WorldWideScience

Sample records for technology security risk

  1. Managing information technology security risk

    Science.gov (United States)

    Gilliam, David

    2003-01-01

    Information Technology (IT) Security Risk Management is a critical task for the organization to protect against the loss of confidentiality, integrity and availability of IT resources. As systems bgecome more complex and diverse and and attacks from intrusions and malicious content increase, it is becoming increasingly difficult to manage IT security risk. This paper describes a two-pronged approach in addressing IT security risk and risk management in the organization: 1) an institutional enterprise appraoch, and 2) a project life cycle approach.

  2. Reducing security risk using data loss prevention technology.

    Science.gov (United States)

    Beeskow, John

    2015-11-01

    Data loss/leakage protection (DLP) technology seeks to improve data security by answering three fundamental questions: > Where are confidential data stored? > Who is accessing the information? > How are data being handled?

  3. Risk, security and technology: governing football supporters in the twenty-first century

    NARCIS (Netherlands)

    Spaaij, R.

    2013-01-01

    This paper critically examines the security and risk management technologies that are being used to conduct and pre-empt the behaviour of football supporters. It is shown how, in the Netherlands, pre-emptive risk management in the governing of football supporters involves a dispersed and fragmented

  4. Internet security technologies

    CERN Multimedia

    CERN. Geneva

    2003-01-01

    The three pillars of Internet Security are Infrastructure, Applications and People. In this series of lectures we will examine those three pillars and how vital it is for individuals to understand the vulnerabilities of this technology so they can made informed decisions about risks and how they can reduce those risks for themselves and their colleagues.First we will focus on the infrastructure: network; servers; operating systems and all those things that are mostly invisible. Moving up a level, into the visible realm, we discuss the application and see things like buffer overflows, viruses and how as application developers and users we can protect ourselves. Finally, it's all about people. The strongest security technology in the world is easily defeated if people don't understand their role in the whole system.

  5. Selecting Security Technology Providers

    Science.gov (United States)

    Schneider, Tod

    2009-01-01

    The world of security technology holds great promise, but it is fraught with opportunities for expensive missteps and misapplications. The quality of the security technology consultants and system integrators one uses will have a direct bearing on how well his school masters this complex subject. Security technology consultants help determine…

  6. Digital security technology simplified.

    Science.gov (United States)

    Scaglione, Bernard J

    2007-01-01

    Digital security technology is making great strides in replacing analog and other traditional security systems including CCTV card access, personal identification and alarm monitoring applications. Like any new technology, the author says, it is important to understand its benefits and limitations before purchasing and installing, to ensure its proper operation and effectiveness. This article is a primer for security directors on how digital technology works. It provides an understanding of the key components which make up the foundation for digital security systems, focusing on three key aspects of the digital security world: the security network, IP cameras and IP recorders.

  7. Home - Defense Technology Security Administration

    Science.gov (United States)

    by @dtsamil Defense Technology Security Administration Mission, Culture, and History Executive Official seal of Defense Technology Security Administration Official seal of Defense Technology Security Administration OFFICE of the SECRETARY of DEFENSE Defense Technology Security Administration

  8. School Security Technologies

    Science.gov (United States)

    Schneider, Tod

    2010-01-01

    Over the past decade electronic security technology has evolved from an exotic possibility into an essential safety consideration. Before resorting to high-tech security solutions, school officials should think carefully about the potential for unintended consequences. Technological fixes may be mismatched to the problems being addressed. They can…

  9. Technology Empowerment: Security Challenges.

    Energy Technology Data Exchange (ETDEWEB)

    Warren, Drake Edward [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Backus, George A. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Jones, Wendell [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Nelson, Thomas R. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Skocypec, Russell D. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)

    2017-03-01

    Technology empowerment” means that innovation is increasingly accessible to ordinary people of limited means. As powerful technologies become more affordable and accessible, and as people are increasingly connected around the world, ordinary people are empowered to participate in the process of innovation and share the fruits of collaborative innovation. This annotated briefing describes technology empowerment and focuses on how empowerment may create challenges to U.S. national security. U.S. defense research as a share of global innovation has dwindled in recent years. With technology empowerment, the role of U.S. defense research is likely to shrink even further while technology empowerment will continue to increase the speed of innovation. To avoid falling too far behind potential technology threats to U.S. national security, U.S. national security institutions will need to adopt many of the tools of technology empowerment.

  10. Surviving security how to integrate people, process, and technology

    CERN Document Server

    Andress, Amanda

    2003-01-01

    WHY DO I NEED SECURITY? Introduction The Importance of an Effective Security Infrastructure People, Process, and Technology What Are You Protecting Against? Types of Attacks Types of Attackers Security as a Competitive Advantage Choosing a Solution Finding Security Employees The Layered Approach UNDERSTANDING REQUIREMENTS AND RISK What Is Risk? Embracing Risk Information Security Risk Assessment Assessing Risk Insurance SECURITY POLICIES AND PROCEDURES Internal Focus Is Key Security Awareness and Education Policy Life Cycle Developing Policies Components of a Security Policy Sample Security Po

  11. Privacy and information security risks in a technology platform for home-based chronic disease rehabilitation and education.

    Science.gov (United States)

    Henriksen, Eva; Burkow, Tatjana M; Johnsen, Elin; Vognild, Lars K

    2013-08-09

    Privacy and information security are important for all healthcare services, including home-based services. We have designed and implemented a prototype technology platform for providing home-based healthcare services. It supports a personal electronic health diary and enables secure and reliable communication and interaction with peers and healthcare personnel. The platform runs on a small computer with a dedicated remote control. It is connected to the patient's TV and to a broadband Internet. The platform has been tested with home-based rehabilitation and education programs for chronic obstructive pulmonary disease and diabetes. As part of our work, a risk assessment of privacy and security aspects has been performed, to reveal actual risks and to ensure adequate information security in this technical platform. Risk assessment was performed in an iterative manner during the development process. Thus, security solutions have been incorporated into the design from an early stage instead of being included as an add-on to a nearly completed system. We have adapted existing risk management methods to our own environment, thus creating our own method. Our method conforms to ISO's standard for information security risk management. A total of approximately 50 threats and possible unwanted incidents were identified and analysed. Among the threats to the four information security aspects: confidentiality, integrity, availability, and quality; confidentiality threats were identified as most serious, with one threat given an unacceptable level of High risk. This is because health-related personal information is regarded as sensitive. Availability threats were analysed as low risk, as the aim of the home programmes is to provide education and rehabilitation services; not for use in acute situations or for continuous health monitoring. Most of the identified threats are applicable for healthcare services intended for patients or citizens in their own homes. Confidentiality

  12. Information technology security system engineering methodology

    Science.gov (United States)

    Childs, D.

    2003-01-01

    A methodology is described for system engineering security into large information technology systems under development. The methodology is an integration of a risk management process and a generic system development life cycle process. The methodology is to be used by Security System Engineers to effectively engineer and integrate information technology security into a target system as it progresses through the development life cycle. The methodology can also be used to re-engineer security into a legacy system.

  13. Electrical markets, energy security and technology diversification: nuclear as cover against gas and carbon price risks?

    International Nuclear Information System (INIS)

    Roques, F.A.; Newbery, D.M.; Nuttall, W.J.; Neufville, R. de

    2005-01-01

    Recent tension in the oil and gas markets has brought back the concept of energy offer diversification. Electrical production technology diversification in a country helps improve the security of supply and make up for the negative effects of hydrocarbons price variations. The portfolio and real options theories help to quantify the optimum diversification level for a country or a power company. The cover value of a nuclear investment for a power company facing cost uncertainties (price of gas and of carbon dioxide emission permit) and proceeds (price of electricity) is assessed. A strong link between the prices of gas and electricity reduces incentives to private producers to diversify, disputing the capacity of a liberalized electrical market to achieve optimum technology diversity from a domestic point of view. (authors)

  14. Technological risks

    International Nuclear Information System (INIS)

    Klinke, A.; Renn, O.

    1998-01-01

    The empirical part about the technological risks deals with different technologies: nuclear energy, early warning systems of nuclear weapons and NBC-weapons, and electromagnetic fields. The potential of damage, the contemporary management strategies and the relevant characteristics will be described for each technology: risks of nuclear energy; risks of early warning systems of nuclear weapons and NBC-weapons; risks of electromagnetic fields. (authors)

  15. Technological risks

    Energy Technology Data Exchange (ETDEWEB)

    Klinke, A.; Renn, O. [Center of Technology Assessment in Baden-Wuerttemberg, Stuttgart (Germany)

    1998-07-01

    The empirical part about the technological risks deals with different technologies: nuclear energy, early warning systems of nuclear weapons and NBC-weapons, and electromagnetic fields. The potential of damage, the contemporary management strategies and the relevant characteristics will be described for each technology: risks of nuclear energy; risks of early warning systems of nuclear weapons and NBC-weapons; risks of electromagnetic fields. (authors)

  16. Emerging information technologies in accounting and related security risks – what is the impact on the Romanian accounting profession

    Directory of Open Access Journals (Sweden)

    Sînziana-Maria Rîndașu

    2017-12-01

    Full Text Available This study investigates whether aspiring and professional accountants understand the benefits and security challenges brought by emerging technologies such as: Big Data, data analytics, cloud computing and mobile technologies. 115 participants took part in a survey during January and February 2017, all having at least one year of practical experience in accounting or audit and 80% of them being affiliated with national or international accounting professional bodies. The research has three key findings: (1 Professional accountants and auditors are having in average a theoretical knowledge of the emerging technologies in the accounting field, but they still need to enhance their skills to exploit them efficiently, (2 Mobile technologies started to be adopted by the Romanian practitioners and (3 The profession has become aware of the security risks brought by emerging technologies in the digital accounting. The accounting profession is on the verge of change and the practitioners do not yet possess sufficient skills regarding the analyzed emerging technologies. As per this, the professional bodies and academic environment should reassess their curricula to enforce the necessary changes for preparing practitioners to successfully face the future challenges and avoid their replacement by other professions more qualified.

  17. Security force effectiveness and technology

    International Nuclear Information System (INIS)

    Seaton, M.B.

    1988-01-01

    No one would propose ineffective security forces. Applied technology always has, as its purpose, to increase effectiveness. Evidence exists, however, that poorly conceived or executed technological solutions can actually do more harm than good. The author argues for improved human factor considerations in physical security applied technology -- especially in the area of security console operations

  18. Security risks arising from portable storage devices

    CSIR Research Space (South Africa)

    Molotsi, K

    2012-10-01

    Full Text Available of the security risks arising from the use of PSDs, and further provides possible security countermeasures to help organisations and users to protect their digital assets. APPROACH Literature review: ? To investigate security risks posed by PSDs... technology in the workplace. International Journal of Electronic Security and Digital Forensics. 3(1): 73?81 [3] Kim, K., Kim, E. & Hong S. (2009). Privacy information protection in portable device. Proceedings of International Conference on Convergence...

  19. Security 2020 Reduce Security Risks This Decade

    CERN Document Server

    Howard, Doug; Schneier, Bruce

    2010-01-01

    Identify real security risks and skip the hype After years of focusing on IT security, we find that hackers are as active and effective as ever. This book gives application developers, networking and security professionals, those that create standards, and CIOs a straightforward look at the reality of today's IT security and a sobering forecast of what to expect in the next decade. It debunks the media hype and unnecessary concerns while focusing on the knowledge you need to combat and prioritize the actual risks of today and beyond.IT security needs are constantly evolving; this guide examine

  20. Audit Teknologiinformasiatas Physical Security Control Dan Logical Security Control Serta Penentuan Kondisi Security Risk Studi Kasus: PT Talc Indonesia

    OpenAIRE

    Inggrid; Arfianti, Rizka I; Utami, Viany

    2009-01-01

    Abstract The fast growth of technology has an impact to the accounting field. This relates to the term of information technology (17) auditing. One of the risI6 of using information technology in business which can be fatal enough i fignored is security risk Security risk can be reduced by security controls which include physical security control and logical security contra Information technology auditing is the process of collecting and evaluating evidence to determine whether or not a co...

  1. Information Technology Security and Human Risk: Exploring Factors of Unintended Insider Threat and Organizational Resilience

    Science.gov (United States)

    Thompson, Eleanor Elizabeth

    2014-01-01

    That organizations face threats to the security of their computer systems from external hackers is well documented. Intentional or unintentional behaviors by organizational insiders can severely compromise computer security as well. Less is known, however, about the nature of this threat from insiders. The purpose of this study was to bridge this…

  2. Technological risk

    Energy Technology Data Exchange (ETDEWEB)

    Dierkes, M; Coppock, R; Edwards, S

    1980-01-01

    The book begins with brief statements from representatives of political organizations. Part II presents an overview of the discussion about the control and management of technological progress. Parts III and IV discuss important elements in citizens' perception of technological risks and the development of consensus on how to deal with them. In Part V practical problems in the application of risk assessment and management, and in Part VI additional points are summarized.

  3. Technological risk

    International Nuclear Information System (INIS)

    Dierkes, M.; Coppock, R.; Edwards, S.

    1980-01-01

    The book begins with brief statements from representatives of political organizations. Part II presents an overview of the discussion about the control and management of technological progress. Parts III and IV discuss important elements in citizens' perception of technological risks and the development of consensus on how to deal with them. In Part V practical problems in the application of risk assessment and management, and in Part VI additional points are summarized. (DG)

  4. Information security foundations, technologies and applications

    CERN Document Server

    Awad, Ali Ismail; Fairhurst, Michael

    2018-01-01

    This book outlines key emerging trends in information security from the foundations and technologies in biometrics, cybersecurity, and big data security to applications in hardware and embedded systems security, computer forensics, the Internet of Things security, and network security.

  5. Information risk and security modeling

    Science.gov (United States)

    Zivic, Predrag

    2005-03-01

    This research paper presentation will feature current frameworks to addressing risk and security modeling and metrics. The paper will analyze technical level risk and security metrics of Common Criteria/ISO15408, Centre for Internet Security guidelines, NSA configuration guidelines and metrics used at this level. Information IT operational standards view on security metrics such as GMITS/ISO13335, ITIL/ITMS and architectural guidelines such as ISO7498-2 will be explained. Business process level standards such as ISO17799, COSO and CobiT will be presented with their control approach to security metrics. Top level, the maturity standards such as SSE-CMM/ISO21827, NSA Infosec Assessment and CobiT will be explored and reviewed. For each defined level of security metrics the research presentation will explore the appropriate usage of these standards. The paper will discuss standards approaches to conducting the risk and security metrics. The research findings will demonstrate the need for common baseline for both risk and security metrics. This paper will show the relation between the attribute based common baseline and corporate assets and controls for risk and security metrics. IT will be shown that such approach spans over all mentioned standards. The proposed approach 3D visual presentation and development of the Information Security Model will be analyzed and postulated. Presentation will clearly demonstrate the benefits of proposed attributes based approach and defined risk and security space for modeling and measuring.

  6. Improving Information Security Risk Management

    Science.gov (United States)

    Singh, Anand

    2009-01-01

    manaOptimizing risk to information to protect the enterprise as well as to satisfy government and industry mandates is a core function of most information security departments. Risk management is the discipline that is focused on assessing, mitigating, monitoring and optimizing risks to information. Risk assessments and analyses are critical…

  7. Health Security and Risk Aversion.

    Science.gov (United States)

    Herington, Jonathan

    2016-09-01

    Health security has become a popular way of justifying efforts to control catastrophic threats to public health. Unfortunately, there has been little analysis of the concept of health security, nor the relationship between health security and other potential aims of public health policy. In this paper I develop an account of health security as an aversion to risky policy options. I explore three reasons for thinking risk avoidance is a distinctly worthwhile aim of public health policy: (i) that security is intrinsically valuable, (ii) that it is necessary for social planning and (iii) that it is an appropriate response to decision-making in contexts of very limited information. Striking the right balance between securing and maximizing population health thus requires a substantive, and hitherto unrecognized, value judgment. Finally, I critically evaluate the current health security agenda in light of this new account of the concept and its relationship to the other aims of public health policy. © 2016 John Wiley & Sons Ltd.

  8. Practice brief. Securing wireless technology for healthcare.

    Science.gov (United States)

    Retterer, John; Casto, Brian W

    2004-05-01

    Wireless networking can be a very complex science, requiring an understanding of physics and the electromagnetic spectrum. While the radio theory behind the technology can be challenging, a basic understanding of wireless networking can be sufficient for small-scale deployment. Numerous security mechanisms are available to wireless technologies, making it practical, scalable, and affordable for healthcare organizations. The decision on the selected security model should take into account the needs for additional server hardware and administrative costs. Where wide area network connections exist between cooperative organizations, deployment of a distributed security model can be considered to reduce administrative overhead. The wireless approach chosen should be dynamic and concentrate on the organization's specific environmental needs. Aspects of organizational mission, operations, service level, and budget allotment as well as an organization's risk tolerance are all part of the balance in the decision to deploy wireless technology.

  9. Information security risk analysis

    CERN Document Server

    Peltier, Thomas R

    2001-01-01

    Effective Risk AnalysisQualitative Risk AnalysisValue AnalysisOther Qualitative MethodsFacilitated Risk Analysis Process (FRAP)Other Uses of Qualitative Risk AnalysisCase StudyAppendix A: QuestionnaireAppendix B: Facilitated Risk Analysis Process FormsAppendix C: Business Impact Analysis FormsAppendix D: Sample of ReportAppendix E: Threat DefinitionsAppendix F: Other Risk Analysis OpinionsIndex

  10. Security Problems of Mobile Technologies

    Directory of Open Access Journals (Sweden)

    A. G. Beltov

    2012-09-01

    Full Text Available The article provides an overview of security problems which exist in the mobile devices. The main technologies aimed to protect the phones from various types of attacks are considered. The authors justify the necessity of developing new improved tools and methods to ensure the safety of such devices.

  11. Vulnerability Identification Errors in Security Risk Assessments

    OpenAIRE

    Taubenberger, Stefan

    2014-01-01

    At present, companies rely on information technology systems to achieve their business objectives, making them vulnerable to cybersecurity threats. Information security risk assessments help organisations to identify their risks and vulnerabilities. An accurate identification of risks and vulnerabilities is a challenge, because the input data is uncertain. So-called ’vulnerability identification errors‘ can occur if false positive vulnerabilities are identified, or if vulnerabilities remain u...

  12. Building secure network by integrated technology

    International Nuclear Information System (INIS)

    An Dehai; Xu Rongsheng; Liu Baoxu

    2000-01-01

    The author introduces a method which can realize the most powerful network security prevention by the network security integrated technologies such as firewall, realtime monitor, network scanner, Web detection and security, etc

  13. Information Security Risk Analysis

    CERN Document Server

    Peltier, Thomas R

    2010-01-01

    Offers readers with the knowledge and the skill-set needed to achieve a highly effective risk analysis assessment. This title demonstrates how to identify threats and then determine if those threats pose a real risk. It is suitable for industry and academia professionals.

  14. Securing the energy industry : perspectives in security risk management

    Energy Technology Data Exchange (ETDEWEB)

    Hurd, G.L. [Anadarko Canada Corp., Calgary, AB (Canada)

    2003-07-01

    This presentation offered some perspectives in security risk management as it relates to the energy sector. Since the events of September 11, 2001 much attention has been given to terrorism and the business is reviewing protection strategies. The paper made reference to each of the following vulnerabilities in the energy sector: information technology, globalization, business restructuring, interdependencies, political/regulatory change, and physical/human factors. The vulnerability of information technology is that it can be subject to cyber and virus attacks. Dangers of globalization lie in privacy and information security, forced nationalization, organized crime, and anti-globalization efforts. It was noted that the Y2K phenomenon provided valuable lessons regarding interdependencies and the effects of power outages, water availability, transportation disruption, common utility corridor accidents, and compounding incidents. The paper also noted the conflict between the government's desire to have a resilient infrastructure that can withstand and recover from attacks versus a company's ability to afford this capability. The physical/human factors that need to be considered in risk management include crime, domestic terrorism, and disasters such as natural disasters, industrial disasters and crisis. The energy industry has geographically dispersed vulnerable systems. It has done a fair job of physical security and has good emergency management practices, but it was noted that the industry cannot protect against all threats. A strategy of vigilance and awareness is needed to deal with threats. Other strategies include contingency planning, physical security, employee communication, and emergency response plans. tabs., figs.

  15. Aerospace Communications Security Technologies Demonstrated

    Science.gov (United States)

    Griner, James H.; Martzaklis, Konstantinos S.

    2003-01-01

    In light of the events of September 11, 2001, NASA senior management requested an investigation of technologies and concepts to enhance aviation security. The investigation was to focus on near-term technologies that could be demonstrated within 90 days and implemented in less than 2 years. In response to this request, an internal NASA Glenn Research Center Communications, Navigation, and Surveillance Aviation Security Tiger Team was assembled. The 2-year plan developed by the team included an investigation of multiple aviation security concepts, multiple aircraft platforms, and extensively leveraged datalink communications technologies. It incorporated industry partners from NASA's Graphical Weather-in-the-Cockpit research, which is within NASA's Aviation Safety Program. Two concepts from the plan were selected for demonstration: remote "black box," and cockpit/cabin surveillance. The remote "black box" concept involves real-time downlinking of aircraft parameters for remote monitoring and archiving of aircraft data, which would assure access to the data following the loss or inaccessibility of an aircraft. The cockpit/cabin surveillance concept involves remote audio and/or visual surveillance of cockpit and cabin activity, which would allow immediate response to any security breach and would serve as a possible deterrent to such breaches. The datalink selected for the demonstrations was VDL Mode 2 (VHF digital link), the first digital datalink for air-ground communications designed for aircraft use. VDL Mode 2 is beginning to be implemented through the deployment of ground stations and aircraft avionics installations, with the goal of being operational in 2 years. The first demonstration was performed December 3, 2001, onboard the LearJet 25 at Glenn. NASA worked with Honeywell, Inc., for the broadcast VDL Mode 2 datalink capability and with actual Boeing 757 aircraft data. This demonstration used a cockpitmounted camera for video surveillance and a coupling to

  16. Enterprise security IT security solutions : concepts, practical experiences, technologies

    CERN Document Server

    Fumy, Walter

    2013-01-01

    Addressing IT managers and staff, as well as CIOs and other executives dealing with corporate IT security, this book provides a broad knowledge on the major security issues affecting today's corporations and organizations, and presents state-of-the-art concepts and current trends for securing an enterprise.Areas covered include information security management, network and system security, identity and access management (IAM), authentication (including smart card based solutions and biometrics), and security certification. In-depth discussion of relevant technologies and standards (including cr

  17. Security engineering: systems engineering of security through the adaptation and application of risk management

    Science.gov (United States)

    Gilliam, David P.; Feather, Martin S.

    2004-01-01

    Information Technology (IT) Security Risk Management is a critical task in the organization, which must protect its resources and data against the loss of confidentiality, integrity, and availability. As systems become more complex and diverse, and more vulnerabilities are discovered while attacks from intrusions and malicious content increase, it is becoming increasingly difficult to manage IT security. This paper describes an approach to address IT security risk through risk management and mitigation in both the institution and in the project life cycle.

  18. Information Security Risk Assessment in Hospitals.

    Science.gov (United States)

    Ayatollahi, Haleh; Shagerdi, Ghazal

    2017-01-01

    To date, many efforts have been made to classify information security threats, especially in the healthcare area. However, there are still many unknown risks which may threat the security of health information and their resources especially in the hospitals. The aim of this study was to assess the risks threatening information security in the hospitals located in one of the northwest cities of Iran. This study was completed in 2014. The participants were information technology managers who worked in the hospitals (n=27). The research instrument was a questionnaire composed of a number of open and closed questions. The content validity of the questionnaire was confirmed, and the reliability of the closed questions was measured by using the test-retest method (r =0.78). The results showed that among the information security risks, fire found to be a high probability/high impact risk factor. Human and physical/environmental threats were among the low probability risk factors. Regarding the information security safeguards used in the hospitals, the results showed that the use of the technical safeguards was the most frequent one (n =22, 91.7%) compared to the administrative (n =21, 87.5%) and the physical safeguards (n =16, 66.7%). The high probability risk factors require quick corrective actions to be taken. Therefore, the underlying causes of such threats should be identified and controlled before experiencing adverse effects. It is also important to note that information security in health care systems needs to be considered at a macro level with respect to the national interests and policies.

  19. Technical and governance considerations for advanced metering infrastructure/smart meters: Technology, security, uncertainty, costs, benefits, and risks

    International Nuclear Information System (INIS)

    McHenry, Mark P.

    2013-01-01

    The fundamental role of policymakers when considering Advanced Metering Infrastructure (AMI), or ‘smart meters for energy and water infrastructure is to investigate a broad range of complex interrelated issues. These include alternative technical and non-technical options and deployment needs, the cost and benefits of the infrastructure (risks and mitigation measures), and the impact of a number of stakeholders: consumers, distributors, retailers, competitive market operators, competing technology companies, etc. The scale and number of potential variables in the AMI space is an almost unprecedented challenge to policymakers, with the anticipation of new ancillary products and services, associated market contestability, related regulatory and policy amendments, and the adequacy of consumer protection, education, and safety considerations requiring utmost due-diligence. Embarking on AMI investment entails significant technical, implementation, and strategic risk for governments and administering bodies, and an active effort is required to ensure AMI governance and planning maximises the potential benefits, and minimise uncertainties, costs, and risks to stakeholders. This work seeks to clarify AMI fundamentals and discusses the technical and related governance considerations from a dispassionate perspective, yet acknowledges many stakeholders tend to dichotomise debate, and obfuscate both advantages and benefits, and the converse. - Highlights: • AMI presents an almost unprecedented technical and governance policy challenge. • AMI enables vertical integration of electricity, gas, water, IT, and telco entities • AMI investments involve major technical, implementation, and strategic decisions. • Adequacy of consumer education, safety, privacy, and protection is paramount. • Policy must maximise AMI benefits and minimise uncertainties, costs, and risks

  20. Nuclear energy technology transfer: the security barriers

    International Nuclear Information System (INIS)

    Rinne, R.L.

    1975-08-01

    The problems presented by security considerations to the transfer of nuclear energy technology are examined. In the case of fusion, the national security barrier associated with the laser and E-beam approaches is discussed; for fission, the international security requirements, due to the possibility of the theft or diversion of special nuclear materials or sabotage of nuclear facilities, are highlighted. The paper outlines the nuclear fuel cycle and terrorist threat, examples of security barriers, and the current approaches to transferring technology. (auth)

  1. Information Security Risks on a University Campus

    Directory of Open Access Journals (Sweden)

    Amer A. Al-Rawas

    2002-06-01

    Full Text Available This paper is concerned with issues relating to security in the provision of information systems (IS services within a campus environment. It is based on experiences with a specific known environment; namely Sultan Qaboos University. In considering the risks and challenges that face us in the provision of IS services we need to consider a number of interwoven subject areas.  These are: the importance of information to campus communities, the types of information utilised, and the risk factors that relate to the provision of IS services. Based on our discussion of the risk factors identified within this paper, we make a number of recommendations for improving security within any environment that wishes to take the matter seriously. These recommendations are classified into three main groups: general, which are applicable to the entire institution; social, aimed at the work attitudes of staff and students; and technical, addressing the skills and technologies required.

  2. Smart Card Security; Technology and Adoption

    OpenAIRE

    Hamed Taherdoost; Shamsul Sahibuddin; Neda Jalaliyoon

    2011-01-01

    Newly, smart card technology are being used in a number of ways around the world, on the otherhand, security has become significant in information technology, especially in those applicationinvolving data sharing and transactions through the internet. Furthermore, researches ininformation technology acceptance have identified the security as one of the factor that caninfluence on smart card adoption. This research is chiefly to study the security principals of smartcard and assess the securit...

  3. Center for Coastline Security Technology, Year-2

    National Research Council Canada - National Science Library

    Glegg, Stewart; Glenn, William; Furht, Borko; Beaujean, P. P; Frisk, G; Schock, S; VonEllenrieder, K; Ananthakrishnan, P; An, E; Granata, R

    2007-01-01

    ...), the Imaging Technology Center, the Department of Computer Science and Engineering, and the University Consortium for Intermodal Transportation Safety and Security at Florida Atlantic University...

  4. Making Technology Work for Campus Security

    Science.gov (United States)

    Floreno, Jeff; Keil, Brad

    2010-01-01

    The challenges associated with securing schools from both on- and off-campus threats create constant pressure for law enforcement, campus security professionals, and administrators. And while security technology choices are plentiful, many colleges and universities are operating with limited dollars and information needed to select and integrate…

  5. Survey of network and information security technology

    International Nuclear Information System (INIS)

    Liu Baoxu; Wang Xiaozhen

    2007-01-01

    With the rapidly development of the computer network technology and informationize working of our Country, Network and Information Security issues becomes the focal point problem that people shows solicitude for. On the basis analysing security threat and challenge of network information and their developing trend. This paper briefly analyses and discusses the main relatively study direction and content about the theory, technology and practice of Network and Information Security. (authors)

  6. Marine data security based on blockchain technology

    Science.gov (United States)

    Yang, Zhao; Xie, Weiwei; Huang, Lei; Wei, Zhiqiang

    2018-03-01

    With the development of marine observation technology and network technology, the volume of marine data growing rapidly. This brings new challenges for data storage and transmission. How to protect data security of marine big data has become an urgent problem. The traditional information security methods’ characteristic is centralization. These technologies cannot provide whole process protection, e.g., data storage, data management and application of data. The blockchain technology is a novel technology, which can keep the data security and reliability by using decentralized methodology. It has aroused wide interest in the financial field. In this paper, we describe the concept, characteristics and key technologies of blockchain technology and introduce it into the field of marine data security.

  7. Information technology - Security techniques - Information security management systems - Requirements

    CERN Document Server

    International Organization for Standardization. Geneva

    2005-01-01

    ISO/IEC 27001:2005 covers all types of organizations (e.g. commercial enterprises, government agencies, not-for profit organizations). ISO/IEC 27001:2005 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization's overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof. ISO/IEC 27001:2005 is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties. ISO/IEC 27001:2005 is intended to be suitable for several different types of use, including the following: use within organizations to formulate security requirements and objectives; use within organizations as a way to ensure that security risks are cost effectively managed; use within organizations to ensure comp...

  8. reputation Risks through Information Security Incidents

    Directory of Open Access Journals (Sweden)

    Vitaly Eduardovich Dorokhov

    2014-05-01

    Full Text Available The article deals with accounting reputational risks arising through information security breaches in the management of a business entity. Security breach incidents which results to the loss of reputation are identified. Based on this analysis the definition of reputational risk in information security is given.

  9. Information and technology: Improving food security in Uganda ...

    International Development Research Centre (IDRC) Digital Library (Canada)

    2014-06-23

    Jun 23, 2014 ... Information and technology: Improving food security in Uganda ... knowledge to make decisions about planting, harvesting, and managing livestock, but ... to be effective for minimizing risks and increasing agricultural productivity. ... In time, this network of information – made possible by digital technology ...

  10. National Security Technology Incubator Evaluation Process

    Energy Technology Data Exchange (ETDEWEB)

    None, None

    2007-12-31

    This report describes the process by which the National Security Technology Incubator (NSTI) will be evaluated. The technology incubator is being developed as part of the National Security Preparedness Project (NSPP), funded by a Department of Energy (DOE)/National Nuclear Security Administration (NNSA) grant. This report includes a brief description of the components, steps, and measures of the proposed evaluation process. The purpose of the NSPP is to promote national security technologies through business incubation, technology demonstration and validation, and workforce development. The NSTI will focus on serving businesses with national security technology applications by nurturing them through critical stages of early development. An effective evaluation process of the NSTI is an important step as it can provide qualitative and quantitative information on incubator performance over a given period. The vision of the NSTI is to be a successful incubator of technologies and private enterprise that assist the NNSA in meeting new challenges in national safety and security. The mission of the NSTI is to identify, incubate, and accelerate technologies with national security applications at various stages of development by providing hands-on mentoring and business assistance to small businesses and emerging or growing companies. To achieve success for both incubator businesses and the NSTI program, an evaluation process is essential to effectively measure results and implement corrective processes in the incubation design if needed. The evaluation process design will collect and analyze qualitative and quantitative data through performance evaluation system.

  11. National Security Technology Incubator Business Plan

    Energy Technology Data Exchange (ETDEWEB)

    None, None

    2007-12-31

    This document contains a business plan for the National Security Technology Incubator (NSTI), developed as part of the National Security Preparedness Project (NSPP) and performed under a Department of Energy (DOE)/National Nuclear Security Administration (NNSA) grant. This business plan describes key features of the NSTI, including the vision and mission, organizational structure and staffing, services, evaluation criteria, marketing strategies, client processes, a budget, incubator evaluation criteria, and a development schedule. The purpose of the NSPP is to promote national security technologies through business incubation, technology demonstration and validation, and workforce development. The NSTI will focus on serving businesses with national security technology applications by nurturing them through critical stages of early development. The vision of the NSTI is to be a successful incubator of technologies and private enterprise that assist the NNSA in meeting new challenges in national safety, security, and protection of the homeland. The NSTI is operated and managed by the Arrowhead Center, responsible for leading the economic development mission of New Mexico State University (NMSU). The Arrowhead Center will recruit business with applications for national security technologies recruited for the NSTI program. The Arrowhead Center and its strategic partners will provide business incubation services, including hands-on mentoring in general business matters, marketing, proposal writing, management, accounting, and finance. Additionally, networking opportunities and technology development assistance will be provided.

  12. Information security risk assessment, aggregation, and mitigation

    NARCIS (Netherlands)

    Lenstra, A.K.; Voss, T.; Wang, H.; Pieprzyk, J.; Varadharajan, V.

    2004-01-01

    As part of their compliance process with the Basel 2 operational risk management requirements, banks must define how they deal with information security risk management. In this paper we describe work in progress on a new quantitative model to assess and aggregate information security risks that is

  13. Security Technologies for Open Networking Environments (STONE)

    Energy Technology Data Exchange (ETDEWEB)

    Muftic, Sead

    2005-03-31

    Under this project SETECS performed research, created the design, and the initial prototype of three groups of security technologies: (a) middleware security platform, (b) Web services security, and (c) group security system. The results of the project indicate that the three types of security technologies can be used either individually or in combination, which enables effective and rapid deployment of a number of secure applications in open networking environments. The middleware security platform represents a set of object-oriented security components providing various functions to handle basic cryptography, X.509 certificates, S/MIME and PKCS No.7 encapsulation formats, secure communication protocols, and smart cards. The platform has been designed in the form of security engines, including a Registration Engine, Certification Engine, an Authorization Engine, and a Secure Group Applications Engine. By creating a middleware security platform consisting of multiple independent components the following advantages have been achieved - Object-oriented, Modularity, Simplified Development, and testing, Portability, and Simplified extensions. The middleware security platform has been fully designed and a preliminary Java-based prototype has been created for the Microsoft Windows operating system. The Web services security system, designed in the project, consists of technologies and applications that provide authentication (i.e., single sign), authorization, and federation of identities in an open networking environment. The system is based on OASIS SAML and XACML standards for secure Web services. Its topology comprises three major components: Domain Security Server (DSS) is the main building block of the system Secure Application Server (SAS) Secure Client In addition to the SAML and XACML engines, the authorization system consists of two sets of components An Authorization Administration System An Authorization Enforcement System Federation of identities in multi

  14. Review: Security in Wireless Technologies in Business

    Science.gov (United States)

    Sattarova, F. Y.; Kim, Tai-Hoon

    Wireless technology seems to be everywhere now - but it is still relatively in its infancy. New standards and protocols continue to emerge and problems and bugs are discovered. Nevertheless, wireless networks make many things much more convenient and it appears that wireless networks are here to stay. The differences and similarities of wireless and wired security, the new threats brought by mobility, the security of networks and devices and effects of security, or lack of it are shortly discussed in this review paper.

  15. Cyber security analytics, technology and automation

    CERN Document Server

    Neittaanmäki, Pekka

    2015-01-01

    Over the last two decades, the Internet and more broadly cyberspace has had a tremendous impact on all parts of society. Governments across the world have started to develop cyber security strategies and to consider cyberspace as an increasingly important international issue. The book, in addition to the cyber threats and technology, processes cyber security from many sides as a social phenomenon and how the implementation of the cyber security strategy is carried out. The book gives a profound idea of the most spoken phenomenon of this time. The book is suitable for a wide-ranging audience from graduate to professionals/practitioners and researchers. Relevant disciplines for the book are  Telecommunications / Network security, Applied mathematics / Data analysis, Mobile systems / Security, Engineering / Security of critical infrastructure and Military science / Security.

  16. Technologies to counter aviation security threats

    Science.gov (United States)

    Karoly, Steve

    2017-11-01

    The Aviation and Transportation Security Act (ATSA) makes TSA responsible for security in all modes of transportation, and requires that TSA assess threats to transportation, enforce security-related regulations and requirements, and ensure the adequacy of security measures at airports and other transportation facilities. Today, TSA faces a significant challenge and must address a wide range of commercial, military grade, and homemade explosives and these can be presented in an infinite number of configurations and from multiple vectors. TSA screens 2 million passengers and crew, and screens almost 5 million carry-on items and 1.2 million checked bags daily. As TSA explores new technologies for improving efficiency and security, those on the forefront of research and development can help identify unique and advanced methods to combat terrorism. Research and Development (R&D) drives the development of future technology investments that can address an evolving adversary and aviation threat. The goal is to rethink the aviation security regime in its entirety, and rather than focusing security at particular points in the enterprise, distribute security from the time a reservation is made to the time a passenger boards the aircraft. The ultimate objective is to reengineer aviation security from top to bottom with a continued focus on increasing security throughout the system.

  17. Capitalization of Defense Technology Security Administration Equipment

    National Research Council Canada - National Science Library

    Gimble, Thomas

    1996-01-01

    ... $5.2 million in the Equipment in Use account on its trial balance. Starting with FY 1996, Defense Technology Security Administration financial data will be included in consolidated DoD financial statements...

  18. Promoting Economic Security through Information Technology ...

    African Journals Online (AJOL)

    The problem of economic insecurity is a global threat to national security. In Nigeria today, we have witness a lot of national security issues that risks the continued existence of the country as one indivisible political entity with many calling for disintegration. Hitherto, many terrorist networks have sprang up in many parts of ...

  19. Emerging Technology for School Security

    Science.gov (United States)

    Doss, Kevin T.

    2012-01-01

    Locks and keys ring up huge costs for education institutions. No wonder many facility directors and public-safety directors have turned to automated access-control systems with magnetic-stripe cards, proximity cards and, most recently, smart cards. Smart cards can provide a host of on- and off-campus services beyond security. In addition to…

  20. New technology for food systems and security.

    Science.gov (United States)

    Yau, N J Newton

    2009-01-01

    In addition to product trade, technology trade has become one of the alternatives for globalization action around the world. Although not all technologies employed on the technology trade platform are innovative technologies, the data base of international technology trade still is a good indicator for observing innovative technologies around world. The technology trade data base from Sinew Consulting Group (SCG) Ltd. was employed as an example to lead the discussion on security or safety issues that may be caused by these innovative technologies. More technologies related to processing, functional ingredients and quality control technology of food were found in the data base of international technology trade platform. The review was conducted by categorizing technologies into the following subcategories in terms of safety and security issues: (1) agricultural materials/ingredients, (2) processing/engineering, (3) additives, (4) packaging/logistics, (5) functional ingredients, (6) miscellaneous (include detection technology). The author discusses examples listed for each subcategory, including GMO technology, nanotechnology, Chinese medicine based functional ingredients, as well as several innovative technologies. Currently, generation of innovative technology advance at a greater pace due to cross-area research and development activities. At the same time, more attention needs to be placed on the employment of these innovative technologies.

  1. Security Risk Assessment in Software Development Projects

    OpenAIRE

    Svendsen, Heidi

    2017-01-01

    Software security is increasing in importance, linearly with vulnerabilities caused by software flaws. It is not possible to spend all the project s resources on software security. To spend the resources given to security in an effective way, one should know what is most important to protect. By performing a risk analysis the project know which vulnerabilities they face. A risk analysis will prioritise the vulnerabilities, and when the vulnerabilities are prioritised the project know where th...

  2. National Security Technology Incubation Project Continuation Plan

    Energy Technology Data Exchange (ETDEWEB)

    None

    2008-09-30

    This document contains a project continuation plan for the National Security Technology Incubator (NSTI). The plan was developed as part of the National Security Preparedness Project (NSPP) funded by a Department of Energy (DOE)/National Nuclear Security Administration (NNSA) grant. This continuation plan describes the current status of NSTI (staffing and clients), long-term goals, strategies, and long-term financial solvency goals.The Arrowhead Center of New Mexico State University (NMSU) is the operator and manager of the NSTI. To realize the NSTI, Arrowhead Center must meet several performance objectives related to planning, development, execution, evaluation, and sustainability. This continuation plan is critical to the success of NSTI in its mission of incubating businesses with security technology products and services.

  3. Critical infrastructure cyber-security risk management

    OpenAIRE

    Spyridopoulos, T.; Maraslis, K.; Tryfonas, T.; Oikonomou, G.

    2017-01-01

    Traditional IT cyber-security risk management methods are based on the evaluation of risks calculated as the likelihood of cyber-security incidents occurring. However, these probabilities are usually estimations or guesses based on past experience and incomplete data. Incorrect estimations can lead to errors in the evaluation of risks that can ultimately affect the protection of the system. This issue is also transferred to methods used in Industrial Control Systems (ICSs), as they are mainly...

  4. Infrared: A Key Technology for Security Systems

    OpenAIRE

    Corsi, Carlo

    2012-01-01

    Infrared science and technology has been, since the first applications, mainly dedicated to security and surveillance especially in military field, besides specialized techniques in thermal imaging for medical diagnostic and building structures and recently in energy savings and aerospace context. Till recently the security applications were mainly based on thermal imaging as surveillance and warning military systems. In all these applications the advent of room temperature, more reliable due...

  5. Security engineering: Phisical security measures for high-risk personnel

    Directory of Open Access Journals (Sweden)

    Jelena S. Cice

    2013-06-01

    Full Text Available The design of physical security measures is a specialized technical area that does not fall in the normal skill record and resume of commanders, architects, engineers, and project managers. This document provides guidance to those parties tasked with implementing existing and emerging physical protection system requirements: -    Creation of a single-source reference for the design and construction of physical security measures for high-risk personnel (HRP. -    Promulgation of multi-service standard recommendations and considerations. -    Potential increase of productivity of HRP and reduced temporary housing costs through clarification of considerations, guidance on planning, and provision of design solutions. -    Reduction of facility project costs. -    Better performance of modernized facilities, in terms of force protection, than original facilities. Throughout this process you must ensure: confidentiality, appropriate Public Relations, sustainability, compliance with all industrial guidelines and legal and regulatory requirement, constant review and revision to accommodate new circumstances or threats. Introduction Physical security is an extremely broad topic. It encompasses access control devices such as smart cards, air filtration and fireproofing. It is also heavily reliant on infrastructure. This means that many of the ideal physical security measures may not be economically or physically feasible for existing sites. Many businesses do not have the option of building their own facility from the ground up; thus physical security often must be integrated into an existing structure. This limits the overall set of security measures that can be installed. There is an aspect of physical security that is often overlooked; the humans that interact with it. Humans commit crime for a number of reasons. The document focuses on two building types: the HRP office and the HRP residence. HRP are personnel who are likely to be

  6. Physical security technology base programs for physical security

    International Nuclear Information System (INIS)

    Jacobs, J.

    1986-01-01

    Sandia National Laboratories is the US Department of Energy's lead laboratory for physical security research and development (R and D). In support of this mission, Sandia has maintained for several years an R and D program in each of the following technology areas: Intrusion Detection, Entry Control, CCTV Assessment, Access Delay, Alarm Display, and Guard Equipment and Training. The purpose of the technology base programs is to maintain cognizance of the capabilities of the commercial market, identify improvements and transfer technology to industry and facilities. The output of these programs supports the development of new equipment and advanced system concepts, demonstrations of proof-of-principles and system implementation. This paper will review the status of current developments and discuss trends in new technologies which are being explored for future applications, i.e., artificial intelligence, expert systems, robotics, and more automated systems

  7. Safety and Security Interface Technology Initiative

    International Nuclear Information System (INIS)

    Dr. Michael A. Lehto; Kevin J. Carroll; Dr. Robert Lowrie

    2007-01-01

    Earlier this year, the Energy Facility Contractors Group (EFCOG) was asked to assist in developing options related to acceleration deployment of new security-related technologies to assist meeting design base threat (DBT) needs while also addressing the requirements of 10 CFR 830. NNSA NA-70, one of the working group participants, designated this effort the Safety and Security Interface Technology Initiative (SSIT). Relationship to Workshop Theme. ''Supporting Excellence in Operations Through Safety Analysis'', (workshop theme) includes security and safety personnel working together to ensure effective and efficient operations. One of the specific workshop elements listed in the call for papers is ''Safeguards/Security Integration with Safety''. This paper speaks directly to this theme. Description of Work. The EFCOG Safety Analysis Working Group (SAWG) and the EFCOG Security Working Group formed a core team to develop an integrated process involving both safety basis and security needs allowing achievement of the DBT objectives while ensuring safety is appropriately considered. This effort garnered significant interest, starting with a two day breakout session of 30 experts at the 2006 Safety Basis Workshop. A core team was formed, and a series of meetings were held to develop that process, including safety and security professionals, both contractor and federal personnel. A pilot exercise held at Idaho National Laboratory (INL) in mid-July 2006 was conducted as a feasibility of concept review. Work Results. The SSIT efforts resulted in a topical report transmitted from EFCOG to DOE/NNSA in August 2006. Elements of the report included: Drivers and Endstate, Control Selections Alternative Analysis Process, Terminology Crosswalk, Safety Basis/Security Documentation Integration, Configuration Control, and development of a shared ''tool box'' of information/successes. Specific Benefits. The expectation or end state resulting from the topical report and associated

  8. Competition, Speculative Risks, and IT Security Outsourcing

    Science.gov (United States)

    Cezar, Asunur; Cavusoglu, Huseyin; Raghunathan, Srinivasan

    Information security management is becoming a more critical and, simultaneously, a challenging function for many firms. Even though many security managers are skeptical about outsourcing of IT security, others have cited reasons that are used for outsourcing of traditional IT functions for why security outsourcing is likely to increase. Our research offers a novel explanation, based on competitive externalities associated with IT security, for firms' decisions to outsource IT security. We show that if competitive externalities are ignored, then a firm will outsource security if and only if the MSSP offers a quality (or a cost) advantage over in-house operations, which is consistent with the traditional explanation for security outsourcing. However, a higher quality is neither a prerequisite nor a guarantee for a firm to outsource security. The competitive risk environment and the nature of the security function outsourced, in addition to quality, determine firms' outsourcing decisions. If the reward from the competitor's breach is higher than the loss from own breach, then even if the likelihood of a breach is higher under the MSSP the expected benefit from the competitive demand externality may offset the loss from the higher likelihood of breaches, resulting in one or both firms outsourcing security. The incentive to outsource security monitoring is higher than that of infrastructure management because the MSSP can reduce the likelihood of breach on both firms and thus enhance the demand externality effect. The incentive to outsource security monitoring (infrastructure management) is higher (lower) if either the likelihood of breach on both firms is lower (higher) when security is outsourced or the benefit (relative to loss) from the externality is higher (lower). The benefit from the demand externality arising out of a security breach is higher when more of the customers that leave the breached firm switch to the non-breached firm.

  9. Modern Quantum Technologies of Information Security

    OpenAIRE

    Korchenko, Oleksandr; Vasiliu, Yevhen; Gnatyuk, Sergiy

    2010-01-01

    In this paper, the systematisation and classification of modern quantum technologies of information security against cyber-terrorist attack are carried out. The characteristic of the basic directions of quantum cryptography from the viewpoint of the quantum technologies used is given. A qualitative analysis of the advantages and disadvantages of concrete quantum protocols is made. The current status of the problem of practical quantum cryptography use in telecommunication networks is consider...

  10. 75 FR 28275 - Homeland Security Science and Technology Advisory Committee

    Science.gov (United States)

    2010-05-20

    ...: The Homeland Security Science and Technology Advisory Committee met on April 20, 2010 from 8:30 a.m... and Technology Directorate, Department of Homeland Security, 245 Murray Lane, Bldg. 410, Washington... for the Under Secretary of Homeland Security for Science and Technology. The Homeland Security Science...

  11. Risk assessment techniques for civil aviation security

    Energy Technology Data Exchange (ETDEWEB)

    Tamasi, Galileo, E-mail: g.tamasi@enac.rupa.i [Ente Nazionale per l' Aviazione Civile-Direzione Progetti, Studi e Ricerche, Via di Villa Ricotti, 42, 00161 Roma (Italy); Demichela, Micaela, E-mail: micaela.demichela@polito.i [SAfeR-Centro Studi su Sicurezza, Affidabilita e Rischi, Dipartimento di Scienza dei Materiali e Ingegneria Chimica, Politecnico di Torino, Corso Duca degli Abruzzi, 24, 10129 Torino (Italy)

    2011-08-15

    Following the 9/11 terrorists attacks in New York a strong economical effort was made to improve and adapt aviation security, both in infrastructures as in airplanes. National and international guidelines were promptly developed with the objective of creating a security management system able to supervise the identification of risks and the definition and optimization of control measures. Risk assessment techniques are thus crucial in the above process, since an incorrect risk identification and quantification can strongly affect both the security level as the investments needed to reach it. The paper proposes a set of methodologies to qualitatively and quantitatively assess the risk in the security of civil aviation and the risk assessment process based on the threats, criticality and vulnerabilities concepts, highlighting their correlation in determining the level of risk. RAMS techniques are applied to the airport security system in order to analyze the protection equipment for critical facilities located in air-side, allowing also the estimation of the importance of the security improving measures vs. their effectiveness.

  12. Risk assessment techniques for civil aviation security

    International Nuclear Information System (INIS)

    Tamasi, Galileo; Demichela, Micaela

    2011-01-01

    Following the 9/11 terrorists attacks in New York a strong economical effort was made to improve and adapt aviation security, both in infrastructures as in airplanes. National and international guidelines were promptly developed with the objective of creating a security management system able to supervise the identification of risks and the definition and optimization of control measures. Risk assessment techniques are thus crucial in the above process, since an incorrect risk identification and quantification can strongly affect both the security level as the investments needed to reach it. The paper proposes a set of methodologies to qualitatively and quantitatively assess the risk in the security of civil aviation and the risk assessment process based on the threats, criticality and vulnerabilities concepts, highlighting their correlation in determining the level of risk. RAMS techniques are applied to the airport security system in order to analyze the protection equipment for critical facilities located in air-side, allowing also the estimation of the importance of the security improving measures vs. their effectiveness.

  13. The Search for Security Technology Funding.

    Science.gov (United States)

    Fickes, Michael

    2003-01-01

    Explains that although it is difficult to find money to pay for school security technology, there are places to look. For example, the Department of Education has a list serve that summarizes various funding opportunities. There is also a Federal Register list serve and a site put out by the Department of Justice. A sidebar presents three…

  14. Risk and Soviet Security Decisions

    National Research Council Canada - National Science Library

    Hull, Andrew

    1990-01-01

    .... There are several exceptions to general Soviet risk aversion in using military power. But in each instance, the Soviet Union has fared rather badly when it chanced large risks in pursuit of correspondingly high potential gains...

  15. Denial technology, the neglected security element

    International Nuclear Information System (INIS)

    Mauney, C.H.

    1982-01-01

    Even though there has been an increased concern over providing adequate security during the past decade, and even though some aspects of existing security systems have been enhanced during this period, much remains to be done to provide that balance which is so necessary to have all elements function as an effective unit. The area that primarily has been neglected is the delay element - the part of the system which makes possible the needed time for the security force to respond after an intrustion is detected and prior to the adversary attaining his desired goal. The purpose of this paper is to address the vulnerabilities of a security system which exist without the proper delay elements and to suggest how current technology can provide, through the use of activated barriers, that needed delay time to bring the system into balance. Security managers desire reliability and effectiveness; plant managers require safety, non-interference with operations, cost considerate capability, and aesthetic application - these characteristics will be addressed in the context of providing the required delay. This paper, hopefully, will set the stage for dialogue between developer and user, yielding a mutally acceptable approach to balanced security protection

  16. Energy technology evaluation report: Energy security

    Science.gov (United States)

    Koopman, R.; Lamont, A.; Schock, R.

    1992-09-01

    Energy security was identified in the National Energy Strategy (NES) as a major issue for the Department of Energy (DOE). As part of a process designed by the DOE to identify technologies important to implementing the NES, an expert working group was convened to consider which technologies can best contribute to reducing the nation's economic vulnerability to future disruptions of world oil supplies, the working definition of energy security. Other working groups were established to deal with economic growth, environmental quality, and technical foundations. Energy Security working group members were chosen to represent as broad a spectrum of energy supply and end-use technologies as possible and were selected for their established reputations as experienced experts with an ability to be objective. The time available for this evaluation was very short. The group evaluated technologies using criteria taken from the NES which can be summarized for energy security as follows: diversifying sources of world oil supply so as to decrease the increasing monopoly status of the Persian Gulf region; reducing the importance of oil use in the US economy to diminish the impact of future disruptions in oil supply; and increasing the preparedness of the US to deal with oil supply disruptions by having alternatives available at a known price. The result of the first phase of the evaluation process was the identification of technology groups determined to be clearly important for reducing US vulnerability to oil supply disruptions. The important technologies were mostly within the high leverage areas of oil and gas supply and transportation demand but also included hydrogen utilization, biomass, diversion resistant nuclear power, and substitute industrial feedstocks.

  17. Climate Change and Risks to National Security

    Science.gov (United States)

    Titley, D.

    2017-12-01

    Climate change impacts national security in three ways: through changes in the operating environments of the military; by increasing risks to security infrastructure, specifically bases and training ranges; and by exacerbating and accelerating the risks of state collapse and conflict in regions that are already fragile and unstable. Additionally there will be unique security challenges in the Arctic as sea-ice melts out and human activities increase across multiple dimensions. Military forces will also likely see increased demand for Humanitarian Assistance and Disaster Relief resulting from a combination of increased human population, rising sea-level, and potentially stronger and wetter storms. The talk will explore some of the lesser known aspects of these changes, examine selected climate-driven 'wild cards' that have the potential to disrupt regional and global security, and explore how migration in the face of a changing climate may heighten security issues. I will assess the positions U.S. executive and legislative branches with respect to climate & security, and how those positions have evolved since the November 2016 election, sometimes in counter-intuitive ways. The talk will close with some recommended courses of action the security enterprise can take to manage this climate risk.

  18. Safety and Security Interface Technology Initiative

    Energy Technology Data Exchange (ETDEWEB)

    Dr. Michael A. Lehto; Kevin J. Carroll; Dr. Robert Lowrie

    2007-05-01

    Safety and Security Interface Technology Initiative Mr. Kevin J. Carroll Dr. Robert Lowrie, Dr. Micheal Lehto BWXT Y12 NSC Oak Ridge, TN 37831 865-576-2289/865-241-2772 carrollkj@y12.doe.gov Work Objective. Earlier this year, the Energy Facility Contractors Group (EFCOG) was asked to assist in developing options related to acceleration deployment of new security-related technologies to assist meeting design base threat (DBT) needs while also addressing the requirements of 10 CFR 830. NNSA NA-70, one of the working group participants, designated this effort the Safety and Security Interface Technology Initiative (SSIT). Relationship to Workshop Theme. “Supporting Excellence in Operations Through Safety Analysis,” (workshop theme) includes security and safety personnel working together to ensure effective and efficient operations. One of the specific workshop elements listed in the call for papers is “Safeguards/Security Integration with Safety.” This paper speaks directly to this theme. Description of Work. The EFCOG Safety Analysis Working Group (SAWG) and the EFCOG Security Working Group formed a core team to develop an integrated process involving both safety basis and security needs allowing achievement of the DBT objectives while ensuring safety is appropriately considered. This effort garnered significant interest, starting with a two day breakout session of 30 experts at the 2006 Safety Basis Workshop. A core team was formed, and a series of meetings were held to develop that process, including safety and security professionals, both contractor and federal personnel. A pilot exercise held at Idaho National Laboratory (INL) in mid-July 2006 was conducted as a feasibility of concept review. Work Results. The SSIT efforts resulted in a topical report transmitted from EFCOG to DOE/NNSA in August 2006. Elements of the report included: Drivers and Endstate, Control Selections Alternative Analysis Process, Terminology Crosswalk, Safety Basis/Security

  19. Security risks in IP telephony

    OpenAIRE

    Řezáč, Filip; Vozňák, Miroslav

    2010-01-01

    This paper deals with VoIP communication security and various techniques of VoIP attacks. We divided these threats in several categories according to their specific behaviour and their impact on the affected system. We also tried to find effective methods to prevent or mitigate these attacks. We focused our work on Spam over Internet Telephony (SPIT) as a real threat for the future. We have developed both a tool generating SPIT attacks and AntiSPIT tool defending communication systems against...

  20. Security Risks in IP Telephony

    Directory of Open Access Journals (Sweden)

    Filip Rezac

    2010-01-01

    Full Text Available This paper deals with VoIP communication security and various techniques of VoIP attacks. We divided these threats in several categories according to their specific behaviour and their impact on the affected system. We also tried to find effective methods to prevent or mitigate these attacks. We focused our work on Spam over Internet Telephony (SPIT as a real threat for the future. We have developed both a tool generating SPIT attacks and AntiSPIT tool defending communication systems against SPIT attacks. AntiSPIT represents an effective protection based on statistical blacklist and works without participation of the called party which is a significant advantage.

  1. Optimal security investments and extreme risk.

    Science.gov (United States)

    Mohtadi, Hamid; Agiwal, Swati

    2012-08-01

    In the aftermath of 9/11, concern over security increased dramatically in both the public and the private sector. Yet, no clear algorithm exists to inform firms on the amount and the timing of security investments to mitigate the impact of catastrophic risks. The goal of this article is to devise an optimum investment strategy for firms to mitigate exposure to catastrophic risks, focusing on how much to invest and when to invest. The latter question addresses the issue of whether postponing a risk mitigating decision is an optimal strategy or not. Accordingly, we develop and estimate both a one-period model and a multiperiod model within the framework of extreme value theory (EVT). We calibrate these models using probability measures for catastrophic terrorism risks associated with attacks on the food sector. We then compare our findings with the purchase of catastrophic risk insurance. © 2012 Society for Risk Analysis.

  2. Clean fuel technology for world energy security

    Energy Technology Data Exchange (ETDEWEB)

    Sunjay, Sunjay

    2010-09-15

    Clean fuel technology is the integral part of geoengineering and green engineering with a view to global warming mitigation. Optimal utilization of natural resources coal and integration of coal & associated fuels with hydrocarbon exploration and development activities is pertinent task before geoscientist with evergreen energy vision with a view to energy security & sustainable development. Value added technologies Coal gasification,underground coal gasification & surface coal gasification converts solid coal into a gas that can be used for power generation, chemical production, as well as the option of being converted into liquid fuels.

  3. 2017 Emerging Technology Domains Risk Survey

    Science.gov (United States)

    2017-10-01

    REV-03.18.2016.0 2017 Emerging Technology Domains Risk Survey Daniel Klinedinst Joel Land Kyle O’Meara October 2017 TECHNICAL REPORT CMU/SEI...Distribution Statement A: Approved for Public Release. Distribution is Unlimited. List of Tables Table 1: New and Emerging Technologies 2 Table 2: Security...Impact of New and Emerging Technologies 4 Table 3: Severity Classifications and Impact Scores 5 CMU/SEI-2017-TR-008 | SOFTWARE ENGINEERING

  4. 75 FR 18516 - Homeland Security Science and Technology Advisory Committee

    Science.gov (United States)

    2010-04-12

    ...; notice of closed Federal Advisory Committee meeting SUMMARY: The Homeland Security Science and Technology.... DATES: The Homeland Security Science and Technology Advisory Committee will meet April 20, 2010 from 8...: Ms. Tiwanda Burse, Science and Technology Directorate, Department of Homeland Security, 245 Murray...

  5. 75 FR 39955 - Homeland Security Science and Technology Advisory Committee

    Science.gov (United States)

    2010-07-13

    ... Homeland Security Science and Technology Advisory Committee meeting will be open to the public on July 20th... Burse, Science and Technology Directorate, Department of Homeland Security, 245 Murray Lane, Bldg. 410... Protection programs in Science & Technology and updates on homeland security sensitive Federally Funded...

  6. 75 FR 2555 - Homeland Security Science and Technology Advisory Committee

    Science.gov (United States)

    2010-01-15

    ... Technology Advisory Committee will meet January 26-28, 2010, at the Department of Homeland Security, 1120..., Science and Technology Directorate, Department of Homeland Security, 245 Murray Lane, Bldg. 410... Burse, Science and Technology Directorate, Department of Homeland Security, 245 Murray Lane, Bldg. 410...

  7. Risk to Water Security on Small Islands

    Science.gov (United States)

    Holding, S. T.; Allen, D. M.

    2013-12-01

    The majority of fresh water available on small islands is shallow groundwater that forms a freshwater lens. Freshwater lenses are generally limited in extent and as such are vulnerable to many stressors that impact water security. These include stressors related to climate change, such as sea level rise, as well as those related to human impacts, such as contamination. Traditionally, water security assessments have focussed on indicators that provide a snapshot of the current condition. However, recent work suggests that in order to effectively manage the water system, it is also important to consider uncertain future impacts to the system by evaluating how different stressors might impact water security. In this study, a framework for assessing risk to water security was developed and tested on Andros Island in The Bahamas. The assessment comprises two main components that characterise the water system: numerical modelling studies and a hazard survey. A baseline numerical model of the freshwater lens throughout Andros Island was developed to simulate the morphology of the freshwater lens and estimate the freshwater resources currently available. The model was prepared using SEAWAT, a density-dependent flow and solute transport code. Various stressors were simulated in the model to evaluate the response of the freshwater lens to predicted future shifts in climate patterns, sea level rise, and changes in water use. A hazard survey was also conducted on the island to collect information related to the storage of contaminants, sanitation infrastructure, waste disposal practices and groundwater abstraction rates. The results of the survey form a geo-spatial database of the location and associated hazards to the freshwater lens. The resulting risk framework provides a ranking of overall risk to water security based on information from the numerical modelling and hazard survey. The risk framework is implemented in a Geographic Information System (GIS) and provides a map

  8. Practical Methods for Information Security Risk Management

    Directory of Open Access Journals (Sweden)

    Cristian AMANCEI

    2011-01-01

    Full Text Available The purpose of this paper is to present some directions to perform the risk man-agement for information security. The article follows to practical methods through question-naire that asses the internal control, and through evaluation based on existing controls as part of vulnerability assessment. The methods presented contains all the key elements that concurs in risk management, through the elements proposed for evaluation questionnaire, list of threats, resource classification and evaluation, correlation between risks and controls and residual risk computation.

  9. RFID Based Security Access Control System with GSM Technology

    OpenAIRE

    Peter Adole; Joseph M. Môm; Gabriel A. Igwue

    2016-01-01

    The security challenges being encountered in many places today require electronic means of controlling access to secured premises in addition to the available security personnel. Various technologies were used in different forms to solve these challenges. The Radio Frequency Identification (RFID) Based Access Control Security system with GSM technology presented in this work helps to prevent unauthorized access to controlled environments (secured premises). This is achieved mainly...

  10. INFORMATION SECURITY RISK ASSESSMENT USING EXISTING LEGAL AND METHODOLOGICAL BASE

    Directory of Open Access Journals (Sweden)

    A. I. Trubei

    2015-01-01

    Full Text Available The article provides a survey of the existing regulatory framework for information security riskmanagement. Practical methods for information security risk and vulnerability assessment are proposed.

  11. Risk Analysis and Security Countermeasure Selection

    CERN Document Server

    Norman, Thomas L

    2009-01-01

    Explains how to evaluate the appropriateness of security countermeasures, from a cost-effectiveness perspective. This title guides readers from basic principles to complex processes in a step-by-step fashion, evaluating DHS-approved risk assessment methods, including CARVER, API/NPRA, RAMCAP, and various Sandia methodologies

  12. An Overview of Computer Network security and Research Technology

    OpenAIRE

    Rathore, Vandana

    2016-01-01

    The rapid development in the field of computer networks and systems brings both convenience and security threats for users. Security threats include network security and data security. Network security refers to the reliability, confidentiality, integrity and availability of the information in the system. The main objective of network security is to maintain the authenticity, integrity, confidentiality, availability of the network. This paper introduces the details of the technologies used in...

  13. The risks of technology

    International Nuclear Information System (INIS)

    Hauptmanns, U.; Werner, W.; Herttrich, M.

    1987-01-01

    The book presents a complete survey of the methods and procedures applied for risk assessment, referring in particular to the field of nuclear engineering, but dealing also with risk assessment in the sector of the chemical industry and of the power industry, comparing the risks of various technologies for energy production. The material presented shows that a risk assessment study requires information and knowledge from a great variety of subject fields, evaluating and merging the information collected into a complete survey being the main task of risk assessment. It also becomes clear that despite the strong commitment to research in this field, there still remain unresolved problems and phenomena, so that risk assessment bears a certain degree of uncertainty. The results and the mutual connections are represented in words only, so that the reader can do without mathematical knowledge. Many studies and their results are presented, and their explanation in the overall framework allows insight into the connections and an evaluation of usefulness. The status report on risk assessment prepared in August 1984 by the GRS (Society for Reactor Safety) on behalf of the Federal Ministry of the Interior, has been taken as a basis for this book which consists of many individual contributions. (orig./HP) With 45 figs [de

  14. Advanced technologies: Trends and implications for security

    International Nuclear Information System (INIS)

    Shaw, A.

    1990-01-01

    As the world moves towards the close of the twentieth century, three technological trends will strongly influence security. In order of importance they are: first, the increasing globalization of the ability to develop and use high technology, much of which has both civilian and military applications; secondly, the broad dissemination of militarily-relevant technology world-wide; and thirdly, the continued development by the United States and the USSR (and a few other nations) of advanced technology for military applications. The military balance between the super-Powers and their allies has been strongly rooted in advancing military technology. Great changes in technology have resulted in adjustments -mostly in limited aspects such as the armour/ anti-armour balance - but have not caused it to change wildly. This seems likely to remain the case for the foreseeable future. There are arguments that Western technology has been a prime causative factor behind Soviet willingness to engage in negotiations to reduce forces. They claim that fear of the Strategic Defense Initiative is behind progress in the Strategic Arms Reduction Talks, and that perceived Western mastery of the technology for systems combining quick reaction, deep strike and high kill probabilities led the Soviet Union to reassess its potential for a successful land campaign in Europe. If current arms control negotiations are successful, the momentum is maintained, and other political changes take hold, the military balance could be taken to a point where ft would not be very sensitive to technological change. One should be aware that the arms control negotiations are very complex, primarily because of technological issues, and we should not yet bank on it all working out well. If it fails, the military technical competition will heat up again. Even under a strict arms control regime we can expect the competition to continue as each side seeks to develop counters to what ft sees as the other side

  15. The Threat of Security: Hindering Technology Integration in the Classroom

    Science.gov (United States)

    Robinson, LeAnne K.; Brown, Abbie; Green, Tim

    2007-01-01

    For the last year the authors have been gathering examples of how perceived "threats of security" are hampering the integration of technology in teaching and learning. They hope that educators will examine both the challenges of increased security demands and ways in which security might enhance, rather than detract from, the use of technology for…

  16. Using Common Sense to Effectively Integrate Security Technologies within a School's Security Strategy

    Energy Technology Data Exchange (ETDEWEB)

    Gree, M.W.

    1998-11-03

    Security technologies are not the answer to all school security problems. However, they can be an excellent tool for school administrators and security personnel when incorporated into a total security strategy involving personnel, procedures, and facility layout. Unfortunately, very few of the tougher security problems in schools have solutions that are affordable, effective, and acceptable. Like any other type of facility, a school's security staff must understand the strengths and limitations of the security measures they are csecurity practices, which will rarely increase new building costs if included in the initial planning.

  17. Information security risk management and incompatible parts of organization

    OpenAIRE

    Talabeigi, Elham; Naeeini, Seyyed Gholamreza Jalali

    2016-01-01

    Purpose: we prepared a questionnaire to evaluate Incompatible parts and also risk management in University of Science and Technology E-Learning Center and studying the Incompatible parts impacts on utility of organization. Design/methodology/approach: By using coalitional game theory we present a new model to recognize the degrees of incompatibility among independent divisions of an organization with dependent security assets. Based on positive and negative interdependencies in...

  18. Factors Influencing the Adoption of Biometric Security Technologies by Decision Making Information Technology and Security Managers

    OpenAIRE

    Lease, David R.

    2005-01-01

    The research conducted under this study offers an understanding of the reasons why information technology (IT) and/or information assurance (IA) managers choose to recommend or not to recommend particular technologies, specifically biometric security, to their organizations. A review of the relevant literature provided the foundation to develop a set of research questions and factors for this research effort. The research questions became the basis of the study’s stated hypotheses for examini...

  19. Towards Agile Security Risk Management in RE and Beyond

    NARCIS (Netherlands)

    Nunes Leal Franqueira, V.; Bakalova, Z.; Tun, Thein Tan; Daneva, Maia

    Little attention has been given so far to the process of security risk management at the early stages of system development. Security has been addressed by isolated security assurance practices, some of which consider risks and mitigations but they do not provide an overview of the overall security

  20. RISK MANAGEMENT FROM THE INFORMATION SECURITY PERSPECTIVE

    Directory of Open Access Journals (Sweden)

    Riza Ionuț

    2017-11-01

    Full Text Available Risk management has emerged ever since the appearance of human communities and it has developed at a slow rate. Over time, a significant improvement was made, from accepting hazards to the identification, evaluation and control of unwanted events, threat prevention and exploitation of opportunities through scientific risk management actions. The fundamental role of research in cyber security is to concentrate the efforts on those contexts and conditions which determine the way in which key players reach a common understanding of the way to conceive and eventually answer to certain challenges in cyber security. In order to build a clear perception of these effects, this work presents the main elements which define cyber space, to come to the aid of turning the management process into an efficient one, especially when talking about cyber space as a space for conflicts, both economic and political.

  1. Engineering Principles for Information Technology Security (A Baseline for Achieving Security)

    National Research Council Canada - National Science Library

    Stoneburner, Gary

    2001-01-01

    The purpose of the Engineering Principles for Information Technology (IT) Security (HP-ITS) is to present a list of system-level security principles to he considered in the design, development, and operation of an information system...

  2. Asset backed securities : risks, ratings and quantitative modelling

    NARCIS (Netherlands)

    Jönsson, B.H.B.; Schoutens, W.

    2009-01-01

    Asset backed securities (ABSs) are structured finance products backed by pools of assets and are created through a securitisation process. The risks in asset backed securities, such as, credit risk, prepayment risk, market risks, operational risk, and legal risks, are directly connected with the

  3. Restricted access processor - An application of computer security technology

    Science.gov (United States)

    Mcmahon, E. M.

    1985-01-01

    This paper describes a security guard device that is currently being developed by Computer Sciences Corporation (CSC). The methods used to provide assurance that the system meets its security requirements include the system architecture, a system security evaluation, and the application of formal and informal verification techniques. The combination of state-of-the-art technology and the incorporation of new verification procedures results in a demonstration of the feasibility of computer security technology for operational applications.

  4. 48 CFR 2452.239-71 - Information Technology Virus Security.

    Science.gov (United States)

    2010-10-01

    ... 48 Federal Acquisition Regulations System 6 2010-10-01 2010-10-01 true Information Technology... Provisions and Clauses 2452.239-71 Information Technology Virus Security. As prescribed in 2439.107(b), insert the following clause: Information Technology Virus Security (FEB 2006) (a) The contractor hereby...

  5. Information security risk management and incompatible parts of organization

    Directory of Open Access Journals (Sweden)

    Elham Talabeigi

    2016-11-01

    Full Text Available Purpose: we prepared a questionnaire to evaluate Incompatible parts and also risk management in University of Science and Technology E-Learning Center and studying the Incompatible parts impacts on utility of organization. Design/methodology/approach: By using coalitional game theory we present a new model to recognize the degrees of incompatibility among independent divisions of an organization with dependent security assets. Based on positive and negative interdependencies in the parts, the model provides how the organization can decrease the security risks through non-cooperation rather than cooperation. we implement the proposed model of this paper by analyzing the data which have been provided by questionnaires from different three managers' ideas of Iran University of Science and Technology E-Learning Center located in Iran University of Science and Technology, Tehran, Iran. Findings: In general, by collecting data and analyzing them, the survey showed that Incompatible parts of organizations have negative impacts on utility of organization risk management process. Furthermore, it adds values to other organizations and provides the best practices in planning, developing, implementing and monitoring risk management in organizations. Research limitations/implications: Since Information security and also Risk Management are still areas which need to improve in some Iranian universities, we couldn’t consider them in our analysis. On the other hand, due to questionnaire limitation, the study’s sample size is 1. This size may be considered large for our statistical analysis. Originality/value:  The main contribution of this paper is to propose a model for non-cooperation among a number of divisions in a organization and using risk management factors.

  6. Information security risk management and incompatible parts of organization

    Energy Technology Data Exchange (ETDEWEB)

    Talabeigi, E.; Naeeini, S.G.J.

    2016-07-01

    Purpose: we prepared a questionnaire to evaluate Incompatible parts and also risk management in University of Science and Technology E-Learning Center and studying the Incompatible parts impacts on utility of organization. Design/methodology/approach: By using coalitional game theory we present a new model to recognize the degrees of incompatibility among independent divisions of an organization with dependent security assets. Based on positive and negative interdependencies in the parts, the model provides how the organization can decrease the security risks through non-cooperation rather than cooperation. we implement the proposed model of this paper by analyzing the data which have been provided by questionnaires from different three managers' ideas of Iran University of Science and Technology E-Learning Center located in Iran University of Science and Technology, Tehran, Iran. Findings: In general, by collecting data and analyzing them, the survey showed that Incompatible parts of organizations have negative impacts on utility of organization risk management process. Furthermore, it adds values to other organizations and provides the best practices in planning, developing, implementing and monitoring risk management in organizations. Research limitations/implications: Since Information security and also Risk Management are still areas which need to improve in some Iranian universities, we couldn’t consider them in our analysis. On the other hand, due to questionnaire limitation, the study’s sample size is 1. This size may be considered large for our statistical analysis. Originality/value: The main contribution of this paper is to propose a model for non-cooperation among a number of divisions in a organization and using risk management factors.

  7. Information security risk management and incompatible parts of organization

    International Nuclear Information System (INIS)

    Talabeigi, E.; Naeeini, S.G.J.

    2016-01-01

    Purpose: we prepared a questionnaire to evaluate Incompatible parts and also risk management in University of Science and Technology E-Learning Center and studying the Incompatible parts impacts on utility of organization. Design/methodology/approach: By using coalitional game theory we present a new model to recognize the degrees of incompatibility among independent divisions of an organization with dependent security assets. Based on positive and negative interdependencies in the parts, the model provides how the organization can decrease the security risks through non-cooperation rather than cooperation. we implement the proposed model of this paper by analyzing the data which have been provided by questionnaires from different three managers' ideas of Iran University of Science and Technology E-Learning Center located in Iran University of Science and Technology, Tehran, Iran. Findings: In general, by collecting data and analyzing them, the survey showed that Incompatible parts of organizations have negative impacts on utility of organization risk management process. Furthermore, it adds values to other organizations and provides the best practices in planning, developing, implementing and monitoring risk management in organizations. Research limitations/implications: Since Information security and also Risk Management are still areas which need to improve in some Iranian universities, we couldn’t consider them in our analysis. On the other hand, due to questionnaire limitation, the study’s sample size is 1. This size may be considered large for our statistical analysis. Originality/value: The main contribution of this paper is to propose a model for non-cooperation among a number of divisions in a organization and using risk management factors.

  8. Management of information security risks in a federal public institution: a case study

    Directory of Open Access Journals (Sweden)

    Jackson Gomes Soares Souza

    2016-11-01

    Full Text Available Public institutions bound to the Brazilian federal public sector must apply security measures, policies, procedures and guidelines as information assets protection measures. This case study sought to determine whether the management of information security risks is applied in a federal public institution according to Information Technology (I.T. managers perceptions and the results expose the importance of the roles played by people, responsibilities, policies, standards, procedures and their implementation aiming greater control of information security risks and opportunities related to information technology security.

  9. Aviation Security, Risk Assessment, and Risk Aversion for Public Decisionmaking

    Science.gov (United States)

    Stewart, Mark G.; Mueller, John

    2013-01-01

    This paper estimates risk reductions for each layer of security designed to prevent commercial passenger airliners from being commandeered by terrorists, kept under control for some time, and then crashed into specific targets. Probabilistic methods are used to characterize the uncertainty of rates of deterrence, detection, and disruption, as well…

  10. Emerging Technological Risk Underpinning the Risk of Technology Innovation

    CERN Document Server

    Anderson, Stuart

    2012-01-01

    Classes of socio-technical hazards allow a characterization of the risk in technology innovation and clarify the mechanisms underpinning emergent technological risk. Emerging Technological Risk provides an interdisciplinary account of risk in socio-technical systems including hazards which highlight: ·         How technological risk crosses organizational boundaries, ·         How technological trajectories and evolution develop from resolving tensions emerging between social aspects of organisations and technologies and ·         How social behaviour shapes, and is shaped by, technology. Addressing an audience from a range of academic and professional backgrounds, Emerging Technological Risk is a key source for those who wish to benefit from a detail and methodical exposure to multiple perspectives on technological risk. By providing a synthesis of recent work on risk that captures the complex mechanisms that characterize the emergence of risk in technology innovation, Emerging Tec...

  11. AUSERA: Large-Scale Automated Security Risk Assessment of Global Mobile Banking Apps

    OpenAIRE

    Chen, Sen; Meng, Guozhu; Su, Ting; Fan, Lingling; Xue, Yinxing; Liu, Yang; Xu, Lihua; Xue, Minhui; Li, Bo; Hao, Shuang

    2018-01-01

    Contemporary financial technology (FinTech) that enables cashless mobile payment has been widely adopted by financial institutions, such as banks, due to its convenience and efficiency. However, FinTech has also made massive and dynamic transactions susceptible to security risks. Given large financial losses caused by such vulnerabilities, regulatory technology (RegTech) has been developed, but more comprehensive security risk assessment is specifically desired to develop robust, scalable, an...

  12. Information Security: Past, Present and Future - Impact of Developments in Information Technology on Security

    NARCIS (Netherlands)

    Overbeek, P.L.

    1991-01-01

    The development of information security is addressed in relation to the development of information technology. The leading question is: how has information security developed itself so far, and how should it progress to address tomorrow's security needs. An overwiew is given of the use of

  13. Center for Coastline Security Technology, Year-2

    Science.gov (United States)

    2007-05-01

    cinematic film industry . For the port security application there are several research issues being addressed under this program, specifically...being the cinematic film industry . For the port security application there are several research issues being addressed under this program...the primary customers being the film industry . For the port security application there are several research issues being addressed under this program

  14. 76 FR 4079 - Information Technology (IT) Security

    Science.gov (United States)

    2011-01-24

    ... Security, consistent with Federal policies for the security of unclassified information and information... Certification Program, and provide a Web site link within a contract clause to a library where contractors can... Security should be addressed through government-wide policies, standards, and requirements. NASA response...

  15. On the Horizon: New Advances in Security Technology

    Science.gov (United States)

    Gamble, Cheryl

    2005-01-01

    The worlds of security and technology have been on an intersecting course since the first published account of the use of fingerprint identification made news in 1880 (although unpublished reports suggest its use as early as 1858). In the three and one half years since the September 11 attacks, technological advances across the security field have…

  16. New Technology's Surprising Security Threats. Building Digital Libraries

    Science.gov (United States)

    Huwe, Terence

    2005-01-01

    In recent years, security issues have increasingly come to dominate the technological development process--although still in a more reactive than proactive mode. It now seems more important than ever to monitor security trends and policy developments, especially if technology is regarded as a potential community builder. This article suggests…

  17. Nuclear material facilities - security systems and technology R and D trends

    International Nuclear Information System (INIS)

    Ellis, D.; Steele, B.

    2002-01-01

    Full text: In the US, physical security research and development (R and D) during the 1970s and 1980s created a body of technology and systems engineering that largely defined the industry for several decades. However, despite today's terrorists threats and risks, the overall funding of new and innovative physical security solutions is relatively very small. Such factors constraining physical security R and D include the expansion of overall security responsibilities, the emphasis on programmatic and business performance, in addition to evolving (mis)perceptions that 'the problem has been solved' or that 'anyone can do security'. Underlying these factors, the lack of robust standards and certifications has limited the development and application of physical security products, systems, and services. The research and development of new security technologies must be evaluated against very demanding constraints - including costs/benefits, emerging threats, and policies. Going forward, the goal will be to create a more comprehensive approach to physical security of nuclear material facilities that matches evolving threats and that will complement the transition to an integrated security/operations management environment. Such a management model evaluates the additional value of increasing security alternatives in addition to determining trade-offs between the programmatic mission and security issues. Correspondingly, more explicit and strategically useful measures must be developed to determine importance that, in turn, will influence security-related R and D efforts. The research and development of security technologies should be based upon identified needs and requirements resulting from a systematic analysis of the threat and other conditions. In particular, security technologies and systems must be evaluated in terms of current and long-term impacts. Such needs are (will be) diverse and will depend upon sustained research investments in a broad range of technologies

  18. THE MODEL FOR RISK ASSESSMENT ERP-SYSTEMS INFORMATION SECURITY

    Directory of Open Access Journals (Sweden)

    V. S. Oladko

    2016-12-01

    Full Text Available The article deals with the problem assessment of information security risks in the ERP-system. ERP-system functions and architecture are studied. The model malicious impacts on levels of ERP-system architecture are composed. Model-based risk assessment, which is the quantitative and qualitative approach to risk assessment, built on the partial unification 3 methods for studying the risks of information security - security models with full overlapping technique CRAMM and FRAP techniques developed.

  19. Man, technology and risk

    Energy Technology Data Exchange (ETDEWEB)

    Renn, O

    1981-06-01

    Using the instruments of empirical social sciences, a cross-section study was conducted comprising experiments on qualitative risk characteristics, in-depth interviews on mechanisms of risk perception and representative surveys of the public on technical risk sources, in particular with regard to nuclear energy. The results of these studies show that person-related expectations in respect of risk consequences, the possibility of personal influencing control, the severeness of risk consequences and one's own risk propensity play a significant role in the evaluation of risks. (Translated from German, original report Juel-Spez--67).

  20. A Security Risk Measurement for the RAdAC Model

    National Research Council Canada - National Science Library

    Britton, David W; Brown, Ian A

    2007-01-01

    .... The intent is to quantify the risk involved in a single information transaction. Additionally, this thesis will attempt to identify the risk factors involved when calculating the total security risk measurement...

  1. Nuclear Technologies Secure Food For Future

    International Nuclear Information System (INIS)

    2012-01-01

    use of such techniques to protect plants and animals against disease and pests means many more farmers can produce enough food to feed their own families and to sell on markets. Ultimately, fewer people go hungry. The IAEA collaborates with the United Nations Food and Agriculture Organization (FAO) in providing support through a joint division in Vienna. ''While our profile is modest, the size of our footprint is significant,'' said Qu Liang, Director of the Joint FAO/IAEA Division of Nuclear Techniques. ''We are putting the benefits of tried and tested nuclear technologies into the hands of farmers, particularly small producers in poorer countries, to improve their food security and livelihood.'' ''The assistance is driven by advanced technologies,'' Liang added. ''But what we are delivering has to be appropriate to farmers' needs. That means crops that can flourish in changing and often harsher conditions, pest control without a chemical legacy and protection for livestock.'' The Scientific Forum will be opened by the IAEA Director General and ministers from Indonesia, Kenya and Vietnam. FAO Director General Graziano da Silva will deliver a video address. The Forum will address IAEA activities in the fields of food production, food protection and food safety. Each session features a panel of experts who will present and discuss the benefits of nuclear techniques in food and agriculture. A moderator will guide the discussions. (IAEA)

  2. The DOE safeguards and security technology development program

    International Nuclear Information System (INIS)

    Cherry, R.C.; Wheelock, A.J.

    1991-01-01

    This paper reports that strategic planning for safeguards and security within the Department of Energy emphasizes the contributions of advanced technologies to the achievement of Departmental protection program goals. The Safeguards and Security Technology Development Program provides state-of-the-art technologies, systems and technical services in support of the policies and programmatic requirements for the protection of Departmental assets. The Program encompasses research and development in physical security, nuclear material control and accountability, information security and personnel security, and the integration of these disciplines in advanced applications. Technology development tasks serve goals that range from the maintenance of an effective technology base to the development, testing and evaluation of applications to meet field needs. A variety of factors, from the evolving threat to reconfiguration of the DOE complex and the technical requirements of new facilities, are expected to influence safeguards and security technology requirements and development efforts. Implementation of the Program is based on the systematic identification, prioritization and alignment of technology development tasks and needs. Initiatives currently underway are aimed at enhancing technology development project management. Increased management attention is also being placed on efforts to promote the benefits of the Program through technology transfer and interagency liaison

  3. FlySec: a risk-based airport security management system based on security as a service concept

    Science.gov (United States)

    Kyriazanos, Dimitris M.; Segou, Olga E.; Zalonis, Andreas; Thomopoulos, Stelios C. A.

    2016-05-01

    Complementing the ACI/IATA efforts, the FLYSEC European H2020 Research and Innovation project (http://www.fly-sec.eu/) aims to develop and demonstrate an innovative, integrated and end-to-end airport security process for passengers, enabling a guided and streamlined procedure from the landside to airside and into the boarding gates, and offering for an operationally validated innovative concept for end-to-end aviation security. FLYSEC ambition turns through a well-structured work plan into: (i) innovative processes facilitating risk-based screening; (ii) deployment and integration of new technologies and repurposing existing solutions towards a risk-based Security paradigm shift; (iii) improvement of passenger facilitation and customer service, bringing security as a real service in the airport of tomorrow;(iv) achievement of measurable throughput improvement and a whole new level of Quality of Service; and (v) validation of the results through advanced "in-vitro" simulation and "in-vivo" pilots. On the technical side, FLYSEC achieves its ambitious goals by integrating new technologies on video surveillance, intelligent remote image processing and biometrics combined with big data analysis, open-source intelligence and crowdsourcing. Repurposing existing technologies is also in the FLYSEC objectives, such as mobile application technologies for improved passenger experience and positive boarding applications (i.e. services to facilitate boarding and landside/airside way finding) as well as RFID for carry-on luggage tracking and quick unattended luggage handling. In this paper, the authors will describe the risk based airport security management system which powers FLYSEC intelligence and serves as the backend on top of which FLYSEC's front end technologies reside for security services management, behaviour and risk analysis.

  4. Agricultural Technology, Risk, and Gender

    DEFF Research Database (Denmark)

    Arndt, Channing; Tarp, Finn

    2000-01-01

    Interactions between agricultural technology improvements, risk-reducing behavior, and gender roles in agricultural production in Mozambique are examined. The analysis employs a computable general equilibrium (CGE) model that explicitly incorporates key features of the economy. These include......: detailed accounting of marketing margins, home consumption, risk, and gender roles in agricultural production. Our results show that agricultural technology improvements benefit both male and female occupants of rural households. Due to economic interactions, agricultural technology improvements...

  5. Development of a cyber security risk model using Bayesian networks

    International Nuclear Information System (INIS)

    Shin, Jinsoo; Son, Hanseong; Khalil ur, Rahman; Heo, Gyunyoung

    2015-01-01

    Cyber security is an emerging safety issue in the nuclear industry, especially in the instrumentation and control (I and C) field. To address the cyber security issue systematically, a model that can be used for cyber security evaluation is required. In this work, a cyber security risk model based on a Bayesian network is suggested for evaluating cyber security for nuclear facilities in an integrated manner. The suggested model enables the evaluation of both the procedural and technical aspects of cyber security, which are related to compliance with regulatory guides and system architectures, respectively. The activity-quality analysis model was developed to evaluate how well people and/or organizations comply with the regulatory guidance associated with cyber security. The architecture analysis model was created to evaluate vulnerabilities and mitigation measures with respect to their effect on cyber security. The two models are integrated into a single model, which is called the cyber security risk model, so that cyber security can be evaluated from procedural and technical viewpoints at the same time. The model was applied to evaluate the cyber security risk of the reactor protection system (RPS) of a research reactor and to demonstrate its usefulness and feasibility. - Highlights: • We developed the cyber security risk model can be find the weak point of cyber security integrated two cyber analysis models by using Bayesian Network. • One is the activity-quality model signifies how people and/or organization comply with the cyber security regulatory guide. • Other is the architecture model represents the probability of cyber-attack on RPS architecture. • The cyber security risk model can provide evidence that is able to determine the key element for cyber security for RPS of a research reactor

  6. Safeguards and security deficiencies fulfilled through technology development

    International Nuclear Information System (INIS)

    Smoot, W.

    1996-01-01

    The Office of Safeguards and Security (OSS) sponsors research and development activities based on identified field and headquarters customer requirements. Annually, a formal solicitation of safeguards and security user needs is conducted. Currently, there are over 300 valid safeguards and security deficiencies that have been identified. These user needs serve as the basis for formulating the OSS Technology Development Program (TDP). Due to budget constraints, the TDP can only address approximately 47% of these needs in FY 1996. This paper will discuss, in a general sense, the current deficiencies and how the TDP is responding to each. Specifically, the paper will highlight technologies in the areas of Material Control and Accounting, Physical Security, and Information Security. A brief discussion of unfulfilled user requirements will also be presented as a catalyst for leveraging available or developing technologies from other similar programs or from private industry

  7. Security Risks Management in Selected Academic Libraries in Osun ...

    African Journals Online (AJOL)

    The survival of a library depends to a large extent on how secured its collections are. Security of collections constitutes a critical challenge facing academic libraries in Nigeria. It is against this background that this study investigated the security risks management in selected academic libraries in Osun State, Nigeria.

  8. Risk Based Security Management at Research Reactors

    Energy Technology Data Exchange (ETDEWEB)

    Ek, David R. [Sandia National Laboratories (SNL-NM), Albuquerque, NM (United States)

    2015-09-01

    This presentation provides a background of what led to the international emphasis on nuclear security and describes how nuclear security is effectively implemented so as to preserve the societal benefits of nuclear and radioactive materials.

  9. 76 FR 78009 - Information Collection; Implementation of Information Technology Security Provision

    Science.gov (United States)

    2011-12-15

    ...] Information Collection; Implementation of Information Technology Security Provision AGENCY: General Services... collection requirement regarding Implementation of Information Technology Security Provision. Public comments... Information Collection 3090- 0294, Implementation of Information Technology Security Provision, by any of the...

  10. Soils and food security | Nortcliff | Nigerian Journal of Technological ...

    African Journals Online (AJOL)

    A threat impacting on food security strongly in Africa is nutrient mining where insufficient nutrients are returned to the soil after crop production. The impacts of global change on food security and the potential impacts of global markets for food and land are also briefly discussed. Nigerian Journal of Technological Research ...

  11. INTERNET SECURITYTECHNOLOGY AND SOCIAL AWARENESS OF THE DANGERS

    Directory of Open Access Journals (Sweden)

    Laskowski Piotr Paweł

    2017-06-01

    Full Text Available The article describes selected issues related to user safety on the Internet. This safety consists of a number of factors such as the technology that we use to communicate and to browse the Internet, and habits and behaviors that we have acquired and through which we can identify at least some typical hazards encountered on the Web. Knowledge of software and the ability to use it and to configure it properly as well as checking regularly for security updates reduces the risk of data loss or identity theft. Public awareness of threats continues to grow, but there are also new, previously unknown threats; that is why it is so important to inform of the dangers by all available channels of communication.

  12. Reform of the National Security Science and Technology Enterprise

    National Research Council Canada - National Science Library

    Berry, William; Coffey, Timothy; DeYoung, Donald; Kadtke, James; Loeb, Cheryl

    2008-01-01

    A strong science and technology (S&T) program has been vitally important to American national security since World War II and has to date given the United States a strategic advantage over competitors...

  13. Competitive Technologies for National Security: Review and Recommendations

    National Research Council Canada - National Science Library

    Carafano, James J; Gudgel, Andew; Kochems, Alane

    2008-01-01

    .... Innovation will always be a national security wild card. New technologies may unleash or accelerate social and cultural changes that affect how nations protect themselves on battlefields and behind the scenes...

  14. Security Risks: Management and Mitigation in the Software Life Cycle

    Science.gov (United States)

    Gilliam, David P.

    2004-01-01

    A formal approach to managing and mitigating security risks in the software life cycle is requisite to developing software that has a higher degree of assurance that it is free of security defects which pose risk to the computing environment and the organization. Due to its criticality, security should be integrated as a formal approach in the software life cycle. Both a software security checklist and assessment tools should be incorporated into this life cycle process and integrated with a security risk assessment and mitigation tool. The current research at JPL addresses these areas through the development of a Sotfware Security Assessment Instrument (SSAI) and integrating it with a Defect Detection and Prevention (DDP) risk management tool.

  15. Secure messaging via the cloud and mobile devices: data security issues emerge with new technologies.

    Science.gov (United States)

    Prestigiacomo, Jennifer

    2011-05-01

    The secure messaging space is alive with new innovations that are moving the industry forward. Key in this space is the push toward moving secure messaging to the cloud and pushing it out to mobile devices. Among the examples are solutions that allow physicians to receive encrypted email on mobile devices, as well as ones that allow doctors to securely text-message each other to coordinate care. However, the security issues around these emerging technologies in this very active space must be further explored.

  16. Promoting Economic Security through Information Technology Abstract

    African Journals Online (AJOL)

    PROF. O. E. OSUAGWU

    2013-12-01

    Dec 1, 2013 ... The problem of economic insecurity is a global threat to national security. ... of the country as one indivisible political entity with many calling for disintegration. ..... The integration of ICT in agriculture can .... Table 4.2.7 Respondents by IT on Business propriety and trade .... of production, distribution and.

  17. Physical security technologies for weapons complex reconfiguration facilities

    International Nuclear Information System (INIS)

    Jaeger, C.D.

    1994-01-01

    Sandia National Laboratories was a member of the Weapons Complex Reconfiguration (WCR) Safeguards and Security (S ampersand S) team providing assistance to the Department of Energy's (DOE) Office of Weapons Complex Reconfiguration. The physical security systems in the new and upgraded facilities being considered for the WCR had to meet DOE orders and other requirements set forth in the WCR Programmatic Design Criteria (PDC), incorporate the latest physical security technologies using proven state-of-the-art systems and meet fundamental security principles. The outcome was to avoid costly retrofits and provide effective and comprehensive protection against current and projected threats with minimal impact on operations, costs and schedule. Physical security requirements for WCR facilities include: (1) reducing S ampersand S life-cycle costs, (2) where feasible automating S ampersand S functions to minimize operational costs, access to critical assets and exposure of people to hazardous environments, (3) increasing the amount of delay to outsider adversary attack, (4) compartmentalizing the facility to minimize the number of personnel requiring access to critical areas and (5) having reliable and maintainable systems. To be most effective against threats physical security must be integrated with facility operations, safety and other S ampersand S activities, such as material control and accountability, nuclear measurements and computer and information security. This paper will discuss the S ampersand S issues, requirements, technology opportunities and needs. Physical security technologies and systems considered in the design effort of the Weapons Complex Reconfiguration facilities will be reviewed

  18. Improving organisational resilience through enterprise security risk management.

    Science.gov (United States)

    Petruzzi, John; Loyear, Rachelle

    Enterprise Security Risk Management (ESRM) is a new philosophy and method of managing security programmes through the use of traditional risk principles. As a philosophy and life cycle, ESRM is focused on creating a business partnership between security practitioners and business leaders to more effectively provide protection against security risks in line with acceptable risk tolerances as defined by business asset owners and stakeholders. This paper explores the basics of the ESRM philosophy and life cycle and also shows how embracing the ESRM philosophy and implementing a risk-based security management model in the business organisation can lead to higher levels of organisational resilience as desired by organisation leaders, executives and the board of directors.

  19. Limiting Future Proliferation and Security Risks

    International Nuclear Information System (INIS)

    Bari, R.

    2011-01-01

    A major new technical tool for evaluation of proliferation and security risks has emerged over the past decade as part the activities of the Generation IV International Forum. The tool has been developed by a consensus group from participating countries and organizations and is termed the Proliferation Resistance and Physical Protection (PR and PP) Evaluation Methodology. The methodology defines a set of challenges, analyzes system response to these challenges, and assesses outcomes. The challenges are the threats posed by potential actors (proliferant states or sub-national adversaries). It is of paramount importance in an evaluation to establish the objectives, capabilities, resources, and strategies of the adversary as well as the design and protection contexts. Technical and institutional characteristics are both used to evaluate the response of the system and to determine its resistance against proliferation threats and robustness against sabotage and terrorism threats. The outcomes of the system response are expressed in terms of a set of measures, which thereby define the PR and PP characteristics of the system. This paper summarizes results of applications of the methodology to nuclear energy systems including reprocessing facilities and large and small modular reactors. The use of the methodology in the design phase a facility will be discussed as it applies to future safeguards concepts.

  20. Structuring for technology risk

    International Nuclear Information System (INIS)

    Klapper, M.

    1993-01-01

    The Colver Power Project in Cambria County, PA, looked good in nearly all aspects, but lenders had concerns about startup problems encountered by earlier waste coal circulating fluidized bed projects. Nevertheless, a closer look at the operating history of the earlier plants showed possible risks could be handled

  1. Assessing security technology's impact: old tools for new problems.

    Science.gov (United States)

    Kreissl, Reinhard

    2014-09-01

    The general idea developed in this paper from a sociological perspective is that some of the foundational categories on which the debate about privacy, security and technology rests are blurring. This process is a consequence of a blurring of physical and digital worlds. In order to define limits for legitimate use of intrusive digital technologies, one has to refer to binary distinctions such as private versus public, human versus technical, security versus insecurity to draw differences determining limits for the use of surveillance technologies. These distinctions developed in the physical world and are rooted in a cultural understanding of pre-digital culture. Attempts to capture the problems emerging with the implementation of security technologies using legal reasoning encounter a number of problems since law is by definition oriented backwards, adapting new developments to existing traditions, whereas the intrusion of new technologies in the physical world produces changes and creates fundamentally new problems.

  2. Risk-informed, performance-based safety-security interface

    International Nuclear Information System (INIS)

    Mrowca, B.; Eltawila, F.

    2012-01-01

    Safety-security interface is a term that is used as part of the commercial nuclear power security framework to promote coordination of the many potentially adverse interactions between plant security and plant safety. Its object is to prevent the compromise of either. It is also used to describe the concept of building security into a plant's design similar to the long standing practices used for safety therefore reducing the complexity of the operational security while maintaining or enhancing overall security. With this in mind, the concept of safety-security interface, when fully implemented, can influence a plant's design, operation and maintenance. It brings the approach use for plant security to one that is similar to that used for safety. Also, as with safety, the application of risk-informed techniques to fully implement and integrate safety and security is important. Just as designers and operators have applied these techniques to enhance and focus safety, these same techniques can be applied to security to not only enhance and focus the security but also to aid in the implementation of effective techniques to address the safety-security interfaces. Implementing this safety-security concept early within the design process can prevent or reduce security vulnerabilities through low cost solutions that often become difficult and expensive to retrofit later in the design and/or post construction period. These security considerations address many of the same issues as safety in ensuring that the response of equipment and plant personnel are adequate. That is, both safety and security are focused on reaching safe shutdown and preventing radiological release. However, the initiation of challenges and the progression of actions in response these challenges and even the definitions of safe shutdown can be considerably different. This paper explores the techniques and limitations that are employed to fully implement a risk-informed, safety-security interface

  3. Network Security Risk Assessment System Based on Attack Graph and Markov Chain

    Science.gov (United States)

    Sun, Fuxiong; Pi, Juntao; Lv, Jin; Cao, Tian

    2017-10-01

    Network security risk assessment technology can be found in advance of the network problems and related vulnerabilities, it has become an important means to solve the problem of network security. Based on attack graph and Markov chain, this paper provides a Network Security Risk Assessment Model (NSRAM). Based on the network infiltration tests, NSRAM generates the attack graph by the breadth traversal algorithm. Combines with the international standard CVSS, the attack probability of atomic nodes are counted, and then the attack transition probabilities of ones are calculated by Markov chain. NSRAM selects the optimal attack path after comprehensive measurement to assessment network security risk. The simulation results show that NSRAM can reflect the actual situation of network security objectively.

  4. A study of the security technology and a new security model for WiFi network

    Science.gov (United States)

    Huang, Jing

    2013-07-01

    The WiFi network is one of the most rapidly developing wireless communication networks, which makes wireless office and wireless life possible and greatly expands the application form and scope of the internet. At the same time, the WiFi network security has received wide attention, and this is also the key factor of WiFi network development. This paper makes a systematic introduction to the WiFi network and WiFi network security problems, and the WiFi network security technology are reviewed and compared. In order to solve the security problems in WiFi network, this paper presents a new WiFi network security model and the key exchange algorithm. Experiments are performed to test the performance of the model, the results show that the new security model can withstand external network attack and ensure stable and safe operation of WiFi network.

  5. Potential risks and threats to international security

    Directory of Open Access Journals (Sweden)

    Iurie RICHICINSCHI

    2016-12-01

    Full Text Available Today we can ascertain with certainty that in the early part of the 21st century, the challenges addressed to the current security environment tend to become increasingly diffuse, less predictable and multidimensional, being both a feature of external security, as well as an internal one and, of course, becoming an indispensable part of security policies and strategies. Therefore, the need for international cooperation as a foundation for the stability of the security environment has increased. It should provide a sense of trust and peace by ensuring the absence of danger both for the individual and for the community to which he belongs.

  6. A Risk Management Process for Consumers: The Next Step in Information Security

    NARCIS (Netherlands)

    van Cleeff, A.

    2010-01-01

    Simply by using information technology, consumers expose themselves to considerable security risks. Because no technical or legal solutions are readily available, and awareness programs have limited impact, the only remedy is to develop a risk management process for consumers. Consumers need to

  7. National security risks? Uncertainty, austerity and other logics of risk in the UK government’s National Security Strategy

    NARCIS (Netherlands)

    Hammerstad, A.; Boas, I.J.C.

    2015-01-01

    Risk scholars within Security Studies have argued that the concept of security has gone through a fundamental transformation away from a threat-based conceptualisation of defence, urgency
    and exceptionality to one of preparedness, precautions and prevention of future risks, some of which are

  8. Three Essays on Information Technology Security Management in Organizations

    Science.gov (United States)

    Gupta, Manish

    2011-01-01

    Increasing complexity and sophistication of ever evolving information technologies has spurred unique and unprecedented challenges for organizations to protect their information assets. Companies suffer significant financial and reputational damage due to ineffective information technology security management, which has extensively been shown to…

  9. Security breaches: tips for assessing and limiting your risks.

    Science.gov (United States)

    Coons, Leeanne R

    2011-01-01

    As part of their compliance planning, medical practices should undergo a risk assessment to determine any vulnerability within the practice relative to security breaches. Practices should also implement safeguards to limit their risks. Such safeguards include facility access controls, information and electronic media management, use of business associate agreements, and education and enforcement. Implementation of specific policies and procedures to address security incidents is another critical step that medical practices should take as part of their security incident prevention plan. Medical practices should not only develop policies and procedures to prevent, detect, contain, and correct security violations, but should make sure that such policies and procedures are actually implemented in their everyday operations.

  10. Context-sensitive Information security Risk identification and evaluation techniques

    NARCIS (Netherlands)

    Ionita, Dan

    2014-01-01

    The objective of my research is to improve and support the process of Information security Risk Assessment by designing a scalable Risk argumentation framework for socio-digital-technical Risk. Due to the various types of IT systems, diversity of architectures and dynamic nature of Risk, there is no

  11. Effective surveillance for homeland security balancing technology and social issues

    CERN Document Server

    Flammini, Francesco; Franceschetti, Giorgio

    2013-01-01

    Effective Surveillance for Homeland Security: Balancing Technology and Social Issues provides a comprehensive survey of state-of-the-art methods and tools for the surveillance and protection of citizens and critical infrastructures against natural and deliberate threats. Focusing on current technological challenges involving multi-disciplinary problem analysis and systems engineering approaches, it provides an overview of the most relevant aspects of surveillance systems in the framework of homeland security. Addressing both advanced surveillance technologies and the related socio-ethical issues, the book consists of 21 chapters written by international experts from the various sectors of homeland security. Part I, Surveillance and Society, focuses on the societal dimension of surveillance-stressing the importance of societal acceptability as a precondition to any surveillance system. Part II, Physical and Cyber Surveillance, presents advanced technologies for surveillance. It considers developing technologie...

  12. Benefits and risks of smart home technologies

    International Nuclear Information System (INIS)

    Wilson, Charlie; Hargreaves, Tom; Hauxwell-Baldwin, Richard

    2017-01-01

    Smart homes are a priority area of strategic energy planning and national policy. The market adoption of smart home technologies (SHTs) relies on prospective users perceiving clear benefits with acceptable levels of risk. This paper characterises the perceived benefits and risks of SHTs from multiple perspectives. A representative national survey of UK homeowners (n=1025) finds prospective users have positive perceptions of the multiple functionality of SHTs including energy management. Ceding autonomy and independence in the home for increased technological control are the main perceived risks. An additional survey of actual SHT users (n=42) participating in a smart home field trial identifies the key role of early adopters in lowering perceived SHT risks for the mass market. Content analysis of SHT marketing material (n=62) finds the SHT industry are insufficiently emphasising measures to build consumer confidence on data security and privacy. Policymakers can play an important role in mitigating perceived risks, and supporting the energy-management potential of a smart-home future. Policy measures to support SHT market development include design and operating standards, guidelines on data and privacy, quality control, and in situ research programmes. Policy experiences with domestic energy efficiency technologies and with national smart meter roll-outs offer useful precedents. - Highlights: • Representative national survey of prospective smart home users. • Comparative analysis of three datasets to analyse perceived benefits and risks of smart home technologies. • Distinctive characteristics identified of early adopters who seed market growth. • Comparison of user perceptions with industry marketing. • Detailed policy recommendations to support energy benefits of smart home technologies.

  13. Combining overt and covert anti-counterfeiting technologies for securities

    Science.gov (United States)

    Uematsu, Tsuyoshi

    2006-02-01

    The National Printing Bureau of Japan has been developing new anti-counterfeiting technologies as a banknote printer. Some of our technologies have already been effectively introduced into Japan's new banknote series. Anti-counterfeiting technologies can be applied not only to banknotes but also to other security documents depending on desired features. In this presentation, I will introduce three of our newly developed overt and covert security techniques, which are intended for document security and brand protection, as well as banknotes. "Metallic View" is mainly for offset printing. "Copy Check" (micro-structural lines involving luminescence) is for plate making technology. "ImageSwitch" is for a new security solution which has unlimited printing applications. All three techniques create "latent images" (some of which may be better known as "carrier screen images") that are useful in preventing counterfeiting. While each of the techniques is effective by itself, all are more effective when applied together. Combining these techniques could make all security documents harder to copy using IT scanners, and provide cost-effective anti-counterfeiting solutions for all security users.

  14. Applications of nuclear safety probabilistic risk assessment to nuclear security for optimized risk mitigation

    Energy Technology Data Exchange (ETDEWEB)

    Donnelly, S.K.; Harvey, S.B. [Amec Foster Wheeler, Toronto, Ontario (Canada)

    2016-06-15

    Critical infrastructure assets such as nuclear power generating stations are potential targets for malevolent acts. Probabilistic methodologies can be applied to evaluate the real-time security risk based upon intelligence and threat levels. By employing this approach, the application of security forces and other protective measures can be optimized. Existing probabilistic safety analysis (PSA) methodologies and tools employed. in the nuclear industry can be adapted to security applications for this purpose. Existing PSA models can also be adapted and enhanced to consider total plant risk, due to nuclear safety risks as well as security risks. By creating a Probabilistic Security Model (PSM), safety and security practitioners can maximize the safety and security of the plant while minimizing the significant costs associated with security upgrades and security forces. (author)

  15. Agent of opportunity risk mitigation: people, engineering, and security efficacy.

    Science.gov (United States)

    Graham, Margaret E; Tunik, Michael G; Farmer, Brenna M; Bendzans, Carly; McCrillis, Aileen M; Nelson, Lewis S; Portelli, Ian; Smith, Silas; Goldberg, Judith D; Zhang, Meng; Rosenberg, Sheldon D; Goldfrank, Lewis R

    2010-12-01

    Agents of opportunity (AO) are potentially harmful biological, chemical, radiological, and pharmaceutical substances commonly used for health care delivery and research. AOs are present in all academic medical centers (AMC), creating vulnerability in the health care sector; AO attributes and dissemination methods likely predict risk; and AMCs are inadequately secured against a purposeful AO dissemination, with limited budgets and competing priorities. We explored health care workers' perceptions of AMC security and the impact of those perceptions on AO risk. Qualitative methods (survey, interviews, and workshops) were used to collect opinions from staff working in a medical school and 4 AMC-affiliated hospitals concerning AOs and the risk to hospital infrastructure associated with their uncontrolled presence. Secondary to this goal, staff perception concerning security, or opinions about security behaviors of others, were extracted, analyzed, and grouped into themes. We provide a framework for depicting the interaction of staff behavior and access control engineering, including the tendency of staff to "defeat" inconvenient access controls. In addition, 8 security themes emerged: staff security behavior is a significant source of AO risk; the wide range of opinions about "open" front-door policies among AMC staff illustrates a disparity of perceptions about the need for security; interviewees expressed profound skepticism concerning the effectiveness of front-door access controls; an AO risk assessment requires reconsideration of the security levels historically assigned to areas such as the loading dock and central distribution sites, where many AOs are delivered and may remain unattended for substantial periods of time; researchers' view of AMC security is influenced by the ongoing debate within the scientific community about the wisdom of engaging in bioterrorism research; there was no agreement about which areas of the AMC should be subject to stronger access

  16. The new risk paradigm for chemical process security and safety.

    Science.gov (United States)

    Moore, David A

    2004-11-11

    The world of safety and security in the chemical process industries has certainly changed since 11 September, but the biggest challenges may be yet to come. This paper will explain that there is a new risk management paradigm for chemical security, discuss the differences in interpreting this risk versus accidental risk, and identify the challenges we can anticipate will occur in the future on this issue. Companies need to be ready to manage the new chemical security responsibilities and to exceed the expectations of the public and regulators. This paper will outline the challenge and a suggested course of action.

  17. Interdependent Risk and Cyber Security: An Analysis of Security Investment and Cyber Insurance

    Science.gov (United States)

    Shim, Woohyun

    2010-01-01

    An increasing number of firms rely on highly interconnected information networks. In such environments, defense against cyber attacks is complicated by residual risks caused by the interdependence of information security decisions of firms. IT security is affected not only by a firm's own management strategies but also by those of others. This…

  18. Technological risks and social conflicts

    International Nuclear Information System (INIS)

    Conrad, J.; Krebsbach-Gnath, C.

    1980-12-01

    Research on acceptance, perception and assessment of risks clearly shows that perception of risk by the public is based more on subjective assessments than on scientifically objective risk values. Risk perception by the public is influenced by a number of factors. Risk is still a central point in the conflict and always plays a major role in the opposition toward dangerous technologies. Risk forms the thematic focus for the controversy. The development of the actual conflict, the positions, interests, adaptation problems and processes of the various societal institutions, the conditions, prospects, and forms of antinuclear protest and the subjects and structures, symmetries and changes of argument in the public discussion on nuclear energy are analyzed and represented in detail in this report. (orig./HSCH) [de

  19. Evaluating the Security Risks of System Using Hidden Markov Models

    African Journals Online (AJOL)

    System security assessment tools are either restricted to manual risk evaluation methodologies that are not appropriate for real-time application or used to determine the impact of certain events on the security status of networked systems. In this paper, we determine the strength of computer systems from the perspective of ...

  20. Using Financial Instruments to Transfer the Information Security Risks

    Directory of Open Access Journals (Sweden)

    Pankaj Pandey

    2016-05-01

    Full Text Available For many individuals and organizations, cyber-insurance is the most practical and only way of handling a major financial impact of an information security event. However, the cyber-insurance market suffers from the problem of information asymmetry, lack of product diversity, illiquidity, high transaction cost, and so on. On the other hand, in theory, capital market-based financial instruments can provide a risk transfer mechanism with the ability to absorb the adverse impact of an information security event. Thus, this article addresses the limitations in the cyber-(reinsurance markets with a set of capital market-based financial instruments. This article presents a set of information security derivatives, namely options, vanilla options, swap, and futures that can be traded at an information security prediction market. Furthermore, this article demonstrates the usefulness of information security derivatives in a given scenario and presents an evaluation of the same in comparison with cyber-insurance. In our analysis, we found that the information security derivatives can at least be a partial solution to the problems in the cyber-insurance markets. The information security derivatives can be used as an effective tool for information elicitation and aggregation, cyber risk pricing, risk hedging, and strategic decision making for information security risk management.

  1. Security and privacy issues with health care information technology.

    Science.gov (United States)

    Meingast, Marci; Roosta, Tanya; Sastry, Shankar

    2006-01-01

    The face of health care is changing as new technologies are being incorporated into the existing infrastructure. Electronic patient records and sensor networks for in-home patient monitoring are at the current forefront of new technologies. Paper-based patient records are being put in electronic format enabling patients to access their records via the Internet. Remote patient monitoring is becoming more feasible as specialized sensors can be placed inside homes. The combination of these technologies will improve the quality of health care by making it more personalized and reducing costs and medical errors. While there are benefits to technologies, associated privacy and security issues need to be analyzed to make these systems socially acceptable. In this paper we explore the privacy and security implications of these next-generation health care technologies. We describe existing methods for handling issues as well as discussing which issues need further consideration.

  2. ArgueSecure: Out-of-the-box Risk Assessment

    NARCIS (Netherlands)

    Ionita, Dan; Kegel, Roeland Hendrik,Pieter; Wieringa, Roelf J.; Baltuta, Andrei

    Most established security risk assessment methodologies aim to produce ranked lists of risks. But ranking requires quantification of risks, which in turn relies on data which may not be available or estimations which might not be accurate. As an alternative, we have previously proposed

  3. Information security risk management for ISO27001/ISO27002

    CERN Document Server

    Calder, A; Watkins, S

    2010-01-01

    Drawing on international best practice, including ISO/IEC 27005, NIST SP800-30 and BS7799-3, the book explains in practical detail how to carry out an information security risk assessment. It covers key topics, such as risk scales, threats and vulnerabilities, selection of controls, and roles and responsibilities, and includes advice on choosing risk assessment software.

  4. Acceptance Factors Influencing Adoption of National Institute of Standards and Technology Information Security Standards: A Quantitative Study

    Science.gov (United States)

    Kiriakou, Charles M.

    2012-01-01

    Adoption of a comprehensive information security governance model and security controls is the best option organizations may have to protect their information assets and comply with regulatory requirements. Understanding acceptance factors of the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) comprehensive…

  5. The Performativity of Risk Management Frameworks and Technologies

    DEFF Research Database (Denmark)

    Neerup Themsen, Tim; Skærbæk, Peter

    2018-01-01

    This article examines the long-term dynamics among a best-practice risk management framework, risk management technologies and the translation of uncertainties into risks by using a longitudinal case study of a large mega-project. We show that the framework and technologies through the visual power...... of impure risks challenges the predictions of the framework causing a false sense of security for the project objectives, and that the continuous readjustment of technologies, in particular, is necessary to ensure the long-term realisation of these predictions. Finally, this article contributes...... of inscriptions and the purifying work of risk consultants as experts establish the boundaries of the forms of uncertainties that are accepted and included as risks. We term the accepted and included risks ‘pure risks’ and the risks excluded after disagreement ‘impure risks’. We also show that the construction...

  6. Cyber security evaluation of II&C technologies

    Energy Technology Data Exchange (ETDEWEB)

    Thomas, Ken [Idaho National Laboratory (INL), Idaho Falls, ID (United States)

    2014-11-01

    The Light Water Reactor Sustainability (LWRS) Program is a research and development program sponsored by the Department of Energy, which is conducted in close collaboration with industry to provide the technical foundations for licensing and managing the long-term, safe and economical operation of current nuclear power plants The LWRS Program serves to help the US nuclear industry adopt new technologies and engineering solutions that facilitate the continued safe operation of the plants and extension of the current operating licenses. Within the LWRS Program, the Advanced Instrumentation, Information, and Control (II&C) Systems Technologies Pathway conducts targeted research and development (R&D) to address aging and reliability concerns with the legacy instrumentation and control and related information systems of the U.S. operating light water reactor (LWR) fleet. The II&C Pathway is conducted by Idaho National Laboratory (INL). Cyber security is a common concern among nuclear utilities and other nuclear industry stakeholders regarding the digital technologies that are being developed under this program. This concern extends to the point of calling into question whether these types of technologies could ever be deployed in nuclear plants given the possibility that the information in them can be compromised and the technologies themselves can potentially be exploited to serve as attack vectors for adversaries. To this end, a cyber security evaluation has been conducted of these technologies to determine whether they constitute a threat beyond what the nuclear plants already manage within their regulatory-required cyber security programs. Specifically, the evaluation is based on NEI 08-09, which is the industry’s template for cyber security programs and evaluations, accepted by the Nuclear Regulatory Commission (NRC) as responsive to the requirements of the nuclear power plant cyber security regulation found in 10 CFR 73.54. The evaluation was conducted by a

  7. Safety and security risk assessments--now demystified!

    Science.gov (United States)

    White, Donald E

    2011-01-01

    Safety/security risk assessments no longer need to spook nor baffle healthcare safety/security managers. This grid template provides at-at-glance quick lookup of the possible threats, the affected people and things, a priority ranking of these risks, and a workable solution for each risk. Using the standard document, spreadsheet, or graphics software already available on your computer, you can easily use a scientific method to produce professional looking risk assessments that get quickly understood by both senior managers and first responders alike!

  8. Technologies for security, military police, and professional policing organizations: the Department of Energy perspective

    Science.gov (United States)

    Steele, Basil J.

    1997-01-01

    There are many emerging technologies that can be used to help the law enforcement community protect the public as well as public and private facilities against ever increasing threats to this country and its resources. These technologies include sensors, closed circuit television (CCTV), access control, contraband detection, communications, control and display, barriers, and various component and system modeling techniques. This paper will introduce some of the various technologies that have been examined for the Department of Energy that could be applied to various law enforcement applications. They include: scannerless laser radar; next generation security systems; response force video information helmet system; access delay technologies; rapidly deployable intrusion detection systems; cost risk benefit analysis.

  9. Marketing Plan for the National Security Technology Incubator

    Energy Technology Data Exchange (ETDEWEB)

    None

    2008-03-31

    This marketing plan was developed as part of the National Security Preparedness Project by the Arrowhead Center of New Mexico State University. The vision of the National Security Technology Incubator program is to be a successful incubator of technologies and private enterprise that assist the NNSA in meeting new challenges in national safety and security. The plan defines important aspects of developing the incubator, such as defining the target market, marketing goals, and creating strategies to reach the target market while meeting those goals. The three main marketing goals of the incubator are: 1) developing marketing materials for the incubator program; 2) attracting businesses to become incubator participants; and 3) increasing name recognition of the incubator program on a national level.

  10. 75 FR 3948 - Big Sky Energy Corp., Biomedical Waste Systems, Inc., Biometrics Security Technology, Inc...

    Science.gov (United States)

    2010-01-25

    ... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] Big Sky Energy Corp., Biomedical Waste Systems, Inc., Biometrics Security Technology, Inc., Biosys, Inc., Bolder Technologies Corp., Boyds Wheels, Inc... securities of Biometrics Security Technology, Inc. because it has not filed any periodic reports since...

  11. Satellite Technology Contribution to Water and Food Security

    Science.gov (United States)

    Brown, Molly E.

    2010-01-01

    This slide presentation reviews the issue of supplies of food, the relationship to food security, the ability of all people to attain sufficient food for an active and healthy life, and the ability to use satellite technology and remote sensing to assist with planning and act as an early warning system.

  12. Safeguards and Security Technology Development Directory. FY 1993

    Energy Technology Data Exchange (ETDEWEB)

    1993-06-01

    The Safeguards and Security Technology Development Directory is published annually by the Office of Safeguards and Security (OSS) of the US Department of Energy (DOE), and is Intended to inform recipients of the full scope of the OSS R&D program. It is distributed for use by DOE headquarters personnel, DOE program offices, DOE field offices, DOE operating contractors, national laboratories, other federal agencies, and foreign governments. Chapters 1 through 7 of the Directory provide general information regarding the Technology Development Program, including the mission, program description, organizational roles and responsibilities, technology development lifecycle, requirements analysis, program formulation, the task selection process, technology development infrastructure, technology transfer activities, and current research and development tasks. These chapters are followed by a series of appendices which contain more specific information on aspects of the Program. Appendix A is a summary of major technology development accomplishments made during FY 1992. Appendix B lists S&S technology development reports issued during FY 1992 which reflect work accomplished through the OSS Technology Development Program and other relevant activities outside the Program. Finally, Appendix C summarizes the individual task statements which comprise the FY 1993 Technology Development Program.

  13. Secure, Mobile, Wireless Network Technology Designed, Developed, and Demonstrated

    Science.gov (United States)

    Ivancic, William D.; Paulsen, Phillip E.

    2004-01-01

    The inability to seamlessly disseminate data securely over a high-integrity, wireless broadband network has been identified as a primary technical barrier to providing an order-of-magnitude increase in aviation capacity and safety. Secure, autonomous communications to and from aircraft will enable advanced, automated, data-intensive air traffic management concepts, increase National Air Space (NAS) capacity, and potentially reduce the overall cost of air travel operations. For the first time ever, secure, mobile, network technology was designed, developed, and demonstrated with state-ofthe- art protocols and applications by a diverse, cooperative Government-industry team led by the NASA Glenn Research Center. This revolutionary technology solution will make fundamentally new airplane system capabilities possible by enabling secure, seamless network connections from platforms in motion (e.g., cars, ships, aircraft, and satellites) to existing terrestrial systems without the need for manual reconfiguration. Called Mobile Router, the new technology autonomously connects and configures networks as they traverse from one operating theater to another. The Mobile Router demonstration aboard the Neah Bay, a U.S. Coast Guard vessel stationed in Cleveland, Ohio, accomplished secure, seamless interoperability of mobile network systems across multiple domains without manual system reconfiguration. The Neah Bay was chosen because of its low cost and communications mission similarity to low-Earth-orbiting satellite platforms. This technology was successfully advanced from technology readiness level (TRL) 2 (concept and/or application formation) to TRL 6 (system model or prototype demonstration in a relevant environment). The secure, seamless interoperability offered by the Mobile Router and encryption device will enable several new, vehicle-specific and systemwide technologies to perform such things as remote, autonomous aircraft performance monitoring and early detection and

  14. Security Risk Assessment Process for UAS in the NAS CNPC Architecture

    Science.gov (United States)

    Iannicca, Dennis Christopher; Young, Daniel Paul; Suresh, Thadhani; Winter, Gilbert A.

    2013-01-01

    This informational paper discusses the risk assessment process conducted to analyze Control and Non-Payload Communications (CNPC) architectures for integrating civil Unmanned Aircraft Systems (UAS) into the National Airspace System (NAS). The assessment employs the National Institute of Standards and Technology (NIST) Risk Management framework to identify threats, vulnerabilities, and risks to these architectures and recommends corresponding mitigating security controls. This process builds upon earlier work performed by RTCA Special Committee (SC) 203 and the Federal Aviation Administration (FAA) to roadmap the risk assessment methodology and to identify categories of information security risks that pose a significant impact to aeronautical communications systems. A description of the deviations from the typical process is described in regards to this aeronautical communications system. Due to the sensitive nature of the information, data resulting from the risk assessment pertaining to threats, vulnerabilities, and risks is beyond the scope of this paper

  15. Biofuels. Environment, technology and food security

    International Nuclear Information System (INIS)

    Escobar, Jose C.; Lora, Electo S.; Venturini, Osvaldo J.; Yanez, Edgar E.; Castillo, Edgar F.; Almazan, Oscar

    2009-01-01

    The imminent decline of the world's oil production, its high market prices and environmental impacts have made the production of biofuels to reach unprecedent volumes over the last 10 years. This is why there have been intense debates among international organizations and political leaders in order to discuss the impacts of the biofuel use intensification. Besides assessing the causes of the rise in the demand and production of biofuels, this paper also shows the state of the art of their world's current production. It is also discussed different vegetable raw materials sources and technological paths to produce biofuels, as well as issues regarding production cost and the relation of their economic feasibility with oil international prices. The environmental impacts of programs that encourage biofuel production, farmland land requirements and the impacts on food production are also discussed, considering the life cycle analysis (LCA) as a tool. It is concluded that the rise in the use of biofuels is inevitable and that international cooperation, regulations and certification mechanisms must be established regarding the use of land, the mitigation of environmental and social impacts caused by biofuel production. It is also mandatory to establish appropriate working conditions and decent remuneration for workers of the biofuels production chain. (author)

  16. Health risks of energy technologies

    International Nuclear Information System (INIS)

    Travis, C.C.; Etnier, E.L.

    1983-01-01

    This volume examines occupational, public health, and environmental risks of the coal fuel cycle, the nuclear fuel cycle, and unconventional energy technologies. The 6 chapters explore in detail the relationship between energy economics and risk analysis, assess the problems of applying traditional cost-benefit analysis to long-term environmental problems (such as global carbon dioxide levels), and consider questions about the public's perception and acceptance of risk. Also included is an examination of the global risks associated with current and proposed levels of energy production and comsumption from all major sources. A separate abstract was prepared for each of the 6 chapters; all are included in Energy Abstracts for Policy Analysis (EAPA) and four in Energy Research Abstracts

  17. A Model for an Information Security Risk Management (ISRM) Framework for Saudi Arabian Organisations

    Science.gov (United States)

    Alshareef, Naser

    2016-01-01

    Countries in the Gulf represent thriving, globally important commercial centres. They have embraced technology and modern management methods, often originating in the western countries. In adapting to quite different cultures these do not always operate as successfully. The adoption and practices of the Information Security Risk Management (ISRM)…

  18. Sustainable Phosphorus Measures: Strategies and Technologies for Achieving Phosphorus Security

    Directory of Open Access Journals (Sweden)

    Stuart White

    2013-01-01

    Full Text Available Phosphorus underpins the world’s food systems by ensuring soil fertility, maximising crop yields, supporting farmer livelihoods and ultimately food security. Yet increasing concerns around long-term availability and accessibility of the world’s main source of phosphorus—phosphate rock, means there is a need to investigate sustainable measures to buffer the world’s food systems against the long and short-term impacts of global phosphorus scarcity. While the timeline of phosphorus scarcity is contested, there is consensus that more efficient use and recycling of phosphorus is required. While the agricultural sector will be crucial in achieving this, sustainable phosphorus measures in sectors upstream and downstream of agriculture from mine to fork will also need to be addressed. This paper presents a comprehensive classification of all potential phosphorus supply- and demand-side measures to meet long-term phosphorus needs for food production. Examples range from increasing efficiency in the agricultural and mining sector, to technologies for recovering phosphorus from urine and food waste. Such measures are often undertaken in isolation from one another rather than linked in an integrated strategy. This integrated approach will enable scientists and policy-makers to take a systematic approach when identifying potential sustainable phosphorus measures. If a systematic approach is not taken, there is a risk of inappropriate investment in research and implementation of technologies and that will not ultimately ensure sufficient access to phosphorus to produce food in the future. The paper concludes by introducing a framework to assess and compare sustainable phosphorus measures and to determine the least cost options in a given context.

  19. Adversarial risks in social experiments with new technologies

    NARCIS (Netherlands)

    Pieters, Wolter; Dechesne, Francien; van der Poel, Ibo; Asveld, Lotte; Mehos, Donna C.

    2017-01-01

    Studies that approach the deployment of new technologies as social experiments have mostly focused on unintentional effects, notably safety. We argue for the inclusion of adversarial risks or security aspects that are the result of intentional, strategic behavior of actors, who aim at using the

  20. Using Science Driven Technologies for the Defense and Security Applications

    Science.gov (United States)

    Habib, Shahid; Zukor, Dorthy; Ambrose, Stephen D.

    2004-01-01

    For the past three decades, Earth science remote sensing technologies have been providing enormous amounts of useful data and information in broadening our understanding of our home planet as a system. This research, as it has expanded our learning process, has also generated additional questions. This has further resulted in establishing new science requirements, which have culminated in defining and pushing the state-of-the-art technology needs. NASA s Earth science program has deployed 18 highly complex satellites, with a total of 80 sensors, so far and is in a process of defining and launching multiple observing systems in the next decade. Due to the heightened security alert of the nation, researchers and technologists are paying serious attention to the use of these science driven technologies for dual use. In other words, how such sophisticated observing and measuring systems can be used in detecting multiple types of security concerns with a substantial lead time so that the appropriate law enforcement agencies can take adequate steps to defuse any potential risky scenarios. This paper examines numerous NASA technologies such as laser/lidar systems, microwave and millimeter wave technologies, optical observing systems, high performance computational techniques for rapid analyses, and imaging products that can have a tremendous pay off for security applications.

  1. Global water risks and national security: Building resilience (Invited)

    Science.gov (United States)

    Pulwarty, R. S.

    2013-12-01

    The UN defines water security as the capacity of a population to safeguard sustainable access to adequate quantities of acceptable quality water for sustaining livelihoods, human well-being, and socio-economic development, for ensuring protection against water-borne pollution and water-related disasters, and for preserving ecosystems in a climate of peace and political stability. This definition highlights complex and interconnected challenges and underscores the centrality of water for environmental services and human aactivities. Global risks are expressed at the national level. The 2010 Quadrennial Defense Review and the 2010 National Security Strategy identify climate change as likely to trigger outcomes that will threaten U.S. security including how freshwater resources can become a security issue. Impacts will be felt on the National Security interest through water, food and energy security, and critical infrastructure. This recognition focuses the need to consider the rates of change in climate extremes, in the context of more traditional political, economic, and social indicators that inform security analyses. There is a long-standing academic debate over the extent to which resource constraints and environmental challenges lead to inter-state conflict. It is generally recognized that water resources as a security issue to date exists mainly at the substate level and has not led to physical conflict between nation states. In conflict and disaster zones, threats to water security increase through inequitable and difficult access to water supply and related services, which may aggravate existing social fragility, tensions, violence, and conflict. This paper will (1) Outline the dimensions of water security and its links to national security (2) Analyze water footprints and management risks for key basins in the US and around the world, (3) map the link between global water security and national concerns, drawing lessons from the drought of 2012 and elsewhere

  2. Performance Testing of Homeland Security Technologies in U.S. EPA's Environmental Technology Verification (ETV) Program

    National Research Council Canada - National Science Library

    Kelly, Thomas J; Hofacre, Kent C; Derringer, Tricia L; Riggs, Karen B; Koglin, Eric N

    2004-01-01

    ... (reports and test plans available at www.epa.gov/etv). In the aftermath of the terrorist attacks of September 11, 2001, the ETV approach has also been employed in performance tests of technologies relevant to homeland security (HS...

  3. MAVEN Information Security Governance, Risk Management, and Compliance (GRC): Lessons Learned

    Science.gov (United States)

    Takamura, Eduardo; Gomez-Rosa, Carlos A.; Mangum, Kevin; Wasiak, Fran

    2014-01-01

    As the first interplanetary mission managed by the NASA Goddard Space Flight Center, the Mars Atmosphere and Volatile EvolutioN (MAVEN) had three IT security goals for its ground system: COMPLIANCE, (IT) RISK REDUCTION, and COST REDUCTION. In a multiorganizational environment in which government, industry and academia work together in support of the ground system and mission operations, information security governance, risk management, and compliance (GRC) becomes a challenge as each component of the ground system has and follows its own set of IT security requirements. These requirements are not necessarily the same or even similar to each other's, making the auditing of the ground system security a challenging feat. A combination of standards-based information security management based on the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF), due diligence by the Mission's leadership, and effective collaboration among all elements of the ground system enabled MAVEN to successfully meet NASA's requirements for IT security, and therefore meet Federal Information Security Management Act (FISMA) mandate on the Agency. Throughout the implementation of GRC on MAVEN during the early stages of the mission development, the Project faced many challenges some of which have been identified in this paper. The purpose of this paper is to document these challenges, and provide a brief analysis of the lessons MAVEN learned. The historical information documented herein, derived from an internal pre-launch lessons learned analysis, can be used by current and future missions and organizations implementing and auditing GRC.

  4. Risk evaluation system for facility safeguards and security planning

    International Nuclear Information System (INIS)

    Udell, C.J.; Carlson, R.L.

    1987-01-01

    The Risk Evaluation System (RES) is an integrated approach to determining safeguards and security effectiveness and risk. RES combines the planning and technical analysis into a format that promotes an orderly development of protection strategies, planing assumptions, facility targets, vulnerability and risk determination, enhancement planning, and implementation. In addition, the RES computer database program enhances the capability of the analyst to perform a risk evaluation of the facility. The computer database is menu driven using data input screens and contains an algorithm for determining the probability of adversary defeat and risk. Also, base case and adjusted risk data records can be maintained and accessed easily

  5. Risk evaluation system for facility safeguards and security planning

    International Nuclear Information System (INIS)

    Udell, C.J.; Carlson, R.L.

    1987-01-01

    The Risk Evaluation System (RES) is an integrated approach to determining safeguards and security effectiveness and risk. RES combines the planning and technical analysis into a format that promotes an orderly development of protection strategies, planning assumptions, facility targets, vulnerability and risk determination, enhancement planning, and implementation. In addition, the RES computer database program enhances the capability of the analyst to perform a risk evaluation of the facility. The computer database is menu driven using data input screens and contains an algorithm for determining the probability of adversary defeat and risk. Also, base case and adjusted risk data records can be maintained and accessed easily

  6. After Globalization Future Security in a Technology Rich World

    Energy Technology Data Exchange (ETDEWEB)

    Gilmartin,T J

    2001-08-17

    Over the course of the year 2000, five workshops were conducted by the Center for Global Security Research at the Lawrence Livermore National Laboratory on threats to international security in the 2015 to 2020 timeframe due to the global availability of advanced technology. These workshops focused on threats that are enabled by nuclear, missile, and space technology; military technology; information technology; bio technology; and geo systems technology. The participants included US national leaders and experts from the Department of Energy National Laboratories; the Department of Defense: Army, Navy, Air Force, Office of the Secretary of Defense, Defense Threat Reduction Agency, and Defense Advanced Research Projects Agency; the Department of State, NASA, Congressional technical staff, the intelligence community, universities and university study centers, think tanks, consultants on security issues, and private industry. For each workshop the process of analysis involved identification and prioritization of the participants' perceived most severe threat scenarios (worst nightmares), discussion of the technologies which enabled those threats, and ranking of the technologies' threat potentials. The threats ranged from local/regional to global, from intentional to unintended to natural, from merely economic to massively destructive, and from individual and group to state actions. We were not concerned in this exercise with defining responses to the threats, although our assessment of each threat's severity included consideration of the ease or difficulty with which it might be executed or countered. At the concluding review, we brought the various workshops' participants together, added senior participant/reviewers with broad experience and national responsibility, and discussed the workshop findings to determine what is most certain or uncertain, and what might be needed to resolve our uncertainties. This paper summarizes the consenses and

  7. Technological risks and social conflicts

    International Nuclear Information System (INIS)

    Conrad, J.; Krebsbach-Gnath, C.

    1980-12-01

    This volume of materials is part of the report on 'Technological risks and social conflicts. Political risk strategies in the field of nuclear power'. The interested reader who wants to deepen his knowledge on the results and reasoning of the main report, will here find detailed explanations and brief drafts of subprojects; fundamental aspects of problems are presented in detail, and theoretical-conceptional, methodological and scientific-political points of view are explained. Furthermore it contains general reflections on the application-oriented research by order, a review of the status of risk research, historical considerations on the nuclear energy conflict, and finally explanations are attempted for the nuclear energy conflict. (orig./HSCH) [de

  8. Survey of current technologies of security management for distributed information systems; Bunsangata joho system no security iji kanri hoshiki no genjo

    Energy Technology Data Exchange (ETDEWEB)

    Matsui, S [Central Research Institute of Electric Power Industry, Tokyo (Japan)

    1997-05-01

    The latest situation of the security management for a distributed information system was examined and systematically summarized to indicate the management design in future. This paper describes the threat of the distributed information system to security, the risk for confidentiality, integrity, and availability due to the threat, and the measures to be taken. The basic technology of security management is classified into the `user certification to prevent an incorrect access` and the `encipherment to prevent data from being used incorrectly.` The technology for certification has been almost completed. It can be securely done using an expendable password or IC card system. In Internet, multiple enciphering technologies for constructing a virtual private network that can secure the almost the same security as for a private network can be used. In an electronic mail, the enciphering technology can also be used easily. The tool that manages the security of very many servers, clients, and networks is in the initial stage. 16 refs., 1 fig., 5 tabs.

  9. Asset Identification for Security Risk Assessment in Web Applications

    OpenAIRE

    Hisham M. Haddad; Brunil D. Romero

    2009-01-01

    As software applications become more complex they require more security, allowing them to reach an appropriate level of quality to manage information, and therefore achieving business objectives. Web applications represent one segment of software industry where security risk assessment is essential. Web engineering must address new challenges to provide new techniques and tools that guarantee high quality application development. This work focuses asset identification, the initial step in sec...

  10. Guidelines for developing NASA (National Aeronautics and Space Administration) ADP security risk management plans

    Science.gov (United States)

    Tompkins, F. G.

    1983-01-01

    This report presents guidance to NASA Computer security officials for developing ADP security risk management plans. The six components of the risk management process are identified and discussed. Guidance is presented on how to manage security risks that have been identified during a risk analysis performed at a data processing facility or during the security evaluation of an application system.

  11. After globalization future security in a technology rich world

    Energy Technology Data Exchange (ETDEWEB)

    Gilmartin, T J

    2000-02-12

    Over the course of the year 2000, five one-day workshops were conducted by the Center for Global Security Research at the Lawrence Livermore National Laboratory on threats that might come against the US and its allies in the 2015 to 2020 timeframe due to the global availability of advanced technology. These workshops focused on threats that are enabled by nuclear, missile, and space technology; military technology; information technology; bio technology; and geo systems technology. In December, an Integration Workshop and Senior Review before national leaders and experts were held. The participants and reviewers were invited from the DOE National Laboratories, the DOD Services, OSD, DTRA, and DARPA, the DOS, NASA, Congressional technical staff, the intelligence community, universities and university study centers, think tanks, consultants on national security issues, and private industry. For each workshop the process of analysis involved identification and prioritization of the participants' perceived most severe threat scenarios (worst nightmares), discussion of the technologies which enabled those threats, and ranking of the technologies' threat potentials. We were not concerned in this exercise with defining responses, although our assessment of each threat's severity included consideration of the ease or difficulty with which it might be countered. At the concluding Integration Workshop and Senior Panel Review, we brought the various workshops' participants together, added senior participant/reviewers with broad experience and responsibility, and discussed the workshop findings to determine what is most certain, and uncertain, and what might be needed to resolve our uncertainties. This document reports the consensus and important variations of both the reviewers and the participants. In all, 45 threats over a wide range of lethality and probability of occurrence were identified. Over 60 enabling technologies were also discussed. These are

  12. RiskREP: Risk-Based Security Requirements Elicitation and Prioritization (extended version)

    NARCIS (Netherlands)

    Herrmann, Andrea; Morali, A.

    2010-01-01

    Today, companies are required to be in control of the security of their IT assets. This is especially challenging in the presence of limited budgets and conflicting requirements. Here, we present Risk-Based Requirements Elicitation and Prioritization (RiskREP), a method for managing IT security

  13. Information Uncertainty to Compare Qualitative Reasoning Security Risk Assessment Results

    Energy Technology Data Exchange (ETDEWEB)

    Chavez, Gregory M [Los Alamos National Laboratory; Key, Brian P [Los Alamos National Laboratory; Zerkle, David K [Los Alamos National Laboratory; Shevitz, Daniel W [Los Alamos National Laboratory

    2009-01-01

    The security risk associated with malevolent acts such as those of terrorism are often void of the historical data required for a traditional PRA. Most information available to conduct security risk assessments for these malevolent acts is obtained from subject matter experts as subjective judgements. Qualitative reasoning approaches such as approximate reasoning and evidential reasoning are useful for modeling the predicted risk from information provided by subject matter experts. Absent from these approaches is a consistent means to compare the security risk assessment results. Associated with each predicted risk reasoning result is a quantifiable amount of information uncertainty which can be measured and used to compare the results. This paper explores using entropy measures to quantify the information uncertainty associated with conflict and non-specificity in the predicted reasoning results. The measured quantities of conflict and non-specificity can ultimately be used to compare qualitative reasoning results which are important in triage studies and ultimately resource allocation. Straight forward extensions of previous entropy measures are presented here to quantify the non-specificity and conflict associated with security risk assessment results obtained from qualitative reasoning models.

  14. Game Theoretic Risk Analysis of Security Threats

    CERN Document Server

    Bier, Vicki M

    2008-01-01

    Introduces reliability and risk analysis in the face of threats by intelligent agents. This book covers applications to networks, including problems in both telecommunications and transportation. It provides a set of tools for applying game theory TO reliability problems in the presence of intentional, intelligent threats

  15. An approach to security risk assessment.

    Science.gov (United States)

    Engells, Thomas E

    2012-01-01

    Use of a brief survey instrument described in this article can be a useful means of obtaining actionable information in regards to risk assessment and crime prevention, the author points out. The survey yields data that assists in the prioritization of effort that can enhance the impact of a limited pool of qualified specialists.

  16. Insuring Life : Value, Security and Risk

    NARCIS (Netherlands)

    Lobo-Guerrero, Luis

    2016-01-01

    This book is a contribution to the scholarly engagement with the wider problem of governing through risk and the politics of uncertainty. It takes life insurance as an empirical site from which to ask: what is the kind of governance created through insurance an instance of, and how does it

  17. Blockchain Technology: A new secured Electronic Health Record System

    OpenAIRE

    Tamazirt , Lotfi; Alilat , Farid; Agoulmine , Nazim

    2018-01-01

    International audience; Nowadays, health systems are looking for effective ways to manage more patients in a shorter time, and to increase the quality of care through better coordination to provide quick, accurate and non-invasive diagnostics to patients. This paper aims to solve the dependence on trusted third parties by proposing a new management strategy, storage and security in a decentralized network through Blockchain technology. The proposed system also aims to offer a solution to help...

  18. Proceedings of the 1989 Carnahan conference on security technology

    International Nuclear Information System (INIS)

    DeVore, R.W.

    1989-01-01

    This book contains the proceedings of the 1989 Carnahan conference on security technology and crime countermeasures. Topics covered include: study of methods for the enhancement of classified document control and protection; research and development of a portable microfocus x-ray system capable of providing ultra-high resolution images of improvised explosive devices; and BombCAD - a CAD-based technique for assessing bomb vulnerability and designing and evaluating bomb defense measures

  19. Professional Autonomy and Security Risks of Journalists in Colombia

    Directory of Open Access Journals (Sweden)

    Miguel E. Garcés Prettel

    2017-01-01

    Full Text Available This paper analyzes the relationship between professional autonomy and security risks of journalists in Colombia. A correlational-transversal research was conducted with a sample of 751 journalists who filled out the questionnaire “Worlds of Journalism Study”. The results show significant differences on the attacks received by the journalists depending on gender, news beat, region, news media, years of experience, capacity and educational level of journalists. Attacks on journalists correlates positively with the autonomy to publish and write news on governments, armed forces, criminal gangs and structural social problems (poverty, status of ethnic minorities, socioeconomic inequality, environmental damage the latter being a predictor of high risk security.

  20. Risk assessment of climate systems for national security.

    Energy Technology Data Exchange (ETDEWEB)

    Backus, George A.; Boslough, Mark Bruce Elrick; Brown, Theresa Jean; Cai, Ximing; Conrad, Stephen Hamilton; Constantine, Paul G; Dalbey, Keith R.; Debusschere, Bert J.; Fields, Richard; Hart, David Blaine; Kalinina, Elena Arkadievna; Kerstein, Alan R.; Levy, Michael; Lowry, Thomas Stephen; Malczynski, Leonard A.; Najm, Habib N.; Overfelt, James Robert; Parks, Mancel Jordan; Peplinski, William J.; Safta, Cosmin; Sargsyan, Khachik; Stubblefield, William Anthony; Taylor, Mark A.; Tidwell, Vincent Carroll; Trucano, Timothy Guy; Villa, Daniel L.

    2012-10-01

    Climate change, through drought, flooding, storms, heat waves, and melting Arctic ice, affects the production and flow of resource within and among geographical regions. The interactions among governments, populations, and sectors of the economy require integrated assessment based on risk, through uncertainty quantification (UQ). This project evaluated the capabilities with Sandia National Laboratories to perform such integrated analyses, as they relate to (inter)national security. The combining of the UQ results from climate models with hydrological and economic/infrastructure impact modeling appears to offer the best capability for national security risk assessments.

  1. 76 FR 45645 - 10-Day Notice of Proposed Information Collection: Technology Security/Clearance Plans, Screening...

    Science.gov (United States)

    2011-07-29

    ...: Technology Security/Clearance Plans, Screening Records, and Non-Disclosure Agreements ACTION: Notice of... Information Collection: Technology Security/ Clearance Plans, Screening Records, and Non-Disclosure Agreements...: None. Respondents: Business and Nonprofit Organizations, Foreign Governments. Estimated Number of...

  2. 6 CFR 27.200 - Information regarding security risk for a chemical facility.

    Science.gov (United States)

    2010-01-01

    ... chemical facility. 27.200 Section 27.200 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CHEMICAL FACILITY ANTI-TERRORISM STANDARDS Chemical Facility Security Program § 27.200 Information regarding security risk for a chemical facility. (a) Information to determine security risk. In order to...

  3. A Survey On Biometric Security Technologies From Cloud Computing Perspective

    Directory of Open Access Journals (Sweden)

    Shivashish Ratnam

    2015-08-01

    Full Text Available Cloud computing is one of the rising technologies that takes set of connections users to the next level. Cloud is a technology where resources are paid as per usage rather than owned. One of the major challenges in this technology is Security. Biometric systems provide the answer to ensure that the rendered services are accessed only by a legal user or an authorized user and no one else. Biometric systems recognize users based on behavioral or physiological characteristics. The advantages of such systems over traditional validation methods such as passwords and IDs are well known and hence biometric systems are progressively gaining ground in terms of usage. This paper brings about a new replica of a security system where in users have to offer multiple biometric finger prints during Enrollment for a service. These templates are stored at the cloud providers section. The users are authenticated based on these finger print designed templates which have to be provided in the order of arbitrary numbers or imaginary numbers that are generated every time continuously. Both finger prints templates and images are present and they provided every time duration are encrypted or modified for enhanced security.

  4. Investigative report, science committee of Aggregate corporation Radiological technologist society of the Oita prefecture. Questionnaires research on security control of department of radiological technology of medical facilities in the Oita prefecture. The second report. Research on high risk incident measures

    International Nuclear Information System (INIS)

    Eto, Yoshihiro; Mano, Isao; Takagi, Ikuya; Murakami, Yasunori; Sueyoshi, Seiji; Yoshimoto, Asahi

    2007-01-01

    Oita association of radiological technologists carried out the questionnaires about the measures against high lisk incidental in department of radiological technology at the medical facilities in Oita. We distributed the questionnaire to 102 facilities, which are worked by the technologists (member), and got response from 91 facilities (89%). Research contents are Patient verification method'' ''Input and verification of patient attribute'' ''Infection in hospital'' ''Stumbles and falls of patient'' Contrast enhancement CT'' ''Something related to pacemaker'' ''MRI inspection and the magnetic substance'' ''Remedy mistake'' and ''Risk management''. The Result, Low level recognition contents of medical accident measures are ''Contrast enhancement CT'' ''Stumbles and falls of patient'' Risk management of department of radiological technology''. (author)

  5. Hydrocomplexity: Addressing water security and emergent environmental risks

    Science.gov (United States)

    Kumar, Praveen

    2015-07-01

    Water security and emergent environmental risks are among the most significant societal concerns. They are highly interlinked to other global risks such as those related to climate, human health, food, human migration, biodiversity loss, urban sustainability, etc. Emergent risks result from the confluence of unanticipated interactions from evolving interdependencies between complex systems, such as those embedded in the water cycle. They are associated with the novelty of dynamical possibilities that have significant potential consequences to human and ecological systems, and not with probabilities based on historical precedence. To ensure water security we need to be able to anticipate the likelihood of risk possibilities as they present the prospect of the most impact through cascade of vulnerabilities. They arise due to a confluence of nonstationary drivers that include growing population, climate change, demographic shifts, urban growth, and economic expansion, among others, which create novel interdependencies leading to a potential of cascading network effects. Hydrocomplexity aims to address water security and emergent risks through the development of science, methods, and practices with the potential to foster a "Blue Revolution" akin to the Green revolution for food security. It blends both hard infrastructure based solution with soft knowledge driven solutions to increase the range of planning and design, management, mitigation and adaptation strategies. It provides a conceptual and synthetic framework to enable us to integrate discovery science and engineering, observational and information science, computational and communication systems, and social and institutional approaches to address consequential water and environmental challenges.

  6. Information security awareness in small information technology-dependent business organisations

    OpenAIRE

    2015-01-01

    M.A. (Business Management) Small businesses thrive in the developing economy of South Africa and address the important issue of unemployment and poverty that exist in the country. A large number of these business organisations can be found in the province of Gauteng because of the large and diverse economic contribution the province delivers to the economy of South Africa. With the increased use of technology in the small businesses of Gauteng and South Africa, the risks around cyber-secur...

  7. Development of Risk Assessment Methodology for State's Nuclear Security Regime

    International Nuclear Information System (INIS)

    Jang, Sung Soon; Seo, Hyung Min; Lee, Jung Ho; Kwak, Sung Woo

    2011-01-01

    Threats of nuclear terrorism are increasing after 9/11 terrorist attack. Treats include nuclear explosive device (NED) made by terrorist groups, radiological damage caused by a sabotage aiming nuclear facilities, and radiological dispersion device (RDD), which is also called 'dirty bomb'. In 9/11, Al Qaeda planed to cause radiological consequences by the crash of a nuclear power plant and the captured airplane. The evidence of a dirty bomb experiment was found in Afganistan by the UK intelligence agency. Thus, the international communities including the IAEA work substantial efforts. The leaders of 47 nations attended the 2010 nuclear security summit hosted by President Obama, while the next global nuclear summit will be held in Seoul, 2012. Most states established and are maintaining state's nuclear security regime because of the increasing threat and the international obligations. However, each state's nuclear security regime is different and depends on the state's environment. The methodology for the assessment of state's nuclear security regime is necessary to design and implement an efficient nuclear security regime, and to figure out weak points. The IAEA's INPRO project suggests a checklist method for State's nuclear security regime. The IAEA is now researching more quantitative methods cooperatively with several countries including Korea. In this abstract, methodologies to evaluate state's nuclear security regime by risk assessment are addressed

  8. High-Performance Secure Database Access Technologies for HEP Grids

    Energy Technology Data Exchange (ETDEWEB)

    Matthew Vranicar; John Weicher

    2006-04-17

    The Large Hadron Collider (LHC) at the CERN Laboratory will become the largest scientific instrument in the world when it starts operations in 2007. Large Scale Analysis Computer Systems (computational grids) are required to extract rare signals of new physics from petabytes of LHC detector data. In addition to file-based event data, LHC data processing applications require access to large amounts of data in relational databases: detector conditions, calibrations, etc. U.S. high energy physicists demand efficient performance of grid computing applications in LHC physics research where world-wide remote participation is vital to their success. To empower physicists with data-intensive analysis capabilities a whole hyperinfrastructure of distributed databases cross-cuts a multi-tier hierarchy of computational grids. The crosscutting allows separation of concerns across both the global environment of a federation of computational grids and the local environment of a physicist’s computer used for analysis. Very few efforts are on-going in the area of database and grid integration research. Most of these are outside of the U.S. and rely on traditional approaches to secure database access via an extraneous security layer separate from the database system core, preventing efficient data transfers. Our findings are shared by the Database Access and Integration Services Working Group of the Global Grid Forum, who states that "Research and development activities relating to the Grid have generally focused on applications where data is stored in files. However, in many scientific and commercial domains, database management systems have a central role in data storage, access, organization, authorization, etc, for numerous applications.” There is a clear opportunity for a technological breakthrough, requiring innovative steps to provide high-performance secure database access technologies for grid computing. We believe that an innovative database architecture where the

  9. High-Performance Secure Database Access Technologies for HEP Grids

    International Nuclear Information System (INIS)

    Vranicar, Matthew; Weicher, John

    2006-01-01

    The Large Hadron Collider (LHC) at the CERN Laboratory will become the largest scientific instrument in the world when it starts operations in 2007. Large Scale Analysis Computer Systems (computational grids) are required to extract rare signals of new physics from petabytes of LHC detector data. In addition to file-based event data, LHC data processing applications require access to large amounts of data in relational databases: detector conditions, calibrations, etc. U.S. high energy physicists demand efficient performance of grid computing applications in LHC physics research where world-wide remote participation is vital to their success. To empower physicists with data-intensive analysis capabilities a whole hyperinfrastructure of distributed databases cross-cuts a multi-tier hierarchy of computational grids. The crosscutting allows separation of concerns across both the global environment of a federation of computational grids and the local environment of a physicist's computer used for analysis. Very few efforts are on-going in the area of database and grid integration research. Most of these are outside of the U.S. and rely on traditional approaches to secure database access via an extraneous security layer separate from the database system core, preventing efficient data transfers. Our findings are shared by the Database Access and Integration Services Working Group of the Global Grid Forum, who states that 'Research and development activities relating to the Grid have generally focused on applications where data is stored in files. However, in many scientific and commercial domains, database management systems have a central role in data storage, access, organization, authorization, etc, for numerous applications'. There is a clear opportunity for a technological breakthrough, requiring innovative steps to provide high-performance secure database access technologies for grid computing. We believe that an innovative database architecture where the secure

  10. Quantitative Security Risk Assessment of Android Permissions and Applications

    OpenAIRE

    Wang , Yang; Zheng , Jun; Sun , Chen; Mukkamala , Srinivas

    2013-01-01

    Part 6: Mobile Computing; International audience; The booming of the Android platform in recent years has attracted the attention of malware developers. However, the permissions-based model used in Android system to prevent the spread of malware, has shown to be ineffective. In this paper, we propose DroidRisk, a framework for quantitative security risk assessment of both Android permissions and applications (apps) based on permission request patterns from benign apps and malware, which aims ...

  11. Analyzing State Security Risks in South China Sea Conflict

    Directory of Open Access Journals (Sweden)

    Дмитрий Владимирович Пивоваров

    2009-09-01

    Full Text Available The article is devoted to the regional security issues in South East Asia. The author analyses the international relations that go closely to the foreign policy and foreign policy strategy problems. The author proposes risk analysis as a new and promising method in political science to generate foreign policy plans and analyze international conflicts and problems.

  12. Enterprise Architecture-Based Risk and Security Modelling and Analysis

    NARCIS (Netherlands)

    Jonkers, Henk; Quartel, Dick; Kordy, Barbara; Ekstedt, Mathias; Seong Kim, Deng

    2016-01-01

    The growing complexity of organizations and the increasing number of sophisticated cyber attacks asks for a systematic and integral approach to Enterprise Risk and Security Management (ERSM). As enterprise architecture offers the necessary integral perspective, including the business and IT aspects

  13. Reconciling Malicious and Accidental Risk in Cyber Security

    NARCIS (Netherlands)

    Pieters, Wolter; Lukszo, Zofia; Hadziosmanovic, D.; van den Berg, Jan

    Consider the question whether a cyber security investment is cost-effective. The result will depend on the expected frequency of attacks. Contrary to what is referred to as threat event frequencies or hazard rates in safety risk management, frequencies of targeted attacks are not independent from

  14. Managing climatic risks for enhanced food security: Key information capabilities

    NARCIS (Netherlands)

    Balaghi, R.; Badjeck, M.C.; Bakari, D.; Pauw, de E.D.; Wit, de A.J.W.; Defourny, P.; Donato, S.; Gommes, R.; Jlibene, M.; Ravelo, A.C.; Sivakumar, M.V.K.; Telahigue, N.; Tychon, B.

    2010-01-01

    Food security is expected to face increasing challenges from climatic risks that are more and more exacerbated by climate change, especially in the developing world. This document lists some of the main capabilities that have been recently developed, especially in the area of operational

  15. Agent-Based Modelling for Security Risk Assessment

    NARCIS (Netherlands)

    Janssen, S.A.M.; Sharpans'kykh, Alexei; Bajo, J.; Vale, Z.; Hallenborg, K.; Rocha, A.P.; Mathieu, P.; Pawlewski, P.; Del Val, E.; Novais, P.; Lopes, F.; Duque Méndez, N.D.; Julián, V.; Holmgren, J.

    2017-01-01

    Security Risk Assessment is commonly performed by using traditional methods based on linear probabilistic tools and informal expert judgements. These methods lack the capability to take the inherent dynamic and intelligent nature of attackers into account. To partially address the limitations,

  16. Security Risks and Protection in Online Learning: A Survey

    Science.gov (United States)

    Chen, Yong; He, Wu

    2013-01-01

    This paper describes a survey of online learning which attempts to determine online learning providers' awareness of potential security risks and the protection measures that will diminish them. The authors use a combination of two methods: blog mining and a traditional literature search. The findings indicate that, while scholars have…

  17. Security training with interactive laser-video-disk technology

    International Nuclear Information System (INIS)

    Wilson, D.

    1988-01-01

    DOE, through its contractor EG and G Energy Measurements, Inc., has developed a state-of-the-art interactive-video system for use at the Department of Energy's Central Training Academy. Called the Security Training and Evaluation Shooting System (STRESS), the computer-driven decision shooting system employs the latest is laservideo-disk technology. STRESS is designed to provide realistic and stressful training for security inspectors employed by the DOE and its contractors. The system uses wide-screen video projection, sophisticated scenario-branching technology, and customized video scenarios especially designed for the DOE. Firing a weapon that has been modified to shoot ''laser bullets,'' and wearing a special vest that detects ''hits'': the security inspector encounters adversaries on the wide screen who can shoot or be shot by the inspector in scenarios that demand fast decisions. Based on those decisions, the computer provides instantaneous branching to different scenes, giving the inspector confrontational training with the realism and variability of real life

  18. Risk creation in a technological world

    International Nuclear Information System (INIS)

    Kuhlmann, A.

    1989-01-01

    The question ultimately facing mankind is how to establish an appropriate risk acceptance in a technological world. The systematics of the risk concept is explained in 4 theses. They imply that a heavy use of technology is linked to high risk potentials which place heavy demands on technology in coping with them, and that technology ought as far as possible to be adapted to man and the environment ought to remain under man's influence. (DG) [de

  19. NPP physical protection and information security as necessary conditions for reducing nuclear and radiation accident risks

    International Nuclear Information System (INIS)

    Pogosov, O.Yu.; Derevyanko, O.V.

    2017-01-01

    The paper focuses on the fact that nuclear failures and incidents can lead to radioactive contamination of NPP premises. Nuclear and radiation hazard may be caused by malefactors in technological processes when applying computers or inadequate control in case of insufficient level of information security.The researchers performed analysis of factors for reducing risks of nuclear and radiation accidents at NPPs considering specific conditions related to information security of NPP physical protection systems. The paper considers connection of heterogeneous factors that may increase the risk of NPP accidents, possibilities and ways to improve adequate modelling of security of information with limited access directly related to the functioning of automated set of engineering and technical means for NPP physical protection. Within the overall Hutchinson formalization, it is proposed to include additional functional dependencies on indicators specific for NPPs into analysis algorithms.

  20. Food Security, Institutional Framework and Technology: Examining the Nexus in Nigeria Using ARDL Approach.

    Science.gov (United States)

    Osabohien, Romanus; Osabuohien, Evans; Urhie, Ese

    2018-04-01

    Growth in agricultural science and technology is deemed essential for in-creasing agricultural output; reduce the vulnerability of rural poverty and in turn, food security. Food security and growth in agricultural output depends on technological usages, which enhances the pro-ductive capacity of the agricultural sector. The indicators of food security utilised in this study in-clude: dietary energy supply, average value of food production, prevalence of food inadequacy, among others. In this paper, we examined the level of technology and how investment in the agriculture and technology can improve technical know-how in Nigeria with a view to achieving food security. We carried out the analysis on how investment in technology and institutional framework can improve the level of food availability (a key component of food security) in Nigeria using econ-ometric technique based on Autoregressive Distribution Lag (ARDL) framework. The results showed, inter alia, that in Nigeria, there is a high level of food insecurity as a result of low attention on food production occasioned by the pervasive influence of oil that become the major export product. It was noted that the availability of arable land was one of the major factors to increase food production to solve the challenge of food insecurity. Thus, the efforts of reducing the rate of food insecurity are essential in this regards. This can also be achieved, among others, by active interactions between government and farmers, to make contribution to important planning issues that relate to food production in the country and above all, social protection policies should be geared or channelled to agricultural sector to protect farmers who are vulnerable to shocks and avert risks associated with agriculture.

  1. Data security and risk assessment in cloud computing

    Directory of Open Access Journals (Sweden)

    Li Jing

    2018-01-01

    Full Text Available Cloud computing has attracted more and more attention as it reduces the cost of IT infrastructure of organizations. In our country, business Cloud services, such as Alibaba Cloud, Huawei Cloud, QingCloud, UCloud and so on are gaining more and more uses, especially small or median organizations. In the cloud service scenario, the program and data are migrating into cloud, resulting the lack of trust between customers and cloud service providers. However, the recent study on Cloud computing is mainly focused on the service side, while the data security and trust have not been sufficiently studied yet. This paper investigates into the data security issues from data life cycle which includes five steps when an organization uses Cloud computing. A data management framework is given out, including not only the data classification but also the risk management framework. Concretely, the data is divided into two varieties, business and personal information. And then, four classification levels (high, medium, low, normal according to the different extent of the potential adverse effect is introduced. With the help of classification, the administrators can identify the application or data to implement corresponding security controls. At last, the administrators conduct the risk assessment to alleviate the risk of data security. The trust between customers and cloud service providers will be strengthen through this way.

  2. Breach Risk Magnitude: A Quantitative Measure of Database Security.

    Science.gov (United States)

    Yasnoff, William A

    2016-01-01

    A quantitative methodology is described that provides objective evaluation of the potential for health record system breaches. It assumes that breach risk increases with the number of potential records that could be exposed, while it decreases when more authentication steps are required for access. The breach risk magnitude (BRM) is the maximum value for any system user of the common logarithm of the number of accessible database records divided by the number of authentication steps needed to achieve such access. For a one million record relational database, the BRM varies from 5.52 to 6 depending on authentication protocols. For an alternative data architecture designed specifically to increase security by separately storing and encrypting each patient record, the BRM ranges from 1.3 to 2.6. While the BRM only provides a limited quantitative assessment of breach risk, it may be useful to objectively evaluate the security implications of alternative database organization approaches.

  3. L-Band Digital Aeronautical Communications System Engineering - Initial Safety and Security Risk Assessment and Mitigation

    Science.gov (United States)

    Zelkin, Natalie; Henriksen, Stephen

    2011-01-01

    This document is being provided as part of ITT's NASA Glenn Research Center Aerospace Communication Systems Technical Support (ACSTS) contract NNC05CA85C, Task 7: "New ATM Requirements--Future Communications, C-Band and L-Band Communications Standard Development." ITT has completed a safety hazard analysis providing a preliminary safety assessment for the proposed L-band (960 to 1164 MHz) terrestrial en route communications system. The assessment was performed following the guidelines outlined in the Federal Aviation Administration Safety Risk Management Guidance for System Acquisitions document. The safety analysis did not identify any hazards with an unacceptable risk, though a number of hazards with a medium risk were documented. This effort represents a preliminary safety hazard analysis and notes the triggers for risk reassessment. A detailed safety hazards analysis is recommended as a follow-on activity to assess particular components of the L-band communication system after the technology is chosen and system rollout timing is determined. The security risk analysis resulted in identifying main security threats to the proposed system as well as noting additional threats recommended for a future security analysis conducted at a later stage in the system development process. The document discusses various security controls, including those suggested in the COCR Version 2.0.

  4. Flood Risk Assessment Based On Security Deficit Analysis

    Science.gov (United States)

    Beck, J.; Metzger, R.; Hingray, B.; Musy, A.

    Risk is a human perception: a given risk may be considered as acceptable or unac- ceptable depending on the group that has to face that risk. Flood risk analysis of- ten estimates economic losses from damages, but neglects the question of accept- able/unacceptable risk. With input from land use managers, politicians and other stakeholders, risk assessment based on security deficit analysis determines objects with unacceptable risk and their degree of security deficit. Such a risk assessment methodology, initially developed by the Swiss federal authorities, is illustrated by its application on a reach of the Alzette River (Luxembourg) in the framework of the IRMA-SPONGE FRHYMAP project. Flood risk assessment always involves a flood hazard analysis, an exposed object vulnerability analysis, and an analysis combing the results of these two previous analyses. The flood hazard analysis was done with the quasi-2D hydraulic model FldPln to produce flood intensity maps. Flood intensity was determined by the water height and velocity. Object data for the vulnerability analysis, provided by the Luxembourg government, were classified according to their potential damage. Potential damage is expressed in terms of direct, human life and secondary losses. A thematic map was produced to show the object classification. Protection goals were then attributed to the object classes. Protection goals are assigned in terms of an acceptable flood intensity for a certain flood frequency. This is where input from land use managers and politicians comes into play. The perception of risk in the re- gion or country influences the protection goal assignment. Protection goals as used in Switzerland were used in this project. Thematic maps showing the protection goals of each object in the case study area for a given flood frequency were produced. Com- parison between an object's protection goal and the intensity of the flood that touched the object determine the acceptability of the risk and the

  5. Automated procedure for performing computer security risk analysis

    International Nuclear Information System (INIS)

    Smith, S.T.; Lim, J.J.

    1984-05-01

    Computers, the invisible backbone of nuclear safeguards, monitor and control plant operations and support many materials accounting systems. Our automated procedure to assess computer security effectiveness differs from traditional risk analysis methods. The system is modeled as an interactive questionnaire, fully automated on a portable microcomputer. A set of modular event trees links the questionnaire to the risk assessment. Qualitative scores are obtained for target vulnerability, and qualitative impact measures are evaluated for a spectrum of threat-target pairs. These are then combined by a linguistic algebra to provide an accurate and meaningful risk measure. 12 references, 7 figures

  6. RiskREP : risk-based security requirements elicitation and prioritization

    NARCIS (Netherlands)

    Herrmann, A.; Morali, A.; Etalle, S.; Wieringa, R.J.

    2011-01-01

    Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement "good-enough security" but need to be able to justify their security investment plans. In this paper, we present a Risk-Based

  7. Physical security and IT convergence: Managing the cyber-related risks.

    Science.gov (United States)

    McCreight, Tim; Leece, Doug

    The convergence of physical security devices into the corporate network is increasing, due to the perceived economic benefits and efficiencies gained from using one enterprise network. Bringing these two networks together is not without risk. Physical devices like closed circuit television cameras (CCTV), card access readers, and heating, ventilation and air conditioning controllers (HVAC) are typically not secured to the standards we expect for corporate computer networks. These devices can pose significant risks to the corporate network by creating new avenues to exploit vulnerabilities in less-than-secure implementations of physical systems. The ASIS Information Technology Security Council (ITSC) developed a white paper describing steps organisations can take to reduce the risks this convergence can pose, and presented these concepts at the 2015 ASIS/ISC2 Congress in Anaheim, California. 1 This paper expands upon the six characteristics described by ITSC, and provides business continuity planners with information on how to apply these recommendations to physical security devices that use the corporate network.

  8. The Algorithm Analysis of E-Commerce Security Issues for Online Payment Transaction System in Banking Technology

    OpenAIRE

    Barskar, Raju; Deen, Anjana Jayant; Bharti, Jyoti; Ahmed, Gulfishan Firdose

    2010-01-01

    E-Commerce offers the banking industry great opportunity, but also creates a set of new risks and vulnerability such as security threats. Information security, therefore, is an essential management and technical requirement for any efficient and effective Payment transaction activities over the internet. Still, its definition is a complex endeavor due to the constant technological and business change and requires a coordinated match of algorithm and technical solutions. Ecommerce is not appro...

  9. Cyber Security Risk Assessment for the KNICS Safety Systems

    International Nuclear Information System (INIS)

    Lee, C. K.; Park, G. Y.; Lee, Y. J.; Choi, J. G.; Kim, D. H.; Lee, D. Y.; Kwon, K. C.

    2008-01-01

    In the Korea Nuclear I and C Systems Development (KNICS) project the platforms for plant protection systems are developed, which function as a reactor shutdown, actuation of engineered safety features and a control of the related equipment. Those are fully digitalized through the use of safety-grade programmable logic controllers (PLCs) and communication networks. In 2006 the Regulatory Guide 1.152 (Rev. 02) was published by the U.S. NRC and it describes the application of a cyber security to the safety systems in the Nuclear Power Plant (NPP). Therefore it is required that the new requirements are incorporated into the developed platforms to apply to NPP, and a cyber security risk assessment is performed. The results of the assessment were input for establishing the cyber security policies and planning the work breakdown to incorporate them

  10. 77 FR 59407 - Homeland Security Science and Technology Advisory Committee (HSSTAC)

    Science.gov (United States)

    2012-09-27

    ... Secretary for Science and Technology, such as new developments in systems engineering, cyber-security... Security Challenges; Accelerating Innovation Through Systems Analysis; and Leveraging Industry for Impact... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2012-0053] Homeland Security Science and...

  11. 78 FR 14101 - Homeland Security Science and Technology Advisory Committee (HSSTAC)

    Science.gov (United States)

    2013-03-04

    ... Secretary for Science and Technology, such as new developments in systems engineering, cyber-security... HSSTAC input on how to improve that collaboration. --Cyber Security and the evolution of the Cyber... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2013-0014] Homeland Security Science and...

  12. 78 FR 66949 - Homeland Security Science and Technology Advisory Committee (HSSTAC)

    Science.gov (United States)

    2013-11-07

    ... Technology, such as new developments in systems engineering, cyber-security, knowledge management and how... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2013-0071] Homeland Security Science and... Management; Notice of Federal Advisory Committee Meeting. SUMMARY: The Homeland Security Science and...

  13. Risk assessment for sustainable food security in China according to integrated food security--taking Dongting Lake area for example.

    Science.gov (United States)

    Qi, Xiaoxing; Liu, Liming; Liu, Yabin; Yao, Lan

    2013-06-01

    Integrated food security covers three aspects: food quantity security, food quality security, and sustainable food security. Because sustainable food security requires that food security must be compatible with sustainable development, the risk assessment of sustainable food security is becoming one of the most important issues. This paper mainly focuses on the characteristics of sustainable food security problems in the major grain-producing areas in China. We establish an index system based on land resources and eco-environmental conditions and apply a dynamic assessment method based on status assessments and trend analysis models to overcome the shortcomings of the static evaluation method. Using fuzzy mathematics, the risks are categorized into four grades: negligible risk, low risk, medium risk, and high risk. A case study was conducted in one of China's major grain-producing areas: Dongting Lake area. The results predict that the status of the sustainable food security in the Dongting Lake area is unsatisfactory for the foreseeable future. The number of districts at the medium-risk range will increase from six to ten by 2015 due to increasing population pressure, a decrease in the cultivated area, and a decrease in the effective irrigation area. Therefore, appropriate policies and measures should be put forward to improve it. The results could also provide direct support for an early warning system-which could be used to monitor food security trends or nutritional status so to inform policy makers of impending food shortages-to prevent sustainable food security risk based on some classical systematic methods. This is the first research of sustainable food security in terms of risk assessment, from the perspective of resources and the environment, at the regional scale.

  14. Electricity Generation in Fiji: Assessing the Impact of Renewable Technologies on Costs and Financial Risk

    OpenAIRE

    Dornan, Matthew; Jotzo, Frank

    2011-01-01

    In recent years, renewable energy technologies have been advocated in Fiji on the basis that they improve energy security and serve as a risk-mitigation measure against oil price volatility. Despite this, there have been few attempts to measure the impact of renewable technologies on energy security. That analysis is important if the benefits of renewable energy technologies in Fiji are to be adequately evaluated. This paper develops and applies a method for assessing the potential contributi...

  15. The Department of Energy's safeguards and security technology development program

    International Nuclear Information System (INIS)

    Smith, G.D.; Pocratsky, C.A.

    1995-01-01

    The US DOE has had a program that develops technologies to protect sensitive nuclear weapons facilities for more than thirty years. The mission of the program is overwhelmingly diverse, as it must be to protect an array of assets such as nuclear weapons, special nuclear material in various forms, components of nuclear weapons, and classified nuclear weapons design information. Considering that the nuclear weapons complex consists of dozens of facilities that are scattered all over the US, the technology development mission is very challenging. Complicating matters further is the ever uncertain future of the DOE. Some examples of dramatic Departmental mission changes that directly impact their security technology development program are given. A few development efforts are highlighted as examples of efforts currently being sponsored. They are: automated sensor testing devices to help reduce the requirement for personnel to enter vaults containing highly radioactive nuclear materials; a vehicle inspection portal to screen vehicles for hidden passengers, nuclear material, explosives, and other contraband; non-lead and short-range ammunition as an environmentally safe alternative to lead ammunition; a complex-wide visitor access control system to allow all DOE employees to travel to all sites with a commonly recognized credential; automated nuclear material monitoring technologies to provide assurance that material in storage has not been tampered with; laser radar as a potential solution to early warning deficiencies throughout the Department; performance testing standards for many security products to include an automated and consistent standard for assessing the quality of video; low temperature pyrotechnic smoke as a possible adversary delay mechanism; modular vaults to provide temporary protection for nuclear material during D and D activities, and a protection approach for restricted passage areas such as the volume above a tiled ceiling or within a crawl space

  16. AUTOCHTHONOUS APPROACHING IN THE MANAGEMENT OF THE SECURITY RISK

    Directory of Open Access Journals (Sweden)

    Burtescu Emil

    2008-05-01

    Full Text Available An optimal management for a corporation, no matter what size the corporation is, it must contain the management of the security risk. On the importance that is given to the risk management can depend the well functioning of the corporation. An important role in this process has the owner of the business and the way that this one understands the risk. A good understanding of the risk by the owner will have as effect the allocation of sufficient funds to implement controls meant to bring the risk level in order to be an acceptable one. The autochthonous corporations, in a great part even because of the inexistence of reglementations in this domain, have an empiric approach of the phenomena.

  17. Public assessment of new surveillance-oriented security technologies: Beyond the trade-off between privacy and security.

    Science.gov (United States)

    Pavone, Vincenzo; Esposti, Sara Degli

    2012-07-01

    As surveillance-oriented security technologies (SOSTs) are considered security enhancing but also privacy infringing, citizens are expected to trade part of their privacy for higher security. Drawing from the PRISE project, this study casts some light on how citizens actually assess SOSTs through a combined analysis of focus groups and survey data. First, the outcomes suggest that people did not assess SOSTs in abstract terms but in relation to the specific institutional and social context of implementation. Second, from this embedded viewpoint, citizens either expressed concern about government's surveillance intentions and considered SOSTs mainly as privacy infringing, or trusted political institutions and believed that SOSTs effectively enhanced their security. None of them, however, seemed to trade privacy for security because concerned citizens saw their privacy being infringed without having their security enhanced, whilst trusting citizens saw their security being increased without their privacy being affected.

  18. Technology adoption and food security: the role of the Nigerian ...

    African Journals Online (AJOL)

    The focus of this paper is on the potential role of the Nigerian Agricultural Insurance Scheme (NAIS) in protecting the farmer from the plethora of risks associated with the transfer and introduction of modern technologies. The scheme can improve farmers' access to credit when the insurance contract is used as collateral for ...

  19. Technologies for security, military police and professional policing organizations, the Department of Energy perspective

    International Nuclear Information System (INIS)

    Steele, B.J.

    1996-01-01

    There are many technologies emerging from this decade that can be used to help the law enforcement community protect the public as well as public and private facilities against ever increasing threats to this country and its resources. These technologies include sensors, closed circuit television (CCTV), access control, contraband detection, communications, control and display, barriers, and various component and system modeling techniques. This paper will introduce some of the various technologies that have been examined for the Department of Energy that could be applied to various law enforcement applications. They include: (1) scannerless laser radar; (2) next generation security systems; (3) response force video information helmet system; (4) access delay technologies; (5) rapidly deployable intrusion detection systems; and (6) cost risk benefit analysis

  20. Using Financial Instruments to Transfer the Information Security Risks

    OpenAIRE

    Pankaj Pandey; Einar Snekkenes

    2016-01-01

    For many individuals and organizations, cyber-insurance is the most practical and only way of handling a major financial impact of an information security event. However, the cyber-insurance market suffers from the problem of information asymmetry, lack of product diversity, illiquidity, high transaction cost, and so on. On the other hand, in theory, capital market-based financial instruments can provide a risk transfer mechanism with the ability to absorb the adverse impact of an information...

  1. A cyber security risk assessment for the design of I and C system in nuclear power plants

    International Nuclear Information System (INIS)

    Song, Jae Gu; Lee, Jung Woon; Lee, Cheal Kwon; Kwon, Kee Choon; Lee, Dong Young

    2012-01-01

    The applications of computers and communication system and network technologies in nuclear power plants have expanded recently. This application of digital technologies to the instrumentation and control systems of nuclear power plants brings with it the cyber security concerns similar to other critical infrastructures. Cyber security risk assessments for digital instrumentation and control systems have become more crucial in the development of new systems and in the operation of existing systems. Although the instrumentation and control systems of nuclear power plants are similar to industrial control systems, the former have specifications that differ from the latter in terms of architecture and function, in order to satisfy nuclear safety requirements, which need different methods for the application of cyber security risk assessment. In this paper, the characteristics of nuclear power plant instrumentation and control systems are described, and the considerations needed when conducting cyber security risk assessments in accordance with the life cycle process of instrumentation and control systems are discussed. For cyber security risk assessments of instrumentation and control systems, the activities and considerations necessary for assessments during the system design phase or component design and equipment supply phase are presented in the following 6 steps: 1) System Identification and Cyber Security Modeling, 2) Asset and Impact Analysis, 3) Threat Analysis, 4) Vulnerability Analysis, 5) Security Control Design, and 6) Penetration test. The results from an application of the method to a digital reactor protection system are described.

  2. A cyber security risk assessment for the design of I and C system in nuclear power plants

    Energy Technology Data Exchange (ETDEWEB)

    Song, Jae Gu; Lee, Jung Woon; Lee, Cheal Kwon; Kwon, Kee Choon; Lee, Dong Young [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of)

    2012-12-15

    The applications of computers and communication system and network technologies in nuclear power plants have expanded recently. This application of digital technologies to the instrumentation and control systems of nuclear power plants brings with it the cyber security concerns similar to other critical infrastructures. Cyber security risk assessments for digital instrumentation and control systems have become more crucial in the development of new systems and in the operation of existing systems. Although the instrumentation and control systems of nuclear power plants are similar to industrial control systems, the former have specifications that differ from the latter in terms of architecture and function, in order to satisfy nuclear safety requirements, which need different methods for the application of cyber security risk assessment. In this paper, the characteristics of nuclear power plant instrumentation and control systems are described, and the considerations needed when conducting cyber security risk assessments in accordance with the life cycle process of instrumentation and control systems are discussed. For cyber security risk assessments of instrumentation and control systems, the activities and considerations necessary for assessments during the system design phase or component design and equipment supply phase are presented in the following 6 steps: 1) System Identification and Cyber Security Modeling, 2) Asset and Impact Analysis, 3) Threat Analysis, 4) Vulnerability Analysis, 5) Security Control Design, and 6) Penetration test. The results from an application of the method to a digital reactor protection system are described.

  3. A review of game theory approach to cyber security risk management

    African Journals Online (AJOL)

    A review of game theory approach to cyber security risk management. ... This paper presents a review of game theoretic-based model for cyber security risk management. Specifically, issues on ... AJOL African Journals Online. HOW TO USE ...

  4. Clinicians, security and information technology support services in practice settings--a pilot study.

    Science.gov (United States)

    Fernando, Juanita

    2010-01-01

    This case study of 9 information technology (IT) support staff in 3 Australian (Victoria) public hospitals juxtaposes their experiences at the user-level of eHealth security in the Natural Hospital Environment with that previously reported by 26 medical, nursing and allied healthcare clinicians. IT support responsibilities comprised the entire hospital, of which clinician eHealth security needs were only part. IT staff believed their support tasks were often fragmented while work responsibilities were hampered by resources shortages. They perceived clinicians as an ongoing security risk to private health information. By comparison clinicians believed IT staff would not adequately support the private and secure application of eHealth for patient care. Preliminary data analysis suggests the tension between these cohorts manifests as an eHealth environment where silos of clinical work are disconnected from silos of IT support work. The discipline-based silos hamper health privacy outcomes. Privacy and security policies, especially those influencing the audit process, will benefit by further research of this phenomenon.

  5. 76 FR 41274 - Committee Name: Homeland Security Science and Technology Advisory Committee (HSSTAC)

    Science.gov (United States)

    2011-07-13

    ..., cyber-security, knowledge management and how best to leverage related technologies funded by other... Science and Technology Advisory Committee (HSSTAC) ACTION: Committee Management; Notice of Federal... FURTHER INFORMATION CONTACT: Mary Hanson, HSSTAC Executive Director, Science and Technology Directorate...

  6. Cyber security risk assessment for SCADA and DCS networks.

    Science.gov (United States)

    Ralston, P A S; Graham, J H; Hieb, J L

    2007-10-01

    The growing dependence of critical infrastructures and industrial automation on interconnected physical and cyber-based control systems has resulted in a growing and previously unforeseen cyber security threat to supervisory control and data acquisition (SCADA) and distributed control systems (DCSs). It is critical that engineers and managers understand these issues and know how to locate the information they need. This paper provides a broad overview of cyber security and risk assessment for SCADA and DCS, introduces the main industry organizations and government groups working in this area, and gives a comprehensive review of the literature to date. Major concepts related to the risk assessment methods are introduced with references cited for more detail. Included are risk assessment methods such as HHM, IIM, and RFRM which have been applied successfully to SCADA systems with many interdependencies and have highlighted the need for quantifiable metrics. Presented in broad terms is probability risk analysis (PRA) which includes methods such as FTA, ETA, and FEMA. The paper concludes with a general discussion of two recent methods (one based on compromise graphs and one on augmented vulnerability trees) that quantitatively determine the probability of an attack, the impact of the attack, and the reduction in risk associated with a particular countermeasure.

  7. A comprehensive Network Security Risk Model for process control networks.

    Science.gov (United States)

    Henry, Matthew H; Haimes, Yacov Y

    2009-02-01

    The risk of cyber attacks on process control networks (PCN) is receiving significant attention due to the potentially catastrophic extent to which PCN failures can damage the infrastructures and commodity flows that they support. Risk management addresses the coupled problems of (1) reducing the likelihood that cyber attacks would succeed in disrupting PCN operation and (2) reducing the severity of consequences in the event of PCN failure or manipulation. The Network Security Risk Model (NSRM) developed in this article provides a means of evaluating the efficacy of candidate risk management policies by modeling the baseline risk and assessing expectations of risk after the implementation of candidate measures. Where existing risk models fall short of providing adequate insight into the efficacy of candidate risk management policies due to shortcomings in their structure or formulation, the NSRM provides model structure and an associated modeling methodology that captures the relevant dynamics of cyber attacks on PCN for risk analysis. This article develops the NSRM in detail in the context of an illustrative example.

  8. Communicating Health Risks under Pressure: Homeland Security Applications

    International Nuclear Information System (INIS)

    Garrahan, K.G.; Collie, S.L.

    2006-01-01

    The U.S. Environmental Protection Agency's (EPA) Office of Research and Development (ORD) Threat and Consequence Assessment Division (TCAD) within the National Homeland Security Research Center (NHSRC) has developed a tool for rapid communication of health risks and likelihood of exposure in preparation for terrorist incidents. The Emergency Consequence Assessment Tool (ECAT) is a secure web-based tool designed to make risk assessment and consequence management faster and easier for high priority terrorist threat scenarios. ECAT has been designed to function as 'defensive play-book' for health advisors, first responders, and decision-makers by presenting a series of evaluation templates for priority scenarios that can be modified for site-specific applications. Perhaps most importantly, the risk communication aspect is considered prior to an actual release event, so that management or legal advisors can concur on general risk communication content in preparation for press releases that can be anticipated in case of an actual emergency. ECAT serves as a one-stop source of information for retrieving toxicological properties for agents of concern, estimating exposure to these agents, characterizing health risks, and determining what actions need to be undertaken to mitigate the risks. ECAT has the capability to be used at a command post where inputs can be checked and communicated while the response continues in real time. This front-end planning is intended to fill the gap most commonly identified during tabletop exercises: a need for concise, timely, and informative risk communication to all parties. Training and customization of existing chemical and biological release scenarios with modeling of exposure to air and water, along with custom risk communication 'messages' intended for public, press, shareholders, and other partners enable more effective communication during times of crisis. For DOE, the ECAT could serve as a prototype that would be amenable to

  9. Anticipating Interruptions. Security and risk in a liberalized electricity infrastructure

    Energy Technology Data Exchange (ETDEWEB)

    Silvast, A.

    2013-11-01

    During the past ten years, a number of social scientists have emphasized the importance of material infrastructures like electricity supply as a research topic for the social sciences. The developing of such new perspectives concerning infrastructures also includes uncertainties and risks. This research analyzes the management of uncertainties in the Finnish electricity infrastructure by posing the following research question: how are electricity interruptions, or blackouts, anticipated in Finland and how are these interruptions managed as risks? The main research methodology of the work is multi-sited field work. The empirical materials include interviews with experts and lay people (33 interviews); participant observation in two electricity control rooms; an electricity consumer survey (115 respondents); and also a number of infrastructure and security policy documents and observations from electricity security seminars. The materials were primarily gathered between 2004 and 2008. Social science research often links risks with major current social changes or socio-cultural risk perceptions. In recent international social science discussions, however, a new research topic has emerged - those styles of reasoning and techniques of governance that are deployed to manage risk as a practical matter. My study explores these themes empirically by focusing on the specific habitual practices of risk management in the Finnish electricity infrastructure. The work develops various also semi-ethnographic inquiries into infrastructure risk techniques like monitor screening of real-time risks in electricity control rooms; the management of risks in a liberalized electricity market; the emergence of Finnish reasoning about blackouts from a specific historical background; and the ways in which electricity consumers respond to blackouts in their homes. In addition, the work reflects upon the position of a risk researcher in those situations when the research subjects do not define

  10. Intelligent Facial Recognition Systems: Technology advancements for security applications

    Energy Technology Data Exchange (ETDEWEB)

    Beer, C.L.

    1993-07-01

    Insider problems such as theft and sabotage can occur within the security and surveillance realm of operations when unauthorized people obtain access to sensitive areas. A possible solution to these problems is a means to identify individuals (not just credentials or badges) in a given sensitive area and provide full time personnel accountability. One approach desirable at Department of Energy facilities for access control and/or personnel identification is an Intelligent Facial Recognition System (IFRS) that is non-invasive to personnel. Automatic facial recognition does not require the active participation of the enrolled subjects, unlike most other biological measurement (biometric) systems (e.g., fingerprint, hand geometry, or eye retinal scan systems). It is this feature that makes an IFRS attractive for applications other than access control such as emergency evacuation verification, screening, and personnel tracking. This paper discusses current technology that shows promising results for DOE and other security applications. A survey of research and development in facial recognition identified several companies and universities that were interested and/or involved in the area. A few advanced prototype systems were also identified. Sandia National Laboratories is currently evaluating facial recognition systems that are in the advanced prototype stage. The initial application for the evaluation is access control in a controlled environment with a constant background and with cooperative subjects. Further evaluations will be conducted in a less controlled environment, which may include a cluttered background and subjects that are not looking towards the camera. The outcome of the evaluations will help identify areas of facial recognition systems that need further development and will help to determine the effectiveness of the current systems for security applications.

  11. The research of network database security technology based on web service

    Science.gov (United States)

    Meng, Fanxing; Wen, Xiumei; Gao, Liting; Pang, Hui; Wang, Qinglin

    2013-03-01

    Database technology is one of the most widely applied computer technologies, its security is becoming more and more important. This paper introduced the database security, network database security level, studies the security technology of the network database, analyzes emphatically sub-key encryption algorithm, applies this algorithm into the campus-one-card system successfully. The realization process of the encryption algorithm is discussed, this method is widely used as reference in many fields, particularly in management information system security and e-commerce.

  12. Security Events and Vulnerability Data for Cybersecurity Risk Estimation.

    Science.gov (United States)

    Allodi, Luca; Massacci, Fabio

    2017-08-01

    Current industry standards for estimating cybersecurity risk are based on qualitative risk matrices as opposed to quantitative risk estimates. In contrast, risk assessment in most other industry sectors aims at deriving quantitative risk estimations (e.g., Basel II in Finance). This article presents a model and methodology to leverage on the large amount of data available from the IT infrastructure of an organization's security operation center to quantitatively estimate the probability of attack. Our methodology specifically addresses untargeted attacks delivered by automatic tools that make up the vast majority of attacks in the wild against users and organizations. We consider two-stage attacks whereby the attacker first breaches an Internet-facing system, and then escalates the attack to internal systems by exploiting local vulnerabilities in the target. Our methodology factors in the power of the attacker as the number of "weaponized" vulnerabilities he/she can exploit, and can be adjusted to match the risk appetite of the organization. We illustrate our methodology by using data from a large financial institution, and discuss the significant mismatch between traditional qualitative risk assessments and our quantitative approach. © 2017 Society for Risk Analysis.

  13. Nuclear science, technology and innovation in Canada - securing the future

    Energy Technology Data Exchange (ETDEWEB)

    Walker, R.S. [Atomic Energy of Canada Limited, Chalk River, ON (Canada)

    2014-07-01

    As a Tier 1 Nuclear Nation, Canada has a rich and proud history of achievement in nuclear Science, Technology and Innovation (ST&I) -- from commercializing the CANDU power system around the world, advancing fuel technology and nuclear safety, to protecting human health through nuclear medicine and cancer therapy technology. Today, the nuclear industry in Canada is actively working to secure its promising, long-term place in the world and is embracing the change necessary to fulfill the enormous potential for good of nuclear technology. For its part, the Canadian Government is taking a bold new public policy approach to nuclear ST&I, by restructuring its large, multi-faceted AECL Nuclear Laboratories. Through the restructuring, AECL, as Canada's premier nuclear science and technology organization, will be better positioned for success via an incentivized 'Government-owned-Contractor-operated', private-sector management model. The aim of this new approach is to enhance and grow high-value nuclear innovation for the marketplace, strengthen the competitiveness of Canada's nuclear sector, and reduce costs to the Government of Canada with time. This approach will play a key role in ensuring a bright future for the Canadian Nuclear Industry domestically and globally as it launches its 25-year Vision and Action Plan, where one of the priority action areas is support for a strong, forward-looking, nuclear ST&I agenda. As the new model for the Nuclear Laboratories is moved forward by the Government, with the support of AECL and industry, Canada's nuclear expertise and knowledge continue to be expanded and deepened through the work of the Laboratories' ten Centres of Excellence, where AECL's fundamental approach is guided by the reality that ST&I is needed in all aspects of the nuclear cycle, including decommissioning, waste management and environmental protection. (author)

  14. Augmenting Space Technology Program Management with Secure Cloud & Mobile Services

    Science.gov (United States)

    Hodson, Robert F.; Munk, Christopher; Helble, Adelle; Press, Martin T.; George, Cory; Johnson, David

    2017-01-01

    The National Aeronautics and Space Administration (NASA) Game Changing Development (GCD) program manages technology projects across all NASA centers and reports to NASA headquarters regularly on progress. Program stakeholders expect an up-to-date, accurate status and often have questions about the program's portfolio that requires a timely response. Historically, reporting, data collection, and analysis were done with manual processes that were inefficient and prone to error. To address these issues, GCD set out to develop a new business automation solution. In doing this, the program wanted to leverage the latest information technology platforms and decided to utilize traditional systems along with new cloud-based web services and gaming technology for a novel and interactive user environment. The team also set out to develop a mobile solution for anytime information access. This paper discusses a solution to these challenging goals and how the GCD team succeeded in developing and deploying such a system. The architecture and approach taken has proven to be effective and robust and can serve as a model for others looking to develop secure interactive mobile business solutions for government or enterprise business automation.

  15. 14 CFR 1274.937 - Security requirements for unclassified information technology resources.

    Science.gov (United States)

    2010-01-01

    ... information technology resources. 1274.937 Section 1274.937 Aeronautics and Space NATIONAL AERONAUTICS AND... Conditions § 1274.937 Security requirements for unclassified information technology resources. Security Requirements for Unclassified Information Technology Resources July 2002 (a) The Recipient shall be responsible...

  16. 48 CFR 652.239-70 - Information Technology Security Plan and Accreditation.

    Science.gov (United States)

    2010-10-01

    ... 48 Federal Acquisition Regulations System 4 2010-10-01 2010-10-01 false Information Technology... Clauses 652.239-70 Information Technology Security Plan and Accreditation. As prescribed in 639.107-70(a), insert the following provision: Information Technology Security Plan and Accreditation (SEP 2007) All...

  17. 48 CFR 1252.239-71 - Information technology security plan and accreditation.

    Science.gov (United States)

    2010-10-01

    ... 48 Federal Acquisition Regulations System 5 2010-10-01 2010-10-01 false Information technology... Provisions and Clauses 1252.239-71 Information technology security plan and accreditation. As prescribed in (TAR) 48 CFR 1239.70, insert the following provision: Information Technology Security Plan and...

  18. Privacy and Security within Biobanking: The Role of Information Technology.

    Science.gov (United States)

    Heatherly, Raymond

    2016-03-01

    Along with technical issues, biobanking frequently raises important privacy and security issues that must be resolved as biobanks continue to grow in scale and scope. Consent mechanisms currently in use range from fine-grained to very broad, and in some cases participants are offered very few privacy protections. However, developments in information technology are bringing improvements. New programs and systems are being developed to allow researchers to conduct analyses without distributing the data itself offsite, either by allowing the investigator to communicate with a central computer, or by having each site participate in meta-analysis that results in a shared statistic or final significance result. The implementation of security protocols into the research biobanking setting requires three key elements: authentication, authorization, and auditing. Authentication is the process of making sure individuals are who they claim to be, frequently through the use of a password, a key fob, or a physical (i.e., retinal or fingerprint) scan. Authorization involves ensuring that every individual who attempts an action has permission to do that action. Finally, auditing allows for actions to be logged so that inappropriate or unethical actions can later be traced back to their source. © 2016 American Society of Law, Medicine & Ethics.

  19. Security risks in nuclear waste management: Exceptionalism, opaqueness and vulnerability.

    Science.gov (United States)

    Vander Beken, Tom; Dorn, Nicholas; Van Daele, Stijn

    2010-01-01

    This paper analyses some potential security risks, concerning terrorism or more mundane forms of crime, such as fraud, in management of nuclear waste using a PEST scan (of political, economic, social and technical issues) and some insights of criminologists on crime prevention. Nuclear waste arises as spent fuel from ongoing energy generation or other nuclear operations, operational contamination or emissions, and decommissioning of obsolescent facilities. In international and EU political contexts, nuclear waste management is a sensitive issue, regulated specifically as part of the nuclear industry as well as in terms of hazardous waste policies. The industry involves state, commercial and mixed public-private bodies. The social and cultural dimensions--risk, uncertainty, and future generations--resonate more deeply here than in any other aspect of waste management. The paper argues that certain tendencies in regulation of the industry, claimed to be justified on security grounds, are decreasing transparency and veracity of reporting, opening up invisible spaces for management frauds, and in doing allowing a culture of impunity in which more serious criminal or terrorist risks could arise. What is needed is analysis of this 'exceptional' industry in terms of the normal cannons of risk assessment - a task that this paper begins. Copyright 2009 Elsevier Ltd. All rights reserved.

  20. Science and technology and their implications for peace and security

    International Nuclear Information System (INIS)

    1990-01-01

    The issue of scientific and technological developments in relation to international peace and security has recently attracted a great deal of interest in the international community, due partly to their enormous potential for the well-being of humanity and also to their enormous implications for instability in the world, an instability characterized as the 'quantitative arms race'. There is a growing concern that, in parallel with 'quantitative disarmament' between the major Powers and the East and West Europe, a new rivalry might develop and extend to the quantitative improvement of weapons, with world-wide consequences. The General Assembly of United Nations has considered this problem and adopted several resolutions on the matter. There has been a great deal of interest in the continuation of international dialogue on the subject

  1. Advanced Technologies for Intelligent Systems of National Border Security

    CERN Document Server

    Simek, Krzysztof; Świerniak, Andrzej

    2013-01-01

    One of the world’s leading problems in the field of national security is protection of borders and borderlands. This book addresses multiple issues on advanced innovative methods of multi-level control of both ground (UGVs) and aerial drones (UAVs). Those objects combined with innovative algorithms become autonomous objects capable of patrolling chosen borderland areas by themselves and automatically inform the operator of the system about potential place of detection of a specific incident. This is achieved by using sophisticated methods of generation of non-collision trajectory for those types of objects and enabling automatic integration of both ground and aerial unmanned vehicles. The topics included in this book also cover presentation of complete information and communication technology (ICT) systems capable of control, observation and detection of various types of incidents and threats. This book is a valuable source of information for constructors and developers of such solutions for uniformed servi...

  2. Problems in the communication of technological risks

    International Nuclear Information System (INIS)

    Wiedemann, P.M.; Hennen, L.

    1989-01-01

    The authors discuss the problems in the communication of technological risks. They show that - contrary to a current popular belief - acceptance problems are not attributable to information deficits: such problems are caused rather by the fact that risks are perceived differently by the various groups in science, industry, politics and the larger public. Nevertheless, improved information about technology may help to find acceptable compromises and, thus, to prevent social conflicts to erupt over technology and to geopardize the basic political consensus. (orig.) [de

  3. Review of the model of technological pragmatism considering privacy and security

    Directory of Open Access Journals (Sweden)

    Kovačević-Lepojević Marina M.

    2013-01-01

    Full Text Available The model of technological pragmatism assumes awareness that technological development involves both benefits and dangers. Most modern security technologies represent citizens' mass surveillance tools, which can lead to compromising a significant amount of personal data due to the lack of institutional monitoring and control. On the other hand, people are interested in improving crime control and reducing the fear of potential victimization which this framework provides as a rational justification for the apparent loss of privacy, personal rights and freedoms. Citizens' perception on the categories of security and privacy, and their balancing, can provide the necessary guidelines to regulate the application of security technologies in the actual context. The aim of this paper is to analyze the attitudes of students at the University of Belgrade (N = 269 toward the application of security technology and identification of the key dimensions. On the basis of the relevant research the authors have formed assumptions about the following dimensions: security, privacy, trust in institutions and concern about the misuse of security technology. The Prise Questionnaire on Security Technology and Privacy was used for data collection. Factor analysis abstracted eight factors which together account for 58% of variance, with the highest loading of the four factors that are identified as security, privacy, trust and concern. The authors propose a model of technological pragmatism considering security and privacy. The data also showed that students are willing to change their privacy for the purpose of improving security and vice versa.

  4. Building Psychological Contracts in Security-Risk Environments

    DEFF Research Database (Denmark)

    Ramirez, Jacobo; Madero, Sergio; Vélez-Zapata, Claudia

    2015-01-01

    This paper examines the reciprocal obligations between employers and employees that are framed as psychological contracts in security-risk environments. A total of 30 interviews based on psychological contract frameworks, duty-of-care strategies in terms of human resource management (HRM) systems...... and the impacts of narcoterrorism on firms were conducted with human resources (HR) personnel, line managers and subordinates at eight national and multinational corporations (MNCs) with subsidiaries in Colombia and Mexico. Our findings generally support the existence of a relational psychological contract in our...... sample. Duty-of-care strategies based on both HRM systems and the sensitivities of HR personnel and line managers to the narcoterrorism context, in combination with both explicit and implicit security policies, tend to be the sources of the content of psychological contracts. We propose a psychological...

  5. Managing Security Risks in an Industrial Investment – Analysis Directions

    Directory of Open Access Journals (Sweden)

    Stefan Dragomir

    2016-05-01

    Full Text Available This paper achieved an analysis of some important management strategies for an investment, in correlation with index of global pollution. Environmental security assessment shall be determined taking into account the workplace security and effects on health, safety of workers in an industry investment. It is necessary to observe and collect a larger number of data generated by the development of an industrial process, so as to make a deep analysis on global pollution index and how it is affected industrial investment environment. This research shows how can the substances that infest the environment to produce much damage and influence the environmental factors (air, water, soil, landscape, fauna and flora. When we know the risks that characterize the plant equipment, we can protect the life and we can protect the environment for a sustainable development in the future.

  6. Security of Energy Supply - Indicators for Measuring Vulnerability and Risk

    International Nuclear Information System (INIS)

    Heinrich, C.

    2010-01-01

    In an era of increasing globalization, secure and affordable energy supplies are an essential requirement for economies to work, much less develop and grow in the long term. The present study, Energy security of supply - indicators for measuring vulnerability and risk, develops a broad methodical assessment concept to raise awareness among policy makers and the public regarding the vulnerability of energy supplies to potential energy crises. It explores the different aspects of vulnerability, from the primary energy level to energy infrastructure (storage, networks, power plant parks) to the efficiency and cost of energy consumption for end users. The individual characteristics of the formal concept were quantitatively evaluated for several OECD regions (Germany, UK, Sweden, Poland, Italy, France and the US) using a comprehensive empirical database and reduced to a single indicator for assessing energy supply vulnerability. Part of the database comprises historical observations for the period between 1978 and 2007.(author).

  7. Positioning of a Peaceful Use of Nuclear Technology in National Security Aspects

    International Nuclear Information System (INIS)

    Kim, Hyun Jun; Chang, Moon Hee; Kim, Hark Rho; Lee, Young Joon; Lee, Sang Heon

    2012-01-01

    Many cases have shown that a peaceful use of nuclear technology should play an important role in national securities such as energy, economic and science and technology securities, etc. It would be interesting to know what the positioning of the peaceful use of nuclear technology is in the national security aspects. In this paper, a positioning of nuclear power on various national security components is intended by using a positioning process that has been widely used for marketing. Findings can be used for directing further R and Ds to develop nuclear power technology

  8. Positioning of a Peaceful Use of Nuclear Technology in National Security Aspects

    Energy Technology Data Exchange (ETDEWEB)

    Kim, Hyun Jun; Chang, Moon Hee; Kim, Hark Rho; Lee, Young Joon [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of); Lee, Sang Heon [Korea National Defense University, Goyang (Korea, Republic of)

    2012-05-15

    Many cases have shown that a peaceful use of nuclear technology should play an important role in national securities such as energy, economic and science and technology securities, etc. It would be interesting to know what the positioning of the peaceful use of nuclear technology is in the national security aspects. In this paper, a positioning of nuclear power on various national security components is intended by using a positioning process that has been widely used for marketing. Findings can be used for directing further R and Ds to develop nuclear power technology

  9. [Occupational risks among public safety and security forces].

    Science.gov (United States)

    Candura, S M; Verni, P; Minelli, C M; Rosso, G L; Cappelli, M I; Strambi, S; Martellosio, V

    2006-01-01

    The present paper tries to identify the occupational risk factors (physical, chemical, biological, psychological), variable depending on jobs and tasks, to which the heterogeneous public safety/security workers are exposed. The fight against criminality and public order maintenance imply (sometimes fatal) traumatic risks, and expose to psychophysical and sensorial tiring, unfavourable macro- and microclimatic conditions, the risk of baropathy (air navigation, underwater activities), noise (generated by firearms and several other sources), vibrations and shakings (automatic weapons, transport vehicles), the risk of electric injury, ionizing (X and gamma rays) and non-inonizing (ultraviolet rays, microwaves and radiofrequencies, electromagnetic fields) radiations. Chemical hazards include carbon monoxide and other combustion products (fires, urban traffic), substances released in chemical accidents, tear gases, lead (firing grounds, metal works, environmental pollution), solvents, lubrificants and cutting oils (mechanic repair and maintenance), laboratory materials and reagents, irritant and/or sensitizing agents contained in gloves. The main biological risks are tetanus, blood-borne diseases (viral hepatitis, AIDS), aerogenous diseases (e.g., tuberculosis, Legionnaire's disease, epidemic cerebrospinal meningitis), dog- or horse-transmitted zoonosis. Finally, emotional, psychosomatic and behavioural stress-related disorders (e.g., burn-out syndrome, post-traumatic stress disorder) are typically frequent. The presence of numerous and diversified hazards among public safety/security forces imposes the adoption of occupational medicine measures, including risk assessment, health education, technical and environmental prevention, personal protective devices, sanitary surveillance and biological monitoring, clinical interventions (diagnosis, therapy and rehabilitation of occupational accidents and illnesses), prompt medico-legal evaluation of occupational

  10. National Security Science and Technology Initiative: Air Cargo Screening

    Energy Technology Data Exchange (ETDEWEB)

    Bingham, Philip R [ORNL; White, Tim [Pacific Northwest National Laboratory (PNNL); Cespedes, Ernesto [Idaho National Laboratory (INL); Bowerman, Biays [Brookhaven National Laboratory (BNL); Bush, John [Battelle

    2010-11-01

    The non-intrusive inspection (NII) of consolidated air cargo carried on commercial passenger aircraft continues to be a technically challenging, high-priority requirement of the Department of Homeland Security's Science and Technology Directorate (DHS S&T), the Transportation Security Agency and the Federal Aviation Administration. The goal of deploying a screening system that can reliably and cost-effectively detect explosive threats in consolidated cargo without adversely affecting the flow of commerce will require significant technical advances that will take years to develop. To address this critical National Security need, the Battelle Memorial Institute (Battelle), under a Cooperative Research and Development Agreement (CRADA) with four of its associated US Department of Energy (DOE) National Laboratories (Oak Ridge, Pacific Northwest, Idaho, and Brookhaven), conducted a research and development initiative focused on identifying, evaluating, and integrating technologies for screening consolidated air cargo for the presence of explosive threats. Battelle invested $8.5M of internal research and development funds during fiscal years 2007 through 2009. The primary results of this effort are described in this document and can be summarized as follows: (1) Completed a gap analysis that identified threat signatures and observables, candidate technologies for detection, their current state of development, and provided recommendations for improvements to meet air cargo screening requirements. (2) Defined a Commodity/Threat/Detection matrix that focuses modeling and experimental efforts, identifies technology gaps and game-changing opportunities, and provides a means of summarizing current and emerging capabilities. (3) Defined key properties (e.g., elemental composition, average density, effective atomic weight) for basic commodity and explosive benchmarks, developed virtual models of the physical distributions (pallets) of three commodity types and three

  11. Risk management in methodologies of information technology and communications projects

    Directory of Open Access Journals (Sweden)

    Jonathan Carrillo

    2013-12-01

    Full Text Available (Received: 2013/10/02 - Accepted: 2013/12/13At present there are methodologies that have several alternatives and methods to manage projects of Information and Communication Technologies. However, these do not cover a solution for the technology events that can occur in the industry, government, education, among others. In the technology market there are several models to identify and analyze risks according to relevant aspects of their area of specialty e.g. projects, in software development, communications, information security and business alignment. For this reason, this research conducted an evaluation of risk management activities of the methodologies used mostly to know which of them includes more correspondence with basic elements of IT using a rating scale.

  12. RiskREP: Risk-Based Security Requirements Elicitation and Prioritization

    OpenAIRE

    Herrmann, Andrea; Morali, A.; Etalle, Sandro; Wieringa, Roelf J.; Niedrite, Laila; Strazdina, Renate; Wangler, Benkt

    2011-01-01

    Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement “good-enough security‿ but need to be able to justify their security investment plans. In this paper, we present a Risk-Based Requirements Prioritization method (RiskREP) that extends misuse case-based methods with IT architecture based risk assessment and countermeasure definition and prioritization. Countermeasure prioritizati...

  13. Risk assessment of security systems based on entropy theory and the Neyman–Pearson criterion

    International Nuclear Information System (INIS)

    Lv, Haitao; Yin, Chao; Cui, Zongmin; Zhan, Qin; Zhou, Hongbo

    2015-01-01

    For a security system, the risk assessment is an important method to verdict whether its protection effectiveness is good or not. In this paper, a security system is regarded abstractly as a network by the name of a security network. A security network is made up of security nodes that are abstract functional units with the ability of detecting, delaying and responding. By the use of risk entropy and the Neyman–Pearson criterion, we construct a model to computer the protection probability of any position in the area where a security network is deployed. We provide a solution to find the most vulnerable path of a security network and the protection probability on the path is considered as the risk measure. Finally, we study the effect of some parameters on the risk and the breach protection probability of a security network. Ultimately, we can gain insight about the risk assessment of a security system. - Highlights: • A security system is regarded abstractly as a network made up of security nodes. • We construct a model to computer the protection probability provided by a security network. • We provide a better solution to find the most vulnerable path of a security network. • We build a risk assessment model for a security network based on the most vulnerable path

  14. Information Technology Security Professionals' Knowledge and Use Intention Based on UTAUT Model

    Science.gov (United States)

    Kassa, Woldeloul

    2016-01-01

    Information technology (IT) security threats and vulnerabilities have become a major concern for organizations in the United States. However, there has been little research on assessing the effect of IT security professionals' knowledge on the use of IT security controls. This study examined the unified theory of acceptance and use of technology…

  15. 76 FR 31350 - Cruise Vessel Safety and Security Act of 2010, Available Technology

    Science.gov (United States)

    2011-05-31

    ... DEPARTMENT OF HOMELAND SECURITY Coast Guard [Docket No. USCG-2011-0357] Cruise Vessel Safety and Security Act of 2010, Available Technology AGENCY: Coast Guard, DHS. ACTION: Notice of request for comments... Security and Safety Act of 2010(CVSSA), specifically related to video recording and overboard detection...

  16. TWO-LAYER SECURE PREVENTION MECHANISM FOR REDUCING E-COMMERCE SECURITY RISKS

    OpenAIRE

    Sen-Tarng Lai

    2015-01-01

    E-commerce is an important information system in the network and digital age. However, the network intrusion, malicious users, virus attack and system security vulnerabilities have continued to threaten the operation of the e-commerce, making e-commerce security encounter serious test. How to improve ecommerce security has become a topic worthy of further exploration. Combining routine security test and security event detection procedures, this paper proposes the Two-Layer Secure ...

  17. Science and Technology Resources on the Internet: Computer Security.

    Science.gov (United States)

    Kinkus, Jane F.

    2002-01-01

    Discusses issues related to computer security, including confidentiality, integrity, and authentication or availability; and presents a selected list of Web sites that cover the basic issues of computer security under subject headings that include ethics, privacy, kids, antivirus, policies, cryptography, operating system security, and biometrics.…

  18. Rights management technologies: A good choice for securing electronic healthrecords?

    NARCIS (Netherlands)

    Petkovic, M.; Katzenbeisser, S.; Kursawe, K.; Pohlmann, N.; Reimer, H.; Schneider, W.

    2007-01-01

    Advances in healthcare IT bring new concerns with respect to privacy and security. Security critical patient data no longer resides on mainframes physically isolated within an organization, where physical security measures can be taken to defend the data and the system. Modern solutions are heading

  19. Homeland Security Affairs Journal, Supplement - 2012: IEEE 2011 Conference on Technology for Homeland Security: Best Papers

    OpenAIRE

    2012-01-01

    Homeland Security Affairs is the peer-reviewed online journal of the Naval Postgraduate School Center for Homeland Defense and Security (CHDS), providing a forum to propose and debate strategies, policies, and organizational arrangements to strengthen U.S. homeland security. The instructors, participants, alumni, and partners of CHDS represent the leading subject matter experts and practitioners in the field of homeland security. IEEE Supplement 2012. Supplement: IEEE 2011 Conference on Te...

  20. Technology development risk assessment and mixed interests

    International Nuclear Information System (INIS)

    Borrelli, G.; Sartori, S.

    1992-05-01

    The main purpose of this work is to demonstrate by means of a critical analysis of the state-of-the-art in technological and environmental risk analysis and decision making, that risk and environmental management decisions involve heterogeneous groups of social actors, each representing conflicting interests. It is argued that risk analyses should therefore be based on social interaction and communication paradigma, as well as, on a new rational way of thinking concerning the optimum choice of suitable technological development strategies leading towards a publicly acceptable balance between national energy-economic strategic necessities and social and individual perception of risk

  1. Scanning technology with multi-slice helical CT in security inspection domain

    International Nuclear Information System (INIS)

    Wang Jue; Wang Fuquan; Jiang Zenghui

    2008-01-01

    The paper analyzes the technology conditions of security inspection in home and abroad, and expatiates technology of spiral CT and how to define CT value etc, with studying on the key technology of spiral CT scanning way (X-RAY, detector, technology of pulley etc) and mutual relation. By comparing the present products of security inspection, the conclusion was drawn that it is inevitable to develop the tendency of security inspection area with the checking and discerning the substance by using the technology of multi-layer spiral CT. (authors)

  2. A Study Of Cyber Security Challenges And Its Emerging Trends On Latest Technologies

    OpenAIRE

    Reddy, G. Nikhita; Reddy, G. J. Ugander

    2014-01-01

    Cyber Security plays an important role in the field of information technology .Securing the information have become one of the biggest challenges in the present day. When ever we think about the cyber security the first thing that comes to our mind is cyber crimes which are increasing immensely day by day. Various Governments and companies are taking many measures in order to prevent these cyber crimes. Besides various measures cyber security is still a very big concern to many. This paper ma...

  3. Addressing 2030 EU policy framework for energy and climate: Cost, risk and energy security issues

    International Nuclear Information System (INIS)

    Llano-Paz, Fernando de; Martínez Fernandez, Paulino; Soares, Isabel

    2016-01-01

    The different energy sources, their costs and impacts on the environment determine the electricity production process. Energy planning must solve the existence of uncertainty through the diversification of power generation technologies portfolio. The European Union energy and environmental policy has been mainly based on promoting the security of supply, efficiency, energy savings and the promotion of Renewable Energy Sources. The recent European Commission communication “Towards an European Energy Union: A secure, sustainable, competitive and affordable energy for every European” establishes the path for the European future. This study deals with the analysis of the latest EU “Energy Union” goals through the application of Markowitz portfolio theory considering technological real assets. The EU targets are assessed under a double perspective: economic and environmental. The model concludes that implementing a high share of Renewable Energy target in the design of European Policies is not relevant: the maximization of Renewable Energy share could be achieved considering a sole Low Emissions of carbon dioxide policy. Additionally it is confirmed the need of Nuclear energy in 2030: a zero nuclear energy share in 2030 European Mix is not possible, unless the technological limits participation for Renewable Energy Sources were increased. - Highlights: • Implementing a high RES share target in European Policies could not be relevant. • Maximizing RES share could be achieved considering a sole Low Emissions policy. • The EU 2030 Nuclear energy 50% shutting down could be feasible. • Minimizing risk portfolio presents high diversification and energy security levels.

  4. Review of Enabling Technologies to Facilitate Secure Compute Customization

    Energy Technology Data Exchange (ETDEWEB)

    Aderholdt, Ferrol [Tennessee Technological University; Caldwell, Blake A [ORNL; Hicks, Susan Elaine [ORNL; Koch, Scott M [ORNL; Naughton, III, Thomas J [ORNL; Pelfrey, Daniel S [ORNL; Pogge, James R [Tennessee Technological University; Scott, Stephen L [Tennessee Technological University; Shipman, Galen M [ORNL; Sorrillo, Lawrence [ORNL

    2014-12-01

    High performance computing environments are often used for a wide variety of workloads ranging from simulation, data transformation and analysis, and complex workflows to name just a few. These systems may process data for a variety of users, often requiring strong separation between job allocations. There are many challenges to establishing these secure enclaves within the shared infrastructure of high-performance computing (HPC) environments. The isolation mechanisms in the system software are the basic building blocks for enabling secure compute enclaves. There are a variety of approaches and the focus of this report is to review the different virtualization technologies that facilitate the creation of secure compute enclaves. The report reviews current operating system (OS) protection mechanisms and modern virtualization technologies to better understand the performance/isolation properties. We also examine the feasibility of running ``virtualized'' computing resources as non-privileged users, and providing controlled administrative permissions for standard users running within a virtualized context. Our examination includes technologies such as Linux containers (LXC [32], Docker [15]) and full virtualization (KVM [26], Xen [5]). We categorize these different approaches to virtualization into two broad groups: OS-level virtualization and system-level virtualization. The OS-level virtualization uses containers to allow a single OS kernel to be partitioned to create Virtual Environments (VE), e.g., LXC. The resources within the host's kernel are only virtualized in the sense of separate namespaces. In contrast, system-level virtualization uses hypervisors to manage multiple OS kernels and virtualize the physical resources (hardware) to create Virtual Machines (VM), e.g., Xen, KVM. This terminology of VE and VM, detailed in Section 2, is used throughout the report to distinguish between the two different approaches to providing virtualized execution

  5. 48 CFR 1804.470 - Security requirements for unclassified information technology (IT) resources.

    Science.gov (United States)

    2010-10-01

    ... 48 Federal Acquisition Regulations System 6 2010-10-01 2010-10-01 true Security requirements for unclassified information technology (IT) resources. 1804.470 Section 1804.470 Federal Acquisition Regulations... Classified Information Within Industry 1804.470 Security requirements for unclassified information technology...

  6. External Service Providers to the National Security Technology Incubator: Formalization of Relationships

    Energy Technology Data Exchange (ETDEWEB)

    None

    2008-04-30

    This report documents the formalization of relationships with external service providers in the development of the National Security Technology Incubator (NSTI). The technology incubator is being developed as part of the National Security Preparedness Project (NSPP), funded by a Department of Energy (DOE)/National Nuclear Security Administration (NNSA) grant. This report summarizes the process in developing and formalizing relationships with those service providers and includes a sample letter of cooperation executed with each provider.

  7. Respect for autonomy and technological risks

    NARCIS (Netherlands)

    Asveld, L.

    2008-01-01

    Technological developments can undermine the autonomy of the individual. Autonomy is one's ability to make and act upon decisions according to one's own moral framework. Respect for autonomy dictates that risks should not be imposed on the individual without her consent. Technological developments

  8. Engaging At-Risk Students with Technology.

    Science.gov (United States)

    Duttweiler, Patricia Cloud

    1992-01-01

    Educational technology can be used to engage students in interesting activities through which teachers can present skills, concepts, and problems to be solved. At-risk students benefit from the investigation of relevant real world problems and the immediate feedback and privacy that technology affords. (EA)

  9. Emerging Technology Domains Risk Survey

    Science.gov (United States)

    2015-04-01

    Success 22 11.6 Exploitation Examples 22 11.7 Triage Table 22 12 Vehicle Autonomy ( Driverless Cars) 23 12.1 Introduction 23 12.2 Recommendation 24... Driverless Cars) 12.1 Introduction Autonomous vehicles have the ability to move without direct commands from an operator. They can navigate to a...lifestyle, and likely adoption mean that driverless cars will become an incredibly important technology. In addition, the potential for human harm and

  10. Cyber Security Risk Evaluation of a Nuclear I&C Using BN and ET

    OpenAIRE

    Jinsoo Shin; Hanseong Son; Gyunyoung Heo

    2017-01-01

    Cyber security is an important issue in the field of nuclear engineering because nuclear facilities use digital equipment and digital systems that can lead to serious hazards in the event of an accident. Regulatory agencies worldwide have announced guidelines for cyber security related to nuclear issues, including U.S. NRC Regulatory Guide 5.71. It is important to evaluate cyber security risk in accordance with these regulatory guides. In this study, we propose a cyber security risk evaluatio...

  11. Fiber-optic perimeter security system based on WDM technology

    Science.gov (United States)

    Polyakov, Alexandre V.

    2017-10-01

    Intelligent underground fiber optic perimeter security system is presented. Their structure, operation, software and hardware with neural networks elements are described. System allows not only to establish the fact of violation of the perimeter, but also to locate violations. This is achieved through the use of WDM-technology division spectral information channels. As used quasi-distributed optoelectronic recirculation system as a discrete sensor. The principle of operation is based on registration of the recirculation period change in the closed optoelectronic circuit at different wavelengths under microstrain exposed optical fiber. As a result microstrain fiber having additional power loss in a fiber optical propagating pulse, which causes a time delay as a result of switching moments of the threshold device. To separate the signals generated by intruder noise and interference, the signal analyzer is used, based on the principle of a neural network. The system detects walking, running or crawling intruder, as well as undermining attempts to register under the perimeter line. These alarm systems can be used to protect the perimeters of facilities such as airports, nuclear reactors, power plants, warehouses, and other extended territory.

  12. A Sustainable Technology Contribuiting to the Food Security

    Directory of Open Access Journals (Sweden)

    Dra. Rosa Catalina Bermúdez-Savòn

    2015-11-01

    Full Text Available A sustainable way for food and energetic security in rural and the city regions, is presented with the application of the solid state fermentation for the biotransformation of lignocellulosic by-products and agro-industrial wastes with white-rot fungi. Inamush as advantages of this technology, is showed the cultivation of mushroom Pleurotus spp.on coffee pulp, cedar chip , coconut and cocoa shells, and the influence of it´s mixture (1:1, trough examination of their growth rates and conversion efficacy to fruiting bodies, which cause contamination of soil and water, because of large volumes and difficult management. The use of residues for these cultive was consolidate such as alternative viable for food production, capable to satisfy the protein and nutritive necessity of population in the non-developing countries, besides low cost production, high protein content and obtention in large quantity in short time. In addition to produce complements for animal feet, such as the spent oyster mushroom substrate postcosecha is detoxified, has proteic content and better digestibility than original substrates,and can be used as animal feed or fertilizer, at the same time, was eradicated the problem of environmental contamination of these residues provoking and further contribution at sustainable development of the communities.

  13. RiskREP: Risk-Based Security Requirements Elicitation and Prioritization

    NARCIS (Netherlands)

    Herrmann, Andrea; Morali, A.; Etalle, Sandro; Wieringa, Roelf J.; Niedrite, Laila; Strazdina, Renate; Wangler, Benkt

    2011-01-01

    Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement “good-enough security‿ but need to be able to justify their security investment plans. In this paper, we present a Risk-Based

  14. Spent Nuclear Fuel Alternative Technology Risk Assessment

    Energy Technology Data Exchange (ETDEWEB)

    Perella, V.F.

    1999-11-29

    A Research Reactor Spent Nuclear Fuel Task Team (RRTT) was chartered by the Department of Energy (DOE) Office of Spent Fuel Management with the responsibility to recommend a course of action leading to a final technology selection for the interim management and ultimate disposition of the foreign and domestic aluminum-based research reactor spent nuclear fuel (SNF) under DOE''s jurisdiction. The RRTT evaluated eleven potential SNF management technologies and recommended that two technologies, direct co-disposal and an isotopic dilution alternative, either press and dilute or melt and dilute, be developed in parallel. Based upon that recommendation, the Westinghouse Savannah River Company (WSRC) organized the SNF Alternative Technology Program to further develop the direct co-disposal and melt and dilute technologies and provide a WSRC recommendation to DOE for a preferred SNF alternative management technology. A technology risk assessment was conducted as a first step in this recommendation process to determine if either, or both, of the technologies posed significant risks that would make them unsuitable for further development. This report provides the results of that technology risk assessment.

  15. Spent Nuclear Fuel Alternative Technology Risk Assessment

    International Nuclear Information System (INIS)

    Perella, V.F.

    1999-01-01

    A Research Reactor Spent Nuclear Fuel Task Team (RRTT) was chartered by the Department of Energy (DOE) Office of Spent Fuel Management with the responsibility to recommend a course of action leading to a final technology selection for the interim management and ultimate disposition of the foreign and domestic aluminum-based research reactor spent nuclear fuel (SNF) under DOE''s jurisdiction. The RRTT evaluated eleven potential SNF management technologies and recommended that two technologies, direct co-disposal and an isotopic dilution alternative, either press and dilute or melt and dilute, be developed in parallel. Based upon that recommendation, the Westinghouse Savannah River Company (WSRC) organized the SNF Alternative Technology Program to further develop the direct co-disposal and melt and dilute technologies and provide a WSRC recommendation to DOE for a preferred SNF alternative management technology. A technology risk assessment was conducted as a first step in this recommendation process to determine if either, or both, of the technologies posed significant risks that would make them unsuitable for further development. This report provides the results of that technology risk assessment

  16. Enacting Risk in Independent Technological Innovation

    DEFF Research Database (Denmark)

    Berglund, Henrik; Hellström, Tomas

    2002-01-01

    The present study aims at investigating the role of risk in the activity of independent technological venturing. Altogether, 12 deep-interviews were conducted with technological entrepreneurs, who had taken part in the inventive, developmental and the commercialisation phases of a technology......-based innovation process. The interviews revealed a number of enactment approaches through which these innovators encountered and affected (dealt with or transformed) risk within the innovation process. Factors thus developed from the empirical material included human capital, pace and priority, the world moves...... for the benefit of innovation management....

  17. Risk - interface between law and technology

    International Nuclear Information System (INIS)

    1982-01-01

    Due to the rapid developments of technology, the subject of this congress has received central significance. It basically deals with the question of how advantages created by technology can be utilized by simultaneously avoiding any possible disadvantages that may arise from them. In the first part of this meeting, engineers present their considerations concerning risk assessment and risk comparisons, while the second part deals with the significance of scientific standardization. The third part elaborates on the evaluation of technical risks from the legal point of view. (orig./HP) [de

  18. Execution of a self-directed risk assessment methodology to address HIPAA data security requirements

    Science.gov (United States)

    Coleman, Johnathan

    2003-05-01

    This paper analyzes the method and training of a self directed risk assessment methodology entitled OCTAVE (Operationally Critical Threat Asset and Vulnerability Evaluation) at over 170 DOD medical treatment facilities. It focuses specifically on how OCTAVE built interdisciplinary, inter-hierarchical consensus and enhanced local capabilities to perform Health Information Assurance. The Risk Assessment Methodology was developed by the Software Engineering Institute at Carnegie Mellon University as part of the Defense Health Information Assurance Program (DHIAP). The basis for its success is the combination of analysis of organizational practices and technological vulnerabilities. Together, these areas address the core implications behind the HIPAA Security Rule and can be used to develop Organizational Protection Strategies and Technological Mitigation Plans. A key component of OCTAVE is the inter-disciplinary composition of the analysis team (Patient Administration, IT staff and Clinician). It is this unique composition of analysis team members, along with organizational and technical analysis of business practices, assets and threats, which enables facilities to create sound and effective security policies. The Risk Assessment is conducted in-house, and therefore the process, results and knowledge remain within the organization, helping to build consensus in an environment of differing organizational and disciplinary perspectives on Health Information Assurance.

  19. Development of a security system for assisted reproductive technology (ART).

    Science.gov (United States)

    Hur, Yong Soo; Ryu, Eun Kyung; Park, Sung Jin; Yoon, Jeong; Yoon, San Hyun; Yang, Gi Deok; Hur, Chang Young; Lee, Won Don; Lim, Jin Ho

    2015-01-01

    In the field of assisted reproductive technology (ART), medical accidents can result in serious legal and social consequences. This study was conducted to develop a security system (called IVF-guardian; IG) that could prevent mismatching or mix-ups in ART. A software program was developed in collaboration with outside computer programmers. A quick response (QR) code was used to identify the patients, gametes and embryos in a format that was printed on a label. There was a possibility that embryo development could be affected by volatile organic components (VOC) in the printing material and adhesive material in the label paper. Further, LED light was used as the light source to recognize the QR code. Using mouse embryos, the effects of the label paper and LED light were examined. The stability of IG was assessed when applied in clinical practice after developing the system. A total of 104 cycles formed the study group, and 82 cycles (from patients who did not want to use IG because of safety concerns and lack of confidence in the security system) to which IG was not applied comprised the control group. Many of the label paper samples were toxic to mouse embryo development. We selected a particular label paper (P touch label) that did not affect mouse embryo development. The LED lights were non-toxic to the development of the mouse embryos under any experimental conditions. There were no differences in the clinical pregnancy rates between the IG-applied group and the control group (40/104 = 38.5 % and 30/82 = 36.6 %, respectively). The application of IG in clinical practice did not affect human embryo development or clinical outcomes. The use of IG reduces the misspelling of patient names. Using IG, there was a disadvantage in that each treatment step became more complicated, but the medical staff improved and became sufficiently confident in ART to offset this disadvantage. Patients who received treatment using the IG system also went through a somewhat

  20. Technology-Induced Risks in History

    Science.gov (United States)

    Rabkin, Ya.

    Our perception of risk contains three main aspects: (1) probability of the risk occurring; (2) the extent of possible damage; (3) the degree of voluntary or involuntary exposure to risk. History of risk assessment has been traced in several areas, such as transportation, and has largely focused on insurance. Construction projects constitute one of the oldest areas of technology where accidents continue to occur, while health has always been a fragile commodity. Urbanization has multiplied the risks of illness and death, while natural catastrophes, though still frightening, have ceded their central place to technology-based disasters in the Western perceptions of risk. The human has become the main source of danger to the very survival of the planet. The Enlightenment utopia of scientific progress resulting in social and moral progress of humanity has collided with the awareness of new technology induced risks. Life on Earth began without humans, and it may end without them. Our civilization is the first that faces an end to be brought about by our own technological ingenuity.

  1. A Cyber Security Risk Assessment Procedure for Digital I and C Systems in NPPs

    International Nuclear Information System (INIS)

    Song, J. G.; Lee, J. W.; Lee, C. K.; Kwon, K. C.; Lee, D. Y.

    2011-01-01

    Digital Instrumentation and Control (I and C) systems in nuclear power plants (NPPs) use general digital technologies similar to those used in IT systems. However, one of significant differences between the two systems resides in the duration of their service life. The I and C systems in NPPs operate for more than 20 years. IT systems, on the other hand, are in service for about 3 to 5 years. Hence, a one-time risk assessment for IT systems is normally acceptable. In contrast, the risk assessment for the I and C systems in NPPs should be recursively performed during their longer operation life. A recursive procedure for cyber security risk assessment of the I and C systems in NPPs is studied and proposed in this paper

  2. A Cyber Security Risk Assessment Procedure for Digital I and C Systems in NPPs

    Energy Technology Data Exchange (ETDEWEB)

    Song, J. G.; Lee, J. W.; Lee, C. K.; Kwon, K. C.; Lee, D. Y. [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of)

    2011-10-15

    Digital Instrumentation and Control (I and C) systems in nuclear power plants (NPPs) use general digital technologies similar to those used in IT systems. However, one of significant differences between the two systems resides in the duration of their service life. The I and C systems in NPPs operate for more than 20 years. IT systems, on the other hand, are in service for about 3 to 5 years. Hence, a one-time risk assessment for IT systems is normally acceptable. In contrast, the risk assessment for the I and C systems in NPPs should be recursively performed during their longer operation life. A recursive procedure for cyber security risk assessment of the I and C systems in NPPs is studied and proposed in this paper

  3. Risks and threats of tax state security and methods of their neutralization

    Directory of Open Access Journals (Sweden)

    Y.V. Lebedzevych

    2016-12-01

    Full Text Available The article substantiates the relevance of the study to ensure security of the state tax. Scientists studied different approaches to defining the essence of the concept of "security tax" on the key features that would satisfy the interests of all subjects of tax relations and the necessity of legal consolidation of this concept. Analyzed the economic, social and legal nature of the existence of the security tax, identified key indicators of fiscal security of Ukraine. To determine the effectiveness of the tax administration in the interests of the tax security highlights the main threats, tax security risks caused by external and internal factors, and propose measures for their elimination and prevent the possibility of their occurrence. The stages of tax risk management with effective building security tax, designed structurally-logic of the tax risk management security.

  4. A cooperative model for IS security risk management in distributed environment.

    Science.gov (United States)

    Feng, Nan; Zheng, Chundong

    2014-01-01

    Given the increasing cooperation between organizations, the flexible exchange of security information across the allied organizations is critical to effectively manage information systems (IS) security in a distributed environment. In this paper, we develop a cooperative model for IS security risk management in a distributed environment. In the proposed model, the exchange of security information among the interconnected IS under distributed environment is supported by Bayesian networks (BNs). In addition, for an organization's IS, a BN is utilized to represent its security environment and dynamically predict its security risk level, by which the security manager can select an optimal action to safeguard the firm's information resources. The actual case studied illustrates the cooperative model presented in this paper and how it can be exploited to manage the distributed IS security risk effectively.

  5. Development of information security and vulnerability risk management system for J-PARC

    International Nuclear Information System (INIS)

    Ishikawa, Hiroyuki; Tate, Akihiro; Murakami, Tadashi

    2012-02-01

    In J-PARC (Japan Proton Accelerator Research Complex) we have set up intra-network (internal network, we will abbreviate it as JLAN, below) to support research activity and communication among users. In JLAN, we set up various kinds of security devices to keep JLAN secure. However, the servers which provide information or service to public are still in danger of being accessed illegally. If there is an illegal access, that may cause defacement of data or information leak. Furthermore, the victim servers are manipulated by the malicious attackers, and they themselves attack the external information equipments. Vulnerability of servers enables unauthorized access. So, vulnerability test with use of a vulnerability tool is one of the most effective ways to take measures for vulnerability of the equipments. However, it is not enough to just conduct a vulnerability test. It is also essential for information security to take measures to cover constantly for the vulnerability of servers. We focused on the points above, and developed the vulnerability testing system for security. It is not only a testing tool for the vulnerability of servers, but also management system which enables the server administrators in charge of taking measures for vulnerabilities to manage risks and handles PDCA (Plan-Do-Check-Action) cycles as countermeasure for vulnerability. In this paper, we report the technologies and ingenuities for the development of the above system. (author)

  6. A Dual Perspective on Risks and Security Within Research Assistantships

    Directory of Open Access Journals (Sweden)

    Johannes Petrus Rossouw

    2013-01-01

    Full Text Available Although research assistantships are considered research learning venues in graduate education, there is a scarcity of literature that examines ethical elements attached to the employment of graduate student research assistants or the position of their research supervisors. This article explores the need to implement formal regulations specific to research assistantships in order to increase security and decrease risks for research assistants and research supervisors. Relationships between research assistants and research supervisors have some similarities with regular employment relationships; yet some distinct differences arise due to the educational and developmental nature of research assistantships. The article is written from a dual perspective reflecting the authors’ roles (a research supervisor and a research assistant, respectively and institutional locations (Faculties of Education in South Africa and Canada. The authors draw from existing literature, an analysis of institutional policies and practices at their universities, and their personal and professional experiences to illustrate risks that research assistants and their supervisors may face within research assistantships. They assess the extent to which existing and proposed policies and practices influence working conditions and safeguard experiences within graduate research assistantships. The findings reveal that research assistantships are a unique form of employment focused on educational and professional development that requires specific documentation of expected standards of practice. The authors argue that lack of clear regulations exposes both parties to unnecessary risks and offer recommendations for creating a “Standards of Good Practice” document that will be useful for individuals engaged in research assistantships.

  7. Health risks in perspective: Judging health risks of energy technologies

    Energy Technology Data Exchange (ETDEWEB)

    Rowe, M.D.

    1992-09-18

    Almost daily, Americans receive reports from the mass news media about some new and frightening risk to health and welfare. Most such reports emphasize the newsworthiness of the risks -- the possibility of a crisis, disagreements among experts, how things happened, who is responsible for fixing them, how much will it cost, conflict among parties involved, etc. As a rule, the magnitudes of the risks, or the difficulty of estimating those magnitudes, have limited newsworthiness, and so they are not mentioned. Because of this emphasis in the news media, most people outside the risk assessment community must judge the relative significance of the various risks to which we all are exposed with only that information deemed newsworthy by reporters. This information is biased and shows risks in isolation. There is no basis for understanding and comparing the relative importance of risks among themselves, or for comparing one risk, perhaps a new or newly-discovered one, in the field of all risks. The purpose of this report is to provide perspective on the various risks to which we are routinely exposed. It serves as a basis for understanding the meaning of quantitative risk estimates and for comparing new or newly-discovered risks with other, better-understood risks. Specific emphasis is placed on health risks of energy technologies.

  8. HOW TO CALCULATE INFORMATION VALUE FOR EFFECTIVE SECURITY RISK ASSESSMENT

    Directory of Open Access Journals (Sweden)

    Mario Sajko

    2006-12-01

    Full Text Available The actual problem of information security (infosec risk assessment is determining the value of information property or asset. This is particularly manifested through the use of quantitative methodology in which it is necessary to state the information value in quantitative sizes. The aim of this paper is to describe the evaluation possibilities of business information values, and the criteria needed for determining importance of information. For this purpose, the dimensions of information values will be determined and the ways used to present the importance of information contents will be studied. There are two basic approaches that can be used in evaluation: qualitative and quantitative. Often they are combined to determine forms of information content. The proposed criterion is the three-dimension model, which combines the existing experiences (i.e. possible solutions for information value assessment with our own criteria. An attempt for structuring information value in a business environment will be made as well.

  9. Advances in cyber security technology, operations, and experiences

    CERN Document Server

    Hsu, D Frank

    2013-01-01

    Advances in Cyber Security provides, in a technical yet easy to understand fashion, a real life story of the evolving cyberspace ecosystem from the perspectives of structure, function, and application. It also provides ways and means to secure and sustain this ecosystem by the collective wisdom of professionals and practitioners from government, academia, and industry across national and international boundaries.

  10. The impact of medical technology on sense of security in the palliative home care setting.

    Science.gov (United States)

    Munck, Berit; Sandgren, Anna

    2017-03-02

    The increase in the use of medical devices in palliative home care requires that patients and next-of-kin feel secure. Therefore, the aim was to describe medical technology's impact on the sense of security for patients, next-of-kin and district nurses. Deductive content analysis was conducted on data from three previous studies, using the theoretical framework 'palliative home care as a secure base'. The use of medical technology was shown to have an impact on the sense of security for all involved. A sense of control was promoted by trust in staff and their competence in managing the technology, which was linked to continuity. Inner peace and being in comfort implied effective symptom relief facilitated by pain pumps and being relieved of responsibility. Health care professionals need to have practical knowledge about medical technology, but at the same time have an awareness of how to create and maintain a sense of security.

  11. Examining the Relative Influence of Risk and Control on Intention to Adopt Risky Technologies

    Directory of Open Access Journals (Sweden)

    Sumeet Gupta

    2010-12-01

    Full Text Available For technologies such as electronic commerce, mobile payments, internet and mobile banking etc. customers are concerned about security issues that arise as a result of adoption of these technologies. However, in practice, we find that customers forgo their considerations of risk in the technology, if the benefits of using the technology overpower the risks involved in using the technology. Understanding their relative roles in technology adoption will help technology developers focus their efforts on either of them to improve technology adoption. Results of this study reveal that in adopting a technology, customers are guided more by the perception of control rather than by the perception of risk. Implications for theory and practice are discussed.

  12. 78 FR 56263 - HydroGen Corp., QueryObject Systems Corp., Security Intelligence Technologies, Inc., Skins, Inc...

    Science.gov (United States)

    2013-09-12

    ... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] HydroGen Corp., QueryObject Systems Corp., Security Intelligence Technologies, Inc., Skins, Inc., SLM Holdings, Inc., Spring Creek Healthcare Systems... securities of Security Intelligence Technologies, Inc. because it has not filed any periodic reports since...

  13. Securing remote services by integrating SecurID strong authentication technology in EFDA-Federation infrastructure

    Energy Technology Data Exchange (ETDEWEB)

    Castro, R., E-mail: rodrigo.castro@visite.es [Asociacion EURATOM/CIEMAT para Fusion, Madrid (Spain); Barbato, P. [Consorzio RFX, Euratom ENEA Association, Corso Stati Uniti 4, 35127 Padova (Italy); Vega, J. [Asociacion EURATOM/CIEMAT para Fusion, Madrid (Spain); Taliercio, C. [Consorzio RFX, Euratom ENEA Association, Corso Stati Uniti 4, 35127 Padova (Italy)

    2011-10-15

    Remote participation facilities among fusion laboratories require access control solutions with two main objectives: to preserve the usability of the systems and to guaranty the required level of security for accessing to shared services. On one hand, this security solution has to be: single-sign-on, transparent for users, compatible with user mobility, and compatible with used client applications. On the other hand, it has to be compatible with shared services and resources among organisations, providing in each case the required access security level. EFDA-Federation is a security infrastructure that integrates a set of fusion laboratories and enables to share resources and services fulfilling the requirements previously described. In EFDA community, JET and RFX have security access policies to some of their services that require strong authentication mechanisms. In both cases, strong authentication is based on RSA SecurID tokens. This is a hardware device that is supplied to and generates a new password every minute. The job presents two main results. The first one is the integration of RSA SecurID into EFDA-Federation. Thanks to it, federated organisations are able to offer SecurID to their users as an alternative strong authentication mechanism, with the corresponding increase of security level. The second result is the development of a new access control mechanism based on port knocking techniques and its integration into EFDA-Federation. Additionally, a real application in RFX is presented and includes the integration of its SecurID infrastructure as federated authentication mechanism, and the application of the new access control mechanism to its MDSplus server.

  14. Securing remote services by integrating SecurID strong authentication technology in EFDA-Federation infrastructure

    International Nuclear Information System (INIS)

    Castro, R.; Barbato, P.; Vega, J.; Taliercio, C.

    2011-01-01

    Remote participation facilities among fusion laboratories require access control solutions with two main objectives: to preserve the usability of the systems and to guaranty the required level of security for accessing to shared services. On one hand, this security solution has to be: single-sign-on, transparent for users, compatible with user mobility, and compatible with used client applications. On the other hand, it has to be compatible with shared services and resources among organisations, providing in each case the required access security level. EFDA-Federation is a security infrastructure that integrates a set of fusion laboratories and enables to share resources and services fulfilling the requirements previously described. In EFDA community, JET and RFX have security access policies to some of their services that require strong authentication mechanisms. In both cases, strong authentication is based on RSA SecurID tokens. This is a hardware device that is supplied to and generates a new password every minute. The job presents two main results. The first one is the integration of RSA SecurID into EFDA-Federation. Thanks to it, federated organisations are able to offer SecurID to their users as an alternative strong authentication mechanism, with the corresponding increase of security level. The second result is the development of a new access control mechanism based on port knocking techniques and its integration into EFDA-Federation. Additionally, a real application in RFX is presented and includes the integration of its SecurID infrastructure as federated authentication mechanism, and the application of the new access control mechanism to its MDSplus server.

  15. How the Office of Safeguards and Security Technology development program facilitates safeguarding and securing the DOE complex

    International Nuclear Information System (INIS)

    Smoot, W.

    1995-01-01

    The technology development program's (TDP's) mission is to provide technologies or methodologies that address safeguards and security requirements throughout the U.S. DOE complex as well as to meet headquarters' policy needs. This includes developing state-of-the-art technologies or modifying existing technologies in physical security, material control and accountability, information security, and integrated safeguards systems. The TDP has an annual process during which it solicits user requirements from the field. These requirements are analyzed by DOE headquarters and laboratory personnel for technical merit. The requirements are then prioritized at headquarters, and the highest priorities are incorporated into our budget. Although this user-needs process occurs formally once a year, user requirements are accepted at any time. The status of funded technologies is communicated through briefings, programs reviews, and various documents that are available to all interested parties. Participants in several interagency groups allows our program to benefit from what others are doing and to prevent duplications of efforts throughout the federal community. Many technologies are transferred to private industry

  16. ORSEC technological risks, Blayais NPP

    International Nuclear Information System (INIS)

    2016-01-01

    The Particular intervention plan (PPI in French) is an emergency plan which foresees the measures and means to be implemented to address the potential risks of the presence and operation of a nuclear facility. This plan is implemented and developed by the Prefect in case of nuclear accident (or incident leading to a potential accident), the impact of which extending beyond the facility perimeter. It represents a special section of the organisation plan for civil protection response (ORSEC plan). The PPI foresees the necessary measures and means for crisis management during the first hours following the accident and is triggered by the Department Prefect according to the information provided by the facility operator. Its aim is to protect the populations leaving within 10 km of the facility against a potential radiological hazard. The PPI describes: the facility, the intervention area, the protection measures for the population, the conditions of emergency plan triggering, the crisis organisation, the action forms of the different services, and the post-accident stage. This document is the public version of the Particular intervention plan of the Blayais NPP (Gironde, France)

  17. Understanding the Adoption Process of National Security Technology: An Integration of Diffusion of Innovations and Volitional Behavior Theories.

    Science.gov (United States)

    Iles, Irina A; Egnoto, Michael J; Fisher Liu, Brooke; Ackerman, Gary; Roberts, Holly; Smith, Daniel

    2017-11-01

    After the 9/11 terrorist attacks, the U.S. government initiated several national security technology adoption programs. The American public, however, has been skeptical about these initiatives and adoption of national security technologies has been mandated, rather than voluntary. We propose and test a voluntary behavioral intention formation model for the adoption of one type of new security technology: portable radiation detectors. Portable radiation detectors are an efficient way of detecting radiological and nuclear threats and could potentially prevent loss of life and damage to individuals' health. However, their functioning requires that a critical mass of individuals use them on a daily basis. We combine the explanatory advantages of diffusion of innovation with the predictive power of two volitional behavior frameworks: the theory of reasoned action and the health belief model. A large sample survey (N = 1,482) investigated the influence of factors identified in previous diffusion of innovation research on portable radiation detector adoption intention. Results indicated that nonfinancial incentives, as opposed to financial incentives, should be emphasized in persuasive communications aimed at fostering adoption. The research provides a new integration of diffusion of innovation elements with determinants of volitional behavior from persuasion literature, and offers recommendations on effective communication about new security technologies to motivate public adoption and enhance national safety. © 2017 Society for Risk Analysis.

  18. New trends in science and technology implications for international peace and security

    International Nuclear Information System (INIS)

    1991-01-01

    In December 1988, the General Assembly requested the Secretary-General to follow future scientific and technological developments, especially those with potential military applications, and to evaluate their impact on international security. In resolution 43/77 A it also requested the Secretary-General to report to it at its forty-fifth session. The broad fields in which scientific and technological developments are taking place were identified as: information technology, biotechnology, materials technology, nuclear technology and space technology. These assessments were discussed by a wider group of experts at a high-level conference on ''New trends in science and technology: implications for international peace and security'', held in April 1990 in the city of Sendai, Japan. The Conference, which was attended by nearly 100 participants from over 20 countries, addressed issues of technological change and global security, new technologies and the search for security in the post-cold-war era, and national policy-making and international diplomacy in an era of rapid technological change. General approaches to technology assessment and technology trends in selected areas were also discussed. The positions taken by Member States on the subject of establishing a mechanism for technology assessment were also taken into account. The highlights of the report are summarized

  19. Information Technology Management: Social Security Administration Practices Can Be Improved

    National Research Council Canada - National Science Library

    Shaw, Clay

    2001-01-01

    To improve SSAs IT management practices, we recommend that the Acting Commissioner of Social Security direct the Chief Information Officer and the Deputy Commissioner for Systems to complete the following actions...

  20. Evolution of Biotechnology and Information Technology and Its Impact on Human Security

    Directory of Open Access Journals (Sweden)

    Elena S. Zinovieva

    2015-01-01

    Full Text Available Abstract: The development of post-industrial society initiates profound economic, technological and cultural change in the way of life of all mankind. The revolutionary breakthroughs in the field of new technologies such as biotechnology and information technology are reflected in all spheres of human activity, directly affecting the human security. The article analyzes the consequences of widespread usage biotechnology and information technology in the foreign policy practice on the basis of the human security theory. The detailed description of the main directions of the use of biometric technology in the foreign policy and consular practices is provided, the challenges and threats to information security associated with biometrics are analyzed, arising from widespread biotechnology are the main challenges and threats to as well as human security threats arising at the present stage of development and application of these technologies. Human security threats associated with the use of biotechnology are placed in the broader context of global trends in scientific and technological development. The recommendations are formulated in the field of foreign policy and international cooperation, which would neutralize new threats to international and personal safety arising at the present stage of development of biotechnology. The authors conclude that in order to ensure ethical regulation of new technologies that address issues of human security, it is necessary to organize multi-stakeholder partnerships at national and international level with the participation of states, representatives of civil society, business and the research community.

  1. INFORMATION SECURITY RISKS OPTIMIZATION IN CLOUDY SERVICES ON THE BASIS OF LINEAR PROGRAMMING

    Directory of Open Access Journals (Sweden)

    I. A. Zikratov

    2013-01-01

    Full Text Available The paper discusses theoretical aspects of secure cloud services creation for information processing of various confidentiality degrees. A new approach to the reasoning of information security composition in distributed computing structures is suggested, presenting the problem of risk assessment as an extreme problem of decisionmaking. Linear programming method application is proved to minimize the risk of information security for given performance security in compliance with the economic balance for the maintenance of security facilities and cost of services. An example is given to illustrate the obtained theoretical results.

  2. Information Security for Business: the Necessity of Reputational Risk Management

    Directory of Open Access Journals (Sweden)

    Vitaly Eduardovich Dorokhov

    2015-06-01

    Full Text Available The article presents the analysis of actual information security problems in commercial segment. The main directions in regulations of the Russian Federation connected with information security assurance are defined. The results indicate the insufficiency of legal regulation in prevention of reputational losses due to information security incidents

  3. Technology safeguards needed as security rule audits loom.

    Science.gov (United States)

    Gersh, Deborah; Hoey, Laura G; McCrystal, Timothy M; Tolley, David C

    2012-05-01

    The Department of Health and Human Services will conduct security rule audits that will involve on-site visits and include: Compliance-focused interviews with key organizational leaders. Scrutiny of physical operations controls, especially regarding storage, maintenance, and use of protected health information. Assessment of organizational policies and procedures to ensure compliance with privacy and security rules. Identification of regulatory compliance areas of concern.

  4. Security Aspects for Business Solution Development on Portal Technology

    OpenAIRE

    Ovidiu R?DU??; Adrian MUNTEANU

    2012-01-01

    In the scope of portal development, in order to talk about security issues, concerns, and solutions, it is necessary to define a few terms: authentication, authorization, Single Sign-On (SSO), confidentiality, integrity, and non-repudiation. Focusing on the scope of what the portal developer and designer need to know, below it will be explained these concepts, considering it is important to define and make a brief analysis of these terms for understanding of achieving the security goals.

  5. Adaptive security systems -- Combining expert systems with adaptive technologies

    International Nuclear Information System (INIS)

    Argo, P.; Loveland, R.; Anderson, K.

    1997-01-01

    The Adaptive Multisensor Integrated Security System (AMISS) uses a variety of computational intelligence techniques to reason from raw sensor data through an array of processing layers to arrive at an assessment for alarm/alert conditions based on human behavior within a secure facility. In this paper, the authors give an overview of the system and briefly describe some of the major components of the system. This system is currently under development and testing in a realistic facility setting

  6. Research on mobile electronic commerce security technology based on WPKI

    Science.gov (United States)

    Zhang, Bo

    2013-07-01

    Through the in-depth study on the existing mobile e-commerce and WAP protocols, this paper presents a security solution of e-commerce system based on WPKI, and describes its implementation process and specific implementation details. This solution uniformly distributes the key used by the various participating entities , to fully ensure the confidentiality, authentication, fairness and integrity of mobile e-commerce payments, therefore has some pract ical value for improving the security of e-commerce system.

  7. Benefits and risks of smart home technologies

    OpenAIRE

    Wilson, Charlie; Hargreaves, Tom; Hauxwell-Baldwin, Richard

    2017-01-01

    Smart homes are a priority area of strategic energy planning and national policy. The market adoption of smart home technologies (SHTs) relies on prospective users perceiving clear benefits with acceptable levels of risk. This paper characterises the perceived benefits and risks of SHTs from multiple perspectives. A representative national survey of UK homeowners (n=1025) finds prospective users have positive perceptions of the multiple functionality of SHTs including energy management. Cedin...

  8. 78 FR 41954 - TA-W-82,634, Prudential Global Business Technology Solutions Central Security Services Dresher...

    Science.gov (United States)

    2013-07-12

    ... Business Technology Solutions Central Security Services Iselin, New Jersey; TA-W-82,634B, Prudential Global Business Technology Solutions Central Security Services Plymouth, Minnesota; TA- W-82,634C, Prudential Global Business Technology Solutions Central Security Services Scottsdale, Arizona; TA-W-82,634D...

  9. New technologies and emerging threats: personnel security adjudicative guidelines in the age of social networking

    OpenAIRE

    Festa, James P.

    2012-01-01

    Approved for public release; distribution is unlimited Publicized incidents involving espionage or violence by government employees with security clearances have raised concern for the personnel security community. The guidelines used to adjudicate security clearances were last updated in 2005; since that time, significant technological developments, especially in social media and communications, have emerged. This thesis developed a comprehensive list of current Internet behaviors, and us...

  10. Information security risk management for computerized health information systems in hospitals: a case study of Iran.

    Science.gov (United States)

    Zarei, Javad; Sadoughi, Farahnaz

    2016-01-01

    In recent years, hospitals in Iran - similar to those in other countries - have experienced growing use of computerized health information systems (CHISs), which play a significant role in the operations of hospitals. But, the major challenge of CHIS use is information security. This study attempts to evaluate CHIS information security risk management at hospitals of Iran. This applied study is a descriptive and cross-sectional research that has been conducted in 2015. The data were collected from 551 hospitals of Iran. Based on literature review, experts' opinion, and observations at five hospitals, our intensive questionnaire was designed to assess security risk management for CHISs at the concerned hospitals, which was then sent to all hospitals in Iran by the Ministry of Health. Sixty-nine percent of the studied hospitals pursue information security policies and procedures in conformity with Iran Hospitals Accreditation Standards. At some hospitals, risk identification, risk evaluation, and risk estimation, as well as risk treatment, are unstructured without any specified approach or methodology. There is no significant structured approach to risk management at the studied hospitals. Information security risk management is not followed by Iran's hospitals and their information security policies. This problem can cause a large number of challenges for their CHIS security in future. Therefore, Iran's Ministry of Health should develop practical policies to improve information security risk management in the hospitals of Iran.

  11. Information security risk management for computerized health information systems in hospitals: a case study of Iran

    Science.gov (United States)

    Zarei, Javad; Sadoughi, Farahnaz

    2016-01-01

    Background In recent years, hospitals in Iran – similar to those in other countries – have experienced growing use of computerized health information systems (CHISs), which play a significant role in the operations of hospitals. But, the major challenge of CHIS use is information security. This study attempts to evaluate CHIS information security risk management at hospitals of Iran. Materials and methods This applied study is a descriptive and cross-sectional research that has been conducted in 2015. The data were collected from 551 hospitals of Iran. Based on literature review, experts’ opinion, and observations at five hospitals, our intensive questionnaire was designed to assess security risk management for CHISs at the concerned hospitals, which was then sent to all hospitals in Iran by the Ministry of Health. Results Sixty-nine percent of the studied hospitals pursue information security policies and procedures in conformity with Iran Hospitals Accreditation Standards. At some hospitals, risk identification, risk evaluation, and risk estimation, as well as risk treatment, are unstructured without any specified approach or methodology. There is no significant structured approach to risk management at the studied hospitals. Conclusion Information security risk management is not followed by Iran’s hospitals and their information security policies. This problem can cause a large number of challenges for their CHIS security in future. Therefore, Iran’s Ministry of Health should develop practical policies to improve information security risk management in the hospitals of Iran. PMID:27313481

  12. 78 FR 45255 - Homeland Security Science and Technology Advisory Committee (HSSTAC)

    Science.gov (United States)

    2013-07-26

    ..., cyber-security, knowledge management and how best to leverage related technologies funded by other... INFORMATION CONTACT: Mary Hanson, HSSTAC Executive Director, Science and Technology Directorate, Department of... Technology Advisory Committee (HSSTAC) ACTION: Notice of Federal Advisory Committee charter renewal. SUMMARY...

  13. 48 CFR 1252.239-70 - Security requirements for unclassified information technology resources.

    Science.gov (United States)

    2010-10-01

    ... unclassified information technology resources. 1252.239-70 Section 1252.239-70 Federal Acquisition Regulations... of Provisions and Clauses 1252.239-70 Security requirements for unclassified information technology... Unclassified Information Technology Resources (APR 2005) (a) The Contractor shall be responsible for...

  14. 48 CFR 3052.204-70 - Security requirements for unclassified information technology resources.

    Science.gov (United States)

    2010-10-01

    ... unclassified information technology resources. 3052.204-70 Section 3052.204-70 Federal Acquisition Regulations... for unclassified information technology resources. As prescribed in (HSAR) 48 CFR 3004.470-3, insert a clause substantially the same as follows: Security Requirements for Unclassified Information Technology...

  15. Video calls from lay bystanders to dispatch centers - risk assessment of information security.

    Science.gov (United States)

    Bolle, Stein R; Hasvold, Per; Henriksen, Eva

    2011-09-30

    Video calls from mobile phones can improve communication during medical emergencies. Lay bystanders can be instructed and supervised by health professionals at Emergency Medical Communication Centers. Before implementation of video mobile calls in emergencies, issues of information security should be addressed. Information security was assessed for risk, based on the information security standard ISO/IEC 27005:2008. A multi-professional team used structured brainstorming to find threats to the information security aspects confidentiality, quality, integrity, and availability. Twenty security threats of different risk levels were identified and analyzed. Solutions were proposed to reduce the risk level. Given proper implementation, we found no risks to information security that would advocate against the use of video calls between lay bystanders and Emergency Medical Communication Centers. The identified threats should be used as input to formal requirements when planning and implementing video calls from mobile phones for these call centers.

  16. An Evaluation Methodology for the Usability and Security of Cloud-based File Sharing Technologies

    Science.gov (United States)

    2012-09-01

    FISMA, ISO 27001 , FIPS 140-2, and ISO 270001) indicate a cloud-based service’s compliance with industry standard security controls, management and...Information Assurance IEEE Institute of Electrical and Electronics Engineers IT Information Technology ITS Insider Threat Study ISO International...effectively, efficiently and with satisfaction” (International Organization for Standardization [ ISO ], 1998). Alternately, information security

  17. a review of game theory approach to cyber security risk management

    African Journals Online (AJOL)

    HOD

    Keywords: Cyber Security, Risk Management, Game Theory, Model. 1. INTRODUCTION. Risk is ... behaviors. This implies they are triggered by self- motivated goal .... embrace diligence verification of the recipient of the email as well as lack of ...

  18. Risk management and security services interaction--a must in today's health care environment.

    Science.gov (United States)

    Stultz, M S

    1990-01-01

    The author shows why risk managers and security directors are natural partners in the effort of a hospital to reduce risks from such occurrences as baby kidnappings, serial killers, thefts, and rapes/sexual assaults.

  19. Russian spent marine fuel as a global security risk

    International Nuclear Information System (INIS)

    Gussgard, K.; Reistad, O.

    2001-01-01

    Russian marine fuel is a trans-national security concern. This paper focuses on specific technical properties of Russian marine nuclear fuel especially relevant for evaluating different aspects on nuclear proliferation, in addition to risks associated with regional environmental degradation and illegal diversion of radiological substances. Russian fresh fuel for marine reactors has been involved in several significant cases of illicit trafficking of special nuclear materials. The amount and quality of nuclear materials in Russian spent marine fuel give also reason for concern. Not less than 200 marine reactor cores are ready for having their spent fuel unloaded and preliminary stored on shore in the Far East and North West of Russia, and large amounts of spent naval fuel have been stored at Russian military bases for decades. In order to assess the security risks associated with Russian spent marine fuel, this paper discusses the material attractiveness of spent fuel from all types of Russian marine reactors. The calculations are based on a model of a light water moderated Russian icebreaker reactor. The computer tool HELIOS, used for modelling the reactor and the reactor operations, has been extensively qualified by comparisons with experimental data and international benchmark problems for reactor physics codes as well as through feedback from applications. Some of these benchmarks and studies include fuel enrichments up to 90% in Russian marine reactors. Several fuel data cases are discussed in the paper, focusing especially on: 1) early fuel designs with low initial enrichment; 2) more modern fuel designs used in third and fourth generation of Russian submarines probably with intermediate enriched fuel; and 3) marine fuel with initial enrichment levels close to weapons-grade material. In each case the fuel has been burned until k eff has reached below 1. Case 1) has been evaluated, the calculations made as basis for this paper have concentrated on fuel with

  20. Technology scale and supply chains in a secure, affordable and low carbon energy transition

    International Nuclear Information System (INIS)

    Hoggett, Richard

    2014-01-01

    Highlights: • Energy systems need to decarbonise, provide security and remain affordable. • There is uncertainty over which technologies will best enable this to happen. • A strategy to deal with uncertainty is to assess a technologies ability to show resilience, flexibility and adaptability. • Scale is important and smaller scale technologies are like to display the above characteristics. • Smaller scale technologies are therefore more likely to enable a sustainable, secure, and affordable energy transition. - Abstract: This research explores the relationship between technology scale, energy security and decarbonisation within the UK energy system. There is considerable uncertainty about how best to deliver on these goals for energy policy, but a focus on supply chains and their resilience can provide useful insights into the problems uncertainty causes. Technology scale is central to this, and through an analysis of the supply chains of nuclear power and solar photovoltaics, it is suggested that smaller scale technologies are more likely to support and enable a secure, low carbon energy transition. This is because their supply chains are less complex, show more flexibility and adaptability, and can quickly respond to changes within an energy system, and as such they are more resilient than large scale technologies. These characteristics are likely to become increasingly important in a rapidly changing energy system, and prioritising those technologies that demonstrate resilience, flexibility and adaptability will better enable a transition that is rapid, sustainable, secure and affordable

  1. Natural-technological risk assessment and management

    Science.gov (United States)

    Burova, Valentina; Frolova, Nina

    2016-04-01

    EM-DAT statistical data on human impact and economic damages in the 1st semester 2015 are the highest since 2011: 41% of disasters were floods, responsible for 39% of economic damage and 7% of events were earthquakes responsible for 59% of total death toll. This suggests that disaster risk assessment and management still need to be improved and stay the principle issue in national and international related programs. The paper investigates the risk assessment and management practice in the Russian Federation at different levels. The method is proposed to identify the territories characterized by integrated natural-technological hazard. The maps of the Russian Federation zoning according to the integrated natural-technological hazard level are presented, as well as the procedure of updating the integrated hazard level taking into account the activity of separate processes. Special attention is paid to data bases on past natural and technological processes consequences, which are used for verification of current hazard estimation. The examples of natural-technological risk zoning for the country and some regions territory are presented. Different output risk indexes: both social and economic, are estimated taking into account requirements of end-users. In order to increase the safety of population of the Russian Federation the trans-boundaries hazards are also taken into account.

  2. The Concepts of Risk, Safety, and Security: Applications in Everyday Language.

    Science.gov (United States)

    Boholm, Max; Möller, Niklas; Hansson, Sven Ove

    2016-02-01

    The concepts of risk, safety, and security have received substantial academic interest. Several assumptions exist about their nature and relation. Besides academic use, the words risk, safety, and security are frequent in ordinary language, for example, in media reporting. In this article, we analyze the concepts of risk, safety, and security, and their relation, based on empirical observation of their actual everyday use. The "behavioral profiles" of the nouns risk, safety, and security and the adjectives risky, safe, and secure are coded and compared regarding lexical and grammatical contexts. The main findings are: (1) the three nouns risk, safety, and security, and the two adjectives safe and secure, have widespread use in different senses, which will make any attempt to define them in a single unified manner extremely difficult; (2) the relationship between the central risk terms is complex and only partially confirms the distinctions commonly made between the terms in specialized terminology; (3) whereas most attempts to define risk in specialized terminology have taken the term to have a quantitative meaning, nonquantitative meanings dominate in everyday language, and numerical meanings are rare; and (4) the three adjectives safe, secure, and risky are frequently used in comparative form. This speaks against interpretations that would take them as absolute, all-or-nothing concepts. © 2015 Society for Risk Analysis.

  3. 28 CFR 105.11 - Individuals not requiring a security risk assessment.

    Science.gov (United States)

    2010-07-01

    ... requiring a security risk assessment. (a) Citizens and nationals of the United States. A citizen or national... 28 Judicial Administration 2 2010-07-01 2010-07-01 false Individuals not requiring a security risk assessment. 105.11 Section 105.11 Judicial Administration DEPARTMENT OF JUSTICE (CONTINUED) CRIMINAL HISTORY...

  4. AlphaCo: A Teaching Case on Information Technology Audit and Security

    Directory of Open Access Journals (Sweden)

    Hüseyin Tanriverdi

    2006-03-01

    Full Text Available Recent regulations in the United States (U.S. such as the Sarbanes-Oxley Act of 2002 require top management of a public firm to provide reasonable assurance that they institute internal controls that minimize risks over the firm’s operations and financial reporting. External auditors are required to attest to the management’s assertions over the effectiveness of those internal controls. As firms rely more on information technology (IT in conducting business, they also become more vulnerable to IT related risks. IT is critical for initiating, recording, processing, summarizing and reporting accurate financial and non-financial data. Thus, understanding IT related risks and instituting internal control mechanisms that minimize them have become important and created an urgent need for professionals who are equipped with IT audit and security skills and knowledge. However, there is severe shortage of teaching cases that can be used in courses aimed at training such professionals. This teaching case begins to address this gap by fostering classroom discussions around IT audit and security issues. It revolves around a hacking incident that compromised online order processing systems of AlphaCo and led to some fraudulent activity. The hacking incident raises a series of questions about IT security vulnerabilities, internal control deficiencies, integrity of financial statements, and independent auditors’ assessment of fraud in the context of the Sarbanes-Oxley Act. The case places students in the roles of executives, IT managers, and auditors and encourages them to discuss several important questions: how and why did the hacking incident happen; what harm did it cause to the firm; how can the firm prevent such hacking incidents in the future; if they do happen, how can the firm detect hacking incidents and fraud sooner; how do auditors assess the impact of such incidents in the context of a financial statement audit; and whether the management

  5. Development of an Automated Security Risk Assessment Methodology Tool for Critical Infrastructures.

    Energy Technology Data Exchange (ETDEWEB)

    Jaeger, Calvin Dell; Roehrig, Nathaniel S.; Torres, Teresa M.

    2008-12-01

    This document presents the security automated Risk Assessment Methodology (RAM) prototype tool developed by Sandia National Laboratories (SNL). This work leverages SNL's capabilities and skills in security risk analysis and the development of vulnerability assessment/risk assessment methodologies to develop an automated prototype security RAM tool for critical infrastructures (RAM-CITM). The prototype automated RAM tool provides a user-friendly, systematic, and comprehensive risk-based tool to assist CI sector and security professionals in assessing and managing security risk from malevolent threats. The current tool is structured on the basic RAM framework developed by SNL. It is envisioned that this prototype tool will be adapted to meet the requirements of different CI sectors and thereby provide additional capabilities.

  6. Technological stigmatism, risk perception, and truth

    Energy Technology Data Exchange (ETDEWEB)

    Garrick, B.John

    1998-01-01

    Technological stigmas can be a source of confusion and misunderstandings of the effect on public health and safety of technological activities. The result can be a gross waste of national resources to fix the 'stigma' rather than the real problem. Fueling technological stigmas has become a visible activity, especially among non-technical professionals. Further, it is not clear that these same critics are accountable for their influence on policy and practices that may adversely affect people's lives and financial resources. Their bad news of alleged high risk and incompetent technologists is more appealing to the press than the more technical and apparently boring news of finding engineering solutions to real problems. The issue of technological stigma is especially visible in relation to the environmental and safety effects of the nuclear and chemical industries. These industries are in an extremely defensive position because the stigmatizes put much more emphasis on their risks than on their benefits to society. There is the genuine threat of the denial of important technologies in the nuclear and chemical fields and a resulting loss of lives and resources. The actions required to better tell the whole cost-risk-benefit story of specific technologies have to come from all of the groups involved. The critics and stigmatizers need to be more accountable for their assertions, the technologists need to involve the public more in their consideration of technological solutions to environmental and safety issues, and the press needs to present all of the facts rather than just the sensational or 'outrage' part of the story.

  7. Technological stigmatism, risk perception, and truth

    International Nuclear Information System (INIS)

    Garrick, B.John

    1998-01-01

    Technological stigmas can be a source of confusion and misunderstandings of the effect on public health and safety of technological activities. The result can be a gross waste of national resources to fix the 'stigma' rather than the real problem. Fueling technological stigmas has become a visible activity, especially among non-technical professionals. Further, it is not clear that these same critics are accountable for their influence on policy and practices that may adversely affect people's lives and financial resources. Their bad news of alleged high risk and incompetent technologists is more appealing to the press than the more technical and apparently boring news of finding engineering solutions to real problems. The issue of technological stigma is especially visible in relation to the environmental and safety effects of the nuclear and chemical industries. These industries are in an extremely defensive position because the stigmatizes put much more emphasis on their risks than on their benefits to society. There is the genuine threat of the denial of important technologies in the nuclear and chemical fields and a resulting loss of lives and resources. The actions required to better tell the whole cost-risk-benefit story of specific technologies have to come from all of the groups involved. The critics and stigmatizers need to be more accountable for their assertions, the technologists need to involve the public more in their consideration of technological solutions to environmental and safety issues, and the press needs to present all of the facts rather than just the sensational or 'outrage' part of the story

  8. Priorities for technology development and policy to reduce the risk from radioactive materials

    International Nuclear Information System (INIS)

    Duggan, Ruth Ann

    2010-01-01

    The Standing Committee on International Security of Radioactive and Nuclear Materials in the Nonproliferation and Arms Control Division conducted its fourth annual workshop in February 2010 on Reducing the Risk from Radioactive and Nuclear Materials. This workshop examined new technologies in real-time tracking of radioactive materials, new risks and policy issues in transportation security, the best practices and challenges found in addressing illicit radioactive materials trafficking, industry leadership in reducing proliferation risk, and verification of the Nuclear Nonproliferation Treaty, Article VI. Technology gaps, policy gaps, and prioritization for addressing the identified gaps were discussed. Participants included academia, policy makers, radioactive materials users, physical security and safeguards specialists, and vendors of radioactive sources and transportation services. This paper summarizes the results of this workshop with the recommendations and calls to action for the Institute of Nuclear Materials Management (INMM) membership community.

  9. Assessment of the Technological Changes Impact on the Sustainability of State Security System of Ukraine

    Directory of Open Access Journals (Sweden)

    Olexandr Yemelyanov

    2018-04-01

    Full Text Available Currently, the governments of many countries are facing with a lack of funds for financing programs for social protection of population. Among the causes of this problem, we can indicate the high unemployment rate, which, among other things, is due to implementation of labor-saving technologies. The purpose of this work is to study the impact of technological changes on the sustainability of the state social security system in Ukraine. The general approaches to the assessment of the stability of the state social security system are described. The simulation of the effect of economically efficient technological changes on the company’s income and expenses was carried out. Some patterns of such changes are established. The group of productive technological changes types is presented. The model is developed, and an indicator of the impact estimation of efficiently effective technological changes on the stability of the state social security system is proposed. The analysis of the main indicators of the state social security system functioning of Ukraine is carried out. The dynamics of indicators characterizing the labor market of Ukraine is analyzed. The influence of changes in labor productivity on costs and profits by industries of Ukraine is estimated. The evaluation of the impact of economically efficient technological changes in the industries of Ukraine on the stability of its state social security system is carried out. The different state authorities can use the obtained results for developing measures to manage the sustainability of the state social security system.

  10. Audit and Evaluation of Computer Security. Computer Science and Technology.

    Science.gov (United States)

    Ruthberg, Zella G.

    This is a collection of consensus reports, each produced at a session of an invitational workshop sponsored by the National Bureau of Standards. The purpose of the workshop was to explore the state-of-the-art and define appropriate subjects for future research in the audit and evaluation of computer security. Leading experts in the audit and…

  11. The application of data encryption technology in computer network communication security

    Science.gov (United States)

    Gong, Lina; Zhang, Li; Zhang, Wei; Li, Xuhong; Wang, Xia; Pan, Wenwen

    2017-04-01

    With the rapid development of Intemet and the extensive application of computer technology, the security of information becomes more and more serious, and the information security technology with data encryption technology as the core has also been developed greatly. Data encryption technology not only can encrypt and decrypt data, but also can realize digital signature, authentication and authentication and other functions, thus ensuring the confidentiality, integrity and confirmation of data transmission over the network. In order to improve the security of data in network communication, in this paper, a hybrid encryption system is used to encrypt and decrypt the triple DES algorithm with high security, and the two keys are encrypted with RSA algorithm, thus ensuring the security of the triple DES key and solving the problem of key management; At the same time to realize digital signature using Java security software, to ensure data integrity and non-repudiation. Finally, the data encryption system is developed by Java language. The data encryption system is simple and effective, with good security and practicality.

  12. Technology Evaluation for Environmental Risk Mitigation Compendium

    Science.gov (United States)

    Meinhold, A.; Greene, B.; Dussich, J.; Sorkin, A.; Olsen, W.

    2017-01-01

    The Technology Evaluation for Environmental Risk Mitigation (TEERM) Principal Center and its predecessor organization the Acquisition Pollution Prevention Program (AP2) supported the National Aeronautics and Space Administration (NASA) in identifying technology solutions to risks and costs to NASA programs driven by environmental regulations and requirements. TEERM researched the commercial and government marketplace to locate viable and available technologies that met NASAs needs. TEERM focused on addressing environmentally-driven risks of direct concern to NASA programs and facilities, including hazardous materials in NASA operations and materials that became obsolescent because of environmental regulations. TEERM projects aimed to reduce cost; ensure the health and safety of people, assets, and the environment; promote efficiency; and minimize duplication. Major TEERM and AP2 projects focused on waste minimization and hazardous waste treatment, recycling, corrosion prevention and control, solvent and ozone depleting substances substitution, and aqueous based cleaners. In 2017, NASA made the decision to terminate the TEERM Principal Center. This Compendium Report documents TEERM and AP2 project successes. The Compendium Report traces the evolution of TEERM based on evolving risks and requirements for NASA and its relationship to the Space Shuttle Program, the United States Department of Defense, the European Space Agency, and other public and private stakeholders. This Compendium Report also documents project details from Project Summaries and Joint Test Plans and describes project stakeholders and collaborative effort results.

  13. Reducing risks to food security from climate change

    DEFF Research Database (Denmark)

    Campbell, Bruce Morgan; Vermeulen, Sonja Joy; Aggarwal, Pramod

    2016-01-01

    , with very little attention paid to more systems components of cropping, let alone other dimensions of food security. Given the serious threats to food security, attention should shift to an action-oriented research agenda, where we see four key challenges: (a) changing the culture of research; (b) deriving...

  14. Beyond sectors, before the world : Finance, security and risk

    NARCIS (Netherlands)

    Kessler, Oliver

    While security and finance are certainly different social spheres, the fact that we can detect similar shifts in both points to the existence of something that precedes these 'realities'. If finance and security are said to be different, intertwined and related, the question then arises as to what

  15. Risk and business goal based security requirement and countermeasure prioritization

    NARCIS (Netherlands)

    Herrmann, A.; Morali, A.; Etalle, S.; Wieringa, R.J.; Niedrite, L.; Strazdina, R.; Wangler, B.

    2012-01-01

    Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement "good-enough security" but need to be able to justify their security investment plans. Currently companies achieve this by means of

  16. The secret to health information technology's success within the diabetes patient population: a comprehensive privacy and security framework.

    Science.gov (United States)

    Pandya, Sheel M

    2010-05-01

    Congress made an unprecedented investment in health information technology (IT) when it passed the American Recovery and Reinvestment Act in February 2009. Health IT provides enormous opportunities to improve health care quality, reduce costs, and engage patients in their own care. But the potential payoff for use of health IT for diabetes care is magnified given the prevalence, cost, and complexity of the disease. However, without proper privacy and security protections in place, diabetes patient data are at risk of misuse, and patient trust in the system is undermined. We need a comprehensive privacy and security framework that articulates clear parameters for access, use, and disclosure of diabetes patient data for all entities storing and exchanging electronic data. (c) 2010 Diabetes Technology Society.

  17. Risk Assessment Generated by Usage of ICT and Information Security Measures

    Directory of Open Access Journals (Sweden)

    Ilie TAMAS

    2006-01-01

    Full Text Available Information societies involve the usage of information technology and communications (ITC on a large scale. The dependence on ITC is an unquestionable problem in the present, because we assist to a generality of computers usage in all economic and social life activities. That is why organization information systems became accessible at the global level and there are permanently open for a quick exchange of information between different categories of users located by different geographical nods. The ITC usage involves the existing of some risks that should be known, evaluation and based on these, we must have information systems security measure. We consider that the risk is an indicator very important that must be permanently assess in the usage process of the information system based on ITC. Risk management suppose a permanently evaluation of these problems and also restrain by some practical actions who goes to the decrease of its effects. From the expose point of view, in this paper work it is presented the results of research based on specialty literature and current cases from practical activities, regarding the risks of ITC usage and their diminishing measure. There are distinguished the main factors (threat, vulnerability and impact who affect the information risk and on the other way, diminishing measure of the action to these factors for optimum working of an economic and social organism who use ITC. We consider that through proposed measures we assume safety in design process, implement and usage of the informational systems based on ITC.

  18. Risk assessment research and technology assessment

    International Nuclear Information System (INIS)

    Albach, H.; Schade, D.; Sinn, H.

    1991-01-01

    The concepts and approaches for technology assessment, the targets and scientific principles, as well as recognizable deficits and recommendations concerning purposeful strategies for the promotion of this research field require a dialog between those concerned. Conception, deficits, and the necessary measures for risk assessment research and technology assessment were discussed as well as ethical aspects. The problematic nature of using organisms altered through genetic engineering in the open land, traffic and transport, site restoration, nuclear energy, and isotope applications were subjects particularly dealt with. (DG) [de

  19. New technologies and the search for security: Prospects for a post-cold-war era

    International Nuclear Information System (INIS)

    Brown, G.E. Jr.

    1990-01-01

    Technology alone will not solve our many environmental, economic and military problems. The search for peace and security must be based on a concept of international security that extends beyond the bounds of military concerns and into the realm of environmental and economic matters. In our efforts to understand how science and technology fit within this security context, we should not look simply at emerging technologies, even those that are sustainable and stabilizing, as being the principal candidates for drastic improvements in peace and security on our planet. One must keep in mind that security for as many as one fourth to one half of the world's inhabitants would be revolutionized if they had access to some of the most basic existing technologies of our times. Equitable access to resources and technology is an age-old problem. Today it must be faced on a global basis. It demands creating a new world economic order that combines the best that the capitalist and socialist economies can offer. We must declare today that a secure global society cannot exist which is half in slavery to poverty and deprived of opportunity, and half free to develop its potential and achieve its dreams

  20. New technologies and the search for security: Prospects for a post-cold-war era

    Energy Technology Data Exchange (ETDEWEB)

    Brown, Jr, G E

    1991-12-31

    Technology alone will not solve our many environmental, economic and military problems. The search for peace and security must be based on a concept of international security that extends beyond the bounds of military concerns and into the realm of environmental and economic matters. In our efforts to understand how science and technology fit within this security context, we should not look simply at emerging technologies, even those that are sustainable and stabilizing, as being the principal candidates for drastic improvements in peace and security on our planet. One must keep in mind that security for as many as one fourth to one half of the world`s inhabitants would be revolutionized if they had access to some of the most basic existing technologies of our times. Equitable access to resources and technology is an age-old problem. Today it must be faced on a global basis. It demands creating a new world economic order that combines the best that the capitalist and socialist economies can offer. We must declare today that a secure global society cannot exist which is half in slavery to poverty and deprived of opportunity, and half free to develop its potential and achieve its dreams

  1. Designing a Physical Security System for Risk Reduction in a Hypothetical Nuclear Facility

    International Nuclear Information System (INIS)

    Saleh, A.A.; Abd Elaziz, M.

    2017-01-01

    Physical security in a nuclear facility means detection, prevention and response to threat, the ft, sabotage, unauthorized access and illegal transfer involving radioactive and nuclear material. This paper proposes a physical security system designing concepts to reduce the risk associated with variant threats to a nuclear facility. This paper presents a study of the unauthorized removal and sabotage in a hypothetical nuclear facility considering deter, delay and response layers. More over, the study involves performing any required upgrading to the security system by investigating the nuclear facility layout and considering all physical security layers design to enhance the weakness for risk reduction

  2. Satellite Data and Machine Learning for Weather Risk Management and Food Security.

    Science.gov (United States)

    Biffis, Enrico; Chavez, Erik

    2017-08-01

    The increase in frequency and severity of extreme weather events poses challenges for the agricultural sector in developing economies and for food security globally. In this article, we demonstrate how machine learning can be used to mine satellite data and identify pixel-level optimal weather indices that can be used to inform the design of risk transfers and the quantification of the benefits of resilient production technology adoption. We implement the model to study maize production in Mozambique, and show how the approach can be used to produce countrywide risk profiles resulting from the aggregation of local, heterogeneous exposures to rainfall precipitation and excess temperature. We then develop a framework to quantify the economic gains from technology adoption by using insurance costs as the relevant metric, where insurance is broadly understood as the transfer of weather-driven crop losses to a dedicated facility. We consider the case of irrigation in detail, estimating a reduction in insurance costs of at least 30%, which is robust to different configurations of the model. The approach offers a robust framework to understand the costs versus benefits of investment in irrigation infrastructure, but could clearly be used to explore in detail the benefits of more advanced input packages, allowing, for example, for different crop varieties, sowing dates, or fertilizers. © 2017 Society for Risk Analysis.

  3. Evaluation methodologies for security testing biometric systems beyond technological evaluation

    OpenAIRE

    Fernández Saavedra, María Belén

    2013-01-01

    The main objective of this PhD Thesis is the specification of formal evaluation methodologies for testing the security level achieved by biometric systems when these are working under specific contour conditions. This analysis is conducted through the calculation of the basic technical biometric system performance and its possible variations. To that end, the next two relevant contributions have been developed. The first contribution is the definition of two independent biometric performance ...

  4. Japanese Technology and U.S. National Security

    Science.gov (United States)

    1990-12-01

    Japanese penchant for situational ethics allowed a sharp psychological about-face following the war, enabling them to accept the American policies. Power...Reagan/Bush Administrations have exaggerated the nation’s defense needs and that selfish interests are overriding objectivity and common sense in the ...security.195 They view the United States as having benign political motives and having the largest domestic market needed to develop regional

  5. Microcontroller Based Home Security and Load Controlling Using Gsm Technology

    OpenAIRE

    Mustafijur Rahman; A.H.M Zadidul Karim; Sultanur Nyeem; Faisal Khan; Golam Matin

    2015-01-01

    "Home automation" referred to as 'Intelligent home' or 'automated home', indicates the automation of daily tasks with electrical devices used in homes. This could be the control of lights or more complex chores such as remote viewing of the house interiors for surveillance purposes. The emerging concept of smart homes offers a comfortable, convenient and safe and secure environment for occupants. These include automatic load controlling, fire detection, temperature sensing, and motion detecti...

  6. Using automatic identification system technology to improve maritime border security

    OpenAIRE

    Lindstrom, Tedric R.

    2014-01-01

    Approved for public release; distribution is unlimited Our coastal waters are the United States’ most open and vulnerable borders. This vast maritime domain harbors critical threats from terrorism, criminal activities, and natural disasters. Maritime borders pose significant security challenges, as nefarious entities have used small boats to conduct illegal activities for years, and they continue to do so today. Illegal drugs, money, weapons, and migrants flow both directions across our ma...

  7. Information Technology Sector Baseline Risk Assessment

    Science.gov (United States)

    2009-08-01

    alternative root be economically advantageous , an actor’s ability to exploit market forces and create an alternative root would be significantly improved...conduct their operations. Therefore, a loss or disruption to Internet services would not be advantageous for the desired outcomes of these syndicates.26... eCommerce Service loss or disruption [C] Traffic Redirection [C] = Undesired consequence Information Technology Sector Baseline Risk Assessment

  8. The Role of Agricultural Technology in Food and Nutritional Security ...

    African Journals Online (AJOL)

    Strengthening of agricultural research and extension. The development and utilization of profitable and environmentally-friendly technology is an essential factor for the transformation of agriculture into a modern sector. The impact of technology can be attained through the revitalization of agricultural research and extension ...

  9. Mobile Technology: The Foundation for an Engaged and Secure Campus Community

    Science.gov (United States)

    Chapel, Edward

    2008-01-01

    Montclair State University, a public New Jersey institution with more than 17,000 students enrolled, has harnessed the cell phone and cellular broadband technology to foster a stronger sense of community and provide students with a safe, secure, and rich learning environment. This paper discusses the potential for new technologies to foster…

  10. Information Technology Management: Social Security Administration Practices Can Be Improved

    National Research Council Canada - National Science Library

    Shaw, Clay

    2001-01-01

    ...) develop and maintain selection criteria that include explicit cost, benefit, schedule, and risk criteria to facilitate the objective analysis, comparison, prioritization, and selection of IT investments; (3...

  11. Governance and Risk Management of Network and Information Security: The Role of Public Private Partnerships in Managing the Existing and Emerging Risks

    Science.gov (United States)

    Navare, Jyoti; Gemikonakli, Orhan

    Globalisation and new technology has opened the gates to more security risks. As the strategic importance of communication networks and information increased, threats to the security and safety of communication infrastructures, as well as information stored in and/or transmitted increased significantly. The development of the self replicating programmes has become a nightmare for Internet users. Leading companies, strategic organisations were not immune to attacks; they were also "hacked" and overtaken by intruders. Incidents of recent years have also shown that national/regional crisis may also trigger cyber attacks at large scale. Experts forecast that cyber wars are likely to take the stage as tension mounts between developed societies. New risks such as cyber-attacks, network terrorism and disintegration of traditional infrastructures has somewhat blurred the boundaries of operation and control. This paper seeks to consider the risk management and governance and looking more specifically at implications for emerging economies.

  12. Europe, Middle East and North Africa Conference on Technology and Security to Support Learning 2016

    CERN Document Server

    Serrhini, Mohammed; Felgueiras, Carlos

    2017-01-01

    This book contains a selection of articles from The Europe, Middle East and North Africa Conference on Technology and Security to Support Learning 2016 (EMENA-TSSL'16), held between the 3th and 5th of October at Saidia, Oujda, Morocco. EMENA-TSSL'16 is a global forum for researchers and practitioners to present and discuss recent results and innovations, current trends, professional experiences and challenges in Information & Communication Technologies, and Security to support Learning. The main topics covered are: A) Online Education; B) Emerging Technologies in Education; C) Artificial Intelligence in Education; D) Gamification and Serious games; E) Network & Web Technologies Applications; F) Online experimentation and Virtual Laboratories; G) Multimedia Systems and Applications; H) Security and Privacy; I) Multimedia, Computer Vision and Image Processing; J) Cloud, Big Data Analytics and Applications; K) Human-Computer Interaction; L) Software Systems, Architectures, Applications and Tools; M) Onli...

  13. Risk and Business Goal Based Security Requirement and Countermeasure Prioritization

    OpenAIRE

    Herrmann, Andrea; Morali, A.; Etalle, Sandro; Wieringa, Roelf J.; Niedrite, Laila; Strazdina, Renate; Wangler, Benkt

    2012-01-01

    Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement “good-enough security‿ but need to be able to justify their security investment plans. Currently companies achieve this by means of checklist-based security assessments, but these methods are a way to achieve consensus without being able to provide justifications of countermeasures in terms of business goals. But such justificat...

  14. Exploring public perceptions of energy security risks in the UK

    International Nuclear Information System (INIS)

    Demski, Christina; Poortinga, Wouter; Pidgeon, Nick

    2014-01-01

    Along with climate change and affordability, concerns about energy security are key drivers behind proposals for major energy system change in the UK and numerous other countries. Unlike climate change we know very little about how the public thinks and feels about this aspect of sustainability and energy policy. Beyond engaging critically with conceptual and theoretical discussions, empirical data from two surveys (Cardiff postal survey, N=520; online UK survey, N=499) using a ten item energy security scale are presented and discussed. Here we show that aspects of energy security are certainly of concern to the UK public, with particularly high concern around dependence on fossil fuels/imports and relatively lower expressed concern for actual disruption of energy supply. However public concerns around energy security are only emerging, and likely to change depending on the context in which it is discussed (e.g. in comparison to climate change). In addition, findings from public interviews are used to further contextualise the survey findings, showing unfamiliarity among the UK public with regards to the term “energy security”. We discuss implications, and further work that would be useful for understanding public perceptions in more depth. - highlights: • Exploring public views on energy security using a 10 item scale. • Concerns over energy security is relatively high but susceptible to framing. • Patterns of concern for different energy security aspects examined. • The term energy security is unfamiliar, only an emerging concern among UK publics. • Further discussion on the meanings and implications of these perceptions

  15. Security of OS-level virtualization technologies: Technical report

    OpenAIRE

    Reshetova, Elena; Karhunen, Janne; Nyman, Thomas; Asokan, N.

    2014-01-01

    The need for flexible, low-overhead virtualization is evident on many fronts ranging from high-density cloud servers to mobile devices. During the past decade OS-level virtualization has emerged as a new, efficient approach for virtualization, with implementations in multiple different Unix-based systems. Despite its popularity, there has been no systematic study of OS-level virtualization from the point of view of security. In this report, we conduct a comparative study of several OS-level v...

  16. Overseas Risks to China’s Energy Security and Potential Countermeasures

    Directory of Open Access Journals (Sweden)

    Chi Zhang

    2014-12-01

    Full Text Available This article discusses the overseas risks to China’s energy security and provides suggestions for how to safeguard China’s energy security. The key to China’s energy security is supply security. This means obtaining enough and continued energy supply at affordable prices which can be divided into two factors: one is purchasing energy at reasonable prices; the other is having uninterrupted energy import. Accordingly, the major overseas challenges to China’s energy security are the surging international oil prices and the problem of safeguarding energy imports. There are both merits and shortcomings to the energy security concept of realism and that of neo-liberalism. Suggestions for how to secure China’s energy supply should be based on China’s conditions as well as a critique of the two theoretical perspectives and should include three aspects: energy diplomacy, military development and strategic oil reserves.

  17. Airports at Risk: The Impact of Information Sources on Security Decisions

    OpenAIRE

    Kirschenbaum, Avi; Mariani, Michele; Van Gulijk, Coen; Rapaport, Carmit; Lubasz, Sharon

    2012-01-01

    Security decisions in high risk organizations such as airports involve obtaining ongoing and frequent information about potential threats. Utilizing questionnaire survey data from a sample of airport\\ud employees in European Airports across the continent, we analyzed \\ud how both formal and informal sources of security information affect employee's decisions to comply with the security rules and\\ud directives. This led us to trace information network flows to assess its impact on the degree e...

  18. Development Methodology of a Cyber Security Risk Analysis and Assessment Tool for Digital I and C Systems in Nuclear Power Plant

    International Nuclear Information System (INIS)

    Cha, K. H.; Lee, C. K.; Song, J. G.; Lee, Y. J.; Kim, J. Y.; Lee, J. W.; Lee, D. Y.

    2011-01-01

    With the use of digital computers and communication networks the hot issues on cyber security were raised about 10 years ago. The scope of cyber security application has now been extended from the safety Instrumentation and Control (I and C) system to safety important systems, plant security system, and emergency preparedness system. Therefore, cyber security should be assessed and managed systematically throughout the development life cycle of I and C systems in order for their digital assets to be protected from cyber attacks. Fig. 1 shows the concept of a cyber security risk management of digital I and C systems in nuclear power plants (NPPs). A lot of cyber security risk assessment methods, techniques, and supported tools have been developed for Information Technology (IT) systems, but they have not been utilized widely for cyber security risk assessments of the digital I and C systems in NPPs. The main reason is a difference in goals between IT systems and nuclear I and C systems. Confidentiality is important in IT systems, but availability and integrity are important in nuclear I and C systems. Last year, it was started to develop a software tool to be specialized for the development process of nuclear I and C systems. This paper presents a development methodology of the Cyber Security Risk analysis and Assessment Tool (CSRAT) for the digital I and C systems in NPP

  19. Development Methodology of a Cyber Security Risk Analysis and Assessment Tool for Digital I and C Systems in Nuclear Power Plant

    Energy Technology Data Exchange (ETDEWEB)

    Cha, K. H.; Lee, C. K.; Song, J. G.; Lee, Y. J.; Kim, J. Y.; Lee, J. W.; Lee, D. Y. [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of)

    2011-05-15

    With the use of digital computers and communication networks the hot issues on cyber security were raised about 10 years ago. The scope of cyber security application has now been extended from the safety Instrumentation and Control (I and C) system to safety important systems, plant security system, and emergency preparedness system. Therefore, cyber security should be assessed and managed systematically throughout the development life cycle of I and C systems in order for their digital assets to be protected from cyber attacks. Fig. 1 shows the concept of a cyber security risk management of digital I and C systems in nuclear power plants (NPPs). A lot of cyber security risk assessment methods, techniques, and supported tools have been developed for Information Technology (IT) systems, but they have not been utilized widely for cyber security risk assessments of the digital I and C systems in NPPs. The main reason is a difference in goals between IT systems and nuclear I and C systems. Confidentiality is important in IT systems, but availability and integrity are important in nuclear I and C systems. Last year, it was started to develop a software tool to be specialized for the development process of nuclear I and C systems. This paper presents a development methodology of the Cyber Security Risk analysis and Assessment Tool (CSRAT) for the digital I and C systems in NPP

  20. Data Security Risk Estimation for Information-Telecommunication Systems on the basis of Cloud Computing

    Directory of Open Access Journals (Sweden)

    Anatoly Valeryevich Tsaregorodtsev

    2014-02-01

    Full Text Available Cloud computing will be one of the most common IT technologies to deploy applications, due to its key features: on-demand network access to a shared pool of configurable computing resources, flexibility and good quality/price ratio. Migrating to cloud architecture enables organizations to reduce the overall cost of implementing and maintaining the infrastructure and reduce development time for new business applications. There are many factors that influence the information security environment of cloud, as its multitenant architecture brings new and more complex problems and vulnerabilities. And the approach to risk estimation used in making decisions about the migration of critical data in the cloud infrastructure of the organization are proposed in the paper.

  1. Finding the right technology solutions to secure our borders

    CSIR Research Space (South Africa)

    Venter, CP

    2015-10-01

    Full Text Available technologies used • Radar and Electronic warfare systems, optronic systems, unmanned aerial vehicles, databases, software, networks. • Preparation time 8 months • Executed over two weeks Working with real results After the experiment • Overall...

  2. Scenario-based approach to risk analysis in support of cyber security

    Energy Technology Data Exchange (ETDEWEB)

    Gertman, D. I.; Folkers, R.; Roberts, J. [Idaho National Laboratory, Roberts and Folkers Associates, LLC, Idaho Falls, ID 83404 (United States)

    2006-07-01

    The US infrastructure is continually challenged by hostile nation states and others who would do us harm. Cyber vulnerabilities and weaknesses are potential targets and are the result of years of construction and technological improvement in a world less concerned with security than is currently the case. As a result, cyber attack presents a class of challenges for which we are just beginning to prepare. What has been done in the nuclear, chemical and energy sectors as a means of anticipating and preparing for randomly occurring accidents and off-normal events is to develop scenarios as a means by which to prioritize and quantify risk and to take action. However, the number of scenarios risk analysts can develop is almost limitless. How do we ascertain which scenario has the greatest merit? One of the more important contributions of probabilistic risk analysis (PRA) has been to quantify the initiating event probability associated with various classes of accidents; and to quantify the occurrence of various conditions, i.e., end-states, as a function of these important accident sequences. Typically, various classes of conditions are represented by scenarios and are quantified in terms of cut sets and binned into end states. For example, the nuclear industry has a well-defined set of initiating events that are studied in assessing risk. The maturation of risk analysis for cyber security from accounting for barriers or looking at conditions statically to one of ascertaining the probability associated with certain events is, in part, dependent upon the adoption of a scenario-based approach. For example, scenarios take into account threats to personnel and public safety; economic damage, and compromises to major operational and safety functions. Scenarios reflect system, equipment, and component configurations as well as key human-system interactions related to event detection, diagnosis, mitigation and restoration of systems. As part of a cyber attack directed toward

  3. Scenario-based approach to risk analysis in support of cyber security

    International Nuclear Information System (INIS)

    Gertman, D. I.; Folkers, R.; Roberts, J.

    2006-01-01

    The US infrastructure is continually challenged by hostile nation states and others who would do us harm. Cyber vulnerabilities and weaknesses are potential targets and are the result of years of construction and technological improvement in a world less concerned with security than is currently the case. As a result, cyber attack presents a class of challenges for which we are just beginning to prepare. What has been done in the nuclear, chemical and energy sectors as a means of anticipating and preparing for randomly occurring accidents and off-normal events is to develop scenarios as a means by which to prioritize and quantify risk and to take action. However, the number of scenarios risk analysts can develop is almost limitless. How do we ascertain which scenario has the greatest merit? One of the more important contributions of probabilistic risk analysis (PRA) has been to quantify the initiating event probability associated with various classes of accidents; and to quantify the occurrence of various conditions, i.e., end-states, as a function of these important accident sequences. Typically, various classes of conditions are represented by scenarios and are quantified in terms of cut sets and binned into end states. For example, the nuclear industry has a well-defined set of initiating events that are studied in assessing risk. The maturation of risk analysis for cyber security from accounting for barriers or looking at conditions statically to one of ascertaining the probability associated with certain events is, in part, dependent upon the adoption of a scenario-based approach. For example, scenarios take into account threats to personnel and public safety; economic damage, and compromises to major operational and safety functions. Scenarios reflect system, equipment, and component configurations as well as key human-system interactions related to event detection, diagnosis, mitigation and restoration of systems. As part of a cyber attack directed toward

  4. Affect and Acceptability: Exploring Teachers' Technology-Related Risk Perceptions

    Science.gov (United States)

    Howard, Sarah K.

    2011-01-01

    Educational change, such as technology integration, involves risk. Teachers are encouraged to "take risks", but what risks they are asked to take and how do they perceive these risks? Developing an understanding of teachers' technology-related risk perceptions can help explain their choices and behaviours. This paper presents a way to…

  5. Smart Secure Homes: A Survey of Smart Home Technologies that Sense, Assess, and Respond to Security Threats.

    Science.gov (United States)

    Dahmen, Jessamyn; Cook, Diane J; Wang, Xiaobo; Honglei, Wang

    2017-08-01

    Smart home design has undergone a metamorphosis in recent years. The field has evolved from designing theoretical smart home frameworks and performing scripted tasks in laboratories. Instead, we now find robust smart home technologies that are commonly used by large segments of the population in a variety of settings. Recent smart home applications are focused on activity recognition, health monitoring, and automation. In this paper, we take a look at another important role for smart homes: security. We first explore the numerous ways smart homes can and do provide protection for their residents. Next, we provide a comparative analysis of the alternative tools and research that has been developed for this purpose. We investigate not only existing commercial products that have been introduced but also discuss the numerous research that has been focused on detecting and identifying potential threats. Finally, we close with open challenges and ideas for future research that will keep individuals secure and healthy while in their own homes.

  6. Security technology discussion for emergency command system of nuclear power plant

    International Nuclear Information System (INIS)

    Liu Zhenjun

    2014-01-01

    Nuclear power plant emergency command system can provide valuable data for emergency personnel, such as the unit data, weather data, environmental radiation data. In the course of emergency response, the emergency command system provides decision support to quickly and effectively control and mitigate the consequences of the nuclear accident, to avoid and reduce the dose received by staff and the public, to protect the environment and the public. There are high performance requirements on the security of the system and the data transmission. Based on the previous project and new demand after the Fukushima incident, the security technology design of emergency system in nuclear power plant was discussed. The results show that the introduction of information security technology can effectively ensure the security of emergency systems, and enhance the capacity of nuclear power plant to deal with nuclear accidents. (author)

  7. Microsoft Technology as an Optimization Tool in Promoting Security and Functionality of the Educational System

    Directory of Open Access Journals (Sweden)

    Jelena Jardas Antonic

    2008-10-01

    Full Text Available Abstract - In the cooperation with the City of Rijeka, the project of analysis of the functional and security situation of information infrastructure has been initiated in 24 schools in the authority of the city. Having completed the multicriteria analysis of the collected data, we have built a model of implementing Microsoft service technologies. The implementation should satisfy the elementary security principles that are required by the security standards today, maximizing functionality of infrastructure and minimizing network administration tasks. Server technology that has been used in this solution is Microsoft Widows 2003 Server R2 and Internet Security and Acceleration Server 2006, as well as the GFI WebMonitor and antivirus.

  8. Lethal stakes: rig-hand killings show rising security risks abroad

    International Nuclear Information System (INIS)

    Lorenz, A.

    1999-01-01

    The increasing demands for protection money from foreign exploration and pipeline construction companies by left-wing guerrilla groups in various South American countries led to greater attention being focused on security services. This paper discusses the various alternatives to consider when choosing a security service. The experience of a Canadian pipeline company with projects in South America, and in need of security services, is described. The company felt that it was important that the security firm have a Calgary presence. It ended up hiring Calgary Protection Concepts Corporation, which is run by former Canadian police and intelligence officers, who provide a wide range of security services. Staff spend time in the country involved to look over the local security situation, develop contacts with local intelligence officers, and contract overseas agents who arrange for bodyguards, escorts and armored cars. ProCon also helps companies develop crisis management plans, guiding senior personnel through scenarios such as kidnapping, extortion and civil strife. ProCon also has a 24-hour emergency assistance call centre to provide immediate advice, to notify personnel and family members and to monitor the situation. Trust is key to hiring an outside security service since the security firm becomes party to extremely confidential information. Top security firms usually specialize in either security work or political risk analysis, but not both. The reason for this is that there are big differences in mentality, training and capabilities between studying risks and actively guarding against hazards

  9. Lethal stakes: rig-hand killings show rising security risks abroad

    Energy Technology Data Exchange (ETDEWEB)

    Lorenz, A

    1999-05-03

    The increasing demands for protection money from foreign exploration and pipeline construction companies by left-wing guerrilla groups in various South American countries led to greater attention being focused on security services. This paper discusses the various alternatives to consider when choosing a security service. The experience of a Canadian pipeline company with projects in South America, and in need of security services, is described. The company felt that it was important that the security firm have a Calgary presence. It ended up hiring Calgary Protection Concepts Corporation, which is run by former Canadian police and intelligence officers, who provide a wide range of security services. Staff spend time in the country involved to look over the local security situation, develop contacts with local intelligence officers, and contract overseas agents who arrange for bodyguards, escorts and armored cars. ProCon also helps companies develop crisis management plans, guiding senior personnel through scenarios such as kidnapping, extortion and civil strife. ProCon also has a 24-hour emergency assistance call centre to provide immediate advice, to notify personnel and family members and to monitor the situation. Trust is key to hiring an outside security service since the security firm becomes party to extremely confidential information. Top security firms usually specialize in either security work or political risk analysis, but not both. The reason for this is that there are big differences in mentality, training and capabilities between studying risks and actively guarding against hazards.

  10. The research on information security technology for the industrial control system of special equipment

    International Nuclear Information System (INIS)

    Chen Ligang; Liu Hongye; Zhang Wei; Sun Jianying; Lan Peng; Dai Sidan

    2014-01-01

    With the rapid development of information technology in enterprise application, industrial control network and management network is becoming more and more closely linked. Development and application of special equipment control system from the traditional industrial control system, not considered when designing communication security problem mainly, therefore, the industrial control system opened at the same time, isolation control system and the outside was weakened, the safety problems of industrial control system had become more and more serious. The practical application combined with the special equipment control system, analysis and elaboration in view of security problems for the control network, also, provide appropriate security solutions for professional characteristics of industrial control network, design on process control system specially, provide security partition protection scheme, in order to improve security ability of industrial control system information. (authors)

  11. MUSES RT2AE V P/DP: On the Road to Privacy-Friendly Security Technologies in the Workplace

    OpenAIRE

    Van Der Sype, Yung Shin Marleen; Guislain, Jonathan; Seigneur, Jean-Marc; Titi, Xavier

    2016-01-01

    Successful protection of company data assets requires strong technological support. As many security incidents still occur from within, security technologies often include elements to monitor the behaviour of employees. As those security systems are considered as privacy-intrusive, they are hard to align with the privacy and data protection rights of the employees of the company. Even though there is currently no legal obligation for developers to embed privacy and data protection in security...

  12. Use of Persuasive Technology to Change End-Users- IT Security Aware Behaviour: A Pilot Study

    OpenAIRE

    Ai Cheo Yeo; Md. Mahbubur Rahim; Yin Ying Ren

    2008-01-01

    Persuasive technology has been applied in marketing, health, environmental conservation, safety and other domains and is found to be quite effective in changing people-s attitude and behaviours. This research extends the application domains of persuasive technology to information security awareness and uses a theory-driven approach to evaluate the effectiveness of a web-based program developed based on the principles of persuasive technology to improve the information sec...

  13. Safety Risk Management for Homeland Defense and Security Responders

    National Research Council Canada - National Science Library

    Meyers, Tommey H

    2005-01-01

    .... Coast Guard and the U.S. Navy. This revealed that Operational Risk Management (ORM), a risk-based decision-making tool that systematically balances risk and mission completion, and Crew Resource Management (CRM...

  14. Integrated Safety and Security Risk Assessment Methods: A Survey of Key Characteristics and Applications

    NARCIS (Netherlands)

    Chockalingam, Sabarathinam; Hadziosmanovic, D.; Pieters, Wolter; Texeira, Andre; van Gelder, Pieter

    2016-01-01

    Over the last years, we have seen several security incidents that compromised system safety, of which some caused physical harm to people. Meanwhile, various risk assessment methods have been developed that integrate safety and security, and these could help to address the corresponding threats by

  15. Coping with global environmental change, disasters and security: threats, challenges, vulnerabilities and risks

    NARCIS (Netherlands)

    Brauch, H.G.; Oswald Spring, Ú.; Mesjasz, C.; Grin, J.; Kameri-Mbote, P.; Chourou, B.; Dunay, P.; Birkmann, J.

    2011-01-01

    This policy-focused Global Environmental and Human Security Handbook for the Anthropo-cene (GEHSHA) addresses new security threats, challenges, vulnerabilities and risks posed by global environmental change and disasters. In 6 forewords, 5 preface essays 95 peer reviewed chapcountries analyse in 10

  16. Making Wireless Networks Secure for NASA Mission Critical Applications Using Virtual Private Network (VPN) Technology

    Science.gov (United States)

    Nichols, Kelvin F.; Best, Susan; Schneider, Larry

    2004-01-01

    With so many security issues involved with wireless networks, the technology has not been fully utilized in the area of mission critical applications. These applications would include the areas of telemetry, commanding, voice and video. Wireless networking would allow payload operators the mobility to take computers outside of the control room to their off ices and anywhere else in the facility that the wireless network was extended. But the risk is too great of having someone sit just inside of your wireless network coverage and intercept enough of your network traffic to steal proprietary data from a payload experiment or worse yet hack back into your system and do even greater harm by issuing harmful commands. Wired Equivalent Privacy (WEP) is improving but has a ways to go before it can be trusted to protect mission critical data. Today s hackers are becoming more aggressive and innovative, and in order to take advantage of the benefits that wireless networking offer, appropriate security measures need to be in place that will thwart hackers. The Virtual Private Network (VPN) offers a solution to the security problems that have kept wireless networks from being used for mission critical applications. VPN provides a level of encryption that will ensure that data is protected while it is being transmitted over a wireless local area network (LAN). The VPN allows a user to authenticate to the site that the user needs to access. Once this authentication has taken place the network traffic between that site and the user is encapsulated in VPN packets with the Triple Data Encryption Standard (3DES). 3DES is an encryption standard that uses a single secret key to encrypt and decrypt data. The length of the encryption key is 168 bits as opposed to its predecessor DES that has a 56-bit encryption key. Even though 3DES is the common encryption standard for today, the Advance Encryption Standard (AES), which provides even better encryption at a lower cycle cost is growing

  17. Implementing Information Security and Its Technology: A LineManagement Perspective

    Energy Technology Data Exchange (ETDEWEB)

    Barletta, William A.

    2005-08-22

    Assuring the security and privacy of institutionalinformation assets is a complex task for the line manager responsible forinternational and multi-national transactions. In the face of an unsureand often conflicting international legal framework, the line managermust employ all available tools in an Integrated Security and PrivacyManagement framework that ranges from legal obligations, to policy, toprocedure, to cutting edge technology to counter the rapidly evolvingcyber threat to information assets and the physical systems thatinformation systems control.

  18. Science, Technology, Engineering, and Mathematics (STEM) Education Reform to Enhance Security of the Global Cyberspace

    Science.gov (United States)

    2014-05-01

    towards cloud computing technologies and capabilities demand needs for developing new tools that work in ensemble to handle security challenges. A...programs with the schools and/or hire from their pool of students. Therefore, no real STEM standards exist at the tertiary and beyond levels of education ...successful in cyber operations and network security related jobs much early on into the new STEM education model pipeline. Subjects such as computer

  19. Hawai‘i Distributed Energy Resource Technologies for Energy Security

    Energy Technology Data Exchange (ETDEWEB)

    None, None

    2012-09-30

    HNEI has conducted research to address a number of issues important to move Hawai‘i to greater use of intermittent renewable and distributed energy resource (DER) technologies in order to facilitate greater use of Hawai‘i's indigenous renewable energy resources. Efforts have been concentrated on the Islands of Hawai‘i, Maui, and O‘ahu, focusing in three areas of endeavor: 1) Energy Modeling and Scenario Analysis (previously called Energy Road mapping); 2) Research, Development, and Validation of Renewable DER and Microgrid Technologies; and 3) Analysis and Policy. These efforts focused on analysis of the island energy systems and development of specific candidate technologies for future insertion into an integrated energy system, which would lead to a more robust transmission and distribution system in the state of Hawai‘i and eventually elsewhere in the nation.

  20. Applications of ultra-compact accelerator technologies for homeland security

    International Nuclear Information System (INIS)

    Sampayan, S.; Caporaso, G.; Chen, Y.J.; Falabella, S.; Guethlein, G.; Harris, J.R.; Hawkins, S.; Holmes, C.; Krogh, M.; Nelson, S.; Nunnally, W.; Paul, A.C.; Poole, B.; Rhodes, M.; Sanders, D.; Selenes, K.; Shaklee, K.; Sitaraman, S.; Sullivan, J.; Wang, L.; Watson, J.

    2007-01-01

    We report on a technology development to address explosive detector system throughout with increased detection probability. The system we proposed and are studying consists of a pixelized X-ray based pre-screener and a pulsed neutron source quantitative post verifier. Both technologies are derived from our compact accelerator development program for the Department of Energy Radiography Mission that enables gradients >10MV/m. For the pixelized X-ray source panel technology, we have performed initial integration and testing. For the accelerator, we are presently integrating and testing cell modules. For the verifier, we performed MCNP calculations that show good detectability of military and multi-part liquid threat systems. We detail the progress of our overall effort, including research and modeling to date, recent high voltage test results and concept integration

  1. Cyber-Security Issues in Healthcare Information Technology.

    Science.gov (United States)

    Langer, Steve G

    2017-02-01

    In 1999-2003, SIIM (then SCAR) sponsored the creation of several special topic Primers, one of which was concerned with computer security. About the same time, a multi-society collaboration authored an ACR Guideline with a similar plot; the latter has recently been updated. The motivation for these efforts was the launch of Health Information Portability and Accountability Act (HIPAA). That legislation directed care providers to enable the portability of patient medical records across authorized medical centers, while simultaneously protecting patient confidentiality among unauthorized agents. These policy requirements resulted in the creation of numerous technical solutions which the above documents described. While the mathematical concepts and algorithms in those papers are as valid today as they were then, recent increases in the complexity of computer criminal applications (and defensive countermeasures) and the pervasiveness of Internet connected devices have raised the bar. This work examines how a medical center can adapt to these evolving threats.

  2. Challenges of Information Technology Security in the NASA Environment

    Science.gov (United States)

    Santiago, S. S.

    2000-01-01

    A brief description of the NASA organization and how the CIO responsibilities are integrated into that organization followed by an introduction of the NASA ITS Program goals and objectives. An overview of the four major enterprises' cultures and how those cultures tie back to the Enterprises' missions. A description of the ITS challenges that exist stemming from the competing NASA Enterprises' requirements and how they have formed the basis of the NASA ITS Program. A talk will focus on policies and procedures and the technology being incorporated into the NASA infrastructure and how that technology ties back to the policies and procedures.

  3. Security risks associated with radio frequency identification in medical environments.

    Science.gov (United States)

    Hawrylak, Peter J; Schimke, Nakeisha; Hale, John; Papa, Mauricio

    2012-12-01

    Radio frequency identification (RFID) is a form of wireless communication that is used to identify assets and people. RFID has significant benefits to the medical environment. However, serious security threats are present in RFID systems that must be addressed in a medical environment. Of particular interest are threats to patient privacy and safety based on interception of messages, interruption of communication, modification of data, and fabrication of messages and devices. This paper presents an overview of these security threats present in RFID systems in a medical environment and provides guidance on potential solutions to these threats. This paper provides a roadmap for researchers and implementers to address the security issues facing RFID in the medical space.

  4. Remodeling Strategic Staff Safety and Security Risks Management in Nigerian Tertiary Institutions

    Directory of Open Access Journals (Sweden)

    Sunday S. AKPAN

    2015-10-01

    Full Text Available This paper examined safety and security risk management in tertiary institutions in Nigeria. The frequent attacks at workplace, especially schools, have placed safety and security in the front burner of discussion in both business and political circles. This therefore, forms the imperative for the conduct of this study. The work adopted a cross sectional survey research design and collected data from respondents who are security personnel of the University of Uyo. Analysis of data was done with simple percentage statistics while the research hypotheses were tested with mean and simple regression and correlation statistics. The findings of the study revealed that assassination, kidnappings and bombings were principal risk incidents threatening the safety and security of staff in University of Uyo. A significant positive relationship was found between the funding of security management and workers’ performance. It was discovered specifically that employment screening, regular training of security personnel, regular safety and security meetings and strategic security policy formation were the main strategies for managing safety and security in University of Uyo. The paper concluded that safety and security management and control involves every worker (management and staff of University of Uyo. It was recommended, among others, that management should be more committed to safety and security management in the University by means of making safety and security issues an integral part of University’s strategic plan and also by adopting the management line model – one form of management structure-where safety and security are located, with other general management responsibilities. This way, the resurgent cases of kidnapping, hired assassination, etc. would be reduced if not completely eradicated in the University.

  5. MIT Lincoln Laboratory: Technology in Support of National Security

    Science.gov (United States)

    2011-01-01

    technologies that could be uti - lized in future Landsat satellites to achieve significant economies of mass, size, power consumption, and cost, and...epitomized by the pregnancy test kit. However, immunoassays are typically based on anti bodies removed from their host cells and placed on substrates

  6. Newer Technologies for School Security. ERIC Digest Number 145.

    Science.gov (United States)

    Schneider, Tod

    This digest describes several technologies that can be used to control access to, and improve surveillance of, school grounds. Access can be controlled by using "smart" cards to control keyed entries. Many schools have problems with multiple copies of keys, and these card systems are integrated with computer software that allows for…

  7. Security Concerns in Telecommuting within the Information Technology Industry

    Science.gov (United States)

    Chithambo, Loyce Maosa

    2011-01-01

    Since the availability of remote access technology, most companies have adopted telecommuting as part of business operations. Although some research has identified policies and procedures when individuals telecommute, limited research exists about existing policies and procedures for telecommuters. The purpose of this qualitative descriptive…

  8. Agricultural extension, technology adoption and household food security

    NARCIS (Netherlands)

    Santos Rocha, Jozimo

    2017-01-01

    In this thesis, I use experimental and quasi-experimental data from 25 villages and a total of 1,105 farmers from eastern DRC to investigate the relationship among agricultural training, the adoption of agricultural technologies, crop productivity, and household food insecurity and dietary

  9. Discussion on the Technology and Method of Computer Network Security Management

    Science.gov (United States)

    Zhou, Jianlei

    2017-09-01

    With the rapid development of information technology, the application of computer network technology has penetrated all aspects of society, changed people's way of life work to a certain extent, brought great convenience to people. But computer network technology is not a panacea, it can promote the function of social development, but also can cause damage to the community and the country. Due to computer network’ openness, easiness of sharing and other characteristics, it had a very negative impact on the computer network security, especially the loopholes in the technical aspects can cause damage on the network information. Based on this, this paper will do a brief analysis on the computer network security management problems and security measures.

  10. Alternative security

    International Nuclear Information System (INIS)

    Weston, B.H.

    1990-01-01

    This book contains the following chapters: The Military and Alternative Security: New Missions for Stable Conventional Security; Technology and Alternative Security: A Cherished Myth Expires; Law and Alternative Security: Toward a Just World Peace; Politics and Alternative Security: Toward a More Democratic, Therefore More Peaceful, World; Economics and Alternative Security: Toward a Peacekeeping International Economy; Psychology and Alternative Security: Needs, Perceptions, and Misperceptions; Religion and Alternative Security: A Prophetic Vision; and Toward Post-Nuclear Global Security: An Overview

  11. How Secure Is Education in Information Technology? A Method for Evaluating Security Education in IT

    Science.gov (United States)

    Grover, Mark; Reinicke, Bryan; Cummings, Jeff

    2016-01-01

    As the popularity of Information Technology programs has expanded at many universities, there are a number of questions to be answered from a curriculum standpoint. As many of these programs are either interdisciplinary, or at least exist outside of the usual Computer Science and Information Systems programs, questions of what is appropriate for…

  12. Information technology project risk management in Peru

    OpenAIRE

    Del Carpio Gallegos, Javier

    2014-01-01

    This article shows how some principles, uses, and practices of risk management are applied in information technology projects in Peru; in the last four years, in representative sectors like manufacturing, banking, information and communications, academics institutions, construction, government, consulting, services, and others. El presente artículo muestra algunos principios, usos y prácticas de cómo la gestión de riesgos de proyectos de tecnología se ha llevado a cabo en los últimos cuatr...

  13. Between Hype and Understatement: Reassessing Cyber Risks as a Security Strategy

    Directory of Open Access Journals (Sweden)

    Audrey Guinchard

    2011-01-01

    Full Text Available Most of the actions that fall under the trilogy of cyber crime, terrorism,and war exploit pre-existing weaknesses in the underlying technology.Because these vulnerabilities that exist in the network are not themselvesillegal, they tend to be overlooked in the debate on cyber security. A UKreport on the cost of cyber crime illustrates this approach. Its authors chose to exclude from their analysis the costs in anticipation of cyber crime, such as insurance costs and the costs of purchasing anti-virus software on the basis that "these are likely to be factored into normal day-to-day expenditures for the Government, businesses, and individuals. This article contends if these costs had been quantified and integrated into the cost of cyber crime, then the analysis would have revealed that what matters is not so much cyber crime, but the fertile terrain of vulnerabilities that unleash a range of possibilities to whomever wishes to exploit them. By downplaying the vulnerabilities, the threats represented by cyber war, cyber terrorism, and cyber crime are conversely inflated. Therefore, reassessing risk as a strategy for security in cyberspace must include acknowledgment of understated vulnerabilities, as well as a better distributed knowledge about the nature and character of the overhyped threats of cyber crime, cyber terrorism, and cyber war.

  14. Security risk assessment and protection in the chemical and process industry

    OpenAIRE

    Reniers, Genserik; van Lerberghe, Paul; van Gulijk, Coen

    2014-01-01

    This article describes a security risk assessment and protection methodology that was developed for use in the chemical- and process industry in Belgium. The approach of the method follows a risk-based approach that follows desing principles for chemical safety. That approach is beneficial for workers in the chemical industry because they recognize the steps in this model from familiar safety models .The model combines the rings-of-protection approach with generic security practices including...

  15. Integrated Safety and Security Risk Assessment Methods: A Survey of Key Characteristics and Applications

    OpenAIRE

    Chockalingam, Sabarathinam; Hadziosmanovic, Dina; Pieters, Wolter; Teixeira, Andre; van Gelder, Pieter

    2017-01-01

    Over the last years, we have seen several security incidents that compromised system safety, of which some caused physical harm to people. Meanwhile, various risk assessment methods have been developed that integrate safety and security, and these could help to address the corresponding threats by implementing suitable risk treatment plans. However, an overarching overview of these methods, systematizing the characteristics of such methods, is missing. In this paper, we conduct a systematic l...

  16. Security, Privacy, Threats and Risks in Cloud Computing ― A Vital Review

    OpenAIRE

    Goyal, Sumit

    2016-01-01

    Cloud computing is a multi million dollar business. As more and more enterprises are adopting cloud services for their businesses, threat of security has become a big concern for these enterprises and cloud users. This review describes the latest threats and risks associated with cloud computing and suggests techniques for better privacy and security of data in cloud environment. Threats and risks associated with cloud service models (SaaS, PaaS and IaaS) along with cloud deployment models (p...

  17. The role of new technologies in risks from natural hazards

    International Nuclear Information System (INIS)

    Gardner, J.S.

    1982-01-01

    The author places some prior natural hazards research into the context of risk from new technologies to show that some beneficial technologies increase the risk from natural hazards. He examines the role of new technologies in risks from natural hazards in a historical perspective, using examples from research on mountain hazards

  18. Microsoft Windows Security Essentials

    CERN Document Server

    Gibson, Darril

    2011-01-01

    Windows security concepts and technologies for IT beginners IT security can be a complex topic, especially for those new to the field of IT. This full-color book, with a focus on the Microsoft Technology Associate (MTA) program, offers a clear and easy-to-understand approach to Windows security risks and attacks for newcomers to the world of IT. By paring down to just the essentials, beginners gain a solid foundation of security concepts upon which more advanced topics and technologies can be built. This straightforward guide begins each chapter by laying out a list of topics to be discussed,

  19. The threat nets approach to information system security risk analysis

    NARCIS (Netherlands)

    Mirembe, Drake

    2015-01-01

    The growing demand for healthcare services is motivating hospitals to strengthen outpatient case management using information systems in order to serve more patients using the available resources. Though the use of information systems in outpatient case management raises patient data security

  20. Automated analysis of security requirements through risk-based argumentation

    NARCIS (Netherlands)

    Yu, Yijun; Nunes Leal Franqueira, V.; Tun, Thein Tan; Wieringa, Roelf J.; Nuseibeh, Bashar

    2015-01-01

    Computer-based systems are increasingly being exposed to evolving security threats, which often reveal new vulnerabilities. A formal analysis of the evolving threats is difficult due to a number of practical considerations such as incomplete knowledge about the design, limited information about

  1. Mitigating risks by integrating business continuity and security.

    Science.gov (United States)

    Shaw, Scott; Smith, Nicholas

    2010-11-01

    There has been much discussion regarding the topic of business continuity and security convergence. This paper provides a realistic overview of the union of the two disciplines and offers no/low-cost programme elements that may be used for organisations considering or in the midst of convergence efforts.

  2. Risk and Business Goal Based Security Requirement and Countermeasure Prioritization

    NARCIS (Netherlands)

    Herrmann, Andrea; Morali, A.; Etalle, Sandro; Wieringa, Roelf J.; Niedrite, Laila; Strazdina, Renate; Wangler, Benkt

    Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement “good-enough security‿ but need to be able to justify their security investment plans. Currently companies achieve this by means of

  3. Secure Multiparty Computation for Cooperative Cyber Risk Assessment

    Science.gov (United States)

    2016-11-01

    that the organizations can compute relevant statistics and analyses on the global infrastructure while still keeping the details of their local...mitigation. In Australasian Conference on Information Security and Privacy, pages 391–401. Springer Berlin Heidelberg, 2004. [5] Fabrizio Smeraldi and Pasquale

  4. Assistive Technologies and Issues Relating to Privacy, Ethics and Security

    Science.gov (United States)

    Martin, Suzanne; Bengtsson, Johan E.; Dröes, Rose-Marie

    Emerging technologies provide the opportunity to develop innovative sustainable service models, capable of supporting adults with dementia at home. Devices range from simple stand-alone components that can generate a responsive alarm call to complex interoperable systems that even can be remotely controlled. From these complex systems the paradigm of the ubiquitous or ambient smart home has emerged, integrating technology, environmental design and traditional care provision. The service context is often complex, involving a variety of stakeholders and a range of interested agencies. Against this backdrop, as anecdotal evidence and government policies spawn further innovation it is critical that due consideration is given to the potential ethical ramifications at an individual, organisational and societal level. Well-grounded ethical thinking and proactive ethical responses to this innovation are required. Explicit policy and practice should therefore emerge which engenders confidence in existing supported living option schemes for adults with dementia and informs further innovation.

  5. Development of IT-based Cyber Security Technology for Nuclear Power Plant

    International Nuclear Information System (INIS)

    Hong, S. B.; Lee, J. C.; Choi, Y. S.; Choi, Y. R.; Cho, J. W.; Jung, C. E.; Jeong, K. I.; Park, B.; Koo, I. S.

    2009-11-01

    Development and enlargement of the high speed communication network make it possible the user to access online information easily. It generates changing offline activities to online in the economics, expansion of cultural interchanges and convenient life. But it also causes misuse, wiretapping, forgery and alteration of the information via illegal invasion(virus, hacking), and these are derived from the open network characteristic, weakness of the securities of the TCP/IP protocol and information systems. The security of individual and the national foundation facility(industry and government) can be threatened because of these problems, and theses can be used as a instrument of cyber-war. Many cyber security technologies have been developed to corp with the cyber threat. One of the most important national facility is the nuclear power plant and the necessity of the cyber security for the digital I and C of it have been proposed since middle of the 2000. KINS announced the regulation of the cyber security for the digital I and C of the nuclear power plant in 2007. The main concept of the cyber security for it is similar to the IT field that is treated as a leader of the cyber security. Because of the difference of the characteristics between the IT field and the nuclear industry, applying the cyber security technologies developed and used in the IT field to the nuclear industry has some critical constraints. We will analyze these problems and propose a cyber security method based on cryptograph and authentication for the I and C communication network in this report

  6. Development of IT-based Cyber Security Technology for Nuclear Power Plant

    Energy Technology Data Exchange (ETDEWEB)

    Hong, S. B.; Lee, J. C.; Choi, Y. S.; Choi, Y. R.; Cho, J. W.; Jung, C. E.; Jeong, K. I.; Park, B.; Koo, I. S

    2009-11-15

    Development and enlargement of the high speed communication network make it possible the user to access online information easily. It generates changing offline activities to online in the economics, expansion of cultural interchanges and convenient life. But it also causes misuse, wiretapping, forgery and alteration of the information via illegal invasion(virus, hacking), and these are derived from the open network characteristic, weakness of the securities of the TCP/IP protocol and information systems. The security of individual and the national foundation facility(industry and government) can be threatened because of these problems, and theses can be used as a instrument of cyber-war. Many cyber security technologies have been developed to corp with the cyber threat. One of the most important national facility is the nuclear power plant and the necessity of the cyber security for the digital I and C of it have been proposed since middle of the 2000. KINS announced the regulation of the cyber security for the digital I and C of the nuclear power plant in 2007. The main concept of the cyber security for it is similar to the IT field that is treated as a leader of the cyber security. Because of the difference of the characteristics between the IT field and the nuclear industry, applying the cyber security technologies developed and used in the IT field to the nuclear industry has some critical constraints. We will analyze these problems and propose a cyber security method based on cryptograph and authentication for the I and C communication network in this report.

  7. Leadership and New Technologies. New Security Issues for Management of Internet Connectivity and Remote Control in Automotive Industry

    Directory of Open Access Journals (Sweden)

    Cosmin Cătălin Olteanu

    2015-05-01

    Full Text Available The main purpose of the paper is to illustrate the importance of implementing new security policies for infotainment systems in automotive industry. A car is full of technology and is easier today to control car systems through an internet connection linked to car system infotainment. This is how it is possible to gain control of critical car systems. More than 84% of users doesn’t even know the risk of remote control of the car in the presence of Internet connection.

  8. Risk of hypertensive disorders in pregnancies following assisted reproductive technology

    DEFF Research Database (Denmark)

    Opdahl, S; Henningsen, A A; Tiitinen, A

    2015-01-01

    STUDY QUESTION: Is the risk of hypertensive disorders in pregnancies conceived following specific assisted reproductive technology (ART) procedures different from the risk in spontaneously conceived (SC) pregnancies? SUMMARY ANSWER: ART pregnancies had a higher risk of hypertensive disorders, in ...

  9. ICT security- aspects important for nuclear facilities; Information and Communication Technologies

    Energy Technology Data Exchange (ETDEWEB)

    Thunem, Atoosa P-J.

    2005-09-15

    Rapid application growth of complex Information and Communication Technologies (ICT) in every society and state infrastructure as well as industry has revealed vulnerabilities that eventually have given rise to serious security breaches. These vulnerabilities together with the course of the breaches from cause to consequence are gradually about to convince the field experts that ensuring the security of ICT-driven systems is no longer possible by only relying on the fundaments of computer science, IT, or telecommunications. Appropriating knowledge from other disciplines is not only beneficial, but indeed very necessary. At the same time, it is a common observation today that ICT-driven systems are used everywhere, from the nuclear, aviation, commerce and healthcare domains to camera-equipped web-enabled cellular phones. The increasing interdisciplinary and inter-sectoral aspects of ICT security worldwide have been providing updated and useful information to the nuclear domain, as one of the emerging users of ICT-driven systems. Nevertheless, such aspects have also contributed to new and complicated challenges, as ICT security for the nuclear domain is in a much more delicate manner than for any other domains related to the concept of safety, at least from the public standpoint. This report addresses some important aspects of ICT security that need to be considered at nuclear facilities. It deals with ICT security and the relationship between security and safety from a rather different perspective than usually observed and applied. The report especially highlights the influence on the security of ICT-driven systems by all other dependability factors, and on that basis suggests a framework for ICT security profiling, where several security profiles are assumed to be valid and used in parallel for each ICT-driven system, sub-system or unit at nuclear facilities. The report also covers a related research topic of the Halden Project with focus on cyber threats and

  10. Mobile Security: A Systems Engineering Framework for Implementing Bring Your Own Device (BYOD) Security through the Combination of Policy Management and Technology

    Science.gov (United States)

    Zahadat, Nima

    2016-01-01

    With the rapid increase of smartphones and tablets, security concerns have also been on the rise. Traditionally, Information Technology (IT) departments set up devices, apply security, and monitor them. Such approaches do not apply to today's mobile devices due to a phenomenon called Bring Your Own Device or BYOD. Employees find it desirable to…

  11. Information technology as a tool for the Italian Institute of Social Security (INPS) in the management of social security and civil disability: Pro and cons.

    Science.gov (United States)

    Sammicheli, Michele; Scaglione, Marcella

    2018-01-01

    We examine, from a medical-legal perspective, the pro and cons of the information technology procedures that the Italian Institute of Social Security (INPS) has implemented to manage the provision of social disability assistance, meaning that separate from the payment of pension contributions, being welfare, anchored to an administrative requirement by way of the compulsory payment of a minimum social security contribution.

  12. National Security and the Accelerating Risks of Climate Change

    Science.gov (United States)

    2014-05-01

    there would be too much. Over the coming decades, projected climate change likely will cause Australia, portions of India , and much of inland China...significant potential water , food, and energy insecurity; political instability; extreme weather events; and other manifestations of climate change ...production, and human sustenance. In light of projected climate change , stresses on the water -food-energy nexus are a mounting security concern

  13. A decision support system for corporations cyber security risk management

    OpenAIRE

    Molina, Gabriela del Rocio Roldan

    2017-01-01

    This thesis presents a decision aiding system named C3-SEC (Contex-aware Corporative Cyber Security), developed in the context of a master program at Polytechnic Institute of Leiria, Portugal. The research dimension and the corresponding software development process that followed are presented and validated with an application scenario and case study performed at Universidad de las Fuerzas Armadas ESPE – Ecuador. C3-SEC is a decision aiding software intended to support cyber ri...

  14. Risk-Based Aviation Security: Diffusion and Acceptance

    Science.gov (United States)

    2012-03-01

    The authors 32 recommended use of DOI for builders of social networking sites to examine the attributes of the model to see how they...November 23, 2011, from http://www.stltoday.com/news/ multimedia /full-body- scanners-arrive-at-lambert-airport/image_898152d8-f8ac-5c61-8fd6...Department of Homeland Security: Progress report on implementation of mission and management functions (GAO-07-454). Retrieved August 31, 2011, from

  15. A review of cyber security risk assessment methods for SCADA systems

    OpenAIRE

    Cherdantseva, Yulia; Burnap, Peter; Blyth, Andrew; Eden, Peter; Jones, Kevin; Soulsby, Hugh; Stoddart, Kristan

    2016-01-01

    This paper reviews the state of the art in cyber security risk assessment of Supervisory Control and Data Acquisition (SCADA) systems. We select and in-detail examine twenty-four risk assessment methods developed for or applied in the context of a SCADA system. We describe the essence of the methods and then analyse them in terms of aim; application domain; the stages of risk management addressed; key risk management concepts covered; impact measurement; sources of probabilistic data; evaluat...

  16. About Place and Role of Information and Communication Technologies, Information Security at the Present Stage

    Directory of Open Access Journals (Sweden)

    Alexander A. Galushkin

    2015-12-01

    Full Text Available In the present article author considers questions of importance of information and communication technologies in modern information society and about information security. In the course of the research the author analyzes opinions both known Russian, and famous foreign scientists and practicians from various countries of the world (Italy, the USA, Portugal, etc.. Author emphasizes importance of information and communication technologies at the present stage of development of society and state.

  17. Information Technology Convergence, Secure and Trust Computing, and Data Management ITCS 2012 & STA 2012

    CERN Document Server

    Kim, Jongsung; Zou, Deqing; Lee, Yang

    2012-01-01

    ITCS 2012 and STA 2012 address the various theories and practical applications of information technology convergence, secure and trust computing, and data management in future environments. It will present important results of significant value to solve the application services and various problems within the scope of ITCS 2012 & STA 2012. In addition, we expect it will trigger further related research and technology developments which will improve our lives in the future.

  18. Spent Nuclear Fuel Transportation Risk Assessment Methodology for Homeland Security

    International Nuclear Information System (INIS)

    Teagarden, Grant A.; Canavan, Kenneth T.; Nickell, Robert E.

    2006-01-01

    In response to increased interest in risk-informed decision making regarding terrorism, EPRI was selected by U.S. DHS and ASME to develop and demonstrate a nuclear sector specific methodology for owner / operators to utilize in performing a Risk Analysis and Management for Critical Asset Protection (RAMCAP) assessment for the transportation of spent nuclear fuel (SNF). The objective is to characterize SNF transportation risk for risk management opportunities and to provide consistent information for DHS decision making. The method uses a characterization of risk as a function of Consequence, Vulnerability, and Threat. Worst reasonable case scenarios characterize risk for a benchmark set of threats and consequence types. A trial application was successfully performed and implementation is underway by one utility. (authors)

  19. 48 CFR 352.239-72 - Security requirements for Federal information technology resources.

    Science.gov (United States)

    2010-10-01

    ..., Security Self-Assessment Guide for Information Technology Systems and FIPS 200, on an annual basis. (C) HHS... basis, the Contractor shall provide to the Contracting Officer verification that the IT-SP remains valid... Contracting Officer verification that the IT-SC&A remains valid. Evidence of a valid system accreditation...

  20. Gender Differences in the Field of Information Security Technology Management: A Qualitative, Phenomenological Study

    Science.gov (United States)

    Johnson, Marcia L.

    2013-01-01

    This qualitative study explored why there are so few senior women in the information security technology management field and whether gender played a part in the achievement of women in the field. Extensive interviews were performed to capture the lived experiences of successful women in the field regarding the obstacles and common denominators of…

  1. 77 FR 57072 - Proposed Information Collection; Comment Request; National Security and Critical Technology...

    Science.gov (United States)

    2012-09-17

    ..., DC 20230 (or via the Internet at [email protected] ). FOR FURTHER INFORMATION CONTACT: Requests for... techniques or other forms of information technology. Comments submitted in response to this notice will be... DEPARTMENT OF COMMERCE Bureau of Industry and Security Proposed Information Collection; Comment...

  2. Accident Precursor Analysis and Management: Reducing Technological Risk Through Diligence

    Science.gov (United States)

    Phimister, James R. (Editor); Bier, Vicki M. (Editor); Kunreuther, Howard C. (Editor)

    2004-01-01

    Almost every year there is at least one technological disaster that highlights the challenge of managing technological risk. On February 1, 2003, the space shuttle Columbia and her crew were lost during reentry into the atmosphere. In the summer of 2003, there was a blackout that left millions of people in the northeast United States without electricity. Forensic analyses, congressional hearings, investigations by scientific boards and panels, and journalistic and academic research have yielded a wealth of information about the events that led up to each disaster, and questions have arisen. Why were the events that led to the accident not recognized as harbingers? Why were risk-reducing steps not taken? This line of questioning is based on the assumption that signals before an accident can and should be recognized. To examine the validity of this assumption, the National Academy of Engineering (NAE) undertook the Accident Precursors Project in February 2003. The project was overseen by a committee of experts from the safety and risk-sciences communities. Rather than examining a single accident or incident, the committee decided to investigate how different organizations anticipate and assess the likelihood of accidents from accident precursors. The project culminated in a workshop held in Washington, D.C., in July 2003. This report includes the papers presented at the workshop, as well as findings and recommendations based on the workshop results and committee discussions. The papers describe precursor strategies in aviation, the chemical industry, health care, nuclear power and security operations. In addition to current practices, they also address some areas for future research.

  3. Mutations technology in the service of food security

    International Nuclear Information System (INIS)

    Sobeih, S.A.S.

    2013-01-01

    Nuclear techniques of various physical mutagens such as, X-rays, Gamma rays, Beta partials, Neutrons, Lasers, Electron beams, Ion beams irradiation and some chemical mutagens had significantly contributed in developing superior crop varieties of seeds and vegetatively propagated crops. Those released mutant cultivars in different groups had great economic impact on agriculture and food production and added billions of dollars in the economy of many countries. More than 3200 crops varieties of different crops have been officially released by mutation breeding technique. Almost half (48%) of all mutant crop varieties is recorded in cereals. Rice is the crop with the highest number of mutants and accounts for (53%) of the mutant cereals under cultivations followed by barley which makes up (20%) of all cereals mutant varieties globally. More than half (60%) of the mutants crop varieties have been released in Asia. China alone accounts for more than(25%) of all mutant varieties that have been officially released globally. Nuclear technology is an important way to reduce the gap of food between consumption and climate change and on the other hand to increase production. (author)

  4. Combining technologies - radiography and neutron based - for cargo security applications

    International Nuclear Information System (INIS)

    Gozani, T.; Liu, F.; Sivakumar, M.; Brown, D.

    2004-01-01

    Inspection of air and sea cargo has traditionally been done by X-ray systems of various energies relying on operators to analyze images looking for anomalies in the image of cargo that may signify a threat. This has shown only limited success in detecting explosives and other threats, which do not have any distinctive shapes. OSI Systems, through its subsidiaries Rapiscan and Ancore, has combined high-energy x-ray radiography with thermal neutron analysis (TNA) to create the combined system-''TNX''. The system provides automatic material specific detection of bulk threat items, like explosives, while furnishing the operator with a high-resolution image for weapons detection and also to identify anomalies for the TNA to inspect. Similarly the Pulsed Fast Neutron Analysis (PFNA) can be combined with high-energy x-ray to create a ''FNX'' system for both air and sea cargo applications. This enables the operator obtain a three dimensional image of the material composition of the cargo under inspection and remove the clutter from the image leaving only the potentially hazardous material(s) automatically while viewing a high resolution image for manifest verification and weapons. The current status of the technology will be discussed and data be presented

  5. Improving Operational Risk Management Using Business Performance Management Technologies

    OpenAIRE

    Bram Pieket Weeserik; Marco Spruit

    2018-01-01

    Operational Risk Management (ORM) comprises the continuous management of risks resulting from: human actions, internal processes, systems, and external events. With increasing requirements, complexity and a growing volume of risks, information systems provide benefits for integrating risk management activities and optimizing performance. Business Performance Management (BPM) technologies are believed to provide a solution for effective Operational Risk Management by offering several combined ...

  6. National security and the accelerating risk of climate change

    Directory of Open Access Journals (Sweden)

    Lee Gunn

    2017-06-01

    Full Text Available Since 2006, retired U.S. admirals and generals have been examining our changing physical world and assessing the impact of those changes on the security of the nation. A Military Advisory Board (MAB, convened by the CNA Corporation, a non-profit research and analysis institution that operates the Center for Naval Analyses and Institute for Public Research has issued two reports on the changing climate’s national security implications. The first report, published in 2007, stated that the changing climate would be destabilizing in many parts of the world. Climate change, in fact, would be a “threat multiplier”, the report claimed, and result in new and more urgent calls for the American military to provide humanitarian assistance and disaster relief (HADR as well as help sustain order and ensure conditions that would permit trade and prosperity worldwide. The MAB recommended urgent action by the Defense Department to prepare for new missions in new places; and that the Defense Department explicitly recognize missions stemming from the changing climate. CNA’s MAB then published three reports on energy, relating to climate change, one each on: the coming age of renewables, the nation’s energy dependence, and the future of energy in terms of America’s international competitiveness (CNA-MAB, 2009; CNA-MAB, 2010; CNA-MAB, 2011. In 2014, the Military Advisory Board noted that the climate was changing more quickly than had been forecast in 2007. Undertaking a new climate study, the board concluded that more needed to be done, and done quickly, to prepare for and confront the “catalyst for conflict” that the board now saw in climate change. Guest Editors’ Note: The following commentary derives from a presentation by Vice Admiral Lee Gunn, U.S. Navy (Ret., delivered by invitation at the American Association for the Advancement of Science Meeting, San Jose, California, February 13, 2015. Prior to his advisory role for the U.S. Military and

  7. Interest Rate Risk Management and the Use of Derivative Securities

    Directory of Open Access Journals (Sweden)

    Ioana-Diana PĂUN

    2013-12-01

    Full Text Available This study aims to demonstrate the utility of derivative financial instruments for the management of interest rate risk that is faced by banks and financial institutions, and to provide an efficient flow of monitoring and control thereof. Banking institutions can now use a combination of balance sheet and off balance sheet measures, i.e. gap method, of interest rate risk management, in order to control exposure of short-term rates and derivatives to control the residual interest rate exposures. The result of the study shows that banks can achieve better diversification and risk management using derivatives.

  8. The Evolving Relationship Between Technology and National Security in China: Innovation, Defense Transformation, and China’s Place in the Global Technology Order

    Science.gov (United States)

    2016-02-12

    Stockmann, Xiao Qiang. Changing Media, Changing China , New York: Oxford University Press, (01 2011) Dieter Ernst. Indigenous Innovation and...2211 China , science, technology, dual use, defense, security, innovation REPORT DOCUMENTATION PAGE 11. SPONSOR/MONITOR’S REPORT NUMBER(S) 10...ABSTRACT Final Report: The Evolving Relationship Between Technology and National Security in China : Innovation , Defense Transformation, and China’s

  9. Arms and technology transfers: Security and economic considerations among importing and exporting states

    International Nuclear Information System (INIS)

    Lodgaard, S.; Pfaltzgraff, R.L. Jr.

    1995-01-01

    The issues of technology and armament transfers are increasingly at the forefront of problems of international security and disarmament. Three major reasons could explain this. First, the disarmament process has been very successful in the last few years, especially in the field of nuclear, as well chemical and conventional, weapons. Second the disarmament effort underway concerns primarily the old partners of the East-West confrontation. Last, the general context, characterized by the opening and widening of exchanges, the increasingly open and transparent circulation of techniques and material, and the globalization of economic relations, must be taken into account. This report, prepared by UNIDIR comprises the following subjects: General trends in defense related transfers; Political/military factors associated with the diffusion of advanced technology; economic and technological consideration; and facilitation of economic growth/maximization of regional security and stability

  10. Homeland Security: A Risk Management Approach Can Guide Preparedness Efforts

    National Research Council Canada - National Science Library

    Decker, Raymond

    2001-01-01

    .... Mail and postal workers. As requested, my testimony will focus on the work we have done over the past five years on combating terrorism and our recommendations advocating a risk management approach for such programs...

  11. A Cyber Security Risk Assessment of Hospital Infrastructure including TLS/SSL and other Threats

    OpenAIRE

    Millar, Stuart

    2016-01-01

    Cyber threats traditionally target governments, financial institutions and businesses. However, of growing concern is the threat to healthcare organizations. This study conducts a cyber security risk assessment of a theoretical hospital environment, to include TLS/SSL, which is an encryption protocol for network communications, plus other physical, logical and human threats. Despite significant budgets in the UK for the NHS, the spend on cyber security appears worryingly low and many hospital...

  12. Integrating Security Risk Management into Business Process Management for the Cloud

    OpenAIRE

    Goettelmann , Elio; Mayer , Nicolas; Godart , Claude

    2014-01-01

    International audience; Security issues are still preventing wider adoption of cloud computing, especially for businesses which are handling sensitive information. Indeed, by outsourcing its information system (IS), a company can lose control over its infrastructure, its software or even its data. Therefore, new methods and tools need to be defined to respond to this challenge. In this paper we propose to integrate Security Risk Management approaches into Business Process Management to effect...

  13. Predictors of mother-child interaction quality and child attachment security in at-risk families.

    Science.gov (United States)

    De Falco, Simona; Emer, Alessandra; Martini, Laura; Rigo, Paola; Pruner, Sonia; Venuti, Paola

    2014-01-01

    Child healthy development is largely influenced by parent-child interaction and a secure parent-child attachment is predictively associated with positive outcomes in numerous domains of child development. However, the parent-child relationship can be affected by several psychosocial and socio-demographic risk factors that undermine its quality and in turn play a negative role in short and long term child psychological health. Prevention and intervention programs that support parenting skills in at-risk families can efficiently reduce the impact of risk factors on mother and child psychological health. This study examines predictors of mother-child interaction quality and child attachment security in a sample of first-time mothers with psychosocial and/or socio-demographic risk factors. Forty primiparous women satisfying specific risk criteria participated in a longitudinal study with their children from pregnancy until 18 month of child age. A multiple psychological and socioeconomic assessment was performed. The Emotional Availability Scales were used to measure the quality of emotional exchanges between mother and child at 12 months and the Attachment Q-Sort served as a measure of child attachment security at 18 months. Results highlight both the effect of specific single factors, considered at a continuous level, and the cumulative risk effect of different co-occurring factors, considered at binary level, on mother-child interaction quality and child attachment security. Implication for the selection of inclusion criteria of intervention programs that support parenting skills in at-risk families are discussed.

  14. Energy systems security

    CERN Document Server

    Voeller, John G

    2014-01-01

    Energy Systems Security features articles from the Wiley Handbook of Science and Technology for Homeland Security covering topics related to electricity transmission grids and their protection, risk assessment of energy systems, analysis of interdependent energy networks. Methods to manage electricity transmission disturbances so as to avoid blackouts are discussed, and self-healing energy system and a nano-enabled power source are presented.

  15. Relevance of Clean Coal Technology for India’s Energy Security: A Policy Perspective

    Science.gov (United States)

    Garg, Amit; Tiwari, Vineet; Vishwanathan, Saritha

    2017-07-01

    Climate change mitigation regimes are expected to impose constraints on the future use of fossil fuels in order to reduce greenhouse gas (GHG) emissions. In 2015, 41% of total final energy consumption and 64% of power generation in India came from coal. Although almost a sixth of the total coal based thermal power generation is now super critical pulverized coal technology, the average CO2 emissions from the Indian power sector are 0.82 kg-CO2/kWh, mainly driven by coal. India has large domestic coal reserves which give it adequate energy security. There is a need to find options that allow the continued use of coal while considering the need for GHG mitigation. This paper explores options of linking GHG emission mitigation and energy security from 2000 to 2050 using the AIM/Enduse model under Business-as-Usual scenario. Our simulation analysis suggests that advanced clean coal technologies options could provide promising solutions for reducing CO2 emissions by improving energy efficiencies. This paper concludes that integrating climate change security and energy security for India is possible with a large scale deployment of advanced coal combustion technologies in Indian energy systems along with other measures.

  16. Probabilistic safety assessment technology for commercial nuclear power plant security evaluation

    International Nuclear Information System (INIS)

    Liming, J.K.; Johnson, D.H.; Dykes, A.A.

    2004-01-01

    Commercial nuclear power plant physical security has received much more intensive treatment and regulatory attention since September 11, 2001. In light of advancements made by the nuclear power industry in the field of probabilistic safety assessment (PSA) for its power plants over that last 30 years, and given the many examples of successful applications of risk-informed regulation at U. S. nuclear power plants during recent years, it may well be advisable to apply a 'risk-informed' approach to security management at nuclear power plants from now into the future. In fact, plant PSAs developed in response to NRC Generic Letter 88-20 and related requirements are used to help define target sets of critical plant safety equipment in our current security exercises for the industry. With reasonable refinements, plant PSAs can be used to identify, analyze, and evaluate reasonable and prudent approaches to address security issues and associated defensive strategies at nuclear power plants. PSA is the ultimate scenario-based approach to risk assessment, and thus provides a most powerful tool in identifying and evaluating potential risk management decisions. This paper provides a summary of observations of factors that are influencing or could influence cost-effective or 'cost-reasonable' security management decision-making in the current political environment, and provides recommendations for the application of PSA tools and techniques to the nuclear power plant operational safety response exercise process. The paper presents a proposed framework for nuclear power plant probabilistic terrorist risk assessment that applies these tools and techniques. (authors)

  17. Cognitive maps for risk assessment in providing cloud computing data security

    OpenAIRE

    Konrad, U.; Penzina, V.

    2013-01-01

    Cloud Computing (CC) became a new milestone in era of information technology. Almost unlimited possibilities for the storing information, data processing and virtual machine creation discovered unique perspectives. However, new technologies bring new threats, risks and serious consequences.

  18. A total risk assessment methodology for security assessment

    International Nuclear Information System (INIS)

    Auilar, Richard; Pless, Daniel J.; Kaplan, Paul Garry; Silva, Consuelo Juanita; Rhea, Ronald Edward; Wyss, Gregory Dane; Conrad, Stephen Hamilton

    2009-01-01

    Sandia National Laboratories performed a two-year Laboratory Directed Research and Development project to develop a new collaborative risk assessment method to enable decision makers to fully consider the interrelationships between threat, vulnerability, and consequence. A five-step Total Risk Assessment Methodology was developed to enable interdisciplinary collaborative risk assessment by experts from these disciplines. The objective of this process is promote effective risk management by enabling analysts to identify scenarios that are simultaneously achievable by an adversary, desirable to the adversary, and of concern to the system owner or to society. The basic steps are risk identification, collaborative scenario refinement and evaluation, scenario cohort identification and risk ranking, threat chain mitigation analysis, and residual risk assessment. The method is highly iterative, especially with regard to scenario refinement and evaluation. The Total Risk Assessment Methodology includes objective consideration of relative attack likelihood instead of subjective expert judgment. The 'probability of attack' is not computed, but the relative likelihood for each scenario is assessed through identifying and analyzing scenario cohort groups, which are groups of scenarios with comparable qualities to the scenario being analyzed at both this and other targets. Scenarios for the target under consideration and other targets are placed into cohort groups under an established ranking process that reflects the following three factors: known targeting, achievable consequences, and the resources required for an adversary to have a high likelihood of success. The development of these target cohort groups implements, mathematically, the idea that adversaries are actively choosing among possible attack scenarios and avoiding scenarios that would be significantly suboptimal to their objectives. An adversary who can choose among only a few comparable targets and scenarios (a

  19. Cyber security risk evaluation of a nuclear I and C using BN and ET

    Energy Technology Data Exchange (ETDEWEB)

    Shin, Jin Soo; Heo, Gyun Young [Dept. of Nuclear Engineering, Kyung Hee University, Yongin (Korea, Republic of); Son, Han Seong [Computer and Game Science, Joongbu University, Geumsan (Korea, Republic of)

    2017-04-15

    Cyber security is an important issue in the field of nuclear engineering because nuclear facilities use digital equipment and digital systems that can lead to serious hazards in the event of an accident. Regulatory agencies worldwide have announced guidelines for cyber security related to nuclear issues, including U.S. NRC Regulatory Guide 5.71. It is important to evaluate cyber security risk in accordance with these regulatory guides. In this study, we propose a cyber security risk evaluation model for nuclear instrumentation and control systems using a Bayesian network and event trees. As it is difficult to perform penetration tests on the systems, the evaluation model can inform research on cyber threats to cyber security systems for nuclear facilities through the use of prior and posterior information and backpropagation calculations. Furthermore, we suggest a methodology for the application of analytical results from the Bayesian network model to an event tree model, which is a probabilistic safety assessment method. The proposed method will provide insight into safety and cyber security risks.

  20. Cyber security risk evaluation of a nuclear I and C using BN and ET

    International Nuclear Information System (INIS)

    Shin, Jin Soo; Heo, Gyun Young; Son, Han Seong

    2017-01-01

    Cyber security is an important issue in the field of nuclear engineering because nuclear facilities use digital equipment and digital systems that can lead to serious hazards in the event of an accident. Regulatory agencies worldwide have announced guidelines for cyber security related to nuclear issues, including U.S. NRC Regulatory Guide 5.71. It is important to evaluate cyber security risk in accordance with these regulatory guides. In this study, we propose a cyber security risk evaluation model for nuclear instrumentation and control systems using a Bayesian network and event trees. As it is difficult to perform penetration tests on the systems, the evaluation model can inform research on cyber threats to cyber security systems for nuclear facilities through the use of prior and posterior information and backpropagation calculations. Furthermore, we suggest a methodology for the application of analytical results from the Bayesian network model to an event tree model, which is a probabilistic safety assessment method. The proposed method will provide insight into safety and cyber security risks

  1. Cyber Security Risk Evaluation of a Nuclear I&C Using BN and ET

    Directory of Open Access Journals (Sweden)

    Jinsoo Shin

    2017-04-01

    Full Text Available Cyber security is an important issue in the field of nuclear engineering because nuclear facilities use digital equipment and digital systems that can lead to serious hazards in the event of an accident. Regulatory agencies worldwide have announced guidelines for cyber security related to nuclear issues, including U.S. NRC Regulatory Guide 5.71. It is important to evaluate cyber security risk in accordance with these regulatory guides. In this study, we propose a cyber security risk evaluation model for nuclear instrumentation and control systems using a Bayesian network and event trees. As it is difficult to perform penetration tests on the systems, the evaluation model can inform research on cyber threats to cyber security systems for nuclear facilities through the use of prior and posterior information and backpropagation calculations. Furthermore, we suggest a methodology for the application of analytical results from the Bayesian network model to an event tree model, which is a probabilistic safety assessment method. The proposed method will provide insight into safety and cyber security risks.

  2. Development of Integrated Assessment Technology of Risk and Performance

    International Nuclear Information System (INIS)

    Yang, Jun Eon; Kang, Dae Il; Kang, Hyun Gook

    2010-04-01

    The main idea and contents are summarized as below 1) Development of new risk/performance assessment system innovating old labor-intensive risk assessment structure - New consolidated risk assessment technology from various hazard(flood, fire, seismic in NPP) - BOP model development for performance monitoring - Consolidated risk/performance management system for consistency and efficiency of NPP 2) Resolution technology for pending issues in PSA - Base technology for PSA of digital I and C system - Base technology for seismic PSA reflecting domestic seismic characteristics and aging effect - Uncertainty reduction technology for level 2 PSA and best estimation of containment failure frequency 3) Next generation risk/performance assessment technology - Human-induced error reduction technology for efficient operation of a NPP

  3. New technologies and the search for security: Prospects for a post-cold-war era

    International Nuclear Information System (INIS)

    Petrovsky, V.

    1990-01-01

    New technologies are setting a fast pace in our world. Through science and technology we are able to make our world better, richer and more liveable to everyone. However, the new technologies have brought new mans of destruction and have confronted the world with a real prospect of self destruction. This is one of the main challenges of our age. Greater mutual confidence, openness and, if necessary, checks on how scientific and technological co-operation is used must bring down the existing barriers un the area of technological exchanges. The first results are already evident, for instance in the nuclear field. In our age, science and technology are becoming an inherent element in the comprehensive search for a new, post-confrontational system of peace, security and co-operation. United nations, together with its family of specialized agencies, is called upon to play a major positive role in finding approaches in this area. Scientific and technological progress, especially on the eve of a new millennium in the history of mankind, must serve only to enhance international peace and security and, enable everyone to live a full and worthy life

  4. Work-related violence against security guards--who is most at risk?

    Science.gov (United States)

    Leino, Tuula; Selin, Risto; Summala, Heikki; Virtanen, Marianna

    2011-01-01

    Studies on violence in the work of security guards are largely lacking. This study is unique in that it focuses on security guards (n=1,010) in Finland, and assesses the different forms, prevalence, and risk factors of the work-related violence they often face. Information to a survey instrument was obtained by first interviewing 30 volunteers. Then we made a cross-sectional mailed survey that was sent to a randomized group of 2,000 security guards. The response rate was 52. We found the prevalence of verbal aggression, threats of assault, and physical acts against security guards at least once a month to be 39%, 19%, and 15% respectively. As regards risk factors and who is most at risk, our results show that male gender, young age, low work experience, late working hours, and time pressure were associated with all three forms of work-related violence. Unlike other forms of violence, verbal aggression was highly prevalent outside the metropolitan area and directed towards both more and less experienced security guards. In prevention policies for violence, it is important to identify high-risk groups such as those who have less work experience.

  5. Risk-based security cost-benefit analysis: method and example applications - 59381

    International Nuclear Information System (INIS)

    Wyss, Gregory; Hinton, John; Clem, John; Silva, Consuelo; Duran, Felicia A.

    2012-01-01

    Document available in abstract form only. Full text of publication follows: Decision makers wish to use risk-based cost-benefit analysis to prioritize security investments. However, understanding security risk requires estimating the likelihood of attack, which is extremely uncertain and depends on unquantifiable psychological factors like dissuasion and deterrence. In addition, the most common performance metric for physical security systems, probability of effectiveness at the design basis threat [P(E)], performs poorly in cost-benefit analysis. It is extremely sensitive to small changes in adversary characteristics when the threat is near a systems breaking point, but very insensitive to those changes under other conditions. This makes it difficult to prioritize investment options on the basis of P(E), especially across multiple targets or facilities. To overcome these obstacles, a Sandia National Laboratories Laboratory Directed Research and Development project has developed a risk-based security cost-benefit analysis method. This approach characterizes targets by how difficult it would be for adversaries to exploit each targets vulnerabilities to induce consequences. Adversaries generally have success criteria (e.g., adequate or desired consequences and thresholds for likelihood of success), and choose among alternative strategies that meet these criteria while considering their degree of difficulty in achieving their successful outcome. Investments reduce security risk as they reduce the severity of consequences available and/or increase the difficulty for an adversary to successfully accomplish their most advantageous attack

  6. PACFEST 2004 : enabling technologies for maritime security in the Pacific region.

    Energy Technology Data Exchange (ETDEWEB)

    Moore, Judy Hennessey; Whitley, John B.; Chellis, Craig (Pacific Disaster Center, Kihei, HI)

    2005-06-01

    In October of 2003 experts involved in various aspects of homeland security from the Pacific region met to engage in a free-wheeling discussion and brainstorming (a 'fest') on the role that technology could play in winning the war on terrorism in the Pacific region. The result was a concise and relatively thorough definition of the terrorism problem in the Pacific region, emphasizing the issues unique to Island nations in the Pacific setting, along with an action plan for developing working demonstrations of advanced technological solutions to these issues. Since PacFest 2003, the maritime dimensions of the international security environment have garnered increased attention and interest. To this end, PacFest 2004 sought to identify gaps and enabling technologies for maritime domain awareness and responsive decision-making in the Asia-Pacific region. The PacFest 2004 participants concluded that the technologies and basic information building blocks exist to create a system that would enable the Pacific region government and private organizations to effectively collaborate and share their capabilities and information concerning maritime security. The proposed solution summarized in this report integrates national environments in real time, thereby enabling effective prevention and first response to natural and terrorist induced disasters through better use of national and regional investments in people, infrastructure, systems, processes and standards.

  7. Risk and confidence: towards a new social contract for security

    International Nuclear Information System (INIS)

    Heriard-Dubreuil, G.

    2002-01-01

    The situation of radiation protection should be put in the more general perspective of risk governance where new patterns of risk governance necessitate periodic updating of social trust within open decision making processes. This trend also affects the traditional risk governance patterns in the sense that their legitimacy is grounded on social delegation and no more on authority or scientific evidence. Whatever is the dominant pattern of risk governance there is consequently a real challenge for radiation protection to explicit and share with society the rationales of its expertise. This is why the spreading of a radiation protection culture is a key challenge for a better integration of radiation protection in modern societies. Standards and norms should no more be prepared in the darkness of internalized decision making processes limited to Public Authorities, experts and operators. The use of standards should also be clearly linked with the acquisition and maintenance of a radiation protection culture. Radiation protection cannot remain in the hand of a few specialists. It should become a concern for all the exposed categories of actors in the relevant contexts. (author)

  8. 76 FR 41278 - Cargo Security Risk Reduction; Public Listening Sessions

    Science.gov (United States)

    2011-07-13

    ....mil/hq/cg5/cg544/cdc.asp or the Federal Docket Management System at http://www.Regulations.gov . For... important for the Coast Guard, in concert with stakeholders, to implement a holistic strategy to mitigate... risk management and shared responsibility between public and private sector stakeholders, across the...

  9. Risk Unbound: Threat, Catastrophe, and the End of Homeland Security

    Science.gov (United States)

    2015-09-01

    October 10, 2010). 106 Percy Bysshe Shelley, Prometheus Unbound: A Lyrical Drama in Four Acts (London, UK: J.M Dent and Company, 1898), Act iii, Scene...make us safe. 156 THIS PAGE INTENTIONALLY LEFT BLANK 157 LIST OF REFERENCES Acker, P., and C. Larrington. The Poetic Edda: Essays on...Brookhaven.” Paper. Boston, MA: Massachusetts Institute of Technology, 2003. Percy Bysshe Shelley. Prometheus Unbound: A Lyrical Drama in Four Acts. London

  10. Workshop Summary for Maintaining Innovation and Security in Biotechnology: Lessons Learned from Nuclear, Chemical, and Informational Technologies

    Energy Technology Data Exchange (ETDEWEB)

    Althouse, Paris [Lawrence Livermore National Lab. (LLNL), Livermore, CA (United States)

    2017-10-11

    In the fast-paced field of biotechnology where innovation has such far-reaching impacts on human health and the environment, dealing with the implications of possible illicit activities, accidents or unintended research consequences with potential detrimental societal impacts tends to remain in the background. While controls may be inevitable for the biotech industry, workshop attendees agreed that the way in which controls are implemented will play a major role in the agility and innovation of the biotechnology industry. There is little desire to slow down the pace of the gains while dealing with the security issues that arise. As was seen from the brief examinations of the Nuclear, Chemical, and Information Technology sectors explored in this workshop, establishing a regulatory regime needs to be a partnership between the public, corporate interests, scientists, and the government. Regulation is often written to combat perceived risk rather than actual risk—the public’s perceptions (occasionally even fictional portrayals) can spur regulatory efforts. This leads to the need for a thorough and continuing assessment of the risks posed by modern biotechnology. Inadequate or minimal risk assessment might expedite development in the short term but has potential negative long-term security and economic consequences. Industry and the technical community also often have a large role in setting regulatory policy, especially when well-crafted incentives are incorporated into the regulations. Such incentives might actually lead to enhanced innovation while poorly designed incentives can actually reduce safety and security. Any regulations should be as agile and flexible as the technology they regulate and when applied to biotechnologies they will need a new framework for thinking and implementing. The new framework should consider biotechnology as a technology and not simply a science since it is an extremely complex and adaptive system. This suggests the need to invest

  11. Optimisation of the securities portfolio as a part of the risk management process

    Directory of Open Access Journals (Sweden)

    Srečko Devjak

    2004-01-01

    Full Text Available Securities of Slovene companies are listed at the Ljubljana Stock Exchange. Market capitalisation at the Ljubljana Stock Exchange has been growing since 1996 due to new listings of equities. On the basis of financial data time series for listed equities, the financial investor can calculate a risk for each individual security with a selected risk measure and can determine an optimal portfolio, subject to selected constraints. In this paper, we shall consequently determine an optimal portfolio of equities for the financial investor, investing his assets only in selected equities listed at the Ljubljana Stock Exchange. Selecting an appropriate risk measure is especially important for a commercial bank in a risk management process. Commercial banks can use internal models in the risk management process and for the purpose of capital charges as well. An optimal portfolio will be calculated, using a non-linear mathematical model.

  12. Safety and security in transportation of radioactive material- the perception of risk

    Energy Technology Data Exchange (ETDEWEB)

    Ericsson, A.M.; Jaernry, C. [AMC Konsult AB, Bromma (Sweden)

    2004-07-01

    Since the event of September 11, 2001, the way most people look at transportation risk has changed. There is now a lot more focusing on the security concerns related to the transportation of radioactive material. Most people are now more concerned about the risk of terrorist actions or sabotage than of accidents. This is probably due to the fact that the safety record for transportation of radioactive material has so far been very good and that most people experience terrorism and sabotage more scaring and less controllable than general accidents. This paper will compare the safety and the security regulations and discuss synergies and contradictions between the sets of regulations.

  13. Safety and security in transportation of radioactive material- the perception of risk

    International Nuclear Information System (INIS)

    Ericsson, A.M.; Jaernry, C.

    2004-01-01

    Since the event of September 11, 2001, the way most people look at transportation risk has changed. There is now a lot more focusing on the security concerns related to the transportation of radioactive material. Most people are now more concerned about the risk of terrorist actions or sabotage than of accidents. This is probably due to the fact that the safety record for transportation of radioactive material has so far been very good and that most people experience terrorism and sabotage more scaring and less controllable than general accidents. This paper will compare the safety and the security regulations and discuss synergies and contradictions between the sets of regulations

  14. Design concept of CSRAS (Cyber Security Risk Analysis and Assessment System) for digital I and C systems

    International Nuclear Information System (INIS)

    Song, J. G.; Lee, J. W.; Lee, D. Y.; Lee, C. K.

    2012-01-01

    The instrumentation and control (I and C) systems in nuclear power plants (NPPs) have been digitalized recently. Hence, cyber security becomes an important feature to be incorporated into the I and C systems. The Regulatory Guide 5.71 published by U.C NRC in 2010 presents a comprehensive set of security controls for the cyber security of I and C systems in NPPs. However, the application of security controls specified in the RG 5.71 in a specific I and C system still requires many analysis efforts based on the understanding of the security controls, since the guideline does not provide the details to system designers or developers regarding what, where, and how to apply the security controls. To apply security controls to I and C systems, cyber security requirements should be identified based on the cyber security policy and program, then the design and implementation of security controls should be performed along with the I and C system development life cycle. It can be assumed that cyber security requirements are identified during the system design(SD) phase and the design and implementation of security controls is performed during the component design(CD) phase. When identifying security requirements and performing the design and implementation of security controls, cyber security risk assessments should be processed with the understanding of the characteristics of target systems. In this study, the Cyber Security Risk Analysis and Assessment System (CSRAS) has been developed as a tool for analyzing security requirements and technical security controls considering based on a general cyber security risk assessment procedure with the consideration of the characteristics of I and C systems and the development phases

  15. Design concept of CSRAS (Cyber Security Risk Analysis and Assessment System) for digital I and C systems

    Energy Technology Data Exchange (ETDEWEB)

    Song, J. G.; Lee, J. W.; Lee, D. Y.; Lee, C. K. [KAERI, Daejeon (Korea, Republic of)

    2012-10-15

    The instrumentation and control (I and C) systems in nuclear power plants (NPPs) have been digitalized recently. Hence, cyber security becomes an important feature to be incorporated into the I and C systems. The Regulatory Guide 5.71 published by U.C NRC in 2010 presents a comprehensive set of security controls for the cyber security of I and C systems in NPPs. However, the application of security controls specified in the RG 5.71 in a specific I and C system still requires many analysis efforts based on the understanding of the security controls, since the guideline does not provide the details to system designers or developers regarding what, where, and how to apply the security controls. To apply security controls to I and C systems, cyber security requirements should be identified based on the cyber security policy and program, then the design and implementation of security controls should be performed along with the I and C system development life cycle. It can be assumed that cyber security requirements are identified during the system design(SD) phase and the design and implementation of security controls is performed during the component design(CD) phase. When identifying security requirements and performing the design and implementation of security controls, cyber security risk assessments should be processed with the understanding of the characteristics of target systems. In this study, the Cyber Security Risk Analysis and Assessment System (CSRAS) has been developed as a tool for analyzing security requirements and technical security controls considering based on a general cyber security risk assessment procedure with the consideration of the characteristics of I and C systems and the development phases.

  16. A 3S Risk ?3SR? Assessment Approach for Nuclear Power: Safety Security and Safeguards.

    Energy Technology Data Exchange (ETDEWEB)

    Forrest, Robert; Reinhardt, Jason Christian; Wheeler, Timothy A.; Williams, Adam David

    2017-11-01

    Safety-focused risk analysis and assessment approaches struggle to adequately include malicious, deliberate acts against the nuclear power industry's fissile and waste material, infrastructure, and facilities. Further, existing methods do not adequately address non- proliferation issues. Treating safety, security, and safeguards concerns independently is inefficient because, at best, it may not take explicit advantage of measures that provide benefits against multiple risk domains, and, at worst, it may lead to implementations that increase overall risk due to incompatibilities. What is needed is an integrated safety, security and safeguards risk (or "3SR") framework for describing and assessing nuclear power risks that can enable direct trade-offs and interactions in order to inform risk management processes -- a potential paradigm shift in risk analysis and management. These proceedings of the Sandia ePRA Workshop (held August 22-23, 2017) are an attempt to begin the discussions and deliberations to extend and augment safety focused risk assessment approaches to include security concerns and begin moving towards a 3S Risk approach. Safeguards concerns were not included in this initial workshop and are left to future efforts. This workshop focused on four themes in order to begin building out a the safety and security portions of the 3S Risk toolkit: 1. Historical Approaches and Tools 2. Current Challenges 3. Modern Approaches 4. Paths Forward and Next Steps This report is organized along the four areas described above, and concludes with a summary of key points. 2 Contact: rforres@sandia.gov; +1 (925) 294-2728

  17. The Shortage of Dentists: A Risk to National Security?

    Science.gov (United States)

    2008-03-19

    Shammari, et al., “Risk Indicators for Tooth Loss Due to Periodontal Disease ,” Journal of Periodontology (November 2005): 1910-1918. 62 Adapted from...the discussion on unmet treatment needs). Oral Disease : Impact on the Nation and Military Dental caries and periodontitis are chronic...destructive processes that generally become more severe over time. The single most common chronic childhood disease is dental caries.60 Periodontal disease

  18. An exploratory risk perception study of attitudes toward homeland security systems.

    Science.gov (United States)

    Sanquist, Thomas F; Mahy, Heidi; Morris, Frederic

    2008-08-01

    Understanding the issues surrounding public acceptance of homeland security systems is important for balancing security needs and potential civil liberties infringements. A psychometric survey was used in an exploratory study of attitudes regarding homeland security systems. Psychometric rating data were obtained from 182 respondents on psychological attributes associated with 12 distinct types of homeland security systems. An inverse relationship was observed for the overall rating attributes of acceptability and risk of civil liberties infringement. Principal components analysis (PCA) yielded a two-factor solution with the rating scale loading pattern suggesting factors of perceived effectiveness and perceived intrusiveness. These factors also showed an inverse relationship. The 12 different homeland security systems showed significantly different scores on the rating scales and PCA factors. Of the 12 systems studied, airport screening, canine detectors, and radiation monitoring at borders were found to be the most acceptable, while email monitoring, data mining, and global positioning satellite (GPS) tracking were found to be least acceptable. Students rated several systems as more effective than professionals, but the overall pattern of results for both types of subjects was similar. The data suggest that risk perception research and the psychometric paradigm are useful approaches for quantifying attitudes regarding homeland security systems and policies and can be used to anticipate potentially significant public acceptance issues.

  19. Risk calculations in the manufacturing technology selection process

    DEFF Research Database (Denmark)

    Farooq, S.; O'Brien, C.

    2010-01-01

    Purpose - The purpose of this paper is to present result obtained from a developed technology selection framework and provide a detailed insight into the risk calculations and their implications in manufacturing technology selection process. Design/methodology/approach - The results illustrated...... in the paper are the outcome of an action research study that was conducted in an aerospace company. Findings - The paper highlights the role of risk calculations in manufacturing technology selection process by elaborating the contribution of risk associated with manufacturing technology alternatives...... in the shape of opportunities and threats in different decision-making environments. Practical implications - The research quantifies the risk associated with different available manufacturing technology alternatives. This quantification of risk crystallises the process of technology selection decision making...

  20. Marine and Hydrokinetic Technology Development Risk Management Framework

    Energy Technology Data Exchange (ETDEWEB)

    Snowberg, David [National Renewable Energy Lab. (NREL), Golden, CO (United States); Weber, Jochem [National Renewable Energy Lab. (NREL), Golden, CO (United States)

    2015-09-01

    Over the past decade, the global marine and hydrokinetic (MHK) industry has suffered a number of serious technological and commercial setbacks. To help reduce the risks of industry failures and advance the development of new technologies, the U.S. Department of Energy (DOE) and the National Renewable Energy Laboratory (NREL) developed an MHK Risk Management Framework. By addressing uncertainties, the MHK Risk Management Framework increases the likelihood of successful development of an MHK technology. It covers projects of any technical readiness level (TRL) or technical performance level (TPL) and all risk types (e.g. technological risk, regulatory risk, commercial risk) over the development cycle. This framework is intended for the development and deployment of a single MHK technology—not for multiple device deployments within a plant. This risk framework is intended to meet DOE’s risk management expectations for the MHK technology research and development efforts of the Water Power Program (see Appendix A). It also provides an overview of other relevant risk management tools and documentation.1 This framework emphasizes design and risk reviews as formal gates to ensure risks are managed throughout the technology development cycle. Section 1 presents the recommended technology development cycle, Sections 2 and 3 present tools to assess the TRL and TPL of the project, respectively. Section 4 presents a risk management process with design and risk reviews for actively managing risk within the project, and Section 5 presents a detailed description of a risk registry to collect the risk management information into one living document. Section 6 presents recommendations for collecting and using lessons learned throughout the development process.

  1. Apperception and assessment of technological risks

    International Nuclear Information System (INIS)

    Hoyos, C.; Hauke, G.

    1986-01-01

    Risk is defined to be the possibility to induce damage or loss. Any person confronted with risk in his activities has to assess the risk in every case. The author explains a number of actions and events that have been worked out to train people in better management of risk, especially in the working environment. (DG) [de

  2. Development of Risk Assessment Methodology for State's Nuclear Security Regime

    Energy Technology Data Exchange (ETDEWEB)

    Jang, Sung Soon; Seo, Hyung Min; Lee, Jung Ho; Kwak, Sung Woo [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of)

    2011-05-15

    Threats of nuclear terrorism are increasing after 9/11 terrorist attack. Treats include nuclear explosive device (NED) made by terrorist groups, radiological damage caused by a sabotage aiming nuclear facilities, and radiological dispersion device (RDD), which is also called 'dirty bomb'. In 9/11, Al Qaeda planed to cause radiological consequences by the crash of a nuclear power plant and the captured airplane. The evidence of a dirty bomb experiment was found in Afganistan by the UK intelligence agency. Thus, the international communities including the IAEA work substantial efforts. The leaders of 47 nations attended the 2010 nuclear security summit hosted by President Obama, while the next global nuclear summit will be held in Seoul, 2012. Most states established and are maintaining state's nuclear security regime because of the increasing threat and the international obligations. However, each state's nuclear security regime is different and depends on the state's environment. The methodology for the assessment of state's nuclear security regime is necessary to design and implement an efficient nuclear security regime, and to figure out weak points. The IAEA's INPRO project suggests a checklist method for State's nuclear security regime. The IAEA is now researching more quantitative methods cooperatively with several countries including Korea. In this abstract, methodologies to evaluate state's nuclear security regime by risk assessment are addressed

  3. Cyber security

    CERN Document Server

    Voeller, John G

    2014-01-01

    Cyber Security features articles from the Wiley Handbook of Science and Technology for Homeland Security covering topics related to cyber security metrics and measure  and related technologies that meet security needs. Specific applications to web services, the banking and the finance sector, and industrial process control systems are discussed.

  4. Coping with global environmental change, disasters and security. Threats, challenges, vulnerabilities and risks

    Energy Technology Data Exchange (ETDEWEB)

    Brauch, Hans Guenter [Freie Univ. Berlin (Germany). Dept. of Political and Social Sciences; UNU-EHS, Bonn (DE). College of Associated Scientists and Advisors (CASA); Oswald Spring, Ursula [National Univ. of Mexico, Cuernavaca (MX). Regional Multidisciplinary Research Centre (CRIM); Mesjasz, Czeslaw [Cracow Univ. of Exonomics (Poland). Faculty of Management; Grin, John [Amsterdam Univ. (Netherlands). Dept. of Political Science; Dutch Knowledge network for Systems Innovations and Transitions (KSI), Amsterdam (Netherlands); Kameri-Mbote, Patricia [Strathmore Univ., Nairobi (Kenya). Dept. of Law; International Environmental Law Research Centre, Nairobi (Kenya); Chourou, Bechir [Univ. of Tunis-Carthage, Hammam-Chatt (Tunisia); Dunay, Pal [Geneva Centre for Security Policy (Switzerland). International Training Course in Security Policy; Birkmann, Joern (eds.) [United Nations Univ. (UNU), Bonn (DE). Inst. for Environment and Human Security (EHS)

    2011-07-01

    This policy-focused Global Environmental and Human Security Handbook for the Anthropo-cene (GEHSHA) addresses new security threats, challenges, vulnerabilities and risks posed by global environmental change and disasters. In 6 forewords, 5 preface essays 95 peer reviewed chapcountries analyse in 10 parts concepts of military and political hard security and economic, social, environmental soft security with a regional focus on the Near East, North and Sub-Sahara Africa and Asia and on hazards in urban centres. The major focus is on coping with global environmental change: climate change, desertification, water, food and health and with hazards and strategies on social vulnerability and resilience building and scientific, international, regional and national political strategies, policies and measures including early warning of conflicts and hazards. The book proposes a political geo-ecology and discusses a 'Fourth Green Revolution' for the Anthropocene era of earth history. (orig.)

  5. A Comparative Analysis of University Information Systems within the Scope of the Information Security Risks

    Directory of Open Access Journals (Sweden)

    Rustu Yilmaz

    2016-05-01

    Full Text Available Universities are the leading institutions that are the sources of educated human population who both produce information and ensure to develop new products and new services by using information effectively, and who are needed in every area. Therefore, universities are expected to be institutions where information and information management are used efficiently. In the present study, the topics such as infrastructure, operation, application, information, policy and human-based information security at universities were examined within the scope of the information security standards which are highly required and intended to be available at each university today, and then a comparative analysis was conducted specific to Turkey. Within the present study, the Microsoft Security Assessment Tool developed by Microsoft was used as the risk analysis tool. The analyses aim to enable the universities to compare their information systems with the information systems of other universities within the scope of the information security awareness, and to make suggestions in this regard.

  6. Security Evolution.

    Science.gov (United States)

    De Patta, Joe

    2003-01-01

    Examines how to evaluate school security, begin making schools safe, secure schools without turning them into fortresses, and secure schools easily and affordably; the evolution of security systems into information technology systems; using schools' high-speed network lines; how one specific security system was developed; pros and cons of the…

  7. For telehealth to succeed, privacy and security risks must be identified and addressed.

    Science.gov (United States)

    Hall, Joseph L; McGraw, Deven

    2014-02-01

    The success of telehealth could be undermined if serious privacy and security risks are not addressed. For example, sensors that are located in a patient's home or that interface with the patient's body to detect safety issues or medical emergencies may inadvertently transmit sensitive information about household activities. Similarly, routine data transmissions from an app or medical device, such as an insulin pump, may be shared with third-party advertisers. Without adequate security and privacy protections for underlying telehealth data and systems, providers and patients will lack trust in the use of telehealth solutions. Although some federal and state guidelines for telehealth security and privacy have been established, many gaps remain. No federal agency currently has authority to enact privacy and security requirements to cover the telehealth ecosystem. This article examines privacy risks and security threats to telehealth applications and summarizes the extent to which technical controls and federal law adequately address these risks. We argue for a comprehensive federal regulatory framework for telehealth, developed and enforced by a single federal entity, the Federal Trade Commission, to bolster trust and fully realize the benefits of telehealth.

  8. A Policy and Program for Invigorating Science and Technology for National Security

    Science.gov (United States)

    2014-04-01

    security S&T, and facilitate commercialisation of research outcomes for national benefit. The policy will be delivered through a coherent and...our economy and higher living and education standards1,2. Questions for discussion: Q2.1 Are there other imperatives or drivers that justify the...organisations can drive the uptake of new technology and knowledge. Second, private sector organisations are essential to the commercialisation of

  9. Energy Assurance: Essential Energy Technologies for Climate Protection and Energy Security

    Energy Technology Data Exchange (ETDEWEB)

    Greene, David L [ORNL; Boudreaux, Philip R [ORNL; Dean, David Jarvis [ORNL; Fulkerson, William [University of Tennessee, Knoxville (UTK); Gaddis, Abigail [University of Tennessee, Knoxville (UTK); Graham, Robin Lambert [ORNL; Graves, Ronald L [ORNL; Hopson, Dr Janet L [University of Tennessee, Knoxville (UTK); Hughes, Patrick [ORNL; Lapsa, Melissa Voss [ORNL; Mason, Thom [ORNL; Standaert, Robert F [ORNL; Wilbanks, Thomas J [ORNL; Zucker, Alexander [ORNL

    2009-12-01

    We present and apply a new method for analyzing the significance of advanced technology for achieving two important national energy goals: climate protection and energy security. Quantitative metrics for U.S. greenhouse gas emissions in 2050 and oil independence in 2030 are specified, and the impacts of 11 sets of energy technologies are analyzed using a model that employs the Kaya identity and incorporates the uncertainty of technological breakthroughs. The goals examined are a 50% to 80% reduction in CO2 emissions from energy use by 2050 and increased domestic hydrocarbon fuels supply and decreased demand that sum to 11 mmbd by 2030. The latter is intended to insure that the economic costs of oil dependence are not more than 1% of U.S. GDP with 95% probability by 2030. Perhaps the most important implication of the analysis is that meeting both energy goals requires a high probability of success (much greater than even odds) for all 11 technologies. Two technologies appear to be indispensable for accomplishment of both goals: carbon capture and storage, and advanced fossil liquid fuels. For reducing CO2 by more than 50% by 2050, biomass energy and electric drive (fuel cell or battery powered) vehicles also appear to be necessary. Every one of the 11 technologies has a powerful influence on the probability of achieving national energy goals. From the perspective of technology policy, conflict between the CO2 mitigation and energy security is negligible. These general results appear to be robust to a wide range of technology impact estimates; they are substantially unchanged by a Monte Carlo simulation that allows the impacts of technologies to vary by 20%.

  10. New technologies in the management of risk and violence in forensic settings.

    Science.gov (United States)

    Tully, John; Larkin, Fintan; Fahy, Thomas

    2015-06-01

    Novel technological interventions are increasingly used in mental health settings. In this article, we describe 3 novel technological strategies in use for management of risk and violence in 2 forensic psychiatry settings in the United Kingdom: electronic monitoring by GPS-based tracking devices of patients on leave from a medium secure service in London, and closed circuit television (CCTV) monitoring and motion sensor technology at Broadmoor high secure hospital. A common theme is the use of these technologies to improve the completeness and accuracy of data used by clinicians to make clinical decisions. Another common thread is that each of these strategies supports and improves current clinical approaches rather than drastically changing them. The technologies offer a broad range of benefits. These include less restrictive options for patients, improved accountability of both staff and patients, less invasive testing, improved automated record-keeping, and better assurance reporting. Services utilizing technologies need also be aware of limitations. Technologies may be seen as unduly restrictive by patients and advocates, and technical issues may reduce effectiveness. It is vital that the types of technological innovations described in this article should be subject to thorough evaluation that addresses cost effectiveness, qualitative analysis of patients' attitudes, safety, and ethical considerations.

  11. Wikipedia use: Risk for developing technology addiction

    OpenAIRE

    Manoj Kumar Sharma

    2016-01-01

    The present case highlights the addictive potential of Wikipedia usage. The users approached a technology addiction clinic for the management of excessive use of technology. A clinical interview was used to elicit information about usages. It indicates the addictive use of Wikipedia and associated dysfunction in lifestyle. It has implication for promotion of healthy use of technology.

  12. Wikipedia use: Risk for developing technology addiction

    Directory of Open Access Journals (Sweden)

    Manoj Kumar Sharma

    2016-01-01

    Full Text Available The present case highlights the addictive potential of Wikipedia usage. The users approached a technology addiction clinic for the management of excessive use of technology. A clinical interview was used to elicit information about usages. It indicates the addictive use of Wikipedia and associated dysfunction in lifestyle. It has implication for promotion of healthy use of technology.

  13. Factors affecting food security and contribution of modern technologies in food sustainability.

    Science.gov (United States)

    Premanandh, Jagadeesan

    2011-12-01

    The concept of food insecurity is complex and goes beyond the simplistic idea of a country's inability to feed its population. The global food situation is redefined by many driving forces such as population growth, availability of arable lands, water resources, climate change and food availability, accessibility and loss. The combined effect of these factors has undeniably impacted global food production and security. This article reviews the key factors influencing global food insecurity and emphasises the need to adapt science-based technological innovations to address the issue. Although anticipated benefits of modern technologies suggest a level of food production that will sustain the global population, both political will and sufficient investments in modern agriculture are needed to alleviate the food crisis in developing countries. In this globalised era of the 21st century, many determinants of food security are trans-boundary and require multilateral agreements and actions for an effective solution. Food security and hunger alleviation on a global scale are within reach provided that technological innovations are accepted and implemented at all levels. Copyright © 2011 Society of Chemical Industry.

  14. Enabling Technologies for Ultra-Safe and Secure Modular Nuclear Energy

    Energy Technology Data Exchange (ETDEWEB)

    Mendez Cruz, Carmen Margarita [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Rochau, Gary E. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Middleton, Bobby [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Rodriguez, Salvador B. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Rodriguez, Carmelo [General Atomics, San Diego, CA (United States); Schleicher, Robert [General Atomics, San Diego, CA (United States)

    2016-06-01

    Sandia National Laboratories and General Atomics are pleased to respond to the Advanced Research Projects Agency-Energy (ARPA-e)’s request for information on innovative developments that may overcome various current reactor-technology limitations. The RFI is particularly interested in innovations that enable ultra-safe and secure modular nuclear energy systems. Our response addresses the specific features for reactor designs called out in the RFI, including a brief assessment of the current state of the technologies that would enable each feature and the methods by which they could be best incorporated into a reactor design.

  15. Enabling Technologies for Ultra-Safe and Secure Modular Nuclear Energy

    International Nuclear Information System (INIS)

    Mendez Cruz, Carmen Margarita; Rochau, Gary E.; Middleton, Bobby; Rodriguez, Salvador B.; Rodriguez, Carmelo; Schleicher, Robert

    2016-01-01

    Sandia National Laboratories and General Atomics are pleased to respond to the Advanced Research Projects Agency-Energy (ARPA-e)'s request for information on innovative developments that may overcome various current reactor-technology limitations. The RFI is particularly interested in innovations that enable ultra-safe and secure modular nuclear energy systems. Our response addresses the specific features for reactor designs called out in the RFI, including a brief assessment of the current state of the technologies that would enable each feature and the methods by which they could be best incorporated into a reactor design.

  16. Development of Risk Management Technology/Development of Risk-Informed Application Technology

    Energy Technology Data Exchange (ETDEWEB)

    Yang, Joon Eon; Kim, K. Y.; Ahn, K. I.; Lee, Y. H.; Lim, H. G.; Jung, W. S.; Choi, S. Y.; Han, S. J.; Ha, J. J.; Hwang, M. J.; Park, S. Y.; Yoon, C

    2007-06-15

    This project aims at developing risk-informed application technologies to enhance the safety and economy of nuclear power plant altogether. For this, the Integrated Level 1 and 2 PSA model is developed. In addition, the fire and internal flooding PSA models are improved according to the PSA standard of U.S.A. To solve the issues of domestic PSA model, the best-estimate thermal hydraulic analyses are preformed for the ATWS and LSSB. In order to reduce the uncertainty of PSA, several new PSA technologies are developed: (1) more exact quantification of large fault tree, (2) importance measure including the effects of external PSA. As feasibility studies of Option 2 and 3, the class of 6 systems' SSC are re-classified based on the risk information and the sensitivity analyses is performed for the EDG starting time, respectively. It is also improved that the methodology to identify the vital area of NPP. The research results of this project can be used in the regulatory body and the industry projects for risk-informed applications.

  17. Development of Risk Management Technology/Development of Risk-Informed Application Technology

    International Nuclear Information System (INIS)

    Yang, Joon Eon; Kim, K. Y.; Ahn, K. I.; Lee, Y. H.; Lim, H. G.; Jung, W. S.; Choi, S. Y.; Han, S. J.; Ha, J. J.; Hwang, M. J.; Park, S. Y.; Yoon, C.

    2007-06-01

    This project aims at developing risk-informed application technologies to enhance the safety and economy of nuclear power plant altogether. For this, the Integrated Level 1 and 2 PSA model is developed. In addition, the fire and internal flooding PSA models are improved according to the PSA standard of U.S.A. To solve the issues of domestic PSA model, the best-estimate thermal hydraulic analyses are preformed for the ATWS and LSSB. In order to reduce the uncertainty of PSA, several new PSA technologies are developed: (1) more exact quantification of large fault tree, (2) importance measure including the effects of external PSA. As feasibility studies of Option 2 and 3, the class of 6 systems' SSC are re-classified based on the risk information and the sensitivity analyses is performed for the EDG starting time, respectively. It is also improved that the methodology to identify the vital area of NPP. The research results of this project can be used in the regulatory body and the industry projects for risk-informed applications

  18. The Importance of the Brain Neuro-Programming Technologies in National and Regional Security

    Directory of Open Access Journals (Sweden)

    Vasyl H. Fatkhutdinov

    2018-02-01

    Full Text Available The authors’ understanding of neuro-programming is the result of the impact on the human brain of information and communication technology (including educational one, through which in the human brain the programs of manifestation in the ontogenesis of internal creative potentials are written. This article summarizes the history of the formation of key neuro-programming technologies of the human brain as well as proves that the changes in the society’s worldview are caused by the possibilities and quality of neuro-programming technologies that society uses. Having influence over worldview stereotypes and behaviour set by the society, neuro-programming technologies essentially ensure the national security of any state and the peaceful coexistence of states in the regions and on the planet as a whole. Using historical and philosophical methods, methods of conceptualization, systematization, modeling, etc., the authors have come to the conclusion that the modern world lies in a confrontation of security strategies, in which neuro-programming technologies play a key role.

  19. Systematic, appropriate, and cost-effective application of security technologies in U.S. public schools to reduce crime, violence, and drugs

    Science.gov (United States)

    Green, Mary W.

    1997-01-01

    As problems of violence and crime become more prevalent in our schools, more and more school districts will elect to use security technologies to control these problems. While the desired change in student and community attitudes will require significant systemic change through intense US social programs, security technologies can greatly augment school staff today by providing services similar to having extra adults present. Technologies such as cameras, sensors, drug detection, biometric and personnel identification, lighting, barriers, weapon and explosives detection, anti- graffiti methods, and duress alarms can all be effective, given they are used in appropriate applications, with realistic expectations and an understanding of limitations. Similar to a high-risk government facility, schools must consider a systems approach to security, which includes the use of personnel and procedures as well as security technologies, such that the synergy created by all these elements together contributes more tot he general 'order maintenance' of the facility than could be achieved by separate measures not integrated or related.

  20. 32 CFR 2001.50 - Telecommunications automated information systems and network security.

    Science.gov (United States)

    2010-07-01

    ... NATIONAL SECURITY INFORMATION Safeguarding § 2001.50 Telecommunications automated information systems and... identified in the Committee on National Security Systems (CNSS) issuances and the Intelligence Community Directive (ICD) 503, Intelligence Community Information Technology Systems Security Risk Management...