/or involved in the area. A few advanced prototype systems were also identified. Sandia National Laboratories is currently evaluating facial recognition systems that are in the advanced prototype stage. The initial application for the evaluation is access control in a controlled environment with a constant background and with cooperative subjects. Further evaluations will be conducted in a less controlled environment, which may include a cluttered background and subjects that are not looking towards the camera. The outcome of the evaluations will help identify areas of facial recognition systems that need further development and will help to determine the effectiveness of the current systems for security applications.
Hall, Jim; Borgomeo, Edoardo
The concept of water security implies concern about potentially harmful states of coupled human and natural water systems. Those harmful states may be associated with water scarcity (for humans and/or the environment), floods or harmful water quality. The theories and practices of risk analysis and risk management have been developed and elaborated to deal with the uncertain occurrence of harmful events. Yet despite their widespread application in public policy, theories and practices of risk management have well-known limitations, particularly in the context of severe uncertainties and contested values. Here, we seek to explore the boundaries of applicability of risk-based principles as a means of formalizing discussion of water security. Not only do risk concepts have normative appeal, but they also provide an explicit means of addressing the variability that is intrinsic to hydrological, ecological and socio-economic systems. We illustrate the nature of these interconnections with a simulation study, which demonstrates how water resources planning could take more explicit account of epistemic uncertainties, tolerability of risk and the trade-offs in risk among different actors. PMID:24080616
Hodson, Robert F.; Munk, Christopher; Helble, Adelle; Press, Martin T.; George, Cory; Johnson, David
The National Aeronautics and Space Administration (NASA) Game Changing Development (GCD) program manages technology projects across all NASA centers and reports to NASA headquarters regularly on progress. Program stakeholders expect an up-to-date, accurate status and often have questions about the program's portfolio that requires a timely response. Historically, reporting, data collection, and analysis were done with manual processes that were inefficient and prone to error. To address these issues, GCD set out to develop a new business automation solution. In doing this, the program wanted to leverage the latest information technology platforms and decided to utilize traditional systems along with new cloud-based web services and gaming technology for a novel and interactive user environment. The team also set out to develop a mobile solution for anytime information access. This paper discusses a solution to these challenging goals and how the GCD team succeeded in developing and deploying such a system. The architecture and approach taken has proven to be effective and robust and can serve as a model for others looking to develop secure interactive mobile business solutions for government or enterprise business automation.
Qi, Xiaoxing; Liu, Liming; Liu, Yabin; Yao, Lan
Integrated food security covers three aspects: food quantity security, food quality security, and sustainable food security. Because sustainable food security requires that food security must be compatible with sustainable development, the risk assessment of sustainable food security is becoming one of the most important issues. This paper mainly focuses on the characteristics of sustainable food security problems in the major grain-producing areas in China. We establish an index system based on land resources and eco-environmental conditions and apply a dynamic assessment method based on status assessments and trend analysis models to overcome the shortcomings of the static evaluation method. Using fuzzy mathematics, the risks are categorized into four grades: negligible risk, low risk, medium risk, and high risk. A case study was conducted in one of China's major grain-producing areas: Dongting Lake area. The results predict that the status of the sustainable food security in the Dongting Lake area is unsatisfactory for the foreseeable future. The number of districts at the medium-risk range will increase from six to ten by 2015 due to increasing population pressure, a decrease in the cultivated area, and a decrease in the effective irrigation area. Therefore, appropriate policies and measures should be put forward to improve it. The results could also provide direct support for an early warning system-which could be used to monitor food security trends or nutritional status so to inform policy makers of impending food shortages-to prevent sustainable food security risk based on some classical systematic methods. This is the first research of sustainable food security in terms of risk assessment, from the perspective of resources and the environment, at the regional scale.
Meng, Fanxing; Wen, Xiumei; Gao, Liting; Pang, Hui; Wang, Qinglin
Database technology is one of the most widely applied computer technologies, its security is becoming more and more important. This paper introduced the database security, network database security level, studies the security technology of the network database, analyzes emphatically sub-key encryption algorithm, applies this algorithm into the campus-one-card system successfully. The realization process of the encryption algorithm is discussed, this method is widely used as reference in many fields, particularly in management information system security and e-commerce.
Along with technical issues, biobanking frequently raises important privacy and security issues that must be resolved as biobanks continue to grow in scale and scope. Consent mechanisms currently in use range from fine-grained to very broad, and in some cases participants are offered very few privacy protections. However, developments in information technology are bringing improvements. New programs and systems are being developed to allow researchers to conduct analyses without distributing the data itself offsite, either by allowing the investigator to communicate with a central computer, or by having each site participate in meta-analysis that results in a shared statistic or final significance result. The implementation of security protocols into the research biobanking setting requires three key elements: authentication, authorization, and auditing. Authentication is the process of making sure individuals are who they claim to be, frequently through the use of a password, a key fob, or a physical (i.e., retinal or fingerprint) scan. Authorization involves ensuring that every individual who attempts an action has permission to do that action. Finally, auditing allows for actions to be logged so that inappropriate or unethical actions can later be traced back to their source. © 2016 American Society of Law, Medicine & Ethics.
... 48 Federal Acquisition Regulations System 4 2010-10-01 2010-10-01 false Information Technology... Clauses 652.239-70 Information Technology Security Plan and Accreditation. As prescribed in 639.107-70(a), insert the following provision: Information Technology Security Plan and Accreditation (SEP 2007) All...
... information technology resources. 1352.239-72 Section 1352.239-72 Federal Acquisition Regulations System... Clauses 1352.239-72 Security requirements for information technology resources. As prescribed in 48 CFR 1339.270(b), insert the following clause: Security Requirements for Information Technology Resources...
... 48 Federal Acquisition Regulations System 5 2010-10-01 2010-10-01 false Information technology... Provisions and Clauses 1252.239-71 Information technology security plan and accreditation. As prescribed in (TAR) 48 CFR 1239.70, insert the following provision: Information Technology Security Plan and...
... information technology resources. 1274.937 Section 1274.937 Aeronautics and Space NATIONAL AERONAUTICS AND... Conditions § 1274.937 Security requirements for unclassified information technology resources. Security Requirements for Unclassified Information Technology Resources July 2002 (a) The Recipient shall be responsible...
Simek, Krzysztof; Świerniak, Andrzej
One of the world’s leading problems in the field of national security is protection of borders and borderlands. This book addresses multiple issues on advanced innovative methods of multi-level control of both ground (UGVs) and aerial drones (UAVs). Those objects combined with innovative algorithms become autonomous objects capable of patrolling chosen borderland areas by themselves and automatically inform the operator of the system about potential place of detection of a specific incident. This is achieved by using sophisticated methods of generation of non-collision trajectory for those types of objects and enabling automatic integration of both ground and aerial unmanned vehicles. The topics included in this book also cover presentation of complete information and communication technology (ICT) systems capable of control, observation and detection of various types of incidents and threats. This book is a valuable source of information for constructors and developers of such solutions for uniformed servi...
Kovačević-Lepojević Marina M.
Full Text Available The model of technological pragmatism assumes awareness that technological development involves both benefits and dangers. Most modern security technologies represent citizens' mass surveillance tools, which can lead to compromising a significant amount of personal data due to the lack of institutional monitoring and control. On the other hand, people are interested in improving crime control and reducing the fear of potential victimization which this framework provides as a rational justification for the apparent loss of privacy, personal rights and freedoms. Citizens' perception on the categories of security and privacy, and their balancing, can provide the necessary guidelines to regulate the application of security technologies in the actual context. The aim of this paper is to analyze the attitudes of students at the University of Belgrade (N = 269 toward the application of security technology and identification of the key dimensions. On the basis of the relevant research the authors have formed assumptions about the following dimensions: security, privacy, trust in institutions and concern about the misuse of security technology. The Prise Questionnaire on Security Technology and Privacy was used for data collection. Factor analysis abstracted eight factors which together account for 58% of variance, with the highest loading of the four factors that are identified as security, privacy, trust and concern. The authors propose a model of technological pragmatism considering security and privacy. The data also showed that students are willing to change their privacy for the purpose of improving security and vice versa.
Full Text Available An optimal management for a corporation, no matter what size the corporation is, it must contain the management of the security risk. On the importance that is given to the risk management can depend the well functioning of the corporation. An important role in this process has the owner of the business and the way that this one understands the risk. A good understanding of the risk by the owner will have as effect the allocation of sufficient funds to implement controls meant to bring the risk level in order to be an acceptable one. The autochthonous corporations, in a great part even because of the inexistence of reglementations in this domain, have an empiric approach of the phenomena.
Song, Jae Gu; Lee, Jung Woon; Lee, Cheal Kwon; Kwon, Kee Choon; Lee, Dong Young
The applications of computers and communication system and network technologies in nuclear power plants have expanded recently. This application of digital technologies to the instrumentation and control systems of nuclear power plants brings with it the cyber security concerns similar to other critical infrastructures. Cyber security risk assessments for digital instrumentation and control systems have become more crucial in the development of new systems and in the operation of existing systems. Although the instrumentation and control systems of nuclear power plants are similar to industrial control systems, the former have specifications that differ from the latter in terms of architecture and function, in order to satisfy nuclear safety requirements, which need different methods for the application of cyber security risk assessment. In this paper, the characteristics of nuclear power plant instrumentation and control systems are described, and the considerations needed when conducting cyber security risk assessments in accordance with the life cycle process of instrumentation and control systems are discussed. For cyber security risk assessments of instrumentation and control systems, the activities and considerations necessary for assessments during the system design phase or component design and equipment supply phase are presented in the following 6 steps: 1) System Identification and Cyber Security Modeling, 2) Asset and Impact Analysis, 3) Threat Analysis, 4) Vulnerability Analysis, 5) Security Control Design, and 6) Penetration test. The results from an application of the method to a digital reactor protection system are described.
Kim, Hyun Jun; Chang, Moon Hee; Kim, Hark Rho; Lee, Young Joon [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of); Lee, Sang Heon [Korea National Defense University, Goyang (Korea, Republic of)
Many cases have shown that a peaceful use of nuclear technology should play an important role in national securities such as energy, economic and science and technology securities, etc. It would be interesting to know what the positioning of the peaceful use of nuclear technology is in the national security aspects. In this paper, a positioning of nuclear power on various national security components is intended by using a positioning process that has been widely used for marketing. Findings can be used for directing further R and Ds to develop nuclear power technology
Bingham, Philip R [ORNL; White, Tim [Pacific Northwest National Laboratory (PNNL); Cespedes, Ernesto [Idaho National Laboratory (INL); Bowerman, Biays [Brookhaven National Laboratory (BNL); Bush, John [Battelle
The non-intrusive inspection (NII) of consolidated air cargo carried on commercial passenger aircraft continues to be a technically challenging, high-priority requirement of the Department of Homeland Security's Science and Technology Directorate (DHS S&T), the Transportation Security Agency and the Federal Aviation Administration. The goal of deploying a screening system that can reliably and cost-effectively detect explosive threats in consolidated cargo without adversely affecting the flow of commerce will require significant technical advances that will take years to develop. To address this critical National Security need, the Battelle Memorial Institute (Battelle), under a Cooperative Research and Development Agreement (CRADA) with four of its associated US Department of Energy (DOE) National Laboratories (Oak Ridge, Pacific Northwest, Idaho, and Brookhaven), conducted a research and development initiative focused on identifying, evaluating, and integrating technologies for screening consolidated air cargo for the presence of explosive threats. Battelle invested $8.5M of internal research and development funds during fiscal years 2007 through 2009. The primary results of this effort are described in this document and can be summarized as follows: (1) Completed a gap analysis that identified threat signatures and observables, candidate technologies for detection, their current state of development, and provided recommendations for improvements to meet air cargo screening requirements. (2) Defined a Commodity/Threat/Detection matrix that focuses modeling and experimental efforts, identifies technology gaps and game-changing opportunities, and provides a means of summarizing current and emerging capabilities. (3) Defined key properties (e.g., elemental composition, average density, effective atomic weight) for basic commodity and explosive benchmarks, developed virtual models of the physical distributions (pallets) of three commodity types and three
Secure Multiparty Computation for Cooperative Cyber Risk Assessment Kyle Hogan, Noah Luther, Nabil Schear, Emily Shen, Sophia Yakoubov, Arkady...that the organizations can compute relevant statistics and analyses on the global infrastructure while still keeping the details of their local...and Engineering (ASDR&E) under Air Force Contract FA8721-05-C-0002. Opinions, interpretations, conclusions and recommendations are those of the author
follows. We used Paillier cryptosystem with N = 1024-bit public key and comparison protocol (Damgard et al., 2008) for 60 bits of integers . The program is...SECURE APPROXIMATION GUARANTEE Hospital (knows clinical information) Genome testing institute (knows genomic information) Model for disease risks...were collected in a research institute, while clinical information were collected in a hospital , and both institutes do not want to share their data
Ralston, P A S; Graham, J H; Hieb, J L
The growing dependence of critical infrastructures and industrial automation on interconnected physical and cyber-based control systems has resulted in a growing and previously unforeseen cyber security threat to supervisory control and data acquisition (SCADA) and distributed control systems (DCSs). It is critical that engineers and managers understand these issues and know how to locate the information they need. This paper provides a broad overview of cyber security and risk assessment for SCADA and DCS, introduces the main industry organizations and government groups working in this area, and gives a comprehensive review of the literature to date. Major concepts related to the risk assessment methods are introduced with references cited for more detail. Included are risk assessment methods such as HHM, IIM, and RFRM which have been applied successfully to SCADA systems with many interdependencies and have highlighted the need for quantifiable metrics. Presented in broad terms is probability risk analysis (PRA) which includes methods such as FTA, ETA, and FEMA. The paper concludes with a general discussion of two recent methods (one based on compromise graphs and one on augmented vulnerability trees) that quantitatively determine the probability of an attack, the impact of the attack, and the reduction in risk associated with a particular countermeasure.
Toso, Robert; Tsang, Jonathan; Xie, Jasmina; Hohwald, Stephen; Bain, David; Willison-Parry, Derek
Technology transfer of biological products is a complex process that is important for product commercialization. To achieve a successful technology transfer, the risks that arise from changes throughout the project must be managed. Iterative risk analysis and mitigation tools can be used to both evaluate and reduce risk. The technology transfer stage gate model is used as an example tool to help manage risks derived from both designed process change and unplanned changes that arise due to unforeseen circumstances. The strategy of risk assessment for a change can be tailored to the type of change. In addition, a cross-functional team and centralized documentation helps maximize risk management efficiency to achieve a successful technology transfer. © PDA, Inc. 2016.
Henry, Matthew H; Haimes, Yacov Y
The risk of cyber attacks on process control networks (PCN) is receiving significant attention due to the potentially catastrophic extent to which PCN failures can damage the infrastructures and commodity flows that they support. Risk management addresses the coupled problems of (1) reducing the likelihood that cyber attacks would succeed in disrupting PCN operation and (2) reducing the severity of consequences in the event of PCN failure or manipulation. The Network Security Risk Model (NSRM) developed in this article provides a means of evaluating the efficacy of candidate risk management policies by modeling the baseline risk and assessing expectations of risk after the implementation of candidate measures. Where existing risk models fall short of providing adequate insight into the efficacy of candidate risk management policies due to shortcomings in their structure or formulation, the NSRM provides model structure and an associated modeling methodology that captures the relevant dynamics of cyber attacks on PCN for risk analysis. This article develops the NSRM in detail in the context of an illustrative example.
NASA requires continuous risk management for all programs and projects. The risk management process identifies risks, analyzes their impact, prioritizes them, develops and carries out plans to mitigate or accept them, tracks risks and mitigation plans, and communicates and documents risk information. Project risk management is driven by the project goal and is performed by the entire team. Risk management begins early in the formulation phase with initial risk identification and development of a risk management plan and continues throughout the project life cycle. This paper describes the risk management approach that is suggested for use in NASA's Human Support Technology Development. The first step in risk management is to identify the detailed technical and programmatic risks specific to a project. Each individual risk should be described in detail. The identified risks are summarized in a complete risk list. Risk analysis provides estimates of the likelihood and the qualitative impact of a risk. The likelihood and impact of the risk are used to define its priority location in the risk matrix. The approaches for responding to risk are either to mitigate it by eliminating or reducing the effect or likelihood of a risk, to accept it with a documented rationale and contingency plan, or to research or monitor the risk, The Human Support Technology Development program includes many projects with independently achievable goals. Each project must do independent risk management, considering all its risks together and trading them against performance, budget, and schedule. Since the program can succeed even if some projects fail, the program risk has a complex dependence on the individual project risks.
Information technology (IT) security threats and vulnerabilities have become a major concern for organizations in the United States. However, there has been little research on assessing the effect of IT security professionals' knowledge on the use of IT security controls. This study examined the unified theory of acceptance and use of technology…
... DEPARTMENT OF COMMERCE Bureau of Industry and Security Proposed Information Collection; Comment Request; National Security and Critical Technology Assessments of the U.S. Industrial Base AGENCY: Bureau of Industry and Security, Commerce. ACTION: Notice. SUMMARY: The Department of Commerce, as part of...
... DEPARTMENT OF HOMELAND SECURITY Coast Guard [Docket No. USCG-2011-0357] Cruise Vessel Safety and Security Act of 2010, Available Technology AGENCY: Coast Guard, DHS. ACTION: Notice of request for comments... Security and Safety Act of 2010(CVSSA), specifically related to video recording and overboard detection...
Garrahan, K.G.; Collie, S.L.
The U.S. Environmental Protection Agency's (EPA) Office of Research and Development (ORD) Threat and Consequence Assessment Division (TCAD) within the National Homeland Security Research Center (NHSRC) has developed a tool for rapid communication of health risks and likelihood of exposure in preparation for terrorist incidents. The Emergency Consequence Assessment Tool (ECAT) is a secure web-based tool designed to make risk assessment and consequence management faster and easier for high priority terrorist threat scenarios. ECAT has been designed to function as 'defensive play-book' for health advisors, first responders, and decision-makers by presenting a series of evaluation templates for priority scenarios that can be modified for site-specific applications. Perhaps most importantly, the risk communication aspect is considered prior to an actual release event, so that management or legal advisors can concur on general risk communication content in preparation for press releases that can be anticipated in case of an actual emergency. ECAT serves as a one-stop source of information for retrieving toxicological properties for agents of concern, estimating exposure to these agents, characterizing health risks, and determining what actions need to be undertaken to mitigate the risks. ECAT has the capability to be used at a command post where inputs can be checked and communicated while the response continues in real time. This front-end planning is intended to fill the gap most commonly identified during tabletop exercises: a need for concise, timely, and informative risk communication to all parties. Training and customization of existing chemical and biological release scenarios with modeling of exposure to air and water, along with custom risk communication 'messages' intended for public, press, shareholders, and other partners enable more effective communication during times of crisis. For DOE, the ECAT could serve as a prototype that would be amenable to
Wang Jue; Wang Fuquan; Jiang Zenghui
The paper analyzes the technology conditions of security inspection in home and abroad, and expatiates technology of spiral CT and how to define CT value etc, with studying on the key technology of spiral CT scanning way (X-RAY, detector, technology of pulley etc) and mutual relation. By comparing the present products of security inspection, the conclusion was drawn that it is inevitable to develop the tendency of security inspection area with the checking and discerning the substance by using the technology of multi-layer spiral CT. (authors)
Allodi, Luca; Massacci, Fabio
Current industry standards for estimating cybersecurity risk are based on qualitative risk matrices as opposed to quantitative risk estimates. In contrast, risk assessment in most other industry sectors aims at deriving quantitative risk estimations (e.g., Basel II in Finance). This article presents a model and methodology to leverage on the large amount of data available from the IT infrastructure of an organization's security operation center to quantitatively estimate the probability of attack. Our methodology specifically addresses untargeted attacks delivered by automatic tools that make up the vast majority of attacks in the wild against users and organizations. We consider two-stage attacks whereby the attacker first breaches an Internet-facing system, and then escalates the attack to internal systems by exploiting local vulnerabilities in the target. Our methodology factors in the power of the attacker as the number of "weaponized" vulnerabilities he/she can exploit, and can be adjusted to match the risk appetite of the organization. We illustrate our methodology by using data from a large financial institution, and discuss the significant mismatch between traditional qualitative risk assessments and our quantitative approach. © 2017 Society for Risk Analysis.
Vander Beken, Tom; Dorn, Nicholas; Van Daele, Stijn
This paper analyses some potential security risks, concerning terrorism or more mundane forms of crime, such as fraud, in management of nuclear waste using a PEST scan (of political, economic, social and technical issues) and some insights of criminologists on crime prevention. Nuclear waste arises as spent fuel from ongoing energy generation or other nuclear operations, operational contamination or emissions, and decommissioning of obsolescent facilities. In international and EU political contexts, nuclear waste management is a sensitive issue, regulated specifically as part of the nuclear industry as well as in terms of hazardous waste policies. The industry involves state, commercial and mixed public-private bodies. The social and cultural dimensions--risk, uncertainty, and future generations--resonate more deeply here than in any other aspect of waste management. The paper argues that certain tendencies in regulation of the industry, claimed to be justified on security grounds, are decreasing transparency and veracity of reporting, opening up invisible spaces for management frauds, and in doing allowing a culture of impunity in which more serious criminal or terrorist risks could arise. What is needed is analysis of this 'exceptional' industry in terms of the normal cannons of risk assessment - a task that this paper begins. Copyright 2009 Elsevier Ltd. All rights reserved.
Reddy, G. Nikhita; Reddy, G. J. Ugander
Cyber Security plays an important role in the field of information technology .Securing the information have become one of the biggest challenges in the present day. When ever we think about the cyber security the first thing that comes to our mind is cyber crimes which are increasing immensely day by day. Various Governments and companies are taking many measures in order to prevent these cyber crimes. Besides various measures cyber security is still a very big concern to many. This paper ma...
Aderholdt, Ferrol [Tennessee Technological University; Caldwell, Blake A [ORNL; Hicks, Susan Elaine [ORNL; Koch, Scott M [ORNL; Naughton, III, Thomas J [ORNL; Pelfrey, Daniel S [ORNL; Pogge, James R [Tennessee Technological University; Scott, Stephen L [Tennessee Technological University; Shipman, Galen M [ORNL; Sorrillo, Lawrence [ORNL
High performance computing environments are often used for a wide variety of workloads ranging from simulation, data transformation and analysis, and complex workflows to name just a few. These systems may process data for a variety of users, often requiring strong separation between job allocations. There are many challenges to establishing these secure enclaves within the shared infrastructure of high-performance computing (HPC) environments. The isolation mechanisms in the system software are the basic building blocks for enabling secure compute enclaves. There are a variety of approaches and the focus of this report is to review the different virtualization technologies that facilitate the creation of secure compute enclaves. The report reviews current operating system (OS) protection mechanisms and modern virtualization technologies to better understand the performance/isolation properties. We also examine the feasibility of running ``virtualized'' computing resources as non-privileged users, and providing controlled administrative permissions for standard users running within a virtualized context. Our examination includes technologies such as Linux containers (LXC , Docker ) and full virtualization (KVM , Xen ). We categorize these different approaches to virtualization into two broad groups: OS-level virtualization and system-level virtualization. The OS-level virtualization uses containers to allow a single OS kernel to be partitioned to create Virtual Environments (VE), e.g., LXC. The resources within the host's kernel are only virtualized in the sense of separate namespaces. In contrast, system-level virtualization uses hypervisors to manage multiple OS kernels and virtualize the physical resources (hardware) to create Virtual Machines (VM), e.g., Xen, KVM. This terminology of VE and VM, detailed in Section 2, is used throughout the report to distinguish between the two different approaches to providing virtualized execution
Full Text Available This paper achieved an analysis of some important management strategies for an investment, in correlation with index of global pollution. Environmental security assessment shall be determined taking into account the workplace security and effects on health, safety of workers in an industry investment. It is necessary to observe and collect a larger number of data generated by the development of an industrial process, so as to make a deep analysis on global pollution index and how it is affected industrial investment environment. This research shows how can the substances that infest the environment to produce much damage and influence the environmental factors (air, water, soil, landscape, fauna and flora. When we know the risks that characterize the plant equipment, we can protect the life and we can protect the environment for a sustainable development in the future.
Ramirez, Jacobo; Madero, Sergio; Vélez-Zapata, Claudia
This paper examines the reciprocal obligations between employers and employees that are framed as psychological contracts in security-risk environments. A total of 30 interviews based on psychological contract frameworks, duty-of-care strategies in terms of human resource management (HRM) systems...... and the impacts of narcoterrorism on firms were conducted with human resources (HR) personnel, line managers and subordinates at eight national and multinational corporations (MNCs) with subsidiaries in Colombia and Mexico. Our findings generally support the existence of a relational psychological contract in our...... sample. Duty-of-care strategies based on both HRM systems and the sensitivities of HR personnel and line managers to the narcoterrorism context, in combination with both explicit and implicit security policies, tend to be the sources of the content of psychological contracts. We propose a psychological...
... 48 Federal Acquisition Regulations System 6 2010-10-01 2010-10-01 true Security requirements for unclassified information technology (IT) resources. 1804.470 Section 1804.470 Federal Acquisition Regulations... Classified Information Within Industry 1804.470 Security requirements for unclassified information technology...
This report documents the formalization of relationships with external service providers in the development of the National Security Technology Incubator (NSTI). The technology incubator is being developed as part of the National Security Preparedness Project (NSPP), funded by a Department of Energy (DOE)/National Nuclear Security Administration (NNSA) grant. This report summarizes the process in developing and formalizing relationships with those service providers and includes a sample letter of cooperation executed with each provider.
Polyakov, Alexandre V.
Intelligent underground fiber optic perimeter security system is presented. Their structure, operation, software and hardware with neural networks elements are described. System allows not only to establish the fact of violation of the perimeter, but also to locate violations. This is achieved through the use of WDM-technology division spectral information channels. As used quasi-distributed optoelectronic recirculation system as a discrete sensor. The principle of operation is based on registration of the recirculation period change in the closed optoelectronic circuit at different wavelengths under microstrain exposed optical fiber. As a result microstrain fiber having additional power loss in a fiber optical propagating pulse, which causes a time delay as a result of switching moments of the threshold device. To separate the signals generated by intruder noise and interference, the signal analyzer is used, based on the principle of a neural network. The system detects walking, running or crawling intruder, as well as undermining attempts to register under the perimeter line. These alarm systems can be used to protect the perimeters of facilities such as airports, nuclear reactors, power plants, warehouses, and other extended territory.
Dra. Rosa Catalina Bermúdez-Savòn
Full Text Available A sustainable way for food and energetic security in rural and the city regions, is presented with the application of the solid state fermentation for the biotransformation of lignocellulosic by-products and agro-industrial wastes with white-rot fungi. Inamush as advantages of this technology, is showed the cultivation of mushroom Pleurotus spp.on coffee pulp, cedar chip , coconut and cocoa shells, and the influence of it´s mixture (1:1, trough examination of their growth rates and conversion efficacy to fruiting bodies, which cause contamination of soil and water, because of large volumes and difficult management. The use of residues for these cultive was consolidate such as alternative viable for food production, capable to satisfy the protein and nutritive necessity of population in the non-developing countries, besides low cost production, high protein content and obtention in large quantity in short time. In addition to produce complements for animal feet, such as the spent oyster mushroom substrate postcosecha is detoxified, has proteic content and better digestibility than original substrates,and can be used as animal feed or fertilizer, at the same time, was eradicated the problem of environmental contamination of these residues provoking and further contribution at sustainable development of the communities.
Candura, S M; Verni, P; Minelli, C M; Rosso, G L; Cappelli, M I; Strambi, S; Martellosio, V
The present paper tries to identify the occupational risk factors (physical, chemical, biological, psychological), variable depending on jobs and tasks, to which the heterogeneous public safety/security workers are exposed. The fight against criminality and public order maintenance imply (sometimes fatal) traumatic risks, and expose to psychophysical and sensorial tiring, unfavourable macro- and microclimatic conditions, the risk of baropathy (air navigation, underwater activities), noise (generated by firearms and several other sources), vibrations and shakings (automatic weapons, transport vehicles), the risk of electric injury, ionizing (X and gamma rays) and non-inonizing (ultraviolet rays, microwaves and radiofrequencies, electromagnetic fields) radiations. Chemical hazards include carbon monoxide and other combustion products (fires, urban traffic), substances released in chemical accidents, tear gases, lead (firing grounds, metal works, environmental pollution), solvents, lubrificants and cutting oils (mechanic repair and maintenance), laboratory materials and reagents, irritant and/or sensitizing agents contained in gloves. The main biological risks are tetanus, blood-borne diseases (viral hepatitis, AIDS), aerogenous diseases (e.g., tuberculosis, Legionnaire's disease, epidemic cerebrospinal meningitis), dog- or horse-transmitted zoonosis. Finally, emotional, psychosomatic and behavioural stress-related disorders (e.g., burn-out syndrome, post-traumatic stress disorder) are typically frequent. The presence of numerous and diversified hazards among public safety/security forces imposes the adoption of occupational medicine measures, including risk assessment, health education, technical and environmental prevention, personal protective devices, sanitary surveillance and biological monitoring, clinical interventions (diagnosis, therapy and rehabilitation of occupational accidents and illnesses), prompt medico-legal evaluation of occupational
With a growing number of healthcare security requirements from states as well as regulators like FEMA, CMS, and DHS, the need to conduct comprehensive Security Risk Assessments has become essential, according to the author. In this article, she provides the basic elements of such assessments as well as guidance on how to apply them to a facility report and how to present the report to management.
Borrelli, G.; Sartori, S.
The main purpose of this work is to demonstrate by means of a critical analysis of the state-of-the-art in technological and environmental risk analysis and decision making, that risk and environmental management decisions involve heterogeneous groups of social actors, each representing conflicting interests. It is argued that risk analyses should therefore be based on social interaction and communication paradigma, as well as, on a new rational way of thinking concerning the optimum choice of suitable technological development strategies leading towards a publicly acceptable balance between national energy-economic strategic necessities and social and individual perception of risk
Lv, Haitao; Yin, Chao; Cui, Zongmin; Zhan, Qin; Zhou, Hongbo
For a security system, the risk assessment is an important method to verdict whether its protection effectiveness is good or not. In this paper, a security system is regarded abstractly as a network by the name of a security network. A security network is made up of security nodes that are abstract functional units with the ability of detecting, delaying and responding. By the use of risk entropy and the Neyman–Pearson criterion, we construct a model to computer the protection probability of any position in the area where a security network is deployed. We provide a solution to find the most vulnerable path of a security network and the protection probability on the path is considered as the risk measure. Finally, we study the effect of some parameters on the risk and the breach protection probability of a security network. Ultimately, we can gain insight about the risk assessment of a security system. - Highlights: • A security system is regarded abstractly as a network made up of security nodes. • We construct a model to computer the protection probability provided by a security network. • We provide a better solution to find the most vulnerable path of a security network. • We build a risk assessment model for a security network based on the most vulnerable path
Hur, Yong Soo; Ryu, Eun Kyung; Park, Sung Jin; Yoon, Jeong; Yoon, San Hyun; Yang, Gi Deok; Hur, Chang Young; Lee, Won Don; Lim, Jin Ho
In the field of assisted reproductive technology (ART), medical accidents can result in serious legal and social consequences. This study was conducted to develop a security system (called IVF-guardian; IG) that could prevent mismatching or mix-ups in ART. A software program was developed in collaboration with outside computer programmers. A quick response (QR) code was used to identify the patients, gametes and embryos in a format that was printed on a label. There was a possibility that embryo development could be affected by volatile organic components (VOC) in the printing material and adhesive material in the label paper. Further, LED light was used as the light source to recognize the QR code. Using mouse embryos, the effects of the label paper and LED light were examined. The stability of IG was assessed when applied in clinical practice after developing the system. A total of 104 cycles formed the study group, and 82 cycles (from patients who did not want to use IG because of safety concerns and lack of confidence in the security system) to which IG was not applied comprised the control group. Many of the label paper samples were toxic to mouse embryo development. We selected a particular label paper (P touch label) that did not affect mouse embryo development. The LED lights were non-toxic to the development of the mouse embryos under any experimental conditions. There were no differences in the clinical pregnancy rates between the IG-applied group and the control group (40/104 = 38.5 % and 30/82 = 36.6 %, respectively). The application of IG in clinical practice did not affect human embryo development or clinical outcomes. The use of IG reduces the misspelling of patient names. Using IG, there was a disadvantage in that each treatment step became more complicated, but the medical staff improved and became sufficiently confident in ART to offset this disadvantage. Patients who received treatment using the IG system also went through a somewhat
... Unclassified Information Technology Resources. 652.239-71 Section 652.239-71 Federal Acquisition Regulations... Provisions and Clauses 652.239-71 Security Requirements for Unclassified Information Technology Resources. As... Technology Resources (SEP 2007) (a) General. The Contractor shall be responsible for information technology...
E-commerce is an important information system in the network and digital age. However, the network intrusion, malicious users, virus attack and system security vulnerabilities have continued to threaten the operation of the e-commerce, making e-commerce security encounter serious test. How to improve ecommerce security has become a topic worthy of further exploration. Combining routine security test and security event detection procedures, this paper proposes the Two-Layer Secure ...
Technological developments can undermine the autonomy of the individual. Autonomy is one's ability to make and act upon decisions according to one's own moral framework. Respect for autonomy dictates that risks should not be imposed on the individual without her consent. Technological developments
Llano-Paz, Fernando de; Martínez Fernandez, Paulino; Soares, Isabel
The different energy sources, their costs and impacts on the environment determine the electricity production process. Energy planning must solve the existence of uncertainty through the diversification of power generation technologies portfolio. The European Union energy and environmental policy has been mainly based on promoting the security of supply, efficiency, energy savings and the promotion of Renewable Energy Sources. The recent European Commission communication “Towards an European Energy Union: A secure, sustainable, competitive and affordable energy for every European” establishes the path for the European future. This study deals with the analysis of the latest EU “Energy Union” goals through the application of Markowitz portfolio theory considering technological real assets. The EU targets are assessed under a double perspective: economic and environmental. The model concludes that implementing a high share of Renewable Energy target in the design of European Policies is not relevant: the maximization of Renewable Energy share could be achieved considering a sole Low Emissions of carbon dioxide policy. Additionally it is confirmed the need of Nuclear energy in 2030: a zero nuclear energy share in 2030 European Mix is not possible, unless the technological limits participation for Renewable Energy Sources were increased. - Highlights: • Implementing a high RES share target in European Policies could not be relevant. • Maximizing RES share could be achieved considering a sole Low Emissions policy. • The EU 2030 Nuclear energy 50% shutting down could be feasible. • Minimizing risk portfolio presents high diversification and energy security levels.
This short paper describes our ongoing research about security risk management for IT projects which might eventually take benefit from outsourcing to external Cloud services. Choosing appropriate, secure enough Cloud services from multiple offers might be difficult. Hence, we develop the Cloud Security Guide CSG to assist. It contains a specialized methodology for Cloud risk assessment supporting particularly the extraction of security relevant information from user contracts or terms and co...
Hsu, D Frank
Advances in Cyber Security provides, in a technical yet easy to understand fashion, a real life story of the evolving cyberspace ecosystem from the perspectives of structure, function, and application. It also provides ways and means to secure and sustain this ecosystem by the collective wisdom of professionals and practitioners from government, academia, and industry across national and international boundaries.
Munck, Berit; Sandgren, Anna
The increase in the use of medical devices in palliative home care requires that patients and next-of-kin feel secure. Therefore, the aim was to describe medical technology's impact on the sense of security for patients, next-of-kin and district nurses. Deductive content analysis was conducted on data from three previous studies, using the theoretical framework 'palliative home care as a secure base'. The use of medical technology was shown to have an impact on the sense of security for all involved. A sense of control was promoted by trust in staff and their competence in managing the technology, which was linked to continuity. Inner peace and being in comfort implied effective symptom relief facilitated by pain pumps and being relieved of responsibility. Health care professionals need to have practical knowledge about medical technology, but at the same time have an awareness of how to create and maintain a sense of security.
... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] HydroGen Corp., QueryObject Systems Corp., Security Intelligence Technologies, Inc., Skins, Inc., SLM Holdings, Inc., Spring Creek Healthcare Systems... securities of Security Intelligence Technologies, Inc. because it has not filed any periodic reports since...
Jelena STANKEVIČIENĖ; Tatjana SVIDERSKĖ; Algita Miečinskienė MIEČINSKIENĖ
The globalization phenomenon raises new challenges in terms of country risk and economic security for small open economies. The objective of this paper is to evaluate the relationship between economic security and country risk indicators in EU Baltic Sea region countries. This paper, after surveying definitions and typologies of risks, proposes the analysis of the relationship between economic security and country risk in EU Baltic Sea region countries based on statistical data from 2012. ...
Nielsen, T.H. [Oslo Univ. (Norway)
Modern risks are neither determined by scientific-technological factors alone, nor mere social construction, nor arbitrary subjective perception. The three sources of risk have been described and emphasised recently by the three sociologists Ulrich Beck, Anthony Giddens and Niklas Luhmann respectively. A comprehensive concept of risk capable of explaining the public perception and avoiding misunderstandings between safety experts and lay people must, however, consider and combine elements from all three. (author).
The technology development program's (TDP's) mission is to provide technologies or methodologies that address safeguards and security requirements throughout the U.S. DOE complex as well as to meet headquarters' policy needs. This includes developing state-of-the-art technologies or modifying existing technologies in physical security, material control and accountability, information security, and integrated safeguards systems. The TDP has an annual process during which it solicits user requirements from the field. These requirements are analyzed by DOE headquarters and laboratory personnel for technical merit. The requirements are then prioritized at headquarters, and the highest priorities are incorporated into our budget. Although this user-needs process occurs formally once a year, user requirements are accepted at any time. The status of funded technologies is communicated through briefings, programs reviews, and various documents that are available to all interested parties. Participants in several interagency groups allows our program to benefit from what others are doing and to prevent duplications of efforts throughout the federal community. Many technologies are transferred to private industry
Castro, R.; Barbato, P.; Vega, J.; Taliercio, C.
Remote participation facilities among fusion laboratories require access control solutions with two main objectives: to preserve the usability of the systems and to guaranty the required level of security for accessing to shared services. On one hand, this security solution has to be: single-sign-on, transparent for users, compatible with user mobility, and compatible with used client applications. On the other hand, it has to be compatible with shared services and resources among organisations, providing in each case the required access security level. EFDA-Federation is a security infrastructure that integrates a set of fusion laboratories and enables to share resources and services fulfilling the requirements previously described. In EFDA community, JET and RFX have security access policies to some of their services that require strong authentication mechanisms. In both cases, strong authentication is based on RSA SecurID tokens. This is a hardware device that is supplied to and generates a new password every minute. The job presents two main results. The first one is the integration of RSA SecurID into EFDA-Federation. Thanks to it, federated organisations are able to offer SecurID to their users as an alternative strong authentication mechanism, with the corresponding increase of security level. The second result is the development of a new access control mechanism based on port knocking techniques and its integration into EFDA-Federation. Additionally, a real application in RFX is presented and includes the integration of its SecurID infrastructure as federated authentication mechanism, and the application of the new access control mechanism to its MDSplus server.
Jinsoo Shin; Hanseong Son; Gyunyoung Heo
Cyber security is an important issue in the field of nuclear engineering because nuclear facilities use digital equipment and digital systems that can lead to serious hazards in the event of an accident. Regulatory agencies worldwide have announced guidelines for cyber security related to nuclear issues, including U.S. NRC Regulatory Guide 5.71. It is important to evaluate cyber security risk in accordance with these regulatory guides. In this study, we propose a cyber security risk evaluatio...
Full Text Available Because of their low cost and adaptability, wireless sensor networks are widely used in civil, military, and commercial fields and other fields. However, since the sensor node in the calculation of the capacity, battery capacity, and storage capacity are restricted by the limitations and inherent characteristics of the sensor networks, compared to traditional networks, which makes wireless sensor networks face more security threats. This paper summarized research progress of sensor network security issues as three aspects, key management, authentication, and secure routing, analyzed and commented on these results advantages and disadvantages and pointed out the future direction of the hot research field.
In December 1988, the General Assembly requested the Secretary-General to follow future scientific and technological developments, especially those with potential military applications, and to evaluate their impact on international security. In resolution 43/77 A it also requested the Secretary-General to report to it at its forty-fifth session. The broad fields in which scientific and technological developments are taking place were identified as: information technology, biotechnology, materials technology, nuclear technology and space technology. These assessments were discussed by a wider group of experts at a high-level conference on ''New trends in science and technology: implications for international peace and security'', held in April 1990 in the city of Sendai, Japan. The Conference, which was attended by nearly 100 participants from over 20 countries, addressed issues of technological change and global security, new technologies and the search for security in the post-cold-war era, and national policy-making and international diplomacy in an era of rapid technological change. General approaches to technology assessment and technology trends in selected areas were also discussed. The positions taken by Member States on the subject of establishing a mechanism for technology assessment were also taken into account. The highlights of the report are summarized
Full Text Available For technologies such as electronic commerce, mobile payments, internet and mobile banking etc. customers are concerned about security issues that arise as a result of adoption of these technologies. However, in practice, we find that customers forgo their considerations of risk in the technology, if the benefits of using the technology overpower the risks involved in using the technology. Understanding their relative roles in technology adoption will help technology developers focus their efforts on either of them to improve technology adoption. Results of this study reveal that in adopting a technology, customers are guided more by the perception of control rather than by the perception of risk. Implications for theory and practice are discussed.
"The University of Arkansas (UA) team is responsible for investigating practices of : hazardous material transportation in the private sector. The UA team is a subcontractor : to the project Petrochemical Transportation Security, Development of...
Elena S. Zinovieva
Full Text Available Abstract: The development of post-industrial society initiates profound economic, technological and cultural change in the way of life of all mankind. The revolutionary breakthroughs in the field of new technologies such as biotechnology and information technology are reflected in all spheres of human activity, directly affecting the human security. The article analyzes the consequences of widespread usage biotechnology and information technology in the foreign policy practice on the basis of the human security theory. The detailed description of the main directions of the use of biometric technology in the foreign policy and consular practices is provided, the challenges and threats to information security associated with biometrics are analyzed, arising from widespread biotechnology are the main challenges and threats to as well as human security threats arising at the present stage of development and application of these technologies. Human security threats associated with the use of biotechnology are placed in the broader context of global trends in scientific and technological development. The recommendations are formulated in the field of foreign policy and international cooperation, which would neutralize new threats to international and personal safety arising at the present stage of development of biotechnology. The authors conclude that in order to ensure ethical regulation of new technologies that address issues of human security, it is necessary to organize multi-stakeholder partnerships at national and international level with the participation of states, representatives of civil society, business and the research community.
Herrmann, Andrea; Morali, A.; Etalle, Sandro; Wieringa, Roelf J.; Niedrite, Laila; Strazdina, Renate; Wangler, Benkt
Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement “good-enough security‿ but need to be able to justify their security investment plans. In this paper, we present a Risk-Based
Gersh, Deborah; Hoey, Laura G; McCrystal, Timothy M; Tolley, David C
The Department of Health and Human Services will conduct security rule audits that will involve on-site visits and include: Compliance-focused interviews with key organizational leaders. Scrutiny of physical operations controls, especially regarding storage, maintenance, and use of protected health information. Assessment of organizational policies and procedures to ensure compliance with privacy and security rules. Identification of regulatory compliance areas of concern.
Through the in-depth study on the existing mobile e-commerce and WAP protocols, this paper presents a security solution of e-commerce system based on WPKI, and describes its implementation process and specific implementation details. This solution uniformly distributes the key used by the various participating entities , to fully ensure the confidentiality, authentication, fairness and integrity of mobile e-commerce payments, therefore has some pract ical value for improving the security of e-commerce system.
Argo, P.; Loveland, R.; Anderson, K. [and others
The Adaptive Multisensor Integrated Security System (AMISS) uses a variety of computational intelligence techniques to reason from raw sensor data through an array of processing layers to arrive at an assessment for alarm/alert conditions based on human behavior within a secure facility. In this paper, the authors give an overview of the system and briefly describe some of the major components of the system. This system is currently under development and testing in a realistic facility setting.
This paper will focus on the first step in establishing network security, authentication, and describe the basic function of both RSA and Kerberos as used to provide authentication and confidential data transfer services. It will also discuss the Digital Signature Standard and the market acceptance of each. Proper identification of the principals involved in a network dialog is a necessary first step in providing network-wide security comparable to that of stand-alone systems.
Argo, P.; Loveland, R.; Anderson, K.
The Adaptive Multisensor Integrated Security System (AMISS) uses a variety of computational intelligence techniques to reason from raw sensor data through an array of processing layers to arrive at an assessment for alarm/alert conditions based on human behavior within a secure facility. In this paper, the authors give an overview of the system and briefly describe some of the major components of the system. This system is currently under development and testing in a realistic facility setting
Iles, Irina A; Egnoto, Michael J; Fisher Liu, Brooke; Ackerman, Gary; Roberts, Holly; Smith, Daniel
After the 9/11 terrorist attacks, the U.S. government initiated several national security technology adoption programs. The American public, however, has been skeptical about these initiatives and adoption of national security technologies has been mandated, rather than voluntary. We propose and test a voluntary behavioral intention formation model for the adoption of one type of new security technology: portable radiation detectors. Portable radiation detectors are an efficient way of detecting radiological and nuclear threats and could potentially prevent loss of life and damage to individuals' health. However, their functioning requires that a critical mass of individuals use them on a daily basis. We combine the explanatory advantages of diffusion of innovation with the predictive power of two volitional behavior frameworks: the theory of reasoned action and the health belief model. A large sample survey (N = 1,482) investigated the influence of factors identified in previous diffusion of innovation research on portable radiation detector adoption intention. Results indicated that nonfinancial incentives, as opposed to financial incentives, should be emphasized in persuasive communications aimed at fostering adoption. The research provides a new integration of diffusion of innovation elements with determinants of volitional behavior from persuasion literature, and offers recommendations on effective communication about new security technologies to motivate public adoption and enhance national safety. © 2017 Society for Risk Analysis.
Wezel, van Annemarie P.; Lente, van Harro; Sandt, van de Johannes J.M.; Bouwmeester, Hans; Vandeberg, Rens L.J.; Sips, Adrienne J.A.M.
Governments invest in “key enabling technologies,” such as nanotechnology, to solve societal challenges and boost the economy. At the same time, governmental agencies demand risk reduction to prohibit any often unknown adverse effects, and industrial parties demand smart approaches to reduce
... Technology Solutions Central Security Services Dresher, Pennsylvania; TA-W-82,634A, Prudential Global Business Technology Solutions Central Security Services Iselin, New Jersey; TA-W-82,634B, Prudential Global Business Technology Solutions Central Security Services Plymouth, Minnesota; TA- W-82,634C, Prudential...
... 1974; Department of Homeland Security/ALL-004 General Information Technology Access Account Records..., Department of Homeland Security/ALL-004 General Information Technology Access Account Records System of... name: DHS/ALL-004 General Information Technology Access Account Records System of Records. Security...
The Particular intervention plan (PPI in French) is an emergency plan which foresees the measures and means to be implemented to address the potential risks of the presence and operation of a nuclear facility. This plan is implemented and developed by the Prefect in case of nuclear accident (or incident leading to a potential accident), the impact of which extending beyond the facility perimeter. It represents a special section of the organisation plan for civil protection response (ORSEC plan). The PPI foresees the necessary measures and means for crisis management during the first hours following the accident and is triggered by the Department Prefect according to the information provided by the facility operator. Its aim is to protect the populations leaving within 10 km of the facility against a potential radiological hazard. The PPI describes: the facility, the intervention area, the protection measures for the population, the conditions of emergency plan triggering, the crisis organisation, the action forms of the different services, and the post-accident stage. This document is the public version of the Particular intervention plan of the Blayais NPP (Gironde, France)
Almost daily, Americans receive reports from the mass news media about some new and frightening risk to health and welfare. Most such reports emphasize the newsworthiness of the risks -- the possibility of a crisis, disagreements among experts, how things happened, who is responsible for fixing them, how much will it cost, conflict among parties involved, etc. As a rule, the magnitudes of the risks, or the difficulty of estimating those magnitudes, have limited newsworthiness, and so they are not mentioned. Because of this emphasis in the news media, most people outside the risk assessment community must judge the relative significance of the various risks to which we all are exposed with only that information deemed newsworthy by reporters. This information is biased and shows risks in isolation. There is no basis for understanding and comparing the relative importance of risks among themselves, or for comparing one risk, perhaps a new or newly-discovered one, in the field of all risks. The purpose of this report is to provide perspective on the various risks to which we are routinely exposed. It serves as a basis for understanding the meaning of quantitative risk estimates and for comparing new or newly-discovered risks with other, better-understood risks. Specific emphasis is placed on health risks of energy technologies.
Ishikawa, Hiroyuki; Tate, Akihiro; Murakami, Tadashi
In J-PARC (Japan Proton Accelerator Research Complex) we have set up intra-network (internal network, we will abbreviate it as JLAN, below) to support research activity and communication among users. In JLAN, we set up various kinds of security devices to keep JLAN secure. However, the servers which provide information or service to public are still in danger of being accessed illegally. If there is an illegal access, that may cause defacement of data or information leak. Furthermore, the victim servers are manipulated by the malicious attackers, and they themselves attack the external information equipments. Vulnerability of servers enables unauthorized access. So, vulnerability test with use of a vulnerability tool is one of the most effective ways to take measures for vulnerability of the equipments. However, it is not enough to just conduct a vulnerability test. It is also essential for information security to take measures to cover constantly for the vulnerability of servers. We focused on the points above, and developed the vulnerability testing system for security. It is not only a testing tool for the vulnerability of servers, but also management system which enables the server administrators in charge of taking measures for vulnerabilities to manage risks and handles PDCA (Plan-Do-Check-Action) cycles as countermeasure for vulnerability. In this paper, we report the technologies and ingenuities for the development of the above system. (author)
Song, J. G.; Lee, J. W.; Lee, C. K.; Kwon, K. C.; Lee, D. Y.
Digital Instrumentation and Control (I and C) systems in nuclear power plants (NPPs) use general digital technologies similar to those used in IT systems. However, one of significant differences between the two systems resides in the duration of their service life. The I and C systems in NPPs operate for more than 20 years. IT systems, on the other hand, are in service for about 3 to 5 years. Hence, a one-time risk assessment for IT systems is normally acceptable. In contrast, the risk assessment for the I and C systems in NPPs should be recursively performed during their longer operation life. A recursive procedure for cyber security risk assessment of the I and C systems in NPPs is studied and proposed in this paper
Feng, Nan; Zheng, Chundong
Given the increasing cooperation between organizations, the flexible exchange of security information across the allied organizations is critical to effectively manage information systems (IS) security in a distributed environment. In this paper, we develop a cooperative model for IS security risk management in a distributed environment. In the proposed model, the exchange of security information among the interconnected IS under distributed environment is supported by Bayesian networks (BNs). In addition, for an organization's IS, a BN is utilized to represent its security environment and dynamically predict its security risk level, by which the security manager can select an optimal action to safeguard the firm's information resources. The actual case studied illustrates the cooperative model presented in this paper and how it can be exploited to manage the distributed IS security risk effectively.
Full Text Available The article substantiates the relevance of the study to ensure security of the state tax. Scientists studied different approaches to defining the essence of the concept of "security tax" on the key features that would satisfy the interests of all subjects of tax relations and the necessity of legal consolidation of this concept. Analyzed the economic, social and legal nature of the existence of the security tax, identified key indicators of fiscal security of Ukraine. To determine the effectiveness of the tax administration in the interests of the tax security highlights the main threats, tax security risks caused by external and internal factors, and propose measures for their elimination and prevent the possibility of their occurrence. The stages of tax risk management with effective building security tax, designed structurally-logic of the tax risk management security.
... unclassified information technology resources. 3052.204-70 Section 3052.204-70 Federal Acquisition Regulations... for unclassified information technology resources. As prescribed in (HSAR) 48 CFR 3004.470-3, insert a clause substantially the same as follows: Security Requirements for Unclassified Information Technology...
... Federal information technology resources. 352.239-72 Section 352.239-72 Federal Acquisition Regulations... Provisions and Clauses 352.239-72 Security requirements for Federal information technology resources. As... Federal Information Technology Resources (January 2010) (a) Applicability. This clause applies whether the...
... unclassified information technology resources. 1252.239-70 Section 1252.239-70 Federal Acquisition Regulations... of Provisions and Clauses 1252.239-70 Security requirements for unclassified information technology... Unclassified Information Technology Resources (APR 2005) (a) The Contractor shall be responsible for...
Johannes Petrus Rossouw
Full Text Available Although research assistantships are considered research learning venues in graduate education, there is a scarcity of literature that examines ethical elements attached to the employment of graduate student research assistants or the position of their research supervisors. This article explores the need to implement formal regulations specific to research assistantships in order to increase security and decrease risks for research assistants and research supervisors. Relationships between research assistants and research supervisors have some similarities with regular employment relationships; yet some distinct differences arise due to the educational and developmental nature of research assistantships. The article is written from a dual perspective reflecting the authors’ roles (a research supervisor and a research assistant, respectively and institutional locations (Faculties of Education in South Africa and Canada. The authors draw from existing literature, an analysis of institutional policies and practices at their universities, and their personal and professional experiences to illustrate risks that research assistants and their supervisors may face within research assistantships. They assess the extent to which existing and proposed policies and practices influence working conditions and safeguard experiences within graduate research assistantships. The findings reveal that research assistantships are a unique form of employment focused on educational and professional development that requires specific documentation of expected standards of practice. The authors argue that lack of clear regulations exposes both parties to unnecessary risks and offer recommendations for creating a “Standards of Good Practice” document that will be useful for individuals engaged in research assistantships.
Highlights: • Energy systems need to decarbonise, provide security and remain affordable. • There is uncertainty over which technologies will best enable this to happen. • A strategy to deal with uncertainty is to assess a technologies ability to show resilience, flexibility and adaptability. • Scale is important and smaller scale technologies are like to display the above characteristics. • Smaller scale technologies are therefore more likely to enable a sustainable, secure, and affordable energy transition. - Abstract: This research explores the relationship between technology scale, energy security and decarbonisation within the UK energy system. There is considerable uncertainty about how best to deliver on these goals for energy policy, but a focus on supply chains and their resilience can provide useful insights into the problems uncertainty causes. Technology scale is central to this, and through an analysis of the supply chains of nuclear power and solar photovoltaics, it is suggested that smaller scale technologies are more likely to support and enable a secure, low carbon energy transition. This is because their supply chains are less complex, show more flexibility and adaptability, and can quickly respond to changes within an energy system, and as such they are more resilient than large scale technologies. These characteristics are likely to become increasingly important in a rapidly changing energy system, and prioritising those technologies that demonstrate resilience, flexibility and adaptability will better enable a transition that is rapid, sustainable, secure and affordable
K. Ram Mohan Rao; Durgesh Pant
Security assessment is crucial in web application development environment. The Rapid Application Development (RAD) process makes the application extremely short and makes it difficult to eliminate the vulnerabilities. Here we study how web application risk assessment technique such as risk rating process can be applied to web application. We implement our proposed mechanism the application risk assessment methodology using Open Web Application Security Project (OWASP) model for the security a...
Gilliam, D. P.; Kelly, J. C.; Powell, J. D.; Bishop, M.
This paper discusses development of a security assessment instrument for the software development and maintenance life cycle. The assessment instrument is a collection of tools and procedures to support development of secure software.
Carter, Cathy Ho, Ngaire Underhill, Sara James, Jessica Olszta, Jessica Brooks, Melissa May, and Rodolfo Cuevas. Because Lincoln Laboratory is at the...Corporation Applicon Arcon Corporation Ascension Technology Atlantic Aerospace Electronics Axsun Technologies Broadcloud Communications Carl Blake
Full Text Available Currently, the governments of many countries are facing with a lack of funds for financing programs for social protection of population. Among the causes of this problem, we can indicate the high unemployment rate, which, among other things, is due to implementation of labor-saving technologies. The purpose of this work is to study the impact of technological changes on the sustainability of the state social security system in Ukraine. The general approaches to the assessment of the stability of the state social security system are described. The simulation of the effect of economically efficient technological changes on the company’s income and expenses was carried out. Some patterns of such changes are established. The group of productive technological changes types is presented. The model is developed, and an indicator of the impact estimation of efficiently effective technological changes on the stability of the state social security system is proposed. The analysis of the main indicators of the state social security system functioning of Ukraine is carried out. The dynamics of indicators characterizing the labor market of Ukraine is analyzed. The influence of changes in labor productivity on costs and profits by industries of Ukraine is estimated. The evaluation of the impact of economically efficient technological changes in the industries of Ukraine on the stability of its state social security system is carried out. The different state authorities can use the obtained results for developing measures to manage the sustainability of the state social security system.
Full Text Available Recent regulations in the United States (U.S. such as the Sarbanes-Oxley Act of 2002 require top management of a public firm to provide reasonable assurance that they institute internal controls that minimize risks over the firm’s operations and financial reporting. External auditors are required to attest to the management’s assertions over the effectiveness of those internal controls. As firms rely more on information technology (IT in conducting business, they also become more vulnerable to IT related risks. IT is critical for initiating, recording, processing, summarizing and reporting accurate financial and non-financial data. Thus, understanding IT related risks and instituting internal control mechanisms that minimize them have become important and created an urgent need for professionals who are equipped with IT audit and security skills and knowledge. However, there is severe shortage of teaching cases that can be used in courses aimed at training such professionals. This teaching case begins to address this gap by fostering classroom discussions around IT audit and security issues. It revolves around a hacking incident that compromised online order processing systems of AlphaCo and led to some fraudulent activity. The hacking incident raises a series of questions about IT security vulnerabilities, internal control deficiencies, integrity of financial statements, and independent auditors’ assessment of fraud in the context of the Sarbanes-Oxley Act. The case places students in the roles of executives, IT managers, and auditors and encourages them to discuss several important questions: how and why did the hacking incident happen; what harm did it cause to the firm; how can the firm prevent such hacking incidents in the future; if they do happen, how can the firm detect hacking incidents and fraud sooner; how do auditors assess the impact of such incidents in the context of a financial statement audit; and whether the management
Cyber security is among the most complex and rapidly evolving issues and has been the focus of present day organizations. Cyber security risk management is the process of managing or reducing potentially harmful and uncertain events that posse as threats to cyber security. It involves looking at what could go wrong on ...
Standard HSM Hardware Security Module HTTP Hypertext Transfer Protocol IP Internet Protocol IPSec Internet Protocol Security LDAP Lightweight...native integration with business directory and identity systems such as Lightweight Directory Access Protocol ( LDAP ), Kerberos, Microsoft Active
Ruthberg, Zella G.
This is a collection of consensus reports, each produced at a session of an invitational workshop sponsored by the National Bureau of Standards. The purpose of the workshop was to explore the state-of-the-art and define appropriate subjects for future research in the audit and evaluation of computer security. Leading experts in the audit and…
Agriculture, the most important industry in Africa, has not provided adequate food security and economic well-being for the continent's population. Agricultural production per capita and total exports declined since the 1970s, while population and urbanization increases resulted in growing demand. This inadequate ...
Sumithra A; Dr.E.Ramraj
As security of software systems is becoming more and more important in the current era of ecommerce and e-governance, traditional approaches for software development should be supplanted with a formal approach to security in the software life cycle. Both a software security checklist and assessment tools should be incorporated into this life cycle process. This paper focuses on the development of a Security Checklist for the software life cycle. It includes the critical areas of requiremen...
Koudelka, Petr; Siska, Petr; Latal, Jan; Poboril, Radek; Hajek, Lukas; Kepak, Stanislav; Vasinek, Vladimir
Next-generation passive optical access networks come to the fore nowadays. These optical next-generation networks are the response to the increasing qualitative requirements from end users. Technologies using Time Division Multiplexing include NG-PON (XG-PON 1 and XG-PON 2) and 10GEPON. Their advantage is the applicability to older topologies, which are operated by the original technology of passive optical access networks. Wavelength Division Multiplexing Passive Optical Network (WDM-PON) is an alternative also belonging to next-generation networks. Time Division Multiplexing is in this case replaced by Wavelength Division Multiplexing. Certain variants of WDM-PON use a combination of broadband light source, optical circulator, optical phased array and tunable FP laser. Construction of the terminal units (ONU) is advantageous because it can always tune in to the appropriate wavelength in the given optical DWDM channel (100 GHz). The disadvantage is the increased security risk on the primary layer due to channel crosstalk in an optical phased array (AWG). The aim of this paper is to assess the degree of security risk in real conditions. The article includes both simulation and real measurements in C + L bands with 100 GHz DWDM spacing.
Vitaly Eduardovich Dorokhov
Full Text Available The article presents the analysis of actual information security problems in commercial segment. The main directions in regulations of the Russian Federation connected with information security assurance are defined. The results indicate the insufficiency of legal regulation in prevention of reputational losses due to information security incidents
Full Text Available Les réflexions qui structurent cet article sont issues de près de quinze années d’observation du développement du recours aux nouvelles technologies de contrôle dans le champ de la justice et de la sécurité. Elles s’appuient plus spécifiquement sur l’étude de deux d’entre elles, principalement le placement sous surveillance électronique et accessoirement la vidéosurveillance, qui ont vu leur champ d’application s’élargir considérablement en l’espace d’une vingtaine d’années. De ces travaux se dégagent neuf clés de lecture à partir desquelles on peut analyser les caractéristiques et l’impact du développement de ces technologies (la vitesse de circulation des modèles ; le jeu du marché ; la question du contrôle ; les formes de la désinstitutionnalisation du pouvoir ; la problématique des libertés ; la plasticité des usages ; les stratégies de légitimation ; les enjeux de régulation ; l’insuffisance d’évaluation.This analysis is based over 15 years of investigation about new technologies in the field of justice and security, and more specifically about electronic monitoring and CCTV which have known a strong development for the last twenty years... From these reflections, Jean-Charles Froment introduces nine analysis keys about the characteristics and the impact of the development of this technologies (speed of policy transfer; rules of market; progressive change towards a «society of control»; power conversions; human rights; plasticity of uses; legitimacy strategies; regulation challenges; weakness of evaluation.
I. A. Zikratov
Full Text Available The paper discusses theoretical aspects of secure cloud services creation for information processing of various confidentiality degrees. A new approach to the reasoning of information security composition in distributed computing structures is suggested, presenting the problem of risk assessment as an extreme problem of decisionmaking. Linear programming method application is proved to minimize the risk of information security for given performance security in compliance with the economic balance for the maintenance of security facilities and cost of services. An example is given to illustrate the obtained theoretical results.
Burova, Valentina; Frolova, Nina
EM-DAT statistical data on human impact and economic damages in the 1st semester 2015 are the highest since 2011: 41% of disasters were floods, responsible for 39% of economic damage and 7% of events were earthquakes responsible for 59% of total death toll. This suggests that disaster risk assessment and management still need to be improved and stay the principle issue in national and international related programs. The paper investigates the risk assessment and management practice in the Russian Federation at different levels. The method is proposed to identify the territories characterized by integrated natural-technological hazard. The maps of the Russian Federation zoning according to the integrated natural-technological hazard level are presented, as well as the procedure of updating the integrated hazard level taking into account the activity of separate processes. Special attention is paid to data bases on past natural and technological processes consequences, which are used for verification of current hazard estimation. The examples of natural-technological risk zoning for the country and some regions territory are presented. Different output risk indexes: both social and economic, are estimated taking into account requirements of end-users. In order to increase the safety of population of the Russian Federation the trans-boundaries hazards are also taken into account.
Gong, Lina; Zhang, Li; Zhang, Wei; Li, Xuhong; Wang, Xia; Pan, Wenwen
With the rapid development of Intemet and the extensive application of computer technology, the security of information becomes more and more serious, and the information security technology with data encryption technology as the core has also been developed greatly. Data encryption technology not only can encrypt and decrypt data, but also can realize digital signature, authentication and authentication and other functions, thus ensuring the confidentiality, integrity and confirmation of data transmission over the network. In order to improve the security of data in network communication, in this paper, a hybrid encryption system is used to encrypt and decrypt the triple DES algorithm with high security, and the two keys are encrypted with RSA algorithm, thus ensuring the security of the triple DES key and solving the problem of key management; At the same time to realize digital signature using Java security software, to ensure data integrity and non-repudiation. Finally, the data encryption system is developed by Java language. The data encryption system is simple and effective, with good security and practicality.
small combustion turbines, solid oxide and other fuel cells, photovoltaics, superconducting magnetic energy storage (SMES), transportable battery...Production Food Processing Pharmaceuticals FoodFood Industrial Production Chemical Production Textiles Plastics Food Food Processing Cosmetics ...Objective 3 Relevance To Homeland Security 4 Care Givers During SARS Healthcare providers acquired SARS despite despite masks and respirators Toronto
Technological stigmas can be a source of confusion and misunderstandings of the effect on public health and safety of technological activities. The result can be a gross waste of national resources to fix the 'stigma' rather than the real problem. Fueling technological stigmas has become a visible activity, especially among non-technical professionals. Further, it is not clear that these same critics are accountable for their influence on policy and practices that may adversely affect people's lives and financial resources. Their bad news of alleged high risk and incompetent technologists is more appealing to the press than the more technical and apparently boring news of finding engineering solutions to real problems. The issue of technological stigma is especially visible in relation to the environmental and safety effects of the nuclear and chemical industries. These industries are in an extremely defensive position because the stigmatizes put much more emphasis on their risks than on their benefits to society. There is the genuine threat of the denial of important technologies in the nuclear and chemical fields and a resulting loss of lives and resources. The actions required to better tell the whole cost-risk-benefit story of specific technologies have to come from all of the groups involved. The critics and stigmatizers need to be more accountable for their assertions, the technologists need to involve the public more in their consideration of technological solutions to environmental and safety issues, and the press needs to present all of the facts rather than just the sensational or 'outrage' part of the story
Zarei, Javad; Sadoughi, Farahnaz
Background In recent years, hospitals in Iran – similar to those in other countries – have experienced growing use of computerized health information systems (CHISs), which play a significant role in the operations of hospitals. But, the major challenge of CHIS use is information security. This study attempts to evaluate CHIS information security risk management at hospitals of Iran. Materials and methods This applied study is a descriptive and cross-sectional research that has been conducted in 2015. The data were collected from 551 hospitals of Iran. Based on literature review, experts’ opinion, and observations at five hospitals, our intensive questionnaire was designed to assess security risk management for CHISs at the concerned hospitals, which was then sent to all hospitals in Iran by the Ministry of Health. Results Sixty-nine percent of the studied hospitals pursue information security policies and procedures in conformity with Iran Hospitals Accreditation Standards. At some hospitals, risk identification, risk evaluation, and risk estimation, as well as risk treatment, are unstructured without any specified approach or methodology. There is no significant structured approach to risk management at the studied hospitals. Conclusion Information security risk management is not followed by Iran’s hospitals and their information security policies. This problem can cause a large number of challenges for their CHIS security in future. Therefore, Iran’s Ministry of Health should develop practical policies to improve information security risk management in the hospitals of Iran. PMID:27313481
Zarei, Javad; Sadoughi, Farahnaz
In recent years, hospitals in Iran - similar to those in other countries - have experienced growing use of computerized health information systems (CHISs), which play a significant role in the operations of hospitals. But, the major challenge of CHIS use is information security. This study attempts to evaluate CHIS information security risk management at hospitals of Iran. This applied study is a descriptive and cross-sectional research that has been conducted in 2015. The data were collected from 551 hospitals of Iran. Based on literature review, experts' opinion, and observations at five hospitals, our intensive questionnaire was designed to assess security risk management for CHISs at the concerned hospitals, which was then sent to all hospitals in Iran by the Ministry of Health. Sixty-nine percent of the studied hospitals pursue information security policies and procedures in conformity with Iran Hospitals Accreditation Standards. At some hospitals, risk identification, risk evaluation, and risk estimation, as well as risk treatment, are unstructured without any specified approach or methodology. There is no significant structured approach to risk management at the studied hospitals. Information security risk management is not followed by Iran's hospitals and their information security policies. This problem can cause a large number of challenges for their CHIS security in future. Therefore, Iran's Ministry of Health should develop practical policies to improve information security risk management in the hospitals of Iran.
Brown, G.E. Jr.
Technology alone will not solve our many environmental, economic and military problems. The search for peace and security must be based on a concept of international security that extends beyond the bounds of military concerns and into the realm of environmental and economic matters. In our efforts to understand how science and technology fit within this security context, we should not look simply at emerging technologies, even those that are sustainable and stabilizing, as being the principal candidates for drastic improvements in peace and security on our planet. One must keep in mind that security for as many as one fourth to one half of the world's inhabitants would be revolutionized if they had access to some of the most basic existing technologies of our times. Equitable access to resources and technology is an age-old problem. Today it must be faced on a global basis. It demands creating a new world economic order that combines the best that the capitalist and socialist economies can offer. We must declare today that a secure global society cannot exist which is half in slavery to poverty and deprived of opportunity, and half free to develop its potential and achieve its dreams
Barolli, Leonard; Xhafa, Fatos; Jeong, Hwa-Young
Information technology and its convergence issue is emerging rapidly as an exciting new paradigm with user-centric environment to provide computing and communication services. This area will be the most comprehensive topics with various aspects of advances in information technology and its convergence services. This book covers all topics as computational science and applications, electronics engineering, manufacturing technology, services, technical skill to control the robot, automatic operation and application, simulation and testing communication and many more.
Pandya, Sheel M
Congress made an unprecedented investment in health information technology (IT) when it passed the American Recovery and Reinvestment Act in February 2009. Health IT provides enormous opportunities to improve health care quality, reduce costs, and engage patients in their own care. But the potential payoff for use of health IT for diabetes care is magnified given the prevalence, cost, and complexity of the disease. However, without proper privacy and security protections in place, diabetes patient data are at risk of misuse, and patient trust in the system is undermined. We need a comprehensive privacy and security framework that articulates clear parameters for access, use, and disclosure of diabetes patient data for all entities storing and exchanging electronic data. (c) 2010 Diabetes Technology Society.
Dickson. 1996. "Teams in Organizations: Recent Research on Performance and Effectiveness". Annual Review of Psychology , 47:307-338.  Hall, D.L... Psychology , 94, 2, 535-546.  Moore, J.A. (2002). JView: an information visualization paradigm. Proc. SPIE, Vol. 4716, 367-374. In Enabling...date. Multilevel security solutions like the Multi-Layer Access Solution were developed by Gestalt and MAXIM Systems before these companies became
Lindstrom, Tedric R.
Approved for public release; distribution is unlimited Our coastal waters are the United States’ most open and vulnerable borders. This vast maritime domain harbors critical threats from terrorism, criminal activities, and natural disasters. Maritime borders pose significant security challenges, as nefarious entities have used small boats to conduct illegal activities for years, and they continue to do so today. Illegal drugs, money, weapons, and migrants flow both directions across our ma...
Mustafijur Rahman; A.H.M Zadidul Karim; Sultanur Nyeem; Faisal Khan; Golam Matin
"Home automation" referred to as 'Intelligent home' or 'automated home', indicates the automation of daily tasks with electrical devices used in homes. This could be the control of lights or more complex chores such as remote viewing of the house interiors for surveillance purposes. The emerging concept of smart homes offers a comfortable, convenient and safe and secure environment for occupants. These include automatic load controlling, fire detection, temperature sensing, and motion detecti...
Full Text Available Abstract Background Video calls from mobile phones can improve communication during medical emergencies. Lay bystanders can be instructed and supervised by health professionals at Emergency Medical Communication Centers. Before implementation of video mobile calls in emergencies, issues of information security should be addressed. Methods Information security was assessed for risk, based on the information security standard ISO/IEC 27005:2008. A multi-professional team used structured brainstorming to find threats to the information security aspects confidentiality, quality, integrity, and availability. Results Twenty security threats of different risk levels were identified and analyzed. Solutions were proposed to reduce the risk level. Conclusions Given proper implementation, we found no risks to information security that would advocate against the use of video calls between lay bystanders and Emergency Medical Communication Centers. The identified threats should be used as input to formal requirements when planning and implementing video calls from mobile phones for these call centers.
Bolle, Stein R; Hasvold, Per; Henriksen, Eva
Video calls from mobile phones can improve communication during medical emergencies. Lay bystanders can be instructed and supervised by health professionals at Emergency Medical Communication Centers. Before implementation of video mobile calls in emergencies, issues of information security should be addressed. Information security was assessed for risk, based on the information security standard ISO/IEC 27005:2008. A multi-professional team used structured brainstorming to find threats to the information security aspects confidentiality, quality, integrity, and availability. Twenty security threats of different risk levels were identified and analyzed. Solutions were proposed to reduce the risk level. Given proper implementation, we found no risks to information security that would advocate against the use of video calls between lay bystanders and Emergency Medical Communication Centers. The identified threats should be used as input to formal requirements when planning and implementing video calls from mobile phones for these call centers.
Gussgard, K.; Reistad, O.
Russian marine fuel is a trans-national security concern. This paper focuses on specific technical properties of Russian marine nuclear fuel especially relevant for evaluating different aspects on nuclear proliferation, in addition to risks associated with regional environmental degradation and illegal diversion of radiological substances. Russian fresh fuel for marine reactors has been involved in several significant cases of illicit trafficking of special nuclear materials. The amount and quality of nuclear materials in Russian spent marine fuel give also reason for concern. Not less than 200 marine reactor cores are ready for having their spent fuel unloaded and preliminary stored on shore in the Far East and North West of Russia, and large amounts of spent naval fuel have been stored at Russian military bases for decades. In order to assess the security risks associated with Russian spent marine fuel, this paper discusses the material attractiveness of spent fuel from all types of Russian marine reactors. The calculations are based on a model of a light water moderated Russian icebreaker reactor. The computer tool HELIOS, used for modelling the reactor and the reactor operations, has been extensively qualified by comparisons with experimental data and international benchmark problems for reactor physics codes as well as through feedback from applications. Some of these benchmarks and studies include fuel enrichments up to 90% in Russian marine reactors. Several fuel data cases are discussed in the paper, focusing especially on: 1) early fuel designs with low initial enrichment; 2) more modern fuel designs used in third and fourth generation of Russian submarines probably with intermediate enriched fuel; and 3) marine fuel with initial enrichment levels close to weapons-grade material. In each case the fuel has been burned until k eff has reached below 1. Case 1) has been evaluated, the calculations made as basis for this paper have concentrated on fuel with
Boholm, Max; Möller, Niklas; Hansson, Sven Ove
The concepts of risk, safety, and security have received substantial academic interest. Several assumptions exist about their nature and relation. Besides academic use, the words risk, safety, and security are frequent in ordinary language, for example, in media reporting. In this article, we analyze the concepts of risk, safety, and security, and their relation, based on empirical observation of their actual everyday use. The "behavioral profiles" of the nouns risk, safety, and security and the adjectives risky, safe, and secure are coded and compared regarding lexical and grammatical contexts. The main findings are: (1) the three nouns risk, safety, and security, and the two adjectives safe and secure, have widespread use in different senses, which will make any attempt to define them in a single unified manner extremely difficult; (2) the relationship between the central risk terms is complex and only partially confirms the distinctions commonly made between the terms in specialized terminology; (3) whereas most attempts to define risk in specialized terminology have taken the term to have a quantitative meaning, nonquantitative meanings dominate in everyday language, and numerical meanings are rare; and (4) the three adjectives safe, secure, and risky are frequently used in comparative form. This speaks against interpretations that would take them as absolute, all-or-nothing concepts. © 2015 Society for Risk Analysis.
“The Politics of Possibility: Risk and Security beyond Probability” by Louise Amoore. Durham, NC; London: Duke University Press, 2013. 220 pp., £15.99, ISBN 9780822355601......“The Politics of Possibility: Risk and Security beyond Probability” by Louise Amoore. Durham, NC; London: Duke University Press, 2013. 220 pp., £15.99, ISBN 9780822355601...
Meinhold, A.; Greene, B.; Dussich, J.; Sorkin, A.; Olsen, W.
The Technology Evaluation for Environmental Risk Mitigation (TEERM) Principal Center and its predecessor organization the Acquisition Pollution Prevention Program (AP2) supported the National Aeronautics and Space Administration (NASA) in identifying technology solutions to risks and costs to NASA programs driven by environmental regulations and requirements. TEERM researched the commercial and government marketplace to locate viable and available technologies that met NASAs needs. TEERM focused on addressing environmentally-driven risks of direct concern to NASA programs and facilities, including hazardous materials in NASA operations and materials that became obsolescent because of environmental regulations. TEERM projects aimed to reduce cost; ensure the health and safety of people, assets, and the environment; promote efficiency; and minimize duplication. Major TEERM and AP2 projects focused on waste minimization and hazardous waste treatment, recycling, corrosion prevention and control, solvent and ozone depleting substances substitution, and aqueous based cleaners. In 2017, NASA made the decision to terminate the TEERM Principal Center. This Compendium Report documents TEERM and AP2 project successes. The Compendium Report traces the evolution of TEERM based on evolving risks and requirements for NASA and its relationship to the Space Shuttle Program, the United States Department of Defense, the European Space Agency, and other public and private stakeholders. This Compendium Report also documents project details from Project Summaries and Joint Test Plans and describes project stakeholders and collaborative effort results.
The risk is mathematically defined for a certain event as the product with the factors of frequency of cases and extent of effects. Both risk factors are coined by probability. The risk methodology on the other hand is dependent on the right understanding of the words security and protection since the knowledge gained from the causal principle and the risk etiology gives important differences for a finality of securing and protecting. (DG) [de
for benevolent and modest purposes; SThe USSR does not depend on Western technology because it: is a Sreat s cientific and technological power; "The...Committee 01 Apr Swiss Minister of Defense 01 Apr FRG Minister of Defense 02 Apr National Security Industrial Assdciation 15 Apr South Korean
early and as far away as possible requires that the United States apply technological solutions in cooperation with tourism , trade, and security...Developing new technologies to reduce or eliminate the energy supply chain for our deployed military can save resources and improve the operational
...) develop and maintain selection criteria that include explicit cost, benefit, schedule, and risk criteria to facilitate the objective analysis, comparison, prioritization, and selection of IT investments; (3...
Serrhini, Mohammed; Felgueiras, Carlos
This book contains a selection of articles from The Europe, Middle East and North Africa Conference on Technology and Security to Support Learning 2016 (EMENA-TSSL'16), held between the 3th and 5th of October at Saidia, Oujda, Morocco. EMENA-TSSL'16 is a global forum for researchers and practitioners to present and discuss recent results and innovations, current trends, professional experiences and challenges in Information & Communication Technologies, and Security to support Learning. The main topics covered are: A) Online Education; B) Emerging Technologies in Education; C) Artificial Intelligence in Education; D) Gamification and Serious games; E) Network & Web Technologies Applications; F) Online experimentation and Virtual Laboratories; G) Multimedia Systems and Applications; H) Security and Privacy; I) Multimedia, Computer Vision and Image Processing; J) Cloud, Big Data Analytics and Applications; K) Human-Computer Interaction; L) Software Systems, Architectures, Applications and Tools; M) Onli...
Jaeger, Calvin Dell; Roehrig, Nathaniel S.; Torres, Teresa M.
This document presents the security automated Risk Assessment Methodology (RAM) prototype tool developed by Sandia National Laboratories (SNL). This work leverages SNL's capabilities and skills in security risk analysis and the development of vulnerability assessment/risk assessment methodologies to develop an automated prototype security RAM tool for critical infrastructures (RAM-CITM). The prototype automated RAM tool provides a user-friendly, systematic, and comprehensive risk-based tool to assist CI sector and security professionals in assessing and managing security risk from malevolent threats. The current tool is structured on the basic RAM framework developed by SNL. It is envisioned that this prototype tool will be adapted to meet the requirements of different CI sectors and thereby provide additional capabilities.
Reshetova, Elena; Karhunen, Janne; Nyman, Thomas; Asokan, N.
The need for flexible, low-overhead virtualization is evident on many fronts ranging from high-density cloud servers to mobile devices. During the past decade OS-level virtualization has emerged as a new, efficient approach for virtualization, with implementations in multiple different Unix-based systems. Despite its popularity, there has been no systematic study of OS-level virtualization from the point of view of security. In this report, we conduct a comparative study of several OS-level v...
Nuclear power plant emergency command system can provide valuable data for emergency personnel, such as the unit data, weather data, environmental radiation data. In the course of emergency response, the emergency command system provides decision support to quickly and effectively control and mitigate the consequences of the nuclear accident, to avoid and reduce the dose received by staff and the public, to protect the environment and the public. There are high performance requirements on the security of the system and the data transmission. Based on the previous project and new demand after the Fukushima incident, the security technology design of emergency system in nuclear power plant was discussed. The results show that the introduction of information security technology can effectively ensure the security of emergency systems, and enhance the capacity of nuclear power plant to deal with nuclear accidents. (author)
Jelena Jardas Antonic
Full Text Available Abstract - In the cooperation with the City of Rijeka, the project of analysis of the functional and security situation of information infrastructure has been initiated in 24 schools in the authority of the city. Having completed the multicriteria analysis of the collected data, we have built a model of implementing Microsoft service technologies. The implementation should satisfy the elementary security principles that are required by the security standards today, maximizing functionality of infrastructure and minimizing network administration tasks. Server technology that has been used in this solution is Microsoft Widows 2003 Server R2 and Internet Security and Acceleration Server 2006, as well as the GFI WebMonitor and antivirus.
Dahmen, Jessamyn; Cook, Diane J; Wang, Xiaobo; Honglei, Wang
Smart home design has undergone a metamorphosis in recent years. The field has evolved from designing theoretical smart home frameworks and performing scripted tasks in laboratories. Instead, we now find robust smart home technologies that are commonly used by large segments of the population in a variety of settings. Recent smart home applications are focused on activity recognition, health monitoring, and automation. In this paper, we take a look at another important role for smart homes: security. We first explore the numerous ways smart homes can and do provide protection for their residents. Next, we provide a comparative analysis of the alternative tools and research that has been developed for this purpose. We investigate not only existing commercial products that have been introduced but also discuss the numerous research that has been focused on detecting and identifying potential threats. Finally, we close with open challenges and ideas for future research that will keep individuals secure and healthy while in their own homes.
Chen Ligang; Liu Hongye; Zhang Wei; Sun Jianying; Lan Peng; Dai Sidan
With the rapid development of information technology in enterprise application, industrial control network and management network is becoming more and more closely linked. Development and application of special equipment control system from the traditional industrial control system, not considered when designing communication security problem mainly, therefore, the industrial control system opened at the same time, isolation control system and the outside was weakened, the safety problems of industrial control system had become more and more serious. The practical application combined with the special equipment control system, analysis and elaboration in view of security problems for the control network, also, provide appropriate security solutions for professional characteristics of industrial control network, design on process control system specially, provide security partition protection scheme, in order to improve security ability of industrial control system information. (authors)
HNEI has conducted research to address a number of issues important to move Hawai‘i to greater use of intermittent renewable and distributed energy resource (DER) technologies in order to facilitate greater use of Hawai‘i's indigenous renewable energy resources. Efforts have been concentrated on the Islands of Hawai‘i, Maui, and O‘ahu, focusing in three areas of endeavor: 1) Energy Modeling and Scenario Analysis (previously called Energy Road mapping); 2) Research, Development, and Validation of Renewable DER and Microgrid Technologies; and 3) Analysis and Policy. These efforts focused on analysis of the island energy systems and development of specific candidate technologies for future insertion into an integrated energy system, which would lead to a more robust transmission and distribution system in the state of Hawai‘i and eventually elsewhere in the nation.
Barletta, William A.
Assuring the security and privacy of institutionalinformation assets is a complex task for the line manager responsible forinternational and multi-national transactions. In the face of an unsureand often conflicting international legal framework, the line managermust employ all available tools in an Integrated Security and PrivacyManagement framework that ranges from legal obligations, to policy, toprocedure, to cutting edge technology to counter the rapidly evolvingcyber threat to information assets and the physical systems thatinformation systems control.
Santiago, S. S.
A brief description of the NASA organization and how the CIO responsibilities are integrated into that organization followed by an introduction of the NASA ITS Program goals and objectives. An overview of the four major enterprises' cultures and how those cultures tie back to the Enterprises' missions. A description of the ITS challenges that exist stemming from the competing NASA Enterprises' requirements and how they have formed the basis of the NASA ITS Program. A talk will focus on policies and procedures and the technology being incorporated into the NASA infrastructure and how that technology ties back to the policies and procedures.
Langer, Steve G
In 1999-2003, SIIM (then SCAR) sponsored the creation of several special topic Primers, one of which was concerned with computer security. About the same time, a multi-society collaboration authored an ACR Guideline with a similar plot; the latter has recently been updated. The motivation for these efforts was the launch of Health Information Portability and Accountability Act (HIPAA). That legislation directed care providers to enable the portability of patient medical records across authorized medical centers, while simultaneously protecting patient confidentiality among unauthorized agents. These policy requirements resulted in the creation of numerous technical solutions which the above documents described. While the mathematical concepts and algorithms in those papers are as valid today as they were then, recent increases in the complexity of computer criminal applications (and defensive countermeasures) and the pervasiveness of Internet connected devices have raised the bar. This work examines how a medical center can adapt to these evolving threats.
Nichols, Kelvin F.; Best, Susan; Schneider, Larry
With so many security issues involved with wireless networks, the technology has not been fully utilized in the area of mission critical applications. These applications would include the areas of telemetry, commanding, voice and video. Wireless networking would allow payload operators the mobility to take computers outside of the control room to their off ices and anywhere else in the facility that the wireless network was extended. But the risk is too great of having someone sit just inside of your wireless network coverage and intercept enough of your network traffic to steal proprietary data from a payload experiment or worse yet hack back into your system and do even greater harm by issuing harmful commands. Wired Equivalent Privacy (WEP) is improving but has a ways to go before it can be trusted to protect mission critical data. Today s hackers are becoming more aggressive and innovative, and in order to take advantage of the benefits that wireless networking offer, appropriate security measures need to be in place that will thwart hackers. The Virtual Private Network (VPN) offers a solution to the security problems that have kept wireless networks from being used for mission critical applications. VPN provides a level of encryption that will ensure that data is protected while it is being transmitted over a wireless local area network (LAN). The VPN allows a user to authenticate to the site that the user needs to access. Once this authentication has taken place the network traffic between that site and the user is encapsulated in VPN packets with the Triple Data Encryption Standard (3DES). 3DES is an encryption standard that uses a single secret key to encrypt and decrypt data. The length of the encryption key is 168 bits as opposed to its predecessor DES that has a 56-bit encryption key. Even though 3DES is the common encryption standard for today, the Advance Encryption Standard (AES), which provides even better encryption at a lower cycle cost is growing
Full Text Available stream_source_info Venter-2015.pdf.txt stream_content_type text/plain stream_size 1509 Content-Encoding UTF-8 stream_name Venter-2015.pdf.txt Content-Type text/plain; charset=UTF-8 Finding the right technology solutions...
This digest describes several technologies that can be used to control access to, and improve surveillance of, school grounds. Access can be controlled by using "smart" cards to control keyed entries. Many schools have problems with multiple copies of keys, and these card systems are integrated with computer software that allows for…
Santos Rocha, Jozimo
In this thesis, I use experimental and quasi-experimental data from 25 villages and a total of 1,105 farmers from eastern DRC to investigate the relationship among agricultural training, the adoption of agricultural technologies, crop productivity, and household food insecurity and dietary
Chithambo, Loyce Maosa
Since the availability of remote access technology, most companies have adopted telecommuting as part of business operations. Although some research has identified policies and procedures when individuals telecommute, limited research exists about existing policies and procedures for telecommuters. The purpose of this qualitative descriptive…
Full Text Available Javad Zarei,1 Farahnaz Sadoughi2 1Health Information Management, Health Management and Economics Research Center, School of Health Management and Information Science, Iran University of Medical Sciences, Tehran, Islamic Republic of Iran, 2Health Information Management Department, School of Health Management and Information Science, Iran University of Medical Sciences, Tehran, Islamic Republic of Iran Background: In recent years, hospitals in Iran – similar to those in other countries – have experienced growing use of computerized health information systems (CHISs, which play a significant role in the operations of hospitals. But, the major challenge of CHIS use is information security. This study attempts to evaluate CHIS information security risk management at hospitals of Iran.Materials and methods: This applied study is a descriptive and cross-sectional research that has been conducted in 2015. The data were collected from 551 hospitals of Iran. Based on literature review, experts’ opinion, and observations at five hospitals, our intensive questionnaire was designed to assess security risk management for CHISs at the concerned hospitals, which was then sent to all hospitals in Iran by the Ministry of Health.Results: Sixty-nine percent of the studied hospitals pursue information security policies and procedures in conformity with Iran Hospitals Accreditation Standards. At some hospitals, risk identification, risk evaluation, and risk estimation, as well as risk treatment, are unstructured without any specified approach or methodology. There is no significant structured approach to risk management at the studied hospitals.Conclusion: Information security risk management is not followed by Iran’s hospitals and their information security policies. This problem can cause a large number of challenges for their CHIS security in future. Therefore, Iran’s Ministry of Health should develop practical policies to improve information security
With the rapid development of information technology, the application of computer network technology has penetrated all aspects of society, changed people's way of life work to a certain extent, brought great convenience to people. But computer network technology is not a panacea, it can promote the function of social development, but also can cause damage to the community and the country. Due to computer network’ openness, easiness of sharing and other characteristics, it had a very negative impact on the computer network security, especially the loopholes in the technical aspects can cause damage on the network information. Based on this, this paper will do a brief analysis on the computer network security management problems and security measures.
Howard, Sarah K.
Educational change, such as technology integration, involves risk. Teachers are encouraged to "take risks", but what risks they are asked to take and how do they perceive these risks? Developing an understanding of teachers' technology-related risk perceptions can help explain their choices and behaviours. This paper presents a way to…
Gilliam, D.; Powell, J.; Kelly, J.; Bishop, M.
The fourth quarter delivery, FY'01 for this RTOP is a Property-Based Testing (PBT), 'Tester's Assistant' (TA). The TA tool is to be used to check compiled and pre-compiled code for potential security weaknesses that could be exploited by hackers. The TA Instrumenter, implemented mostly in C++ (with a small part in Java), parsels two types of files: Java and TASPEC. Security properties to be checked are written in TASPEC. The Instrumenter is used in conjunction with the Tester's Assistant Specification (TASpec)execution monitor to verify the security properties of a given program.
Grover, Mark; Reinicke, Bryan; Cummings, Jeff
As the popularity of Information Technology programs has expanded at many universities, there are a number of questions to be answered from a curriculum standpoint. As many of these programs are either interdisciplinary, or at least exist outside of the usual Computer Science and Information Systems programs, questions of what is appropriate for…
equipment, biotechnological fermentation processes, and key components of fiber optic technology such as light sources.84 Historically, American...expenditures went for support programs to the public, defense spending came under more scrutiny as an area to save government expenditures. b. "Guns vs. Butter ...discussion concerning "guns vs. butter ," consult G. Adams, "Defense Spending and the Economy," Center on Budget and Policy Priorities, Washington, D.C., Jul
Navare, Jyoti; Gemikonakli, Orhan
Globalisation and new technology has opened the gates to more security risks. As the strategic importance of communication networks and information increased, threats to the security and safety of communication infrastructures, as well as information stored in and/or transmitted increased significantly. The development of the self replicating programmes has become a nightmare for Internet users. Leading companies, strategic organisations were not immune to attacks; they were also "hacked" and overtaken by intruders. Incidents of recent years have also shown that national/regional crisis may also trigger cyber attacks at large scale. Experts forecast that cyber wars are likely to take the stage as tension mounts between developed societies. New risks such as cyber-attacks, network terrorism and disintegration of traditional infrastructures has somewhat blurred the boundaries of operation and control. This paper seeks to consider the risk management and governance and looking more specifically at implications for emerging economies.
Hong, S. B.; Lee, J. C.; Choi, Y. S.; Choi, Y. R.; Cho, J. W.; Jung, C. E.; Jeong, K. I.; Park, B.; Koo, I. S.
Development and enlargement of the high speed communication network make it possible the user to access online information easily. It generates changing offline activities to online in the economics, expansion of cultural interchanges and convenient life. But it also causes misuse, wiretapping, forgery and alteration of the information via illegal invasion(virus, hacking), and these are derived from the open network characteristic, weakness of the securities of the TCP/IP protocol and information systems. The security of individual and the national foundation facility(industry and government) can be threatened because of these problems, and theses can be used as a instrument of cyber-war. Many cyber security technologies have been developed to corp with the cyber threat. One of the most important national facility is the nuclear power plant and the necessity of the cyber security for the digital I and C of it have been proposed since middle of the 2000. KINS announced the regulation of the cyber security for the digital I and C of the nuclear power plant in 2007. The main concept of the cyber security for it is similar to the IT field that is treated as a leader of the cyber security. Because of the difference of the characteristics between the IT field and the nuclear industry, applying the cyber security technologies developed and used in the IT field to the nuclear industry has some critical constraints. We will analyze these problems and propose a cyber security method based on cryptograph and authentication for the I and C communication network in this report
Hong, S. B.; Lee, J. C.; Choi, Y. S.; Choi, Y. R.; Cho, J. W.; Jung, C. E.; Jeong, K. I.; Park, B.; Koo, I. S
Development and enlargement of the high speed communication network make it possible the user to access online information easily. It generates changing offline activities to online in the economics, expansion of cultural interchanges and convenient life. But it also causes misuse, wiretapping, forgery and alteration of the information via illegal invasion(virus, hacking), and these are derived from the open network characteristic, weakness of the securities of the TCP/IP protocol and information systems. The security of individual and the national foundation facility(industry and government) can be threatened because of these problems, and theses can be used as a instrument of cyber-war. Many cyber security technologies have been developed to corp with the cyber threat. One of the most important national facility is the nuclear power plant and the necessity of the cyber security for the digital I and C of it have been proposed since middle of the 2000. KINS announced the regulation of the cyber security for the digital I and C of the nuclear power plant in 2007. The main concept of the cyber security for it is similar to the IT field that is treated as a leader of the cyber security. Because of the difference of the characteristics between the IT field and the nuclear industry, applying the cyber security technologies developed and used in the IT field to the nuclear industry has some critical constraints. We will analyze these problems and propose a cyber security method based on cryptograph and authentication for the I and C communication network in this report.
Demski, Christina; Poortinga, Wouter; Pidgeon, Nick
Along with climate change and affordability, concerns about energy security are key drivers behind proposals for major energy system change in the UK and numerous other countries. Unlike climate change we know very little about how the public thinks and feels about this aspect of sustainability and energy policy. Beyond engaging critically with conceptual and theoretical discussions, empirical data from two surveys (Cardiff postal survey, N=520; online UK survey, N=499) using a ten item energy security scale are presented and discussed. Here we show that aspects of energy security are certainly of concern to the UK public, with particularly high concern around dependence on fossil fuels/imports and relatively lower expressed concern for actual disruption of energy supply. However public concerns around energy security are only emerging, and likely to change depending on the context in which it is discussed (e.g. in comparison to climate change). In addition, findings from public interviews are used to further contextualise the survey findings, showing unfamiliarity among the UK public with regards to the term “energy security”. We discuss implications, and further work that would be useful for understanding public perceptions in more depth. - highlights: • Exploring public views on energy security using a 10 item scale. • Concerns over energy security is relatively high but susceptible to framing. • Patterns of concern for different energy security aspects examined. • The term energy security is unfamiliar, only an emerging concern among UK publics. • Further discussion on the meanings and implications of these perceptions
Bergey 2009]. The software perspective is focused on building security controls into a software- reliant system, not treating security as an add-on...Software Engineering Institute, Carnegie Mellon University, 2006. http://resources.sei.cmu.edu/library/asset- view.cfm?assetID=7899 [ Bergey 2009... Bergey , John K. A Proactive Means for Incorporating a Software Architecture Evaluation in a DoD System Acquisition (CMU/SEI-2009-TN-004). Software
Cha, K. H.; Lee, C. K.; Song, J. G.; Lee, Y. J.; Kim, J. Y.; Lee, J. W.; Lee, D. Y.
With the use of digital computers and communication networks the hot issues on cyber security were raised about 10 years ago. The scope of cyber security application has now been extended from the safety Instrumentation and Control (I and C) system to safety important systems, plant security system, and emergency preparedness system. Therefore, cyber security should be assessed and managed systematically throughout the development life cycle of I and C systems in order for their digital assets to be protected from cyber attacks. Fig. 1 shows the concept of a cyber security risk management of digital I and C systems in nuclear power plants (NPPs). A lot of cyber security risk assessment methods, techniques, and supported tools have been developed for Information Technology (IT) systems, but they have not been utilized widely for cyber security risk assessments of the digital I and C systems in NPPs. The main reason is a difference in goals between IT systems and nuclear I and C systems. Confidentiality is important in IT systems, but availability and integrity are important in nuclear I and C systems. Last year, it was started to develop a software tool to be specialized for the development process of nuclear I and C systems. This paper presents a development methodology of the Cyber Security Risk analysis and Assessment Tool (CSRAT) for the digital I and C systems in NPP
Full Text Available This article discusses the overseas risks to China’s energy security and provides suggestions for how to safeguard China’s energy security. The key to China’s energy security is supply security. This means obtaining enough and continued energy supply at affordable prices which can be divided into two factors: one is purchasing energy at reasonable prices; the other is having uninterrupted energy import. Accordingly, the major overseas challenges to China’s energy security are the surging international oil prices and the problem of safeguarding energy imports. There are both merits and shortcomings to the energy security concept of realism and that of neo-liberalism. Suggestions for how to secure China’s energy supply should be based on China’s conditions as well as a critique of the two theoretical perspectives and should include three aspects: energy diplomacy, military development and strategic oil reserves.
Anatoly Valeryevich Tsaregorodtsev
Full Text Available Cloud computing will be one of the most common IT technologies to deploy applications, due to its key features: on-demand network access to a shared pool of configurable computing resources, flexibility and good quality/price ratio. Migrating to cloud architecture enables organizations to reduce the overall cost of implementing and maintaining the infrastructure and reduce development time for new business applications. There are many factors that influence the information security environment of cloud, as its multitenant architecture brings new and more complex problems and vulnerabilities. And the approach to risk estimation used in making decisions about the migration of critical data in the cloud infrastructure of the organization are proposed in the paper.
Full Text Available This article reflects the evolution of the social security system in Romania after accession to the European Union. Social security states its specificity as a basic concept that encompasses all the collective measures established by legislation to maintain individual or family income, to provide income when some or all sources have been lost or exhausted or in cases where the individual must cope with increased expenses. From this perspective, social security is a system that takes into account both the protection of able-bodied people (by the social insurance system and of those who cannot work or are socially disadvantaged. For Romania, the social security system is currently profoundly affected due to the low ratio between the number of productive Romanian citizens, contributors to the public budget and social funds, and the beneficiaries of these funds. The study highlights this issue and focuses primarily on the effect produced on the social security component by the external labor migration, a phenomenon accentuated by Romania’s EU accession. Basically, Romania has registered, according to Eurostat, only after 2007, more than 1 million migrants, most constituting the economically active population, the phenomenon having a major impact on the sustainability of the social security system.
Gertman, D. I.; Folkers, R.; Roberts, J.
The US infrastructure is continually challenged by hostile nation states and others who would do us harm. Cyber vulnerabilities and weaknesses are potential targets and are the result of years of construction and technological improvement in a world less concerned with security than is currently the case. As a result, cyber attack presents a class of challenges for which we are just beginning to prepare. What has been done in the nuclear, chemical and energy sectors as a means of anticipating and preparing for randomly occurring accidents and off-normal events is to develop scenarios as a means by which to prioritize and quantify risk and to take action. However, the number of scenarios risk analysts can develop is almost limitless. How do we ascertain which scenario has the greatest merit? One of the more important contributions of probabilistic risk analysis (PRA) has been to quantify the initiating event probability associated with various classes of accidents; and to quantify the occurrence of various conditions, i.e., end-states, as a function of these important accident sequences. Typically, various classes of conditions are represented by scenarios and are quantified in terms of cut sets and binned into end states. For example, the nuclear industry has a well-defined set of initiating events that are studied in assessing risk. The maturation of risk analysis for cyber security from accounting for barriers or looking at conditions statically to one of ascertaining the probability associated with certain events is, in part, dependent upon the adoption of a scenario-based approach. For example, scenarios take into account threats to personnel and public safety; economic damage, and compromises to major operational and safety functions. Scenarios reflect system, equipment, and component configurations as well as key human-system interactions related to event detection, diagnosis, mitigation and restoration of systems. As part of a cyber attack directed toward
This book contains the following chapters: The Military and Alternative Security: New Missions for Stable Conventional Security; Technology and Alternative Security: A Cherished Myth Expires; Law and Alternative Security: Toward a Just World Peace; Politics and Alternative Security: Toward a More Democratic, Therefore More Peaceful, World; Economics and Alternative Security: Toward a Peacekeeping International Economy; Psychology and Alternative Security: Needs, Perceptions, and Misperceptions; Religion and Alternative Security: A Prophetic Vision; and Toward Post-Nuclear Global Security: An Overview
Cosmin Cătălin Olteanu
Full Text Available The main purpose of the paper is to illustrate the importance of implementing new security policies for infotainment systems in automotive industry. A car is full of technology and is easier today to control car systems through an internet connection linked to car system infotainment. This is how it is possible to gain control of critical car systems. More than 84% of users doesn’t even know the risk of remote control of the car in the presence of Internet connection.
Del Carpio Gallegos, Javier
This article shows how some principles, uses, and practices of risk management are applied in information technology projects in Peru; in the last four years, in representative sectors like manufacturing, banking, information and communications, academics institutions, construction, government, consulting, services, and others. El presente artículo muestra algunos principios, usos y prácticas de cómo la gestión de riesgos de proyectos de tecnología se ha llevado a cabo en los últimos cuatr...
The increasing demands for protection money from foreign exploration and pipeline construction companies by left-wing guerrilla groups in various South American countries led to greater attention being focused on security services. This paper discusses the various alternatives to consider when choosing a security service. The experience of a Canadian pipeline company with projects in South America, and in need of security services, is described. The company felt that it was important that the security firm have a Calgary presence. It ended up hiring Calgary Protection Concepts Corporation, which is run by former Canadian police and intelligence officers, who provide a wide range of security services. Staff spend time in the country involved to look over the local security situation, develop contacts with local intelligence officers, and contract overseas agents who arrange for bodyguards, escorts and armored cars. ProCon also helps companies develop crisis management plans, guiding senior personnel through scenarios such as kidnapping, extortion and civil strife. ProCon also has a 24-hour emergency assistance call centre to provide immediate advice, to notify personnel and family members and to monitor the situation. Trust is key to hiring an outside security service since the security firm becomes party to extremely confidential information. Top security firms usually specialize in either security work or political risk analysis, but not both. The reason for this is that there are big differences in mentality, training and capabilities between studying risks and actively guarding against hazards.
The increasing demands for protection money from foreign exploration and pipeline construction companies by left-wing guerrilla groups in various South American countries led to greater attention being focused on security services. This paper discusses the various alternatives to consider when choosing a security service. The experience of a Canadian pipeline company with projects in South America, and in need of security services, is described. The company felt that it was important that the security firm have a Calgary presence. It ended up hiring Calgary Protection Concepts Corporation, which is run by former Canadian police and intelligence officers, who provide a wide range of security services. Staff spend time in the country involved to look over the local security situation, develop contacts with local intelligence officers, and contract overseas agents who arrange for bodyguards, escorts and armored cars. ProCon also helps companies develop crisis management plans, guiding senior personnel through scenarios such as kidnapping, extortion and civil strife. ProCon also has a 24-hour emergency assistance call centre to provide immediate advice, to notify personnel and family members and to monitor the situation. Trust is key to hiring an outside security service since the security firm becomes party to extremely confidential information. Top security firms usually specialize in either security work or political risk analysis, but not both. The reason for this is that there are big differences in mentality, training and capabilities between studying risks and actively guarding against hazards
Windows security concepts and technologies for IT beginners IT security can be a complex topic, especially for those new to the field of IT. This full-color book, with a focus on the Microsoft Technology Associate (MTA) program, offers a clear and easy-to-understand approach to Windows security risks and attacks for newcomers to the world of IT. By paring down to just the essentials, beginners gain a solid foundation of security concepts upon which more advanced topics and technologies can be built. This straightforward guide begins each chapter by laying out a list of topics to be discussed,
Thunem, Atoosa P-J.
Rapid application growth of complex Information and Communication Technologies (ICT) in every society and state infrastructure as well as industry has revealed vulnerabilities that eventually have given rise to serious security breaches. These vulnerabilities together with the course of the breaches from cause to consequence are gradually about to convince the field experts that ensuring the security of ICT-driven systems is no longer possible by only relying on the fundaments of computer science, IT, or telecommunications. Appropriating knowledge from other disciplines is not only beneficial, but indeed very necessary. At the same time, it is a common observation today that ICT-driven systems are used everywhere, from the nuclear, aviation, commerce and healthcare domains to camera-equipped web-enabled cellular phones. The increasing interdisciplinary and inter-sectoral aspects of ICT security worldwide have been providing updated and useful information to the nuclear domain, as one of the emerging users of ICT-driven systems. Nevertheless, such aspects have also contributed to new and complicated challenges, as ICT security for the nuclear domain is in a much more delicate manner than for any other domains related to the concept of safety, at least from the public standpoint. This report addresses some important aspects of ICT security that need to be considered at nuclear facilities. It deals with ICT security and the relationship between security and safety from a rather different perspective than usually observed and applied. The report especially highlights the influence on the security of ICT-driven systems by all other dependability factors, and on that basis suggests a framework for ICT security profiling, where several security profiles are assumed to be valid and used in parallel for each ICT-driven system, sub-system or unit at nuclear facilities. The report also covers a related research topic of the Halden Project with focus on cyber threats and
Brauch, H.G.; Oswald Spring, Ú.; Mesjasz, C.; Grin, J.; Kameri-Mbote, P.; Chourou, B.; Dunay, P.; Birkmann, J.
This policy-focused Global Environmental and Human Security Handbook for the Anthropo-cene (GEHSHA) addresses new security threats, challenges, vulnerabilities and risks posed by global environmental change and disasters. In 6 forewords, 5 preface essays 95 peer reviewed chapcountries analyse in 10
Chockalingam, Sabarathinam; Hadziosmanovic, D.; Pieters, Wolter; Texeira, Andre; van Gelder, Pieter
Over the last years, we have seen several security incidents that compromised system safety, of which some caused physical harm to people. Meanwhile, various risk assessment methods have been developed that integrate safety and security, and these could help to address the corresponding threats by
materials critical to national security, such as specialty metals, armor plate , and rare earth elements. • Establish DOD policies for developing and...RARE EARTH MATERIALS Developing a Comprehensive Approach Could Help DOD Better Manage National Security Risks in...States Government Accountability Office Highlights of GAO-16-161, a report to congressional committees February 2016 RARE EARTH MATERIALS
With the rapid increase of smartphones and tablets, security concerns have also been on the rise. Traditionally, Information Technology (IT) departments set up devices, apply security, and monitor them. Such approaches do not apply to today's mobile devices due to a phenomenon called Bring Your Own Device or BYOD. Employees find it desirable to…
Sammicheli, Michele; Scaglione, Marcella
We examine, from a medical-legal perspective, the pro and cons of the information technology procedures that the Italian Institute of Social Security (INPS) has implemented to manage the provision of social disability assistance, meaning that separate from the payment of pension contributions, being welfare, anchored to an administrative requirement by way of the compulsory payment of a minimum social security contribution.
Meyers, Tommey H
.... Coast Guard and the U.S. Navy. This revealed that Operational Risk Management (ORM), a risk-based decision-making tool that systematically balances risk and mission completion, and Crew Resource Management (CRM...
Kim, Jongsung; Zou, Deqing; Lee, Yang
ITCS 2012 and STA 2012 address the various theories and practical applications of information technology convergence, secure and trust computing, and data management in future environments. It will present important results of significant value to solve the application services and various problems within the scope of ITCS 2012 & STA 2012. In addition, we expect it will trigger further related research and technology developments which will improve our lives in the future.
Alexander A. Galushkin
Full Text Available In the present article author considers questions of importance of information and communication technologies in modern information society and about information security. In the course of the research the author analyzes opinions both known Russian, and famous foreign scientists and practicians from various countries of the world (Italy, the USA, Portugal, etc.. Author emphasizes importance of information and communication technologies at the present stage of development of society and state.
Hawrylak, Peter J; Schimke, Nakeisha; Hale, John; Papa, Mauricio
Radio frequency identification (RFID) is a form of wireless communication that is used to identify assets and people. RFID has significant benefits to the medical environment. However, serious security threats are present in RFID systems that must be addressed in a medical environment. Of particular interest are threats to patient privacy and safety based on interception of messages, interruption of communication, modification of data, and fabrication of messages and devices. This paper presents an overview of these security threats present in RFID systems in a medical environment and provides guidance on potential solutions to these threats. This paper provides a roadmap for researchers and implementers to address the security issues facing RFID in the medical space.
Sunday S. AKPAN
Full Text Available This paper examined safety and security risk management in tertiary institutions in Nigeria. The frequent attacks at workplace, especially schools, have placed safety and security in the front burner of discussion in both business and political circles. This therefore, forms the imperative for the conduct of this study. The work adopted a cross sectional survey research design and collected data from respondents who are security personnel of the University of Uyo. Analysis of data was done with simple percentage statistics while the research hypotheses were tested with mean and simple regression and correlation statistics. The findings of the study revealed that assassination, kidnappings and bombings were principal risk incidents threatening the safety and security of staff in University of Uyo. A significant positive relationship was found between the funding of security management and workers’ performance. It was discovered specifically that employment screening, regular training of security personnel, regular safety and security meetings and strategic security policy formation were the main strategies for managing safety and security in University of Uyo. The paper concluded that safety and security management and control involves every worker (management and staff of University of Uyo. It was recommended, among others, that management should be more committed to safety and security management in the University by means of making safety and security issues an integral part of University’s strategic plan and also by adopting the management line model – one form of management structure-where safety and security are located, with other general management responsibilities. This way, the resurgent cases of kidnapping, hired assassination, etc. would be reduced if not completely eradicated in the University.
Conclusions: There were no significant differences in food security levels of diabetic and non-diabetic groups. However, some risk factors of type 2 diabetes including sex, marital status, educational level, and obesity were associated with food insecurity.
The risk in the process of enterprise' technology innovation is concluted five subsystems: environmental risk, market risk, enterprise capacity risk, project risk and project management risk, 16 risk factors under each subsystem are identified. A Interpretative Structural Modeling(ISM) of of risk factors is established, the relationship and influence levels of them is confirmed, the purpose is to help enterprise assessing risks and taking countermeasure to minimize the potential loss and increase the innovation income.
Johnson, Marcia L.
This qualitative study explored why there are so few senior women in the information security technology management field and whether gender played a part in the achievement of women in the field. Extensive interviews were performed to capture the lived experiences of successful women in the field regarding the obstacles and common denominators of…
Full Text Available Most of the actions that fall under the trilogy of cyber crime, terrorism,and war exploit pre-existing weaknesses in the underlying technology.Because these vulnerabilities that exist in the network are not themselvesillegal, they tend to be overlooked in the debate on cyber security. A UKreport on the cost of cyber crime illustrates this approach. Its authors chose to exclude from their analysis the costs in anticipation of cyber crime, such as insurance costs and the costs of purchasing anti-virus software on the basis that "these are likely to be factored into normal day-to-day expenditures for the Government, businesses, and individuals. This article contends if these costs had been quantified and integrated into the cost of cyber crime, then the analysis would have revealed that what matters is not so much cyber crime, but the fertile terrain of vulnerabilities that unleash a range of possibilities to whomever wishes to exploit them. By downplaying the vulnerabilities, the threats represented by cyber war, cyber terrorism, and cyber crime are conversely inflated. Therefore, reassessing risk as a strategy for security in cyberspace must include acknowledgment of understated vulnerabilities, as well as a better distributed knowledge about the nature and character of the overhyped threats of cyber crime, cyber terrorism, and cyber war.
Cloud computing is a multi million dollar business. As more and more enterprises are adopting cloud services for their businesses, threat of security has become a big concern for these enterprises and cloud users. This review describes the latest threats and risks associated with cloud computing and suggests techniques for better privacy and security of data in cloud environment. Threats and risks associated with cloud service models (SaaS, PaaS and IaaS) along with cloud deployment models (p...
Technology & Learning, 2008
Anytime, anywhere, learning provides opportunities to create digital learning environments for new teaching styles and personalized learning. As part of making sure the program is effective, the safety and security of students and assets are essential--and mandated by law. The Children's Internet Protection Act (CIPA) addresses Internet content…
The growing demand for healthcare services is motivating hospitals to strengthen outpatient case management using information systems in order to serve more patients using the available resources. Though the use of information systems in outpatient case management raises patient data security
Herrmann, Andrea; Morali, A.; Etalle, Sandro; Wieringa, Roelf J.; Niedrite, Laila; Strazdina, Renate; Wangler, Benkt
Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement “good-enough security‿ but need to be able to justify their security investment plans. Currently companies achieve this by means of
Yu, Yijun; Nunes Leal Franqueira, V.; Tun, Thein Tan; Wieringa, Roelf J.; Nuseibeh, Bashar
Computer-based systems are increasingly being exposed to evolving security threats, which often reveal new vulnerabilities. A formal analysis of the evolving threats is difficult due to a number of practical considerations such as incomplete knowledge about the design, limited information about
e.g., functionality, performance, safety, security, interoperability, and so forth) is dependent on software in some significant way [ Bergey 2009...www.sei.cmu.edu/library/abstracts/reports/10tn025.cfm [ Bergey 2009] Bergey , John K. A Proactive Means for Incorporating a Software Architecture
Jaccoud, Luciana de Barros; Mesquita, Ana Cleusa Serra; Paiva, Andrea Barreto de
This paper analyzes the proposed changes in the Continuous Cash Benefit (BPC) discussed within the Social Security Reform, both with regard to the Federal Government's original proposal in 2016 and the proposal by the rapporteur's project submitted to Congress in 2017. The proposed changes focus on two aspects: increased minimum age of access and unlinking the BPC amount from the minimum wage amount. The document discusses the justifications for the BPC reform, regarding both disincentives to social security contributions and demographic changes, as well as estimated possible impacts of proposed changes. The study concludes that measures, if approved, tend to reduce coverage and increase income vulnerability of the elderly and the disabled in the country.
Garg, Amit; Tiwari, Vineet; Vishwanathan, Saritha
Climate change mitigation regimes are expected to impose constraints on the future use of fossil fuels in order to reduce greenhouse gas (GHG) emissions. In 2015, 41% of total final energy consumption and 64% of power generation in India came from coal. Although almost a sixth of the total coal based thermal power generation is now super critical pulverized coal technology, the average CO2 emissions from the Indian power sector are 0.82 kg-CO2/kWh, mainly driven by coal. India has large domestic coal reserves which give it adequate energy security. There is a need to find options that allow the continued use of coal while considering the need for GHG mitigation. This paper explores options of linking GHG emission mitigation and energy security from 2000 to 2050 using the AIM/Enduse model under Business-as-Usual scenario. Our simulation analysis suggests that advanced clean coal technologies options could provide promising solutions for reducing CO2 emissions by improving energy efficiencies. This paper concludes that integrating climate change security and energy security for India is possible with a large scale deployment of advanced coal combustion technologies in Indian energy systems along with other measures.
This paper argues that security belongs to a specific category of commodities: “contested commodities” around which there is an ongoing and unsettled symbolic struggle over whether or not they can and should be though of as commodities (section 1). The contested nature of commodification has implications for how markets function; market practices tend to be defined and organized in ways that minimize their contentiousness and obfuscate their expansion. The paper looks at the implications of t...
To enhance aviation security, the Department of Homeland Securitys (DHS) Transportation Security Administration (TSA) developed a programknown as Secure Flightto assume from air carriers the function of matching passenger information against...
Campbell, Bruce Morgan; Vermeulen, Sonja Joy; Aggarwal, Pramod
Climate change will have far-reaching impacts on crop, livestock and fisheries production, and will change the prevalence of crop pests. Many of these impacts are already measurable. Climate impact studies are dominated by those on crop yields despite the limitations of climate-crop modelling...... stakeholder-driven portfolios of options for farmers, communities and countries; (c) ensuring that adaptation actions are relevant to those most vulnerable to climate change; (d) combining adaptation and mitigation......., with very little attention paid to more systems components of cropping, let alone other dimensions of food security. Given the serious threats to food security, attention should shift to an action-oriented research agenda, where we see four key challenges: (a) changing the culture of research; (b) deriving...
management framework under the NIPP, examines how implementation has been managed as strategic change through the lens of change management theory ...implementation has been managed as strategic change through the lens of change management theory , and offers recommendations for improvement. It is...framework been handled as strategic change in homeland security policy? How might change management theory and practice be applied to assess the
New technologies are setting a fast pace in our world. Through science and technology we are able to make our world better, richer and more liveable to everyone. However, the new technologies have brought new mans of destruction and have confronted the world with a real prospect of self destruction. This is one of the main challenges of our age. Greater mutual confidence, openness and, if necessary, checks on how scientific and technological co-operation is used must bring down the existing barriers un the area of technological exchanges. The first results are already evident, for instance in the nuclear field. In our age, science and technology are becoming an inherent element in the comprehensive search for a new, post-confrontational system of peace, security and co-operation. United nations, together with its family of specialized agencies, is called upon to play a major positive role in finding approaches in this area. Scientific and technological progress, especially on the eve of a new millennium in the history of mankind, must serve only to enhance international peace and security and, enable everyone to live a full and worthy life
Liming, J.K.; Johnson, D.H.; Dykes, A.A.
Commercial nuclear power plant physical security has received much more intensive treatment and regulatory attention since September 11, 2001. In light of advancements made by the nuclear power industry in the field of probabilistic safety assessment (PSA) for its power plants over that last 30 years, and given the many examples of successful applications of risk-informed regulation at U. S. nuclear power plants during recent years, it may well be advisable to apply a 'risk-informed' approach to security management at nuclear power plants from now into the future. In fact, plant PSAs developed in response to NRC Generic Letter 88-20 and related requirements are used to help define target sets of critical plant safety equipment in our current security exercises for the industry. With reasonable refinements, plant PSAs can be used to identify, analyze, and evaluate reasonable and prudent approaches to address security issues and associated defensive strategies at nuclear power plants. PSA is the ultimate scenario-based approach to risk assessment, and thus provides a most powerful tool in identifying and evaluating potential risk management decisions. This paper provides a summary of observations of factors that are influencing or could influence cost-effective or 'cost-reasonable' security management decision-making in the current political environment, and provides recommendations for the application of PSA tools and techniques to the nuclear power plant operational safety response exercise process. The paper presents a proposed framework for nuclear power plant probabilistic terrorist risk assessment that applies these tools and techniques. (authors)
Full Text Available As a result of the rapid development of information technologies and globalization, growing trading volumes and variety of securities have increased the exposure of economic units on risk. Therefore, the topics with respect to risk management have drawn substantial attention from both in academic and practitioners. In recent years , Value at Risk “VaR” approach, one of the methods used for evaluating risk , has gained widespread acceptance. In the first part of this study , the types of risk , the definition and historical development of the Value at Risk Approach , its methods and differences among these methods are explained. At the next section , VaR’s of the portfolios of ISE 30 index and goverment securities are estimated at the %99 and %95 confidence level and for 1 day and 10-day periods by the Monte Carlo simulation method which is one of the nonparametric estimation approaches of VaR. For each portfolio, simulations are performed based on the normal and Student–t distributions and results are compared. In the last section, the study is evaluated as a whole and emprical results are commented.
Moore, Judy Hennessey; Whitley, John B.; Chellis, Craig (Pacific Disaster Center, Kihei, HI)
In October of 2003 experts involved in various aspects of homeland security from the Pacific region met to engage in a free-wheeling discussion and brainstorming (a 'fest') on the role that technology could play in winning the war on terrorism in the Pacific region. The result was a concise and relatively thorough definition of the terrorism problem in the Pacific region, emphasizing the issues unique to Island nations in the Pacific setting, along with an action plan for developing working demonstrations of advanced technological solutions to these issues. Since PacFest 2003, the maritime dimensions of the international security environment have garnered increased attention and interest. To this end, PacFest 2004 sought to identify gaps and enabling technologies for maritime domain awareness and responsive decision-making in the Asia-Pacific region. The PacFest 2004 participants concluded that the technologies and basic information building blocks exist to create a system that would enable the Pacific region government and private organizations to effectively collaborate and share their capabilities and information concerning maritime security. The proposed solution summarized in this report integrates national environments in real time, thereby enabling effective prevention and first response to natural and terrorist induced disasters through better use of national and regional investments in people, infrastructure, systems, processes and standards.
Voeller, John G
Energy Systems Security features articles from the Wiley Handbook of Science and Technology for Homeland Security covering topics related to electricity transmission grids and their protection, risk assessment of energy systems, analysis of interdependent energy networks. Methods to manage electricity transmission disturbances so as to avoid blackouts are discussed, and self-healing energy system and a nano-enabled power source are presented.
Althouse, Paris [Lawrence Livermore National Lab. (LLNL), Livermore, CA (United States)
In the fast-paced field of biotechnology where innovation has such far-reaching impacts on human health and the environment, dealing with the implications of possible illicit activities, accidents or unintended research consequences with potential detrimental societal impacts tends to remain in the background. While controls may be inevitable for the biotech industry, workshop attendees agreed that the way in which controls are implemented will play a major role in the agility and innovation of the biotechnology industry. There is little desire to slow down the pace of the gains while dealing with the security issues that arise. As was seen from the brief examinations of the Nuclear, Chemical, and Information Technology sectors explored in this workshop, establishing a regulatory regime needs to be a partnership between the public, corporate interests, scientists, and the government. Regulation is often written to combat perceived risk rather than actual risk—the public’s perceptions (occasionally even fictional portrayals) can spur regulatory efforts. This leads to the need for a thorough and continuing assessment of the risks posed by modern biotechnology. Inadequate or minimal risk assessment might expedite development in the short term but has potential negative long-term security and economic consequences. Industry and the technical community also often have a large role in setting regulatory policy, especially when well-crafted incentives are incorporated into the regulations. Such incentives might actually lead to enhanced innovation while poorly designed incentives can actually reduce safety and security. Any regulations should be as agile and flexible as the technology they regulate and when applied to biotechnologies they will need a new framework for thinking and implementing. The new framework should consider biotechnology as a technology and not simply a science since it is an extremely complex and adaptive system. This suggests the need to invest
... successfully adopted by four organizations known for their efforts to implement good risk assessment practices. More importantly, it identifies, based on the case studies, factors that are important to the success of any risk assessment program, regardless of the specific methodology employed.
Yang, Jun Eon; Kang, Dae Il; Kang, Hyun Gook
The main idea and contents are summarized as below 1) Development of new risk/performance assessment system innovating old labor-intensive risk assessment structure - New consolidated risk assessment technology from various hazard(flood, fire, seismic in NPP) - BOP model development for performance monitoring - Consolidated risk/performance management system for consistency and efficiency of NPP 2) Resolution technology for pending issues in PSA - Base technology for PSA of digital I and C system - Base technology for seismic PSA reflecting domestic seismic characteristics and aging effect - Uncertainty reduction technology for level 2 PSA and best estimation of containment failure frequency 3) Next generation risk/performance assessment technology - Human-induced error reduction technology for efficient operation of a NPP
Full Text Available Since 2006, retired U.S. admirals and generals have been examining our changing physical world and assessing the impact of those changes on the security of the nation. A Military Advisory Board (MAB, convened by the CNA Corporation, a non-profit research and analysis institution that operates the Center for Naval Analyses and Institute for Public Research has issued two reports on the changing climate’s national security implications. The first report, published in 2007, stated that the changing climate would be destabilizing in many parts of the world. Climate change, in fact, would be a “threat multiplier”, the report claimed, and result in new and more urgent calls for the American military to provide humanitarian assistance and disaster relief (HADR as well as help sustain order and ensure conditions that would permit trade and prosperity worldwide. The MAB recommended urgent action by the Defense Department to prepare for new missions in new places; and that the Defense Department explicitly recognize missions stemming from the changing climate. CNA’s MAB then published three reports on energy, relating to climate change, one each on: the coming age of renewables, the nation’s energy dependence, and the future of energy in terms of America’s international competitiveness (CNA-MAB, 2009; CNA-MAB, 2010; CNA-MAB, 2011. In 2014, the Military Advisory Board noted that the climate was changing more quickly than had been forecast in 2007. Undertaking a new climate study, the board concluded that more needed to be done, and done quickly, to prepare for and confront the “catalyst for conflict” that the board now saw in climate change. Guest Editors’ Note: The following commentary derives from a presentation by Vice Admiral Lee Gunn, U.S. Navy (Ret., delivered by invitation at the American Association for the Advancement of Science Meeting, San Jose, California, February 13, 2015. Prior to his advisory role for the U.S. Military and
Full text: Two research initiatives by Pandion Systems, funded by the US Bureau of Ocean Energy Management, Regulation, and Enforcement (BOEMRE), are addressing the enormous challenges of conducting offshore wind-wildlife risk/impact studies by providing new wildlife sensing technologies that surmount some of the limitations of previous techniques. Both initiatives rest on the shoulders of pioneering European studies and experience. One entails the development of a remote-operating acoustic/thermographic detector. This device, designed with input from the Danish National Environmental Research Institute (NERI) and Cornell Laboratory of Ornithology (CLO), will provide species-specific occurrence data, as well as flight altitude estimation, for vocalizing flying wildlife that flies within a detection beam that corresponds roughly to the rotor swept zone of a single, commercial marine wind turbine. While the detection beam is small and limitations exist for silently flying animals, this device will be capable of providing information on bats and on federally-listed bird species that has been difficult or impossible to achieve with other methods. A preliminary version of this device was developed in 2009-2010 in a BOEMRE-funded pilot study, and a sea-worthy device is currently being developed, scheduled for initial deployment on the US Atlantic Outer Continental Shelf (AOCS) in summer, 2011. A second initiative is targeted at developing a high-definition aerial survey protocol capable of providing a safe, cost-effective, reproducible snapshot of bird, marine mammal, and sea turtle distribution on the entire AOCS. This research, being conducted with a team of technologists and biologists including scientists from the British Trust for Ornithology (BTO), entails conducting a series of pilot experiments in spring, 2011 with a variety of different aircraft, cameras, flight altitudes, and image resolutions, to determine optimum protocols for the large-scale surveys. Both of
Greene, David L [ORNL; Boudreaux, Philip R [ORNL; Dean, David Jarvis [ORNL; Fulkerson, William [University of Tennessee, Knoxville (UTK); Gaddis, Abigail [University of Tennessee, Knoxville (UTK); Graham, Robin Lambert [ORNL; Graves, Ronald L [ORNL; Hopson, Dr Janet L [University of Tennessee, Knoxville (UTK); Hughes, Patrick [ORNL; Lapsa, Melissa Voss [ORNL; Mason, Thom [ORNL; Standaert, Robert F [ORNL; Wilbanks, Thomas J [ORNL; Zucker, Alexander [ORNL
We present and apply a new method for analyzing the significance of advanced technology for achieving two important national energy goals: climate protection and energy security. Quantitative metrics for U.S. greenhouse gas emissions in 2050 and oil independence in 2030 are specified, and the impacts of 11 sets of energy technologies are analyzed using a model that employs the Kaya identity and incorporates the uncertainty of technological breakthroughs. The goals examined are a 50% to 80% reduction in CO2 emissions from energy use by 2050 and increased domestic hydrocarbon fuels supply and decreased demand that sum to 11 mmbd by 2030. The latter is intended to insure that the economic costs of oil dependence are not more than 1% of U.S. GDP with 95% probability by 2030. Perhaps the most important implication of the analysis is that meeting both energy goals requires a high probability of success (much greater than even odds) for all 11 technologies. Two technologies appear to be indispensable for accomplishment of both goals: carbon capture and storage, and advanced fossil liquid fuels. For reducing CO2 by more than 50% by 2050, biomass energy and electric drive (fuel cell or battery powered) vehicles also appear to be necessary. Every one of the 11 technologies has a powerful influence on the probability of achieving national energy goals. From the perspective of technology policy, conflict between the CO2 mitigation and energy security is negligible. These general results appear to be robust to a wide range of technology impact estimates; they are substantially unchanged by a Monte Carlo simulation that allows the impacts of technologies to vary by 20%.
Alic. Lemis M. Branscomb, Harvey Brooks, Ashton B. Carter, and Gerald L. Epstein, Beyond Spinoff: Military and Commercial Technologies in a Changing...97. Is Aaron Karp , "Controlling Weapons Proliferation: The Role of Export Controlw The Journal of Strategic Studies, March 1993, p. 24. 19 Balancing...The National Interest: U.S. National Security Export Controls and Global Economic Competition, op. cit., p. 98. 20 Karp , op. cit., p. 40. 21
.... Mail and postal workers. As requested, my testimony will focus on the work we have done over the past five years on combating terrorism and our recommendations advocating a risk management approach for such programs...
The concept of food insecurity is complex and goes beyond the simplistic idea of a country's inability to feed its population. The global food situation is redefined by many driving forces such as population growth, availability of arable lands, water resources, climate change and food availability, accessibility and loss. The combined effect of these factors has undeniably impacted global food production and security. This article reviews the key factors influencing global food insecurity and emphasises the need to adapt science-based technological innovations to address the issue. Although anticipated benefits of modern technologies suggest a level of food production that will sustain the global population, both political will and sufficient investments in modern agriculture are needed to alleviate the food crisis in developing countries. In this globalised era of the 21st century, many determinants of food security are trans-boundary and require multilateral agreements and actions for an effective solution. Food security and hunger alleviation on a global scale are within reach provided that technological innovations are accepted and implemented at all levels. Copyright © 2011 Society of Chemical Industry.
Mendez Cruz, Carmen Margarita [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Rochau, Gary E. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Middleton, Bobby [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Rodriguez, Salvador B. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Rodriguez, Carmelo [General Atomics, San Diego, CA (United States); Schleicher, Robert [General Atomics, San Diego, CA (United States)
Sandia National Laboratories and General Atomics are pleased to respond to the Advanced Research Projects Agency-Energy (ARPA-e)’s request for information on innovative developments that may overcome various current reactor-technology limitations. The RFI is particularly interested in innovations that enable ultra-safe and secure modular nuclear energy systems. Our response addresses the specific features for reactor designs called out in the RFI, including a brief assessment of the current state of the technologies that would enable each feature and the methods by which they could be best incorporated into a reactor design.
Mendez Cruz, Carmen Margarita; Rochau, Gary E.; Middleton, Bobby; Rodriguez, Salvador B.; Rodriguez, Carmelo; Schleicher, Robert
Sandia National Laboratories and General Atomics are pleased to respond to the Advanced Research Projects Agency-Energy (ARPA-e)'s request for information on innovative developments that may overcome various current reactor-technology limitations. The RFI is particularly interested in innovations that enable ultra-safe and secure modular nuclear energy systems. Our response addresses the specific features for reactor designs called out in the RFI, including a brief assessment of the current state of the technologies that would enable each feature and the methods by which they could be best incorporated into a reactor design.
Shin, Jin Soo; Heo, Gyun Young [Dept. of Nuclear Engineering, Kyung Hee University, Yongin (Korea, Republic of); Son, Han Seong [Computer and Game Science, Joongbu University, Geumsan (Korea, Republic of)
Cyber security is an important issue in the field of nuclear engineering because nuclear facilities use digital equipment and digital systems that can lead to serious hazards in the event of an accident. Regulatory agencies worldwide have announced guidelines for cyber security related to nuclear issues, including U.S. NRC Regulatory Guide 5.71. It is important to evaluate cyber security risk in accordance with these regulatory guides. In this study, we propose a cyber security risk evaluation model for nuclear instrumentation and control systems using a Bayesian network and event trees. As it is difficult to perform penetration tests on the systems, the evaluation model can inform research on cyber threats to cyber security systems for nuclear facilities through the use of prior and posterior information and backpropagation calculations. Furthermore, we suggest a methodology for the application of analytical results from the Bayesian network model to an event tree model, which is a probabilistic safety assessment method. The proposed method will provide insight into safety and cyber security risks.
Full Text Available Cyber security is an important issue in the field of nuclear engineering because nuclear facilities use digital equipment and digital systems that can lead to serious hazards in the event of an accident. Regulatory agencies worldwide have announced guidelines for cyber security related to nuclear issues, including U.S. NRC Regulatory Guide 5.71. It is important to evaluate cyber security risk in accordance with these regulatory guides. In this study, we propose a cyber security risk evaluation model for nuclear instrumentation and control systems using a Bayesian network and event trees. As it is difficult to perform penetration tests on the systems, the evaluation model can inform research on cyber threats to cyber security systems for nuclear facilities through the use of prior and posterior information and backpropagation calculations. Furthermore, we suggest a methodology for the application of analytical results from the Bayesian network model to an event tree model, which is a probabilistic safety assessment method. The proposed method will provide insight into safety and cyber security risks.
Shin, Jin Soo; Heo, Gyun Young; Son, Han Seong
Cyber security is an important issue in the field of nuclear engineering because nuclear facilities use digital equipment and digital systems that can lead to serious hazards in the event of an accident. Regulatory agencies worldwide have announced guidelines for cyber security related to nuclear issues, including U.S. NRC Regulatory Guide 5.71. It is important to evaluate cyber security risk in accordance with these regulatory guides. In this study, we propose a cyber security risk evaluation model for nuclear instrumentation and control systems using a Bayesian network and event trees. As it is difficult to perform penetration tests on the systems, the evaluation model can inform research on cyber threats to cyber security systems for nuclear facilities through the use of prior and posterior information and backpropagation calculations. Furthermore, we suggest a methodology for the application of analytical results from the Bayesian network model to an event tree model, which is a probabilistic safety assessment method. The proposed method will provide insight into safety and cyber security risks
Ice Ilijevski; Zlate Dimovski; Kire Babanoski
Main object of this paper is to present the organizational structure and the function of the security system of the Republic of Macedonia by the regulatory authorities. The security institutions, whose primary purpose is to cope with all sorts of threats and risks, need to be properly interconnected and the cooperation should be on a high level. The security system is a reflection of the characteristics of the state and should be functional, professional and based on law. The purpose of this ...
Voeller, John G
Cyber Security features articles from the Wiley Handbook of Science and Technology for Homeland Security covering topics related to cyber security metrics and measure and related technologies that meet security needs. Specific applications to web services, the banking and the finance sector, and industrial process control systems are discussed.
Engr. Orven F. Mendoza
Full Text Available The security of vehicles is ext remely essential for vehicle owners especially to those whose hard - earned income was used to avail of one or simply, its loss would mean inconveniences to family and work. With these, it becomes the major problem of every vehicle owner. This thesis, Microc ontroller - based Vehicle Security System with Tracking Capability using GSM and GPS Technologies, is a system that can be used to increase vehicle security, as it can track location of missing vehicle, and help authorities have credible evidence that the ve hicle is stolen. The project uses the Global System for Mobile (GSM and the Global Positioning System (GPS technology, which includes the use of GPS receiver module, GSM module, and microcontroller as its primary components. It also uses a vibration sens or that senses vehicle movement and a buzzer that sends an alarm when sensors are triggered. A confirmation message is sent to the vehicle owner of the vehicle by the device. The system also features capability of tracking the location of the vehicle with the help of the GPS receiver which gives data to the location of the vehicle by way of coordinates. These coordinates provide exact location of the motor vehicle. The SMS message that the vehicle owner will send to the device attached to the vehicle should follow correct format of limitation for successful use and the use of the four character password followed by the command. The command is for power switching or activating automatically the key switch, engine and alarm. If not observed, the device would not work. The project is deemed to provide vehicle owners the security of their vehicle. The system will not only ensure vehicle security but also lessen the threats on vehicles.
Green, Mary W.
As problems of violence and crime become more prevalent in our schools, more and more school districts will elect to use security technologies to control these problems. While the desired change in student and community attitudes will require significant systemic change through intense US social programs, security technologies can greatly augment school staff today by providing services similar to having extra adults present. Technologies such as cameras, sensors, drug detection, biometric and personnel identification, lighting, barriers, weapon and explosives detection, anti- graffiti methods, and duress alarms can all be effective, given they are used in appropriate applications, with realistic expectations and an understanding of limitations. Similar to a high-risk government facility, schools must consider a systems approach to security, which includes the use of personnel and procedures as well as security technologies, such that the synergy created by all these elements together contributes more tot he general 'order maintenance' of the facility than could be achieved by separate measures not integrated or related.
As problems of violence and crime become more prevalent in our schools (or at least the perception of their prevalence), more and more school districts will elect to use security technologies to control these problems. While the desired change in student and community attitudes will require significant systemic change through intense U.S. social programs, security technologies can greatly augment school staff today by providing services similar to having extra adults present. Technologies such as cameras, sensors, drug detection, biometric and personnel identification, lighting, barriers, weapon and explosives detection, anti-graffiti methods, and duress alarms can all be effective, given they are used in appropriate applications, with realistic expectations and an understanding of limitations. Similar to a high-risk government facility, schools must consider a systems (`big picture`) approach to security, which includes the use of personnel and procedures as well as security technologies, such that the synergy created by all these elements together contributes more to the general `order maintenance` of the facility than could be achieved by separate measures not integrated or related.
Snowberg, David [National Renewable Energy Lab. (NREL), Golden, CO (United States); Weber, Jochem [National Renewable Energy Lab. (NREL), Golden, CO (United States)
Over the past decade, the global marine and hydrokinetic (MHK) industry has suffered a number of serious technological and commercial setbacks. To help reduce the risks of industry failures and advance the development of new technologies, the U.S. Department of Energy (DOE) and the National Renewable Energy Laboratory (NREL) developed an MHK Risk Management Framework. By addressing uncertainties, the MHK Risk Management Framework increases the likelihood of successful development of an MHK technology. It covers projects of any technical readiness level (TRL) or technical performance level (TPL) and all risk types (e.g. technological risk, regulatory risk, commercial risk) over the development cycle. This framework is intended for the development and deployment of a single MHK technology—not for multiple device deployments within a plant. This risk framework is intended to meet DOE’s risk management expectations for the MHK technology research and development efforts of the Water Power Program (see Appendix A). It also provides an overview of other relevant risk management tools and documentation.1 This framework emphasizes design and risk reviews as formal gates to ensure risks are managed throughout the technology development cycle. Section 1 presents the recommended technology development cycle, Sections 2 and 3 present tools to assess the TRL and TPL of the project, respectively. Section 4 presents a risk management process with design and risk reviews for actively managing risk within the project, and Section 5 presents a detailed description of a risk registry to collect the risk management information into one living document. Section 6 presents recommendations for collecting and using lessons learned throughout the development process.
Wyss, Gregory; Hinton, John; Clem, John; Silva, Consuelo; Duran, Felicia A.
Document available in abstract form only. Full text of publication follows: Decision makers wish to use risk-based cost-benefit analysis to prioritize security investments. However, understanding security risk requires estimating the likelihood of attack, which is extremely uncertain and depends on unquantifiable psychological factors like dissuasion and deterrence. In addition, the most common performance metric for physical security systems, probability of effectiveness at the design basis threat [P(E)], performs poorly in cost-benefit analysis. It is extremely sensitive to small changes in adversary characteristics when the threat is near a systems breaking point, but very insensitive to those changes under other conditions. This makes it difficult to prioritize investment options on the basis of P(E), especially across multiple targets or facilities. To overcome these obstacles, a Sandia National Laboratories Laboratory Directed Research and Development project has developed a risk-based security cost-benefit analysis method. This approach characterizes targets by how difficult it would be for adversaries to exploit each targets vulnerabilities to induce consequences. Adversaries generally have success criteria (e.g., adequate or desired consequences and thresholds for likelihood of success), and choose among alternative strategies that meet these criteria while considering their degree of difficulty in achieving their successful outcome. Investments reduce security risk as they reduce the severity of consequences available and/or increase the difficulty for an adversary to successfully accomplish their most advantageous attack
Sharma, Manoj Kumar
The present case highlights the addictive potential of Wikipedia usage. The users approached a technology addiction clinic for the management of excessive use of technology. A clinical interview was used to elicit information about usages. It indicates the addictive use of Wikipedia and associated dysfunction in lifestyle. It has implication for promotion of healthy use of technology.
Manoj Kumar Sharma
Full Text Available The present case highlights the addictive potential of Wikipedia usage. The users approached a technology addiction clinic for the management of excessive use of technology. A clinical interview was used to elicit information about usages. It indicates the addictive use of Wikipedia and associated dysfunction in lifestyle. It has implication for promotion of healthy use of technology.
Sharma, Manoj Kumar
The present case highlights the addictive potential of Wikipedia usage. The users approached a technology addiction clinic for the management of excessive use of technology. A clinical interview was used to elicit information about usages. It indicates the addictive use of Wikipedia and associated dysfunction in lifestyle. It has implication for promotion of healthy use of technology.
The situation of radiation protection should be put in the more general perspective of risk governance where new patterns of risk governance necessitate periodic updating of social trust within open decision making processes. This trend also affects the traditional risk governance patterns in the sense that their legitimacy is grounded on social delegation and no more on authority or scientific evidence. Whatever is the dominant pattern of risk governance there is consequently a real challenge for radiation protection to explicit and share with society the rationales of its expertise. This is why the spreading of a radiation protection culture is a key challenge for a better integration of radiation protection in modern societies. Standards and norms should no more be prepared in the darkness of internalized decision making processes limited to Public Authorities, experts and operators. The use of standards should also be clearly linked with the acquisition and maintenance of a radiation protection culture. Radiation protection cannot remain in the hand of a few specialists. It should become a concern for all the exposed categories of actors in the relevant contexts. (author)
Song, J. G.; Lee, J. W.; Lee, D. Y.; Lee, C. K.
The instrumentation and control (I and C) systems in nuclear power plants (NPPs) have been digitalized recently. Hence, cyber security becomes an important feature to be incorporated into the I and C systems. The Regulatory Guide 5.71 published by U.C NRC in 2010 presents a comprehensive set of security controls for the cyber security of I and C systems in NPPs. However, the application of security controls specified in the RG 5.71 in a specific I and C system still requires many analysis efforts based on the understanding of the security controls, since the guideline does not provide the details to system designers or developers regarding what, where, and how to apply the security controls. To apply security controls to I and C systems, cyber security requirements should be identified based on the cyber security policy and program, then the design and implementation of security controls should be performed along with the I and C system development life cycle. It can be assumed that cyber security requirements are identified during the system design(SD) phase and the design and implementation of security controls is performed during the component design(CD) phase. When identifying security requirements and performing the design and implementation of security controls, cyber security risk assessments should be processed with the understanding of the characteristics of target systems. In this study, the Cyber Security Risk Analysis and Assessment System (CSRAS) has been developed as a tool for analyzing security requirements and technical security controls considering based on a general cyber security risk assessment procedure with the consideration of the characteristics of I and C systems and the development phases
Ericsson, A.M.; Jaernry, C.
Since the event of September 11, 2001, the way most people look at transportation risk has changed. There is now a lot more focusing on the security concerns related to the transportation of radioactive material. Most people are now more concerned about the risk of terrorist actions or sabotage than of accidents. This is probably due to the fact that the safety record for transportation of radioactive material has so far been very good and that most people experience terrorism and sabotage more scaring and less controllable than general accidents. This paper will compare the safety and the security regulations and discuss synergies and contradictions between the sets of regulations
Yang, Joon Eon; Kim, K. Y.; Ahn, K. I.; Lee, Y. H.; Lim, H. G.; Jung, W. S.; Choi, S. Y.; Han, S. J.; Ha, J. J.; Hwang, M. J.; Park, S. Y.; Yoon, C
This project aims at developing risk-informed application technologies to enhance the safety and economy of nuclear power plant altogether. For this, the Integrated Level 1 and 2 PSA model is developed. In addition, the fire and internal flooding PSA models are improved according to the PSA standard of U.S.A. To solve the issues of domestic PSA model, the best-estimate thermal hydraulic analyses are preformed for the ATWS and LSSB. In order to reduce the uncertainty of PSA, several new PSA technologies are developed: (1) more exact quantification of large fault tree, (2) importance measure including the effects of external PSA. As feasibility studies of Option 2 and 3, the class of 6 systems' SSC are re-classified based on the risk information and the sensitivity analyses is performed for the EDG starting time, respectively. It is also improved that the methodology to identify the vital area of NPP. The research results of this project can be used in the regulatory body and the industry projects for risk-informed applications.
Full Text Available Securities of Slovene companies are listed at the Ljubljana Stock Exchange. Market capitalisation at the Ljubljana Stock Exchange has been growing since 1996 due to new listings of equities. On the basis of financial data time series for listed equities, the financial investor can calculate a risk for each individual security with a selected risk measure and can determine an optimal portfolio, subject to selected constraints. In this paper, we shall consequently determine an optimal portfolio of equities for the financial investor, investing his assets only in selected equities listed at the Ljubljana Stock Exchange. Selecting an appropriate risk measure is especially important for a commercial bank in a risk management process. Commercial banks can use internal models in the risk management process and for the purpose of capital charges as well. An optimal portfolio will be calculated, using a non-linear mathematical model.
Bennett, Jeannine B.
This study addressed the problems associated with users' understanding, accepting, and complying with requirements of security-oriented solutions. The goal of the research was not to dispute existing theory on IT project implementations, but rather to further the knowledge on the topic of technology user acceptance of security-oriented IT…
Forrest, Robert; Reinhardt, Jason Christian; Wheeler, Timothy A.; Williams, Adam David
Safety-focused risk analysis and assessment approaches struggle to adequately include malicious, deliberate acts against the nuclear power industry's fissile and waste material, infrastructure, and facilities. Further, existing methods do not adequately address non- proliferation issues. Treating safety, security, and safeguards concerns independently is inefficient because, at best, it may not take explicit advantage of measures that provide benefits against multiple risk domains, and, at worst, it may lead to implementations that increase overall risk due to incompatibilities. What is needed is an integrated safety, security and safeguards risk (or "3SR") framework for describing and assessing nuclear power risks that can enable direct trade-offs and interactions in order to inform risk management processes -- a potential paradigm shift in risk analysis and management. These proceedings of the Sandia ePRA Workshop (held August 22-23, 2017) are an attempt to begin the discussions and deliberations to extend and augment safety focused risk assessment approaches to include security concerns and begin moving towards a 3S Risk approach. Safeguards concerns were not included in this initial workshop and are left to future efforts. This workshop focused on four themes in order to begin building out a the safety and security portions of the 3S Risk toolkit: 1. Historical Approaches and Tools 2. Current Challenges 3. Modern Approaches 4. Paths Forward and Next Steps This report is organized along the four areas described above, and concludes with a summary of key points. 2 Contact: firstname.lastname@example.org; +1 (925) 294-2728
Eiser, J.R.; Miles, S.; Frewer, L.J.
There is substantial empirical evidence that both trust and risk perceptions influence public acceptance of new technologies. We reanalyzed 3 studies (on food technology) to compare whether (a) both trust and perceived risk are independently and directly associated with acceptance, or (b) the
preferred technologies in reducing production risk related to climate variability in Eastern Uganda. Data for this study were ..... Set of technological options employed by farmers to reduce climate-induced production risk. Dummy = 1 if farmer. 0.71. 0.46 ..... cation exchange capacity for holding nutrients against leaching loss.
In countries where insurance and credit markets are thin or missing, production and consumption risks play a critical role in the choice and use of production inputs and adoption of new farm technologies. This paper investigated the effect of selected farm technologies and their risk implications in different rainfall patterns of ...
Marcio Marcelo Belli
Full Text Available This work tested if brasilian technology companies has a greater systematic risk than traditional companies in Brazil. For to achieve tje purpose, two companies samples , one of technology companies and the other of traditional companies, were composed. The tecnique employed was a multiple regression analysis considering a dichotomous variable wich represents the technological factor and another numerical variable wich represents the intangibility degree of companies. As a dependent variable was considered the CAPM systematic risk. The results indicated that technology companies have a greater systematic risk than traditional companies regardless of the degree of intangibility.
Full Text Available Universities are the leading institutions that are the sources of educated human population who both produce information and ensure to develop new products and new services by using information effectively, and who are needed in every area. Therefore, universities are expected to be institutions where information and information management are used efficiently. In the present study, the topics such as infrastructure, operation, application, information, policy and human-based information security at universities were examined within the scope of the information security standards which are highly required and intended to be available at each university today, and then a comparative analysis was conducted specific to Turkey. Within the present study, the Microsoft Security Assessment Tool developed by Microsoft was used as the risk analysis tool. The analyses aim to enable the universities to compare their information systems with the information systems of other universities within the scope of the information security awareness, and to make suggestions in this regard.
Farooq, S.; O'Brien, C.
and supports an industrial manager in achieving objective and comprehensive decisions regarding selection of a manufacturing technology. Originality/value - The paper explains the process of risk calculation in manufacturing technology selection by dividing the decision-making environment into manufacturing...... in the shape of opportunities and threats in different decision-making environments. Practical implications - The research quantifies the risk associated with different available manufacturing technology alternatives. This quantification of risk crystallises the process of technology selection decision making......Purpose - The purpose of this paper is to present result obtained from a developed technology selection framework and provide a detailed insight into the risk calculations and their implications in manufacturing technology selection process. Design/methodology/approach - The results illustrated...
Blachowicz, Camille L. Z.; Bates, Ann; Berne, Jennifer; Bridgman, Teresa; Chaney, Jeanne; Perney, Jan
This study examined the ways in which 18 first-grade teachers and their students in 11 high-risk urban schools began to use literacy-focused technology. The goal of the study was to observe the technology in use by the students, to observe the classroom dynamics and teachers' instructional choices centered around technology use, to look at student…
Mathias, Donovan L.; Godsell, Aga M.; Go, Susie
A new approach for assessing development risk associated with technology development projects is presented. The method represents technology evolution in terms of sector-specific discrete development stages. A Monte Carlo simulation is used to generate development probability distributions based on statistical models of the discrete transitions. Development risk is derived from the resulting probability distributions and specific program requirements. Two sample cases are discussed to illustrate the approach, a single rocket engine development and a three-technology space transportation portfolio.
Gerard E. Sleefe
There is significant interest in achieving technology innovation through new product development activities. It is recognized, however, that traditional project management practices focused only on performance, cost, and schedule attributes, can often lead to risk mitigation strategies that limit new technology innovation. In this paper, a new approach is proposed for formally managing and quantifying technology innovation. This approach uses a risk-based framework that s...
Murphy, Robin R.; Stover, Sam
This paper describes the field-oriented philosophy of the Institute for Safety Security Rescue Technology (iSSRT) and summarizes the activities and lessons learned during calendar year 2005 of its two centers: the Center for Robot-Assisted Search and Rescue and the NSF Safety Security Rescue industry/university cooperative research center. In 2005, iSSRT participated in four responses (La Conchita, CA, Mudslides, Hurricane Dennis, Hurricane Katrina, Hurricane Wilma) and conducted three field experiments (NJTF-1, Camp Hurricane, Richmond, MO). The lessons learned covered mobility, operator control units, wireless communications, and general reliability. The work has collectively identified six emerging issues for future work. Based on these studies, a 10-hour, 1 continuing education unit credit course on rescue robotics has been created and is available. Rescue robots and sensors are available for loan upon request.
Bønes, Erlend; Hasvold, Per; Henriksen, Eva; Strandenaes, Thomas
Instant messaging (IM) is suited for immediate communication because messages are delivered almost in real time. Results from studies of IM use in enterprise work settings make us believe that IM based services may prove useful also within the healthcare sector. However, today's public instant messaging services do not have the level of information security required for adoption of IM in healthcare. We proposed MedIMob, our own architecture for a secure enterprise IM service for use in healthcare. MedIMob supports IM clients on mobile devices in addition to desktop based clients. Security threats were identified in a risk analysis of the MedIMob architecture. The risk analysis process consists of context identification, threat identification, analysis of consequences and likelihood, risk evaluation, and proposals for risk treatment. The risk analysis revealed a number of potential threats to the information security of a service like this. Many of the identified threats are general when dealing with mobile devices and sensitive data; others are threats which are more specific to our service and architecture. Individual threats identified in the risks analysis are discussed and possible counter measures presented. The risk analysis showed that most of the proposed risk treatment measures must be implemented to obtain an acceptable risk level; among others blocking much of the additional functionality of the smartphone. To conclude on the usefulness of this IM service, it will be evaluated in a trial study of the human-computer interaction. Further work also includes an improved design of the proposed MedIMob architecture. 2006 Elsevier Ireland Ltd
Shuja Syed, Ahmed
The 1st International Conference on Sensing for Industry, Control, Communication & Security Technologies (ICSICCST-2013), took place in Karachi, Pakistan, from 24-26 June 2013. It was organized by Indus University, Karachi, in collaboration with HEJ Research Institute of Chemistry, University of Karachi, Karachi. More than 80 abstracts were submitted to the conference and were double blind-reviewed by an international scientific committee. The topics of the Conference were: Video, Image & Voice Sensing Sensing for Industry, Environment, and Health Automation and Controls Laser Sensors and Systems Displays for Innovative Applications Emerging Technologies Unmanned, Robotic, and Layered Systems Sensing for Defense, Homeland Security, and Law Enforcement The title of the conference, 'Sensing for Industry, Control, Communication & Security Technologies' is very apt in capturing the main issues facing the industry of Pakistan and the world. We believe the sensing industry, particularly in Pakistan, is currently at a critical juncture of its development. The future of the industry will depend on how the industry players choose to respond to the challenge of global competition and opportunities arising from strong growth in the Asian region for which we are pleased to note that the conference covered a comprehensive spectrum of issues with an international perspective. This will certainly assist industry players to make informed decisions in shaping the future of the industry. The conference gathered qualified researchers from developed countries like USA, UK, Sweden, Saudi Arabia, China, South Korea and Malaysia etc whose expertise resulting from the research can be drawn upon to build an exploitable area of new technology that has potential Defense, Homeland Security, and Military applicability. More than 250 researchers/students attended the event and made the event great success as the turnout was 100%. An exceptional line-up of speakers spoke at the occasion. We want
Han, Chi Young; Sagara, Hiroshi; Nagasaka, Hideo
The Academy for Global Nuclear Safety and Security Agent was established at Tokyo Institute of Technology in 2011, to develop global nuclear human resources in the field of 3S (Safety, Security, and Safeguards) as a Program for Leading Graduate Schools supported by MEXT (Ministry of Education, Culture, Sports, Science and Technology). New courses of nuclear safety and security were developed in addition to the existing nuclear engineering program; 1) Environmental Dynamics of Radioactive Nuclides; Numerical simulation of the environmental dispersion of radioactive materials released from hypothetical nuclear accidents and evaluation of the public exposure are performed, by using a computer-based emergency response system, to have students predict the environmental dispersion of radionuclides and radiological consequence by nuclear accidents. 2) Measurement of Environmental Radiation; Students acquire hands-on experiences measuring environmental radiation contamination caused by the nuclear accident in Fukushima with multiple types of radiation detectors. Environmental samples are collected and analyzed for isotope identification and its spatial distribution. 3) Simulation of Severe Nuclear Accidents; The evaluation results of Fukushima accident progression are discussed as well as typical sever accidents that threaten the integrity of reactor vessel. Students simulate BWR (Boiling Water Cooled Reactor) transients, design basis accidents, and severe accidents by using simulators. 4) Nuclear Security Training; Design of physical protection systems, its fundamental physics, and regulatory frameworks are covered and students gain the practical experiences by use of intrusion detection systems at JAEA (Japan Atomic Energy Agency), and by numerical simulation of hydro-dynamics of structure material and nuclear material criticality at the university. (author)
Radut Carmen; Albici Mihaela; Tenovici Cristina Otilia
Information security is a broader concept which refers to ensuring the integrity, confidentiality and availability of information. The dynamics of information technology to induce new risks to which organizations must implement new measures of control. Technological development has been accompanied by security solutions, equipment manufacturers and applications including technical methods of protection performance. However, while in information technology change is exponential, the human comp...
Karlos Pérez de Armiño
Full Text Available Bearing in mind the existence of different approaches to human security (the broad one and the restricted one, this article analyses the scope of this new paradigm based on a study of its contributions and potentialities, as well as the risks entailed in applying it. Among the positive contributions, it must be highlighted that: it focuses on the person as the subject of security, and not on the State; it is linked to human development and human rights; and it underscores the need for public policies and so-called ‘humanitarianinterventions’. On the other hand, the risks have grown following 9/11, with the paradigm being used more in its security dimension and less in its development-related aspect.
Blanke, Sandra J; McGrady, Elizabeth
Health care stakeholders are concerned about the growing risk of protecting sensitive patient health information from breaches. The Federal Emergency Management Agency (FEMA) has identified cyber attacks as an emerging concern, and regulations such as the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH) have increased security requirements and are enforcing compliance through stiff financial penalties. The purpose of this study is to describe health care breaches of protected information, analyze the hazards and vulnerabilities of reported breach cases, and prescribe best practices of managing risk through security controls and countermeasures. Prescriptive findings were used to construct a checklist tool to assess and monitor common risks. This research uses a case methodology to describe specific examples of the 3 major types of cyber breach hazards: portable device, insider, and physical breaches. We utilize a risk management framework to prescribe preventative actions that organizations can take to assess, analyze, and mitigate these risks. The health care sector has the largest number of reported breaches, with 3 major types: portable device, insider, and physical breaches. Analysis of actual cases indicates security gaps requiring prescriptive fixes based on "best practices." Our research culminates in a 25-item checklist that organizations can use to assess existing practices and identify security gaps requiring improvement. © 2016 American Society for Healthcare Risk Management of the American Hospital Association.
Frazar, Sarah L.; Winters, Samuel T.; Kreyling, Sean J.; Joslyn, Cliff A.; West, Curtis L.; Schanfein, Mark J.; Sayre, Amanda M.
In 2016, the Office of International Nuclear Safeguards at the National Nuclear Security Administration (NNSA) within the Department of Energy (DOE) commissioned the Pacific Northwest National Laboratory (PNNL) to explore the potential implications of the digital currency bitcoin and its underlying technologies on the safeguards system. The authors found that one category of technologies referred to as Shared Ledger Technology (SLT) offers a spectrum of benefits to the safeguards system. While further research is needed to validate assumptions and findings in the paper, preliminary analysis suggests that both the International Atomic Energy Agency (IAEA) and Member States can use SLT to promote efficient, effective, accurate, and timely reporting, and increase transparency in the safeguards system without sacrificing confidentiality of safeguards data. This increased transparency and involvement of Member States in certain safeguards transactions could lead to increased trust and cooperation among States and the public, which generates a number of benefits. This paper describes these benefits and the analytical framework for assessing SLT applications for specific safeguards problems. The paper will also describe other national security areas where SLT could provide benefits.
Shin, Jinsoo; Heo, Gyunyoung; Son, Hanseong; Park, Jaekwan
The Korea Institute of Nuclear Safety (KINS) as a regulatory agency declares the R. G 8.22 for applying cyber security in Korea in 2011. In nuclear power industrial, ShinUljin 1, 2 unit and Shingori 3, 4 unit are demonstrating the cyber security for the first time. And in terms of research, the National Security Research Institute and the Korea Atomic Energy Research Institute are developing the nuclear power plant cyber security system in Korean. Currently, these cyber securities like regulation, demonstration and research are focused on nuclear power plant. However, cyber security is also important for the nuclear research reactor like a HANARO which is in Daejeon, primarily due to its characteristic as research reactor since since people access more than power plant. Analysis of the key elements of cyber security is possible to study through the activity-quality and architecture analysis model of cyber security. It is possible to analyze the extent reflected final risk by evaluating input score for each checklist. In this way, you can see an important checklist. Further, if the cyber-attack occurs, it is possible to provide an evidentiary material that is able to determine the key check element corresponding to each situation via a reverse calculation of BN. Finally, Utilization is possible to create a simulated penetratio test scenario according to each situation. Analysis of the key elements of cyber security is possible to study through the activity-quality and architecture analysis model of cyber security. It is possible to analyze the extent reflected in the final risk by evaluating input score for each checklist, in this way, you can see an important checklist. Furthermore, if the cyber-attack occurs, it is possible to provide an evidentiary material that enables to determine the key check element corresponding to each situation via a reverse calculation of BN. Finally, Utilization is possible to create a simulated penetration test scenario according to
-, Č. 318 (2007), s. 1-29 ISSN 1211-3298 R&D Projects: GA MŠk LC542 Grant - others:GA ČR GA402/05/0711 Institutional research plan: CEZ:MSM0021620846 Keywords : social security * political risk * pension reform Subject RIV: AH - Economics http://www.cerge-ei.cz/pdf/wp/Wp318.pdf
Pieters, Wolter; Hadziosmanovic, D.; Lenin, Aleksandr; Montoya, L.; Willemson, Jan
Existing methods for security risk analysis typically estimate time, cost, or likelihood of success of attack steps. When the threat environment changes, such values have to be updated as well. However, the estimated values reflect both system properties and attacker properties: the time required
Dušek, Libor; Kopecsni, J.
-, 9/2008 (2008), s. 1-34 R&D Projects: GA ČR GA402/05/0711 Institutional research plan: CEZ:AV0Z70850503 Keywords : pension reforms * social security * policy risk Subject RIV: AH - Economics http://ies.fsv.cuni.cz/default/file/download/id/8361
Cunningham, Mark D.; Sorensen, Jon R.; Reidy, Thomas J.
An experimental scale for the assessment of prison violence risk among maximum security inmates was developed from a logistic regression analysis involving inmates serving parole-eligible terms of varying length (n = 1,503), life-without-parole inmates (n = 960), and death-sentenced inmates who were mainstreamed into the general prison population…
... 9 Animals and Animal Products 1 2010-01-01 2010-01-01 false Restricting access to select agents and toxins; security risk assessments. 121.10 Section 121.10 Animals and Animal Products ANIMAL AND... other organization that engages in intentional crimes of violence; or being an agent of a foreign power...
von Braun, Joachim; Rosegrant, Mark W.; Pandya-Lorch, Rajul; Cohen, Marc J.; Cline, Sarah A.; Brown, Mary Ashby; Bos, Maria Soledad
"Given the number of undernourished people in the developing world and the increasingly complex risks to food security, policymakers are faced with an enormous agenda. Freeing people from hunger will require more and better-targeted investments, innovations, and policy actions, driven by a keen understanding of the dynamic risks and forces that shape the factors affecting people's access to food and the links with nutrition. The International Food Policy Research Institute's (IFPRI's) Interna...
Anatoly Аleksandrovich Malyuk
Full Text Available Due to the fact that cloud computing bring with them new challenges in the field of information security, it is imperative for organizations to control the process of information risk management in the cloud. This paper proposes a risk assessment approach for assessing the potential damage from the attack on the implementation of components of confidential data and justify the need for the inclusion of private clouds with a high degree of protection in a hybrid cloud computing environment.
Scientific and technical development is primarily meant to improve the quality of life and to reduce mortality. The increased risk thus caused for the individual leads to a longer life expectation of man and to the ethical question of choosing the safety of a technical system. One must critically choose between justifiable effort and risk. Experience in reactor engineering (technical systems with hypothetical extreme risks) leads to considerations of the analysis to determine the risk of large chemical plants for inhabited neighbourhoods and attempts to design a conceptive and computer model for a safety analysis which can be of use in decisions regarding new planning. (HP/LH) [de
Quadrel, M.J.; Fowler, K.M.; Cameron, R.; Treat, R.J.; McCormack, W.D.; Cruse, J.
The risk-based systems analysis model was designed to establish funding priorities among competing technologies for tank waste remediation. The model addresses a gap in the Department of Energy's (DOE's) ''toolkit'' for establishing funding priorities among emerging technologies by providing disciplined risk and cost assessments of candidate technologies within the context of a complete remediation system. The model is comprised of a risk and cost assessment and a decision interface. The former assesses the potential reductions in risk and cost offered by new technology relative to the baseline risk and cost of an entire system. The latter places this critical information in context of other values articulated by decision makers and stakeholders in the DOE system. The risk assessment portion of the model is demonstrated for two candidate technologies for tank waste retrieval (arm-based mechanical retrieval -- the ''long reach arm'') and subsurface barriers (close-coupled chemical barriers). Relative changes from the base case in cost and risk are presented for these two technologies to illustrate how the model works. The model and associated software build on previous work performed for DOE's Office of Technology Development and the former Underground Storage Tank Integrated Demonstration, and complement a decision making tool presented at Waste Management 1994 for integrating technical judgements and non-technical (stakeholder) values when making technology funding decisions
Watzlaf, Valerie J M; Moeini, Sohrab; Matusow, Laura; Firouzan, Patti
In a previous publication the authors developed a privacy and security checklist to evaluate Voice over Internet Protocol (VoIP) videoconferencing software used between patients and therapists to provide telerehabilitation (TR) therapy. In this paper, the privacy and security checklist that was previously developed is used to perform a risk analysis of the top ten VoIP videoconferencing software to determine if their policies provide answers to the privacy and security checklist. Sixty percent of the companies claimed they do not listen into video-therapy calls unless maintenance is needed. Only 50% of the companies assessed use some form of encryption, and some did not specify what type of encryption was used. Seventy percent of the companies assessed did not specify any form of auditing on their servers. Statistically significant differences across company websites were found for sharing information outside of the country (p=0.010), encryption (p=0.006), and security evaluation (p=0.005). Healthcare providers considering use of VoIP software for TR services may consider using this privacy and security checklist before deciding to incorporate a VoIP software system for TR. Other videoconferencing software that is specific for TR with strong encryption, good access controls, and hardware that meets privacy and security standards should be considered for use with TR.
van Kammen, Jessika; Oudshoorn, Nelly E.J.
This paper concerns a comparison of risk assessment practices of contraceptives for women and men. Our analysis shows how the evaluation of health risks of contraceptives does not simply reflect the specific effects of chemical compounds in the human body. Rather, we show how side-effects were rated
Elizabeth M. Borycki
Full Text Available In this paper the author describes work towards developing an integrative framework for educating health information technology professionals about technology risk. The framework considers multiple sources of risk to health data quality and integrity that can result from the use of health information technology (HIT and can be used to teach health professional students about these risks when using health technologies. This framework encompasses issues and problems that may arise from varied sources, including intentional alterations (e.g. resulting from hacking and security breaches as well as unintentional breaches and corruption of data (e.g. resulting from technical problems, or from technology-induced errors. The framework that is described has several levels: the level of human factors and usability of HIT, the level of monitoring of security and accuracy, the HIT architectural level, the level of operational and physical checks, the level of healthcare quality assurance policies and the data risk management strategies level. Approaches to monitoring and simulation of risk are also discussed, including a discussion of an innovative approach to monitoring potential quality issues. This is followed by a discussion of the application (using computer simulations to educate both students and health information technology professionals about the impact and spread of technology-induced and related types of data errors involving HIT.
Simona eDe Falco
Full Text Available Child healthy development is largely influenced by parent-child interaction and a secure parent-child attachment is predictively associated with positive outcomes in numerous domains of child development. However, the parent-child relationship can be affected by several psychosocial and socio-demographic risk factors that undermine its quality and in turn play a negative role in short and long term child psychological health. Prevention and intervention programs that support parenting skills in at-risk families can efficiently reduce the impact of risk factors on mother and child psychological health. This study examines predictors of mother-child interaction quality and child attachment security in a sample of first-time mothers with psychosocial and/or socio-demographic risk factors. Forty primiparous women satisfying specific risk criteria participated in a longitudinal study with their children from pregnancy until 18 month of child age. A multiple psychological and socioeconomic assessment was performed. The Emotional Availability Scales were used to measure the quality of emotional exchanges between mother and child at 12 months and the Attachment Q-Sort served as a measure of child attachment security at 18 months. Results highlight both the effect of specific single factors, considered at a continuous level, and the cumulative risk effect of different co-occurring factors, considered at binary level, on mother-child interaction quality and child attachment security. Implication for the selection of inclusion criteria of intervention programs that support parenting skills in at-risk families are discussed.
Wang, Ping An
This dissertation research studied how different degrees of knowledge of online security risks affect B2C (business-to-consumer) e-commerce consumer decision making. Online information security risks, such as identity theft, have increasingly become a major factor inhibiting the potential growth of e-commerce. On the other hand, e-commerce…
Full Text Available Crime statistics and research on criminology show that under similar circumstances,crimes are more likely to occur in developing countries than in developed countries due to their lack ofsecurity measures. Transport crimes on highways and bridges are one of the most common crimes in the developing nations. Automation of various systems like the toll collection system is being introduced in the developing countries to avoid corruption in the collection of toll, decrease cost and increase operational efficiency. The goal of this research is to find an integrated solution that enhances security along with the advantage of automated toll collection. Inspired by the availability of many security systems, this research presents a system that can block a specific vehicle or a particular type of vehicles at the toll booths based on directives from the law enforcement agencies. The heart of the system is based on RFID (Radio Frequency Identification technology. In this system, by sending a text message the law enforcement agency or the authority that controls the toll booths can prevent the barrier from being liftedeven after deduction of the toll charge if the passing vehicle has a security issue. The designed system should help the effort of reducing transport crimes on highways and bridges of developing countries.
Introduction to Strategic Information SecurityWhat Does It Mean to Be Strategic? Information Security Defined The Security Professional's View of Information Security The Business View of Information SecurityChanges Affecting Business and Risk Management Strategic Security Strategic Security or Security Strategy?Monitoring and MeasurementMoving Forward ORGANIZATIONAL ISSUESThe Life Cycles of Security ManagersIntroductionThe Information Security Manager's Responsibilities The Evolution of Data Security to Information SecurityThe Repository Concept Changing Job Requirements Business Life Cycles
Greenberg, A.; McSweeney, T.; Allen, J.; Lepofsky, M.; Abkowitz, M.
Recent terrorist events, most notably September 11, 2001, have taught us that transportation risk management must be performed with a different lens to accommodate terrorism scenarios that would have previously been considered unlikely to warrant serious attention. Given these circumstances, a new paradigm is needed for managing the risks associated with highway transport of hazardous materials. In particular, this paradigm must: 1) more explicitly consider security threat and vulnerability, and 2) integrate security considerations into an overall framework for addressing natural and man-made disasters, be they accidental or planned. This paper summarizes the results of a study sponsored by the U.S. Department of Transportation, Federal Motor Carrier Safety Administration for the purpose of exploring how a paradigm might evolve in which both safety and security risks can be evaluated as a systematic, integrated process. The work was directed at developing a methodology for assessing the impacts of hazardous materials safety and security incident consequences when transported by highway. This included consideration of the manner in which these materials could be involved in initiating events as well as potential outcomes under a variety of release conditions. The methodology is subsequently applied to various classes of hazardous materials to establish an economic profile of the impacts that might be expected if a major release were to occur. The paper concludes with a discussion of the findings and implications associated with this effort
Alexander, Mark; Murray, Allan
The safety and security risk posed by highly radioactive, long-lived sources at the end of their normal use has not been consistently well-managed in previous decades. The Brazilian Cs-137 accident in 1986 and the Thailand Co-60 accident in 2000 are prime examples of the consequences that ensue from the loss of control of highly dangerous sources after their normal use. With the new international emphasis on security of radioactive sources throughout their life cycle, there is now further incentive to address the management of risks posed by legacy, highly dangerous radioactive sources. The ANSTO South-East Asia Regional Security of Radioactive Sources (RSRS) Project has identified, and is addressing, a number of legacy situations that have arisen as a result of inadequate management practices in the past. Specific examples are provided of these legacy situations and the lessons learned for managing the consequent safety and security risk, and for future complete life-cycle management of highly radioactive sources. (author)
sciences and technologies and road-mapping, which describes the emergence and direction of performance, features, or impacts of a science and technology to appear in the future. The development of 'early warning' scanning capabilities to develop awareness and understanding of basic scientific research as well as forthcoming technology and their implications underscore a fundamental change in focus from 'entirely technology-oriented' to 'science based futures-oriented technological approach', echoing the shift in chemical and biological defense strategy from a 'needs-based' to 'capabilities-based' model. The expectation is to minimize the impact of and manage technology uncertainty through exploiting futures-oriented analytical methods, modeling and simulation, and scenario development. The ultimate goal of the IASC futures research is not to predict the future or to influence social decisions in a predictable way. Rather, our aim is visionary to expand research organizations' and scientists' awareness of future threats and opportunities for balanced, strategic S and T analyses and recommendation of revolutionary scientific breakthroughs in support of international security. (author)
Y. P. Jiang
Full Text Available These days, in allusion to the traditional network security risk evaluation model, which have certain limitations for real-time, accuracy, characterization. This paper proposed a quantitative risk evaluation model for network security based on body temperature (QREM-BT, which refers to the mechanism of biological immune system and the imbalance of immune system which can result in body temperature changes, firstly, through the r-contiguous bits nonconstant matching rate algorithm to improve the detection quality of detector and reduce missing rate or false detection rate. Then the dynamic evolution process of the detector was described in detail. And the mechanism of increased antibody concentration, which is made up of activating mature detector and cloning memory detector, is mainly used to assess network risk caused by various species of attacks. Based on these reasons, this paper not only established the equation of antibody concentration increase factor but also put forward the antibody concentration quantitative calculation model. Finally, because the mechanism of antibody concentration change is reasonable and effective, which can effectively reflect the network risk, thus body temperature evaluation model was established in this paper. The simulation results showed that, according to body temperature value, the proposed model has more effective, real time to assess network security risk.
Wilson, J.W.; Cucinotta, F.A.; Schimmerling, W.
Past space missions beyond the confines of the Earth's protective magnetic field have been of short duration and protection from the effects of solar particle events was of primary concern. The extension of operational infrastructure beyond low-Earth orbit to enable routine access to more interesting regions of space will require protection from the hazards of the accumulated exposures of Galactic Cosmic Rays (GCR). There are significant challenges in providing protection from the long-duration exposure to GCR: the human risks to the exposures are highly uncertain and safety requirements places unreasonable demands in supplying sufficient shielding materials in the design. A vigorous approach to future radiation health-risk mitigation requires a triage of techniques (using biological and technical factors) and reduction of the uncertainty in radiation risk models. The present paper discusses the triage of factors for risk mitigation with associated materials issues and engineering design methods
Gilliam, D. P.; Powell, J. D.
This paper presents a portion of an overall research project on the generation of the network security assessment instrument to aid developers in assessing and assuring the security of software in the development and maintenance lifecycles.
Ntabeni J. Jere
Objectives: The study evaluates the influence of ICTs in improving food security in KwaZulu-Natal Province. A theoretical framework was developed as the lens through which diffusion and adoption of ICTs can be understood. The theorised model was developed using constructs from the diffusion of innovation (DOI theory, technology acceptance model (TAM and Hofstede’s cultural dimensions theory. Method: Survey data from 517 smallholder farmers from the district municipality of iLembe were collected using a questionnaire. A quantitative approach was followed, and the developed theorised model was analysed using structural equation modelling techniques. Results: This study proposes that ICT influence on food security is associated with culture, perceived usefulness and perceived ease of use. The study further finds that perceived ease of use of ICTs has the most significant effect with regard to ICT adoption and diffusion amongst smallholder farmers in iLembe district municipality. There are, however, no associations found with perceived attributes of innovation and the nature of social systems. The study consisted of a largely homogeneous social system; therefore, the researcher could not make any comparisons. Conclusion: The proposed framework for evaluating the influence of ICTs on food security put forward in this study highlights a number of issues. Firstly, there is need for further study to be conducted to understand adoption of ICTs specifically for food security. This would help in creating more accurate adoption strategies. Secondly, the study informs ICT innovation developers on the need to prioritise ease of use of ICT-based interventions when developing innovations that focus on smallholder farmers. The study also contributes to policy guidelines and suggests clear guidelines be developed to address cultural aspects such as gender imbalances.
Saldaña, Manuel; Rivera, Javier; Oyola, Jose; Manian, Vidya
Sensor technologies such as infrared sensors and hyperspectral imaging, video camera surveillance are proven to be viable in port security. Drawing from sources such as infrared sensor data, digital camera images and processed hyperspectral images, this article explores the implementation of a real-time data delivery system. In an effort to improve the manner in which anomaly detection data is delivered to interested parties in port security, this system explores how a client-server architecture can provide protected access to data, reports, and device status. Sensor data and hyperspectral image data will be kept in a monitored directory, where the system will link it to existing users in the database. Since this system will render processed hyperspectral images that are dynamically added to the server - which often occupy a large amount of space - the resolution of these images is trimmed down to around 1024×768 pixels. Changes that occur in any image or data modification that originates from any sensor will trigger a message to all users that have a relation with the aforementioned. These messages will be sent to the corresponding users through automatic email generation and through a push notification using Google Cloud Messaging for Android. Moreover, this paper presents the complete architecture for data reception from the sensors, processing, storage and discusses how users of this system such as port security personnel can use benefit from the use of this service to receive secure real-time notifications if their designated sensors have detected anomalies and/or have remote access to results from processed hyperspectral imagery relevant to their assigned posts.
Bram Pieket Weeserik
Full Text Available Operational Risk Management (ORM comprises the continuous management of risks resulting from: human actions, internal processes, systems, and external events. With increasing requirements, complexity and a growing volume of risks, information systems provide benefits for integrating risk management activities and optimizing performance. Business Performance Management (BPM technologies are believed to provide a solution for effective Operational Risk Management by offering several combined technologies including: work flow, data warehousing, (advanced analytics, reporting and dashboards. BPM technologies can be integrated with an organization’s Planning & Control cycle and related to strategic objectives. This manuscript aims to show how ORM can benefit from BPM technologies via the development and practical validation of a new maturity model. The B4ORM maturity model was developed following the Design Science Research approach. The maturity model relates specific maturity levels of ORM processes with BPM technologies applicable for a specific maturity stage. There appears to be a strong relationship (0.78 with ORM process maturity and supporting BPM technologies. The B4ORM maturity model as described in this manuscript provides an ideal path of BPM technologies related to six distinctive stages of ORM, leading towards technologies suitable for continuous improvement of ORM processes and organization-wide integration.
In the future, nuclear and climate risks may interfere with each other in a mutually enforcing way. Con-flicts induced by climate change could contribute to global insecurity and create more incentives for states to rely on military force, including nuclear weapons. Rather than being a direct cause of war, cli-mate change significantly affects the delicate balance between social and environmental systems in a way that could undermine human security and societal stability with potentially grave consequences for international security. Increased reliance on nuclear energy to reduce carbon emissions will contribute to the risks of nuclear proliferation. A renewed nuclear arms race would consume considerable resources and undermine the conditions for tackling the problem of climate change in a cooperative manner. Nuclear war itself would severely destabilize human societies and the environment, not to speak of the possibility of a nuclear winter that would disrupt the atmosphere. On the other hand, finding solutions to one problem area could help to find solutions in the other. Pre-venting the dangers of climate change and nuclear war requires an integrated set of strategies that ad-dress the causes as well as the impacts on the natural and social environment. Institutions are needed to strengthen common, ecological and human security, build and reinforce conflict-resolution mechanisms and low-carbon energy alternatives, and create sustainable lifecycles that respect the capabilities of the living world. This article examines the linkages between nuclear and climate risks, identifies areas where both threats converge, and offers an approach to move from living under these security threats to building sustain-able peace. By bringing to light the multidimensional interplay between climate change, nuclear risks and nuclear disarmament, this study aims to help the reader grasp their interconnectedness and recognize its critical implications for the strategic security
M. Reichenbach; T. Grzebiela; T. Koltzsch; I. Pippow
Despite existing security standards and security technologies, such as secure hardware, gaps between users’ demand for security and the security offered by a payment system can still remain. These security gaps imply risks for users. In this paper, we introduce a framework for the management of those risks. As a result, we present an instrument enabling users to evaluate eventual risks related with digital payment systems and to handle these risks with technical and economic instruments.
Broesius, Michael T. [Univ. of California, Livermore, CA (United States)
The literature does not clearly describe the potential moral and ethical conflicts that can exist between technology sponsors and the technical communicators whose job it is to present potentially risky technology to the non-technical people most likely to be imperiled by such risk. Equally important, the literature does not address the issue of uncertainty -- not the uncertainty likely to be experienced by the community at risk, but the unreliable processes and methodologies used by technology sponsors to define, quantify, and develop strategies to mitigate technological risks. In this paper, the author goes beyond a description of risk communication, the nature of the generally predictable interaction between technology advocates and non-technically trained individuals, and current trends in the field. Although that kind of information is critical to the success of any risk communication activity, and he has included it when necessary to provide background and perspective, without knowing how and why risk assessment is done, it has limited practical applicability outside the sterile, value-free vacuum in which it is usually framed. Technical communicators, particularly those responsible for communicating potential technological risk, must also understand the social, political, economic, statistical, and ethical issues they will invariably encounter.
Gilligan, Adrienne M; Skrepnek, Grant H
Community pharmacies have been subject to intense and increasing competition in the past several decades. To determine the security price risk and rate of return of publicly traded pharmacy corporations present on the major U.S. stock exchanges from 1930 to 2009. The Center of Research in Security Prices (CRSP) database was used to examine monthly security-level stock market prices in this observational retrospective study. The primary outcome of interest was the equity risk premium, with analyses focusing upon financial metrics associated with risk and return based upon modern portfolio theory (MPT) including: abnormal returns (i.e., alpha), volatility (i.e., beta), and percentage of returns explained (i.e., adjusted R(2)). Three equilibrium models were estimated using random-effects generalized least squares (GLS): 1) the Capital Asset Pricing Model (CAPM); 2) Fama-French Three-Factor Model; and 3) Carhart Four-Factor Model. Seventy-five companies were examined from 1930 to 2009, with overall adjusted R(2) values ranging from 0.13 with the CAPM to 0.16 with the Four-Factor model. Alpha was not significant within any of the equilibrium models across the entire 80-year time period, though was found from 1999 to 2009 in the Three- and Four-Factor models to be associated with a large, significant, and negative risk-adjusted abnormal returns of -33.84%. Volatility varied across specific time periods based upon the financial model employed. This investigation of risk and return within publicly listed pharmacy corporations from 1930 to 2009 found that substantial losses were incurred particularly from 1999 to 2009, with risk-adjusted security valuations decreasing by one-third. Copyright © 2013 Elsevier Inc. All rights reserved.
Armstead, Stanley K.
In today's dynamic military environment, information technology plays a crucial role in the support of mission preparedness and operational readiness. This research examined the effectiveness of information technology security simulation and awareness training on U.S. military personnel in Iraq and Afghanistan. Also, the study analyzed whether…
This report presents under the form of graphs and comments the results of the annual IRSN opinion poll on matters of risk and security. The IRSN is the French Institute of Radioprotection and Nuclear Safety. Different themes are analysed: the present concerns for French people (in the present society, for the environment, about industrial risks and the image of science), the perception of expertise (who should control an installation, the role and the image of scientific experts, access to expertise documents), the public interest in risk issues (topic of interest, participation to information sessions), the attitude in front of 30 risk situations (presently perceived risks, confidence in public authorities to ensure their protection, truth about information on hazards, hierarchy of 30 situations). The last part is dedicated to the nuclear domain (nuclear risk, skill and credibility of interveners)
Sugasawa, Yoshio; Shinomiya, Takeshi
Companies make concerted efforts to survive in a radically changing global society with the advent of a highly-networked and information-rich society that is featured by intense market competition. Manufacturing industries in particular have a tendency to rely on technological development strengths as a means of survival in a highly globalised and…
Bellisario, Sebastian Nickolai
Through my work in the project proposal office I became interested in how technology advancement efforts affect competitive mission proposals. Technology development allows for new instruments and functionality. However, including technology advancement in a mission proposal often increases perceived risk. Risk mitigation has a major impact on the overall evaluation of the proposal and whether the mission is selected. In order to evaluate the different approaches proposals took I compared the proposals claims of heritage and technology advancement to the sponsor feedback provided in the NASA debriefs. I examined a set of Discovery 2010 Mission proposals to draw patterns in how they were evaluated and come up with a set of recommendations for future mission proposals in how they should approach technology advancement to reduce the perceived risk.
Regens, James L.
In making the transition from weapons production to environmental restoration, DOE has found that it needs to develop reliable means of defining and understanding health and environmental risks and of selecting cost-efficient environmental management technologies so that cleanup activities can be appropriately directed. Through the Technology and Risk Sciences Project, the Entergy Spatial Analysis Research Laboratory attempts to provide DOE with products that incorporate spatial analysis techniques in the risk assessment, communication, and management processes; design and evaluate methods for evaluating innovative environmental technologies; and collaborate and access technical information on risk assessment methodologies, including multimedia modeling and environmental technologies in Russia and the Ukraine, while in addition training and developing the skills of the next generation of scientists and environmental professionals
Valerie J.M. Watzlaf
Full Text Available Voice over the Internet Protocol (VoIP systems such as Adobe ConnectNow, Skype, ooVoo, etc. may include the use of software applications for telerehabilitation (TR therapy that can provide voice and video teleconferencing between patients and therapists. Privacy and security applications as well as HIPAA compliance within these protocols have been questioned by information technologists, providers of care, and other health care entities. This paper develops a privacy and security checklist that can be used within a VoIP system to determine if it meets privacy and security procedures and whether it is HIPAA compliant. Based on this analysis, specific HIPAA criteria that therapists and health care facilities should follow are outlined and discussed, and therapists must weigh the risks and benefits when deciding to use VoIP software for TR.
Watzlaf, Valerie J M; Moeini, Sohrab; Firouzan, Patti
Voice over the Internet Protocol (VoIP) systems such as Adobe ConnectNow, Skype, ooVoo, etc. may include the use of software applications for telerehabilitation (TR) therapy that can provide voice and video teleconferencing between patients and therapists. Privacy and security applications as well as HIPAA compliance within these protocols have been questioned by information technologists, providers of care and other health care entities. This paper develops a privacy and security checklist that can be used within a VoIP system to determine if it meets privacy and security procedures and whether it is HIPAA compliant. Based on this analysis, specific HIPAA criteria that therapists and health care facilities should follow are outlined and discussed, and therapists must weigh the risks and benefits when deciding to use VoIP software for TR.
Jordan, R. P.; Benavides, P.A.
With the current rising markets across the nuclear fuel supply spectrum, understanding and managing nuclear fuel cycle supply security risk becomes an increasingly important consideration. In addressing this area, Constellation Energy is implementing an integrated multifaceted approach as consistent with a comprehensive risk profile covering the nuclear fuel supply industry. This approach is founded on use of a utility traditional procurement strategy, as dependent on the qualitative parameters of supply origination diversification, geopolitical stability, contracting duration and individual supplier financial bases. However, Constellation also adds an additional consideration into development of this nuclear fuel supply risk profile. To do such, qualitative assessments covering specific supplier risks, as based on the parameters of supplier management and organizational structure, design capacities (applicable to fabrication and enrichment only), operational history as applicable to forward-looking performance, regulatory or legal history and financial performance are also considered. Constellation overlays the risks of future availabilities, catastrophic occurrences and prices for each nuclear fuel material and service component onto a quantitative set of results. The overall focus of these assessments is the creation of a risk management perspective directed towards determining the potential loss or delay of nuclear fuel supply for our operating reactors. The conclusion of this effort is an integrated assessment of the nuclear fuel supply security as applicable to the Constellation-specific structured risk profile. Use of this assessment allows Constellation to target appropriate suppliers of interest in the marketplace and form the fundamental bases for the Constellation procurement strategy while managing risks associated with nuclear fuel cycle supply security. (authors)
Feather, Martin S.; Cornford, Steven L.; Moran, Kelly
A risk-based decision-making methodology conceived and developed at JPL and NASA has been used to aid in decision making for spacecraft technology assessment, adoption, development and operation. It takes a risk-centric perspective, through which risks are used as a reasoning step to interpose between mission objectives and risk mitigation measures.
Full Text Available Li-Fi is a wireless technology that transmits high-speed data using visible light communication (VLC, it can achieve speeds of 224 gigabits per second in the lab. The potential Li-Fi technology can change a lot in virtual word considering it can provide transmission at 1 GB per second - that's 100 times faster than current average Wi-Fi speeds. By flickering the light from a single LED, Li-Fi technology can transmit far more data than a cellular tower, using Visible Light Communication (VLC technology - a medium that uses visible light between 400 and 800 terahertz (THz. It works basically like an incredibly advanced form of Morse code - flicking an LED on and off at extreme speeds and can be used to write and transmit things in binary code. The benefit of Li-Fi over Wi-Fi, other than potentially much faster speeds, is that because light cannot pass through walls, it makes it a whole lot more secure.
Burke, L J
To understand the experience of living with a transvenous internal cardioverter defibrillator (ICD) during the first 6 months after implantation. A grounded theory approach was used to gain an understanding of the antecedents, conditions, and consequences of the core process. Two midwestern community medical centers and patients' homes within a 250-mile radius from the medical centers. Ten women and 14 men between 22 and 78 years of age, who had undergone a new transvenous ICD implantation within the last week. The core process that described the experience of living with a transvenous ICD during the first 6 months after implantation was the process of "securing life through technology acceptance." This core process was characterized by three major categories: choosing life with technology, integrating technology into life, and living life through technology. Nursing interventions related to individualized assessment, education, and counseling are warranted to facilitate patient and family understanding and to plan for the cyclic process involved in integrating a transvenous ICD into their lives. Directions for further research are provided.
Rami Yared; Bessam Abdulrazak
While elderly people perform their daily indoor activities, they are subjected to several risks. To improve the quality of life of elderly people and promote healthy aging and independent living, elderly people need to be provided with an assistive technology platform to rely on during their activities. We reviewed the literature and identified the major indoor risks addressed by assistive technology that elderly people face during their indoor activities. In this paper, we identify these ris...
Full text of publication follows: this study explores the connection between the perception of different societal risk, health concerns and behavioral attitudes of people in condition of social security threat. Two small and two big industrial towns were chosen in order to observe the social and psychological price of the structural changes in the industry such as unemployment and its reflection on the households and the individuals' social attitudes. Key stakeholders were interviewed and questionnaire survey was carried out. The results showed high level of risk sensitivity and health concerns when people felt threatened by lack of social and economic security. The pollution was found to be important problem when it caused direct and obvious risk to human health and the environment. In the same time reverse environmental behavior like insensitiveness and neglectful attitude was observed in cases when the health consequences of the pollution were perceived to be unclear and with delayed effect. In situation of a great socio-economic threat noninvolvement helped the individuals to adapt. The research proved the influence of several risk characteristics on risk perception. It was found a connection between the risk perception and risk controllability, voluntariness of exposure and cost/benefits distribution. In the study areas respondents' judgments on these characteristics reflected directly their social status and material state. The study presented here is in progress - it i's supported by research grant from Open Society Foundation. (author)
Pidgeon, Nick; Harthorn, Barbara; Satterfield, Terre
Nanotechnology involves the fabrication, manipulation, and control of materials at the atomic level and may also bring novel uncertainties and risks. Potential parallels with other controversial technologies mean there is a need to develop a comprehensive understanding of processes of public perception of nanotechnology uncertainties, risks, and benefits, alongside related communication issues. Study of perceptions, at so early a stage in the development trajectory of a technology, is probably unique in the risk perception and communication field. As such it also brings new methodological and conceptual challenges. These include: dealing with the inherent diversity of the nanotechnology field itself; the unfamiliar and intangible nature of the concept, with few analogies to anchor mental models or risk perceptions; and the ethical and value questions underlying many nanotechnology debates. Utilizing the lens of social amplification of risk, and drawing upon the various contributions to this special issue of Risk Analysis on Nanotechnology Risk Perceptions and Communication, nanotechnology may at present be an attenuated hazard. The generic idea of "upstream public engagement" for emerging technologies such as nanotechnology is also discussed, alongside its importance for future work with emerging technologies in the risk communication field. © 2011 Society for Risk Analysis.
SECURITY CONCEPTSUsing ModelsIntroduction: Understanding, Selecting, and Applying Models Understanding AssetsLayered Security Using Models in Security Security Models for Information Systems Shortcomings of Models in SecuritySecurity in Context Reference Defining Information SecurityConfidentiality, Integrity, and Availability Information AttributesIntrinsic versus Imputed Value Information as an Asset The Elements of Security Security Is Security Only in Context Information as an Asset Introduction Determining Value Managing Information Resources ReferencesUnderstanding Threat and Its Relatio
Full Text Available While elderly people perform their daily indoor activities, they are subjected to several risks. To improve the quality of life of elderly people and promote healthy aging and independent living, elderly people need to be provided with an assistive technology platform to rely on during their activities. We reviewed the literature and identified the major indoor risks addressed by assistive technology that elderly people face during their indoor activities. In this paper, we identify these risks as: fall, wrong self-medication management, fire, burns, intoxication by gas/smoke, and the risk of inactivity. In addition, we discuss the existing assistive technology systems and classify the risk detection algorithms, techniques and the basic system principles and interventions to enhance safety of elderly people.
Opdahl, S; Henningsen, A A; Tiitinen, A
STUDY QUESTION: Is the risk of hypertensive disorders in pregnancies conceived following specific assisted reproductive technology (ART) procedures different from the risk in spontaneously conceived (SC) pregnancies? SUMMARY ANSWER: ART pregnancies had a higher risk of hypertensive disorders...... confounding cannot be excluded. In addition, we did not have information on all SC pregnancies in each woman's history, and could therefore not compare risk in ART versus SC pregnancies in the same mother. WIDER IMPLICATIONS OF THE FINDINGS: Pregnancies following frozen-thawed cycles have a higher risk......, the Danish Agency for Science, Technology and Innovation, the Nordic Federation of Societies of Obstetrics and Gynecology and the Liaison Committee between the Central Norway Regional Health Authority and the Norwegian University of Science and Technology. None of the authors has any competing interests...
Giannini, Alessandra; Krishnamurthy, P. Krishna; Cousin, Rémi; Labidi, Naouar; Choularton, Richard J.
We combine socioeconomic data from a large-scale household survey with historical climate data to map the climate sensitivity of availability and access dimensions of food security in Mali, and infer the ways in which at-risk communities may have been impacted by persistent climatic shift. Thirty years after 1982-1984, the period of most intense drought during the protracted late 20th century drying of the Sahel, the impact of drought on livelihoods and food security is still recognizable in the Sahelian center of Mali. This impact is expressed in the larger fraction of households in this Sahelian center of the country—the agro-ecological transition between pastoralism in the north, and sedentary agriculture in the south—who practice agriculture but not livestock raising, despite environmental conditions that are suitable to their combination. These households have lower food security and rely more frequently on detrimental nutrition-based coping strategies, such as reducing the quantity or quality of meals. In contrast, the more food secure households show a clear tendency toward livelihood diversification away from subsistence agriculture. These households produce less of what they consume, yet spend less on food in proportion. The analysis points to the value of interdisciplinary research—in this case bridging climate science and vulnerability analysis—to gain a dynamical understanding of complex systems, understanding which may be exploited to address real-world challenges, offering lessons about food security and local adaptation strategies in places among the most vulnerable to climate.
Espona, M. J.
Nowadays we can say that science and technology are development driven forces in most countries, with some exceptions especially in the Southern Hemisphere. Even though, we have to take into account their link to and impact on defense and security and not only when it comes to WMD but also in the economy and academy areas, both in developed and developing countries. Within this framework, when we analyze the spread of technology and knowledge, it is important to consider: the media where it takes place (e.g. journals, internet, conferences, commercial agreements); which the actors involved are (e.g. scientists, governmental agencies, commercial firms); and the motive why it occurs (e.g. scientific discoveries; commercial exchange; international agreements). Once known all these elements, which vary both intracountry and intercountry, we may have a deep and broad enough framework to consider which policies to take in order to foster scientific and technologic development without collaborating with state and non state WMD programs. Although we already have a legal framework to fight against WMD proliferation and terrorism, the diverse degree of success of such instruments makes it necessary to continue analyzing and debating ways to strengthen them and/or find new ones. Therefore, in this paper we will analyze how the phenomena of science and technology development and spread impacts on defense and security from a South American perspective, taking into account the particular differences among developed and developing countries. Among the primary findings we can mention the existing differences between countries when it comes to the place (military, academic or commercial ones) where the critical science and technology innovative developments take place; the origin of funding (private or governmental); the existence and fulfillment of plans to foster science and technology development; and the scientific community awareness in WMD topics. All these elements have a
This Independent Learning Project (ILP) discusses the best practices in educational technology to improve the behavior, instruction, and learning of at-risk youth, for whom technology offers unique opportunities. Research is compiled from numerous scholarly print and online sources. A guide for teachers provides detailed strategies, software…
Briggs, C. M.; Carlsen, H.
Governments and popular discussions have increasingly referred to concepts of ‘climate security’, often with reference to IPCC data. Development of effective methodologies to translate complex, scientific data into risk assessments has lagged, resulting in overly simplistic political assumptions of potential impacts. Climate security scenarios have been developed for use by security and military agencies, but effective engagement by scientific communities requires an improved framework. Effective use of data requires improvement both of climate projections, and the mapping of cascading impacts across interlinked, complex systems. In this research we propose a process for systematic generation of subsets of scenarios (of arbitrary size) from a given set of variables with possible interlinkages. The variables could include climatic changes as well as other global changes of concerns in a security context. In coping with possible challenges associated with the nexus of climate change and security - where deep structural uncertainty and possible irreversible changes are of primary interest - it is important to explore the outer limits of the relevant uncertainties. Therefore the proposed process includes a novel method that will help scenario developers in generating scenario sets where the scenarios are in a quantifiable sense maximally different and therefore best ‘span’ the whole set of scenarios. When downscaled onto a regional level, this process can provide guidance to potentially significant and abrupt geophysical changes, where high uncertainty has often prevented communication of risks. Potential physical changes can then be used as starting points for mapping cascading effects across networks, including topological analysis to identify critically vulnerable nodes and fragile systems, the existence of positive or negative feedback loops, and possible intervention points. Advanced knowledge of both potential geo-physical shifts and related non
This paper describes two methods, Technology Roadmapping and Project Risk Assessment, which were used to identify and manage the technical risks relating to the treatment of sodium bearing waste at the Idaho National Engineering and Environmental Laboratory. The waste treatment technology under consideration was Direct Vitrification. The primary objective of the Technology Roadmap is to identify technical data uncertainties for the technologies involved and to prioritize the testing or development studies to fill the data gaps. Similarly, project management's objective for a multi-million dollar construction project includes managing all the key risks in accordance to DOE O 413.3 - ''Program and Project Management for the Acquisition of Capital Assets.'' In the early stages, the Project Risk Assessment is based upon a qualitative analysis for each risk's probability and consequence. In order to clearly prioritize the work to resolve the technical issues identified in the Technology Roadmap, the issues must be cross- referenced to the project's Risk Assessment. This will enable the project to get the best value for the cost to mitigate the risks
Julio E. Rubio
Full Text Available As it touches all aspects of human activity and society in general, energy has become an object of discourse. Two main discourses have formed on the use of energy: risk discourse and security discourse. While environmental changes and oil depletion continue, a new application for the term security has appeared: energy security. This concept can be interpreted within the terms of risk discourse, which is oriented towards rational consensus and decision making, or as an exercise of power, sovereignty and hegemony. The boundaries between interpretations are often unclear. Thus, in an institutional framework that has fragmented principles, norms and rules, opposing discourses will overlap. Political agents and institutions deploy strategies based on these discourses. With this overlapping of discourses, the performative powers of different institutions clash, thus creating conflictive fragmentation in a governance architecture. The purpose of this investigation is to analyze the use of, replication of, and ambiguities surrounding the concept of energy security, so as to understand how and why these discourses overlap and the profound consequences that this overlap may have for present and future energy use, environmental negotiations, and political climate.
Zachor, Ditza A.; Itzchak, E. Ben
Epidemiologic studies on maternal and pregnancy risk factors for autism spectrum disorder (ASD), including use of assisted reproductive technology (ART), found conflicting results. This study included the following aims: to assess frequencies of ART in a large ASD group; to examine confounding birth and familial risk factors in the ASD with ART…
Nunes Leal Franqueira, V.; Tun, Thein Tan; Yu, Yijun; Wieringa, Roelf J.; Nuseibeh, Bashar
When showing that a software system meets certain security requirements, it is often necessary to work with formal and informal descriptions of the system behavior, vulnerabilities, and threats from potential attackers. In earlier work, Haley et al.  showed structured argumentation could deal
Cloud Computing is being projected by the major cloud services provider IT companies such as IBM, Google, Yahoo, Amazon and others as fifth utility where clients will have access for processing those applications and or software projects which need very high processing speed for compute intensive and huge data capacity for scientific, engineering research problems and also e- business and data content network applications. These services for different types of clients are provided under DASM-Direct Access Service Management based on virtualization of hardware, software and very high bandwidth Internet (Web 2.0) communication. The paper reviews these developments for Cloud Computing and Hardware/Software configuration of the cloud paradigm. The paper also examines the vital aspects of security risks projected by IT Industry experts, cloud clients. The paper also highlights the cloud provider's response to cloud security risks.
Razurel, A; Bertrand, É; Deranlot, J; Benhamou, F; Tritz, T; Le Mercier, F; Hardy, P
Security and quality of the Medicinal Therapy are one of the most important objectives of the April 6th, 2011 order. The objective is to realize this study of the risks incurred by patients related to management and security of medicinal therapy in order to establish a plan to reduce the risks of drug's dispensation. The method of the Preliminary Risk Analysis (PRA) has been implemented by a multidisciplinary group in a hospital service of orthopaedic surgery. The study focused on the dispensation phase of medicinal circuit. This analysis revealed 148 scenarii, 35 were criticality unacceptable. Fifty-four initial risk control actions were proposed and their stress levels to put them in place were evaluated. The main measures of risk management are: training, information, communication, computerization, automation, dual control, updating the documentation system, drug reconciliation and respect for Best Practices Hospitallers (BPH). Risk management requires a significant human and financial investment as well as, material resources and multidisciplinary expertise in order to offer the best solutions. Copyright © 2015 Académie Nationale de Pharmacie. Published by Elsevier Masson SAS. All rights reserved.
Bowles, Roland L.
A preliminary set of performance criteria for predictive windshear detection and warning systems is defined. Candidate airborne remote sensor technologies based on microwave Doppler radar, Doppler lidar, and IR radiometric techniques are examined from the viewpoint of overall system requirements, and the performance of each sensor is evaluated for representative microburst environments and ground clutter conditions. Preliminary simulation results indicate that all three sensors have potential for detecting windshear, and provide adequate warning time to permit flight crews to avoid the affected area or escape from the encounter.
As a consequence of the problems posed by modern technologies (e.g. nuclear power), a new discipline 'risk assessment' has developed over the last decade. The paper describes, first, some studies on determinants of perceived risk, e.g. frequency of accidents, catastrophic potential, voluntariness, dreadfulness, and controllability. Cognitive factors which help explaining research findings include availability, overconfidence, and perceptual set. Secondly, studies on the acceptability of risk are presented in which the focus is on the relation between perceived risk and perceived benefit. Following this, a brief outline of methods is given that have been suggested for determining the acceptability of risk (revealed preferences, expressed preferences, cost-benefit analysis, and decision analysis). Finally, the impact of the development of risky technologies and of risk research is discussed as it is evidenced in the controversies that have emerged within the scientific community, between science and politics, and between science and the public. (orig./HSCH) [de