WorldWideScience

Sample records for technology security risk

  1. Managing information technology security risk

    Science.gov (United States)

    Gilliam, David

    2003-01-01

    Information Technology (IT) Security Risk Management is a critical task for the organization to protect against the loss of confidentiality, integrity and availability of IT resources. As systems bgecome more complex and diverse and and attacks from intrusions and malicious content increase, it is becoming increasingly difficult to manage IT security risk. This paper describes a two-pronged approach in addressing IT security risk and risk management in the organization: 1) an institutional enterprise appraoch, and 2) a project life cycle approach.

  2. Risk, security and technology: governing football supporters in the twenty-first century

    NARCIS (Netherlands)

    Spaaij, R.

    2013-01-01

    This paper critically examines the security and risk management technologies that are being used to conduct and pre-empt the behaviour of football supporters. It is shown how, in the Netherlands, pre-emptive risk management in the governing of football supporters involves a dispersed and fragmented

  3. Audit Teknologiinformasiatas Physical Security Control Dan Logical Security Control Serta Penentuan Kondisi Security Risk Studi Kasus: PT Talc Indonesia

    OpenAIRE

    Inggrid; Arfianti, Rizka I; Utami, Viany

    2009-01-01

    Abstract The fast growth of technology has an impact to the accounting field. This relates to the term of information technology (17) auditing. One of the risI6 of using information technology in business which can be fatal enough i fignored is security risk Security risk can be reduced by security controls which include physical security control and logical security contra Information technology auditing is the process of collecting and evaluating evidence to determine whether or not a co...

  4. Internet security technologies

    CERN Multimedia

    CERN. Geneva

    2003-01-01

    The three pillars of Internet Security are Infrastructure, Applications and People. In this series of lectures we will examine those three pillars and how vital it is for individuals to understand the vulnerabilities of this technology so they can made informed decisions about risks and how they can reduce those risks for themselves and their colleagues.First we will focus on the infrastructure: network; servers; operating systems and all those things that are mostly invisible. Moving up a level, into the visible realm, we discuss the application and see things like buffer overflows, viruses and how as application developers and users we can protect ourselves. Finally, it's all about people. The strongest security technology in the world is easily defeated if people don't understand their role in the whole system.

  5. Surviving security how to integrate people, process, and technology

    CERN Document Server

    Andress, Amanda

    2003-01-01

    WHY DO I NEED SECURITY? Introduction The Importance of an Effective Security Infrastructure People, Process, and Technology What Are You Protecting Against? Types of Attacks Types of Attackers Security as a Competitive Advantage Choosing a Solution Finding Security Employees The Layered Approach UNDERSTANDING REQUIREMENTS AND RISK What Is Risk? Embracing Risk Information Security Risk Assessment Assessing Risk Insurance SECURITY POLICIES AND PROCEDURES Internal Focus Is Key Security Awareness and Education Policy Life Cycle Developing Policies Components of a Security Policy Sample Security Po

  6. Information technology security system engineering methodology

    Science.gov (United States)

    Childs, D.

    2003-01-01

    A methodology is described for system engineering security into large information technology systems under development. The methodology is an integration of a risk management process and a generic system development life cycle process. The methodology is to be used by Security System Engineers to effectively engineer and integrate information technology security into a target system as it progresses through the development life cycle. The methodology can also be used to re-engineer security into a legacy system.

  7. Security risks arising from portable storage devices

    CSIR Research Space (South Africa)

    Molotsi, K

    2012-10-01

    Full Text Available of the security risks arising from the use of PSDs, and further provides possible security countermeasures to help organisations and users to protect their digital assets. APPROACH Literature review: ? To investigate security risks posed by PSDs... technology in the workplace. International Journal of Electronic Security and Digital Forensics. 3(1): 73?81 [3] Kim, K., Kim, E. & Hong S. (2009). Privacy information protection in portable device. Proceedings of International Conference on Convergence...

  8. Reducing security risk using data loss prevention technology.

    Science.gov (United States)

    Beeskow, John

    2015-11-01

    Data loss/leakage protection (DLP) technology seeks to improve data security by answering three fundamental questions: > Where are confidential data stored? > Who is accessing the information? > How are data being handled?

  9. Security engineering: systems engineering of security through the adaptation and application of risk management

    Science.gov (United States)

    Gilliam, David P.; Feather, Martin S.

    2004-01-01

    Information Technology (IT) Security Risk Management is a critical task in the organization, which must protect its resources and data against the loss of confidentiality, integrity, and availability. As systems become more complex and diverse, and more vulnerabilities are discovered while attacks from intrusions and malicious content increase, it is becoming increasingly difficult to manage IT security. This paper describes an approach to address IT security risk through risk management and mitigation in both the institution and in the project life cycle.

  10. FlySec: a risk-based airport security management system based on security as a service concept

    Science.gov (United States)

    Kyriazanos, Dimitris M.; Segou, Olga E.; Zalonis, Andreas; Thomopoulos, Stelios C. A.

    2016-05-01

    Complementing the ACI/IATA efforts, the FLYSEC European H2020 Research and Innovation project (http://www.fly-sec.eu/) aims to develop and demonstrate an innovative, integrated and end-to-end airport security process for passengers, enabling a guided and streamlined procedure from the landside to airside and into the boarding gates, and offering for an operationally validated innovative concept for end-to-end aviation security. FLYSEC ambition turns through a well-structured work plan into: (i) innovative processes facilitating risk-based screening; (ii) deployment and integration of new technologies and repurposing existing solutions towards a risk-based Security paradigm shift; (iii) improvement of passenger facilitation and customer service, bringing security as a real service in the airport of tomorrow;(iv) achievement of measurable throughput improvement and a whole new level of Quality of Service; and (v) validation of the results through advanced "in-vitro" simulation and "in-vivo" pilots. On the technical side, FLYSEC achieves its ambitious goals by integrating new technologies on video surveillance, intelligent remote image processing and biometrics combined with big data analysis, open-source intelligence and crowdsourcing. Repurposing existing technologies is also in the FLYSEC objectives, such as mobile application technologies for improved passenger experience and positive boarding applications (i.e. services to facilitate boarding and landside/airside way finding) as well as RFID for carry-on luggage tracking and quick unattended luggage handling. In this paper, the authors will describe the risk based airport security management system which powers FLYSEC intelligence and serves as the backend on top of which FLYSEC's front end technologies reside for security services management, behaviour and risk analysis.

  11. Home - Defense Technology Security Administration

    Science.gov (United States)

    by @dtsamil Defense Technology Security Administration Mission, Culture, and History Executive Official seal of Defense Technology Security Administration Official seal of Defense Technology Security Administration OFFICE of the SECRETARY of DEFENSE Defense Technology Security Administration

  12. Digital security technology simplified.

    Science.gov (United States)

    Scaglione, Bernard J

    2007-01-01

    Digital security technology is making great strides in replacing analog and other traditional security systems including CCTV card access, personal identification and alarm monitoring applications. Like any new technology, the author says, it is important to understand its benefits and limitations before purchasing and installing, to ensure its proper operation and effectiveness. This article is a primer for security directors on how digital technology works. It provides an understanding of the key components which make up the foundation for digital security systems, focusing on three key aspects of the digital security world: the security network, IP cameras and IP recorders.

  13. Information Security Risk Assessment in Hospitals.

    Science.gov (United States)

    Ayatollahi, Haleh; Shagerdi, Ghazal

    2017-01-01

    To date, many efforts have been made to classify information security threats, especially in the healthcare area. However, there are still many unknown risks which may threat the security of health information and their resources especially in the hospitals. The aim of this study was to assess the risks threatening information security in the hospitals located in one of the northwest cities of Iran. This study was completed in 2014. The participants were information technology managers who worked in the hospitals (n=27). The research instrument was a questionnaire composed of a number of open and closed questions. The content validity of the questionnaire was confirmed, and the reliability of the closed questions was measured by using the test-retest method (r =0.78). The results showed that among the information security risks, fire found to be a high probability/high impact risk factor. Human and physical/environmental threats were among the low probability risk factors. Regarding the information security safeguards used in the hospitals, the results showed that the use of the technical safeguards was the most frequent one (n =22, 91.7%) compared to the administrative (n =21, 87.5%) and the physical safeguards (n =16, 66.7%). The high probability risk factors require quick corrective actions to be taken. Therefore, the underlying causes of such threats should be identified and controlled before experiencing adverse effects. It is also important to note that information security in health care systems needs to be considered at a macro level with respect to the national interests and policies.

  14. Selecting Security Technology Providers

    Science.gov (United States)

    Schneider, Tod

    2009-01-01

    The world of security technology holds great promise, but it is fraught with opportunities for expensive missteps and misapplications. The quality of the security technology consultants and system integrators one uses will have a direct bearing on how well his school masters this complex subject. Security technology consultants help determine…

  15. Privacy and information security risks in a technology platform for home-based chronic disease rehabilitation and education.

    Science.gov (United States)

    Henriksen, Eva; Burkow, Tatjana M; Johnsen, Elin; Vognild, Lars K

    2013-08-09

    Privacy and information security are important for all healthcare services, including home-based services. We have designed and implemented a prototype technology platform for providing home-based healthcare services. It supports a personal electronic health diary and enables secure and reliable communication and interaction with peers and healthcare personnel. The platform runs on a small computer with a dedicated remote control. It is connected to the patient's TV and to a broadband Internet. The platform has been tested with home-based rehabilitation and education programs for chronic obstructive pulmonary disease and diabetes. As part of our work, a risk assessment of privacy and security aspects has been performed, to reveal actual risks and to ensure adequate information security in this technical platform. Risk assessment was performed in an iterative manner during the development process. Thus, security solutions have been incorporated into the design from an early stage instead of being included as an add-on to a nearly completed system. We have adapted existing risk management methods to our own environment, thus creating our own method. Our method conforms to ISO's standard for information security risk management. A total of approximately 50 threats and possible unwanted incidents were identified and analysed. Among the threats to the four information security aspects: confidentiality, integrity, availability, and quality; confidentiality threats were identified as most serious, with one threat given an unacceptable level of High risk. This is because health-related personal information is regarded as sensitive. Availability threats were analysed as low risk, as the aim of the home programmes is to provide education and rehabilitation services; not for use in acute situations or for continuous health monitoring. Most of the identified threats are applicable for healthcare services intended for patients or citizens in their own homes. Confidentiality

  16. Information and technology: Improving food security in Uganda ...

    International Development Research Centre (IDRC) Digital Library (Canada)

    2014-06-23

    Jun 23, 2014 ... Information and technology: Improving food security in Uganda ... knowledge to make decisions about planting, harvesting, and managing livestock, but ... to be effective for minimizing risks and increasing agricultural productivity. ... In time, this network of information – made possible by digital technology ...

  17. Practice brief. Securing wireless technology for healthcare.

    Science.gov (United States)

    Retterer, John; Casto, Brian W

    2004-05-01

    Wireless networking can be a very complex science, requiring an understanding of physics and the electromagnetic spectrum. While the radio theory behind the technology can be challenging, a basic understanding of wireless networking can be sufficient for small-scale deployment. Numerous security mechanisms are available to wireless technologies, making it practical, scalable, and affordable for healthcare organizations. The decision on the selected security model should take into account the needs for additional server hardware and administrative costs. Where wide area network connections exist between cooperative organizations, deployment of a distributed security model can be considered to reduce administrative overhead. The wireless approach chosen should be dynamic and concentrate on the organization's specific environmental needs. Aspects of organizational mission, operations, service level, and budget allotment as well as an organization's risk tolerance are all part of the balance in the decision to deploy wireless technology.

  18. Securing the energy industry : perspectives in security risk management

    Energy Technology Data Exchange (ETDEWEB)

    Hurd, G.L. [Anadarko Canada Corp., Calgary, AB (Canada)

    2003-07-01

    This presentation offered some perspectives in security risk management as it relates to the energy sector. Since the events of September 11, 2001 much attention has been given to terrorism and the business is reviewing protection strategies. The paper made reference to each of the following vulnerabilities in the energy sector: information technology, globalization, business restructuring, interdependencies, political/regulatory change, and physical/human factors. The vulnerability of information technology is that it can be subject to cyber and virus attacks. Dangers of globalization lie in privacy and information security, forced nationalization, organized crime, and anti-globalization efforts. It was noted that the Y2K phenomenon provided valuable lessons regarding interdependencies and the effects of power outages, water availability, transportation disruption, common utility corridor accidents, and compounding incidents. The paper also noted the conflict between the government's desire to have a resilient infrastructure that can withstand and recover from attacks versus a company's ability to afford this capability. The physical/human factors that need to be considered in risk management include crime, domestic terrorism, and disasters such as natural disasters, industrial disasters and crisis. The energy industry has geographically dispersed vulnerable systems. It has done a fair job of physical security and has good emergency management practices, but it was noted that the industry cannot protect against all threats. A strategy of vigilance and awareness is needed to deal with threats. Other strategies include contingency planning, physical security, employee communication, and emergency response plans. tabs., figs.

  19. School Security Technologies

    Science.gov (United States)

    Schneider, Tod

    2010-01-01

    Over the past decade electronic security technology has evolved from an exotic possibility into an essential safety consideration. Before resorting to high-tech security solutions, school officials should think carefully about the potential for unintended consequences. Technological fixes may be mismatched to the problems being addressed. They can…

  20. Management of information security risks in a federal public institution: a case study

    Directory of Open Access Journals (Sweden)

    Jackson Gomes Soares Souza

    2016-11-01

    Full Text Available Public institutions bound to the Brazilian federal public sector must apply security measures, policies, procedures and guidelines as information assets protection measures. This case study sought to determine whether the management of information security risks is applied in a federal public institution according to Information Technology (I.T. managers perceptions and the results expose the importance of the roles played by people, responsibilities, policies, standards, procedures and their implementation aiming greater control of information security risks and opportunities related to information technology security.

  1. Vulnerability Identification Errors in Security Risk Assessments

    OpenAIRE

    Taubenberger, Stefan

    2014-01-01

    At present, companies rely on information technology systems to achieve their business objectives, making them vulnerable to cybersecurity threats. Information security risk assessments help organisations to identify their risks and vulnerabilities. An accurate identification of risks and vulnerabilities is a challenge, because the input data is uncertain. So-called ’vulnerability identification errors‘ can occur if false positive vulnerabilities are identified, or if vulnerabilities remain u...

  2. AUSERA: Large-Scale Automated Security Risk Assessment of Global Mobile Banking Apps

    OpenAIRE

    Chen, Sen; Meng, Guozhu; Su, Ting; Fan, Lingling; Xue, Yinxing; Liu, Yang; Xu, Lihua; Xue, Minhui; Li, Bo; Hao, Shuang

    2018-01-01

    Contemporary financial technology (FinTech) that enables cashless mobile payment has been widely adopted by financial institutions, such as banks, due to its convenience and efficiency. However, FinTech has also made massive and dynamic transactions susceptible to security risks. Given large financial losses caused by such vulnerabilities, regulatory technology (RegTech) has been developed, but more comprehensive security risk assessment is specifically desired to develop robust, scalable, an...

  3. Technology Empowerment: Security Challenges.

    Energy Technology Data Exchange (ETDEWEB)

    Warren, Drake Edward [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Backus, George A. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Jones, Wendell [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Nelson, Thomas R. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Skocypec, Russell D. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)

    2017-03-01

    Technology empowerment” means that innovation is increasingly accessible to ordinary people of limited means. As powerful technologies become more affordable and accessible, and as people are increasingly connected around the world, ordinary people are empowered to participate in the process of innovation and share the fruits of collaborative innovation. This annotated briefing describes technology empowerment and focuses on how empowerment may create challenges to U.S. national security. U.S. defense research as a share of global innovation has dwindled in recent years. With technology empowerment, the role of U.S. defense research is likely to shrink even further while technology empowerment will continue to increase the speed of innovation. To avoid falling too far behind potential technology threats to U.S. national security, U.S. national security institutions will need to adopt many of the tools of technology empowerment.

  4. Security force effectiveness and technology

    International Nuclear Information System (INIS)

    Seaton, M.B.

    1988-01-01

    No one would propose ineffective security forces. Applied technology always has, as its purpose, to increase effectiveness. Evidence exists, however, that poorly conceived or executed technological solutions can actually do more harm than good. The author argues for improved human factor considerations in physical security applied technology -- especially in the area of security console operations

  5. Information security risk management and incompatible parts of organization

    Energy Technology Data Exchange (ETDEWEB)

    Talabeigi, E.; Naeeini, S.G.J.

    2016-07-01

    Purpose: we prepared a questionnaire to evaluate Incompatible parts and also risk management in University of Science and Technology E-Learning Center and studying the Incompatible parts impacts on utility of organization. Design/methodology/approach: By using coalitional game theory we present a new model to recognize the degrees of incompatibility among independent divisions of an organization with dependent security assets. Based on positive and negative interdependencies in the parts, the model provides how the organization can decrease the security risks through non-cooperation rather than cooperation. we implement the proposed model of this paper by analyzing the data which have been provided by questionnaires from different three managers' ideas of Iran University of Science and Technology E-Learning Center located in Iran University of Science and Technology, Tehran, Iran. Findings: In general, by collecting data and analyzing them, the survey showed that Incompatible parts of organizations have negative impacts on utility of organization risk management process. Furthermore, it adds values to other organizations and provides the best practices in planning, developing, implementing and monitoring risk management in organizations. Research limitations/implications: Since Information security and also Risk Management are still areas which need to improve in some Iranian universities, we couldn’t consider them in our analysis. On the other hand, due to questionnaire limitation, the study’s sample size is 1. This size may be considered large for our statistical analysis. Originality/value: The main contribution of this paper is to propose a model for non-cooperation among a number of divisions in a organization and using risk management factors.

  6. Information security risk management and incompatible parts of organization

    International Nuclear Information System (INIS)

    Talabeigi, E.; Naeeini, S.G.J.

    2016-01-01

    Purpose: we prepared a questionnaire to evaluate Incompatible parts and also risk management in University of Science and Technology E-Learning Center and studying the Incompatible parts impacts on utility of organization. Design/methodology/approach: By using coalitional game theory we present a new model to recognize the degrees of incompatibility among independent divisions of an organization with dependent security assets. Based on positive and negative interdependencies in the parts, the model provides how the organization can decrease the security risks through non-cooperation rather than cooperation. we implement the proposed model of this paper by analyzing the data which have been provided by questionnaires from different three managers' ideas of Iran University of Science and Technology E-Learning Center located in Iran University of Science and Technology, Tehran, Iran. Findings: In general, by collecting data and analyzing them, the survey showed that Incompatible parts of organizations have negative impacts on utility of organization risk management process. Furthermore, it adds values to other organizations and provides the best practices in planning, developing, implementing and monitoring risk management in organizations. Research limitations/implications: Since Information security and also Risk Management are still areas which need to improve in some Iranian universities, we couldn’t consider them in our analysis. On the other hand, due to questionnaire limitation, the study’s sample size is 1. This size may be considered large for our statistical analysis. Originality/value: The main contribution of this paper is to propose a model for non-cooperation among a number of divisions in a organization and using risk management factors.

  7. Security 2020 Reduce Security Risks This Decade

    CERN Document Server

    Howard, Doug; Schneier, Bruce

    2010-01-01

    Identify real security risks and skip the hype After years of focusing on IT security, we find that hackers are as active and effective as ever. This book gives application developers, networking and security professionals, those that create standards, and CIOs a straightforward look at the reality of today's IT security and a sobering forecast of what to expect in the next decade. It debunks the media hype and unnecessary concerns while focusing on the knowledge you need to combat and prioritize the actual risks of today and beyond.IT security needs are constantly evolving; this guide examine

  8. Survey of current technologies of security management for distributed information systems; Bunsangata joho system no security iji kanri hoshiki no genjo

    Energy Technology Data Exchange (ETDEWEB)

    Matsui, S [Central Research Institute of Electric Power Industry, Tokyo (Japan)

    1997-05-01

    The latest situation of the security management for a distributed information system was examined and systematically summarized to indicate the management design in future. This paper describes the threat of the distributed information system to security, the risk for confidentiality, integrity, and availability due to the threat, and the measures to be taken. The basic technology of security management is classified into the `user certification to prevent an incorrect access` and the `encipherment to prevent data from being used incorrectly.` The technology for certification has been almost completed. It can be securely done using an expendable password or IC card system. In Internet, multiple enciphering technologies for constructing a virtual private network that can secure the almost the same security as for a private network can be used. In an electronic mail, the enciphering technology can also be used easily. The tool that manages the security of very many servers, clients, and networks is in the initial stage. 16 refs., 1 fig., 5 tabs.

  9. Network Security Risk Assessment System Based on Attack Graph and Markov Chain

    Science.gov (United States)

    Sun, Fuxiong; Pi, Juntao; Lv, Jin; Cao, Tian

    2017-10-01

    Network security risk assessment technology can be found in advance of the network problems and related vulnerabilities, it has become an important means to solve the problem of network security. Based on attack graph and Markov chain, this paper provides a Network Security Risk Assessment Model (NSRAM). Based on the network infiltration tests, NSRAM generates the attack graph by the breadth traversal algorithm. Combines with the international standard CVSS, the attack probability of atomic nodes are counted, and then the attack transition probabilities of ones are calculated by Markov chain. NSRAM selects the optimal attack path after comprehensive measurement to assessment network security risk. The simulation results show that NSRAM can reflect the actual situation of network security objectively.

  10. Information security risk management and incompatible parts of organization

    Directory of Open Access Journals (Sweden)

    Elham Talabeigi

    2016-11-01

    Full Text Available Purpose: we prepared a questionnaire to evaluate Incompatible parts and also risk management in University of Science and Technology E-Learning Center and studying the Incompatible parts impacts on utility of organization. Design/methodology/approach: By using coalitional game theory we present a new model to recognize the degrees of incompatibility among independent divisions of an organization with dependent security assets. Based on positive and negative interdependencies in the parts, the model provides how the organization can decrease the security risks through non-cooperation rather than cooperation. we implement the proposed model of this paper by analyzing the data which have been provided by questionnaires from different three managers' ideas of Iran University of Science and Technology E-Learning Center located in Iran University of Science and Technology, Tehran, Iran. Findings: In general, by collecting data and analyzing them, the survey showed that Incompatible parts of organizations have negative impacts on utility of organization risk management process. Furthermore, it adds values to other organizations and provides the best practices in planning, developing, implementing and monitoring risk management in organizations. Research limitations/implications: Since Information security and also Risk Management are still areas which need to improve in some Iranian universities, we couldn’t consider them in our analysis. On the other hand, due to questionnaire limitation, the study’s sample size is 1. This size may be considered large for our statistical analysis. Originality/value:  The main contribution of this paper is to propose a model for non-cooperation among a number of divisions in a organization and using risk management factors.

  11. Information risk and security modeling

    Science.gov (United States)

    Zivic, Predrag

    2005-03-01

    This research paper presentation will feature current frameworks to addressing risk and security modeling and metrics. The paper will analyze technical level risk and security metrics of Common Criteria/ISO15408, Centre for Internet Security guidelines, NSA configuration guidelines and metrics used at this level. Information IT operational standards view on security metrics such as GMITS/ISO13335, ITIL/ITMS and architectural guidelines such as ISO7498-2 will be explained. Business process level standards such as ISO17799, COSO and CobiT will be presented with their control approach to security metrics. Top level, the maturity standards such as SSE-CMM/ISO21827, NSA Infosec Assessment and CobiT will be explored and reviewed. For each defined level of security metrics the research presentation will explore the appropriate usage of these standards. The paper will discuss standards approaches to conducting the risk and security metrics. The research findings will demonstrate the need for common baseline for both risk and security metrics. This paper will show the relation between the attribute based common baseline and corporate assets and controls for risk and security metrics. IT will be shown that such approach spans over all mentioned standards. The proposed approach 3D visual presentation and development of the Information Security Model will be analyzed and postulated. Presentation will clearly demonstrate the benefits of proposed attributes based approach and defined risk and security space for modeling and measuring.

  12. Physical security and IT convergence: Managing the cyber-related risks.

    Science.gov (United States)

    McCreight, Tim; Leece, Doug

    The convergence of physical security devices into the corporate network is increasing, due to the perceived economic benefits and efficiencies gained from using one enterprise network. Bringing these two networks together is not without risk. Physical devices like closed circuit television cameras (CCTV), card access readers, and heating, ventilation and air conditioning controllers (HVAC) are typically not secured to the standards we expect for corporate computer networks. These devices can pose significant risks to the corporate network by creating new avenues to exploit vulnerabilities in less-than-secure implementations of physical systems. The ASIS Information Technology Security Council (ITSC) developed a white paper describing steps organisations can take to reduce the risks this convergence can pose, and presented these concepts at the 2015 ASIS/ISC2 Congress in Anaheim, California. 1 This paper expands upon the six characteristics described by ITSC, and provides business continuity planners with information on how to apply these recommendations to physical security devices that use the corporate network.

  13. Emerging information technologies in accounting and related security risks – what is the impact on the Romanian accounting profession

    Directory of Open Access Journals (Sweden)

    Sînziana-Maria Rîndașu

    2017-12-01

    Full Text Available This study investigates whether aspiring and professional accountants understand the benefits and security challenges brought by emerging technologies such as: Big Data, data analytics, cloud computing and mobile technologies. 115 participants took part in a survey during January and February 2017, all having at least one year of practical experience in accounting or audit and 80% of them being affiliated with national or international accounting professional bodies. The research has three key findings: (1 Professional accountants and auditors are having in average a theoretical knowledge of the emerging technologies in the accounting field, but they still need to enhance their skills to exploit them efficiently, (2 Mobile technologies started to be adopted by the Romanian practitioners and (3 The profession has become aware of the security risks brought by emerging technologies in the digital accounting. The accounting profession is on the verge of change and the practitioners do not yet possess sufficient skills regarding the analyzed emerging technologies. As per this, the professional bodies and academic environment should reassess their curricula to enforce the necessary changes for preparing practitioners to successfully face the future challenges and avoid their replacement by other professions more qualified.

  14. Nuclear material facilities - security systems and technology R and D trends

    International Nuclear Information System (INIS)

    Ellis, D.; Steele, B.

    2002-01-01

    Full text: In the US, physical security research and development (R and D) during the 1970s and 1980s created a body of technology and systems engineering that largely defined the industry for several decades. However, despite today's terrorists threats and risks, the overall funding of new and innovative physical security solutions is relatively very small. Such factors constraining physical security R and D include the expansion of overall security responsibilities, the emphasis on programmatic and business performance, in addition to evolving (mis)perceptions that 'the problem has been solved' or that 'anyone can do security'. Underlying these factors, the lack of robust standards and certifications has limited the development and application of physical security products, systems, and services. The research and development of new security technologies must be evaluated against very demanding constraints - including costs/benefits, emerging threats, and policies. Going forward, the goal will be to create a more comprehensive approach to physical security of nuclear material facilities that matches evolving threats and that will complement the transition to an integrated security/operations management environment. Such a management model evaluates the additional value of increasing security alternatives in addition to determining trade-offs between the programmatic mission and security issues. Correspondingly, more explicit and strategically useful measures must be developed to determine importance that, in turn, will influence security-related R and D efforts. The research and development of security technologies should be based upon identified needs and requirements resulting from a systematic analysis of the threat and other conditions. In particular, security technologies and systems must be evaluated in terms of current and long-term impacts. Such needs are (will be) diverse and will depend upon sustained research investments in a broad range of technologies

  15. National Security Technology Incubator Business Plan

    Energy Technology Data Exchange (ETDEWEB)

    None, None

    2007-12-31

    This document contains a business plan for the National Security Technology Incubator (NSTI), developed as part of the National Security Preparedness Project (NSPP) and performed under a Department of Energy (DOE)/National Nuclear Security Administration (NNSA) grant. This business plan describes key features of the NSTI, including the vision and mission, organizational structure and staffing, services, evaluation criteria, marketing strategies, client processes, a budget, incubator evaluation criteria, and a development schedule. The purpose of the NSPP is to promote national security technologies through business incubation, technology demonstration and validation, and workforce development. The NSTI will focus on serving businesses with national security technology applications by nurturing them through critical stages of early development. The vision of the NSTI is to be a successful incubator of technologies and private enterprise that assist the NNSA in meeting new challenges in national safety, security, and protection of the homeland. The NSTI is operated and managed by the Arrowhead Center, responsible for leading the economic development mission of New Mexico State University (NMSU). The Arrowhead Center will recruit business with applications for national security technologies recruited for the NSTI program. The Arrowhead Center and its strategic partners will provide business incubation services, including hands-on mentoring in general business matters, marketing, proposal writing, management, accounting, and finance. Additionally, networking opportunities and technology development assistance will be provided.

  16. National Security Technology Incubator Evaluation Process

    Energy Technology Data Exchange (ETDEWEB)

    None, None

    2007-12-31

    This report describes the process by which the National Security Technology Incubator (NSTI) will be evaluated. The technology incubator is being developed as part of the National Security Preparedness Project (NSPP), funded by a Department of Energy (DOE)/National Nuclear Security Administration (NNSA) grant. This report includes a brief description of the components, steps, and measures of the proposed evaluation process. The purpose of the NSPP is to promote national security technologies through business incubation, technology demonstration and validation, and workforce development. The NSTI will focus on serving businesses with national security technology applications by nurturing them through critical stages of early development. An effective evaluation process of the NSTI is an important step as it can provide qualitative and quantitative information on incubator performance over a given period. The vision of the NSTI is to be a successful incubator of technologies and private enterprise that assist the NNSA in meeting new challenges in national safety and security. The mission of the NSTI is to identify, incubate, and accelerate technologies with national security applications at various stages of development by providing hands-on mentoring and business assistance to small businesses and emerging or growing companies. To achieve success for both incubator businesses and the NSTI program, an evaluation process is essential to effectively measure results and implement corrective processes in the incubation design if needed. The evaluation process design will collect and analyze qualitative and quantitative data through performance evaluation system.

  17. Smart Card Security; Technology and Adoption

    OpenAIRE

    Hamed Taherdoost; Shamsul Sahibuddin; Neda Jalaliyoon

    2011-01-01

    Newly, smart card technology are being used in a number of ways around the world, on the otherhand, security has become significant in information technology, especially in those applicationinvolving data sharing and transactions through the internet. Furthermore, researches ininformation technology acceptance have identified the security as one of the factor that caninfluence on smart card adoption. This research is chiefly to study the security principals of smartcard and assess the securit...

  18. Marine data security based on blockchain technology

    Science.gov (United States)

    Yang, Zhao; Xie, Weiwei; Huang, Lei; Wei, Zhiqiang

    2018-03-01

    With the development of marine observation technology and network technology, the volume of marine data growing rapidly. This brings new challenges for data storage and transmission. How to protect data security of marine big data has become an urgent problem. The traditional information security methods’ characteristic is centralization. These technologies cannot provide whole process protection, e.g., data storage, data management and application of data. The blockchain technology is a novel technology, which can keep the data security and reliability by using decentralized methodology. It has aroused wide interest in the financial field. In this paper, we describe the concept, characteristics and key technologies of blockchain technology and introduce it into the field of marine data security.

  19. Information Security Risks on a University Campus

    Directory of Open Access Journals (Sweden)

    Amer A. Al-Rawas

    2002-06-01

    Full Text Available This paper is concerned with issues relating to security in the provision of information systems (IS services within a campus environment. It is based on experiences with a specific known environment; namely Sultan Qaboos University. In considering the risks and challenges that face us in the provision of IS services we need to consider a number of interwoven subject areas.  These are: the importance of information to campus communities, the types of information utilised, and the risk factors that relate to the provision of IS services. Based on our discussion of the risk factors identified within this paper, we make a number of recommendations for improving security within any environment that wishes to take the matter seriously. These recommendations are classified into three main groups: general, which are applicable to the entire institution; social, aimed at the work attitudes of staff and students; and technical, addressing the skills and technologies required.

  20. Enterprise security IT security solutions : concepts, practical experiences, technologies

    CERN Document Server

    Fumy, Walter

    2013-01-01

    Addressing IT managers and staff, as well as CIOs and other executives dealing with corporate IT security, this book provides a broad knowledge on the major security issues affecting today's corporations and organizations, and presents state-of-the-art concepts and current trends for securing an enterprise.Areas covered include information security management, network and system security, identity and access management (IAM), authentication (including smart card based solutions and biometrics), and security certification. In-depth discussion of relevant technologies and standards (including cr

  1. 2017 Emerging Technology Domains Risk Survey

    Science.gov (United States)

    2017-10-01

    REV-03.18.2016.0 2017 Emerging Technology Domains Risk Survey Daniel Klinedinst Joel Land Kyle O’Meara October 2017 TECHNICAL REPORT CMU/SEI...Distribution Statement A: Approved for Public Release. Distribution is Unlimited. List of Tables Table 1: New and Emerging Technologies 2 Table 2: Security...Impact of New and Emerging Technologies 4 Table 3: Severity Classifications and Impact Scores 5 CMU/SEI-2017-TR-008 | SOFTWARE ENGINEERING

  2. Information security foundations, technologies and applications

    CERN Document Server

    Awad, Ali Ismail; Fairhurst, Michael

    2018-01-01

    This book outlines key emerging trends in information security from the foundations and technologies in biometrics, cybersecurity, and big data security to applications in hardware and embedded systems security, computer forensics, the Internet of Things security, and network security.

  3. A Risk Management Process for Consumers: The Next Step in Information Security

    NARCIS (Netherlands)

    van Cleeff, A.

    2010-01-01

    Simply by using information technology, consumers expose themselves to considerable security risks. Because no technical or legal solutions are readily available, and awareness programs have limited impact, the only remedy is to develop a risk management process for consumers. Consumers need to

  4. Information technology - Security techniques - Information security management systems - Requirements

    CERN Document Server

    International Organization for Standardization. Geneva

    2005-01-01

    ISO/IEC 27001:2005 covers all types of organizations (e.g. commercial enterprises, government agencies, not-for profit organizations). ISO/IEC 27001:2005 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization's overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof. ISO/IEC 27001:2005 is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties. ISO/IEC 27001:2005 is intended to be suitable for several different types of use, including the following: use within organizations to formulate security requirements and objectives; use within organizations as a way to ensure that security risks are cost effectively managed; use within organizations to ensure comp...

  5. Building secure network by integrated technology

    International Nuclear Information System (INIS)

    An Dehai; Xu Rongsheng; Liu Baoxu

    2000-01-01

    The author introduces a method which can realize the most powerful network security prevention by the network security integrated technologies such as firewall, realtime monitor, network scanner, Web detection and security, etc

  6. reputation Risks through Information Security Incidents

    Directory of Open Access Journals (Sweden)

    Vitaly Eduardovich Dorokhov

    2014-05-01

    Full Text Available The article deals with accounting reputational risks arising through information security breaches in the management of a business entity. Security breach incidents which results to the loss of reputation are identified. Based on this analysis the definition of reputational risk in information security is given.

  7. The DOE safeguards and security technology development program

    International Nuclear Information System (INIS)

    Cherry, R.C.; Wheelock, A.J.

    1991-01-01

    This paper reports that strategic planning for safeguards and security within the Department of Energy emphasizes the contributions of advanced technologies to the achievement of Departmental protection program goals. The Safeguards and Security Technology Development Program provides state-of-the-art technologies, systems and technical services in support of the policies and programmatic requirements for the protection of Departmental assets. The Program encompasses research and development in physical security, nuclear material control and accountability, information security and personnel security, and the integration of these disciplines in advanced applications. Technology development tasks serve goals that range from the maintenance of an effective technology base to the development, testing and evaluation of applications to meet field needs. A variety of factors, from the evolving threat to reconfiguration of the DOE complex and the technical requirements of new facilities, are expected to influence safeguards and security technology requirements and development efforts. Implementation of the Program is based on the systematic identification, prioritization and alignment of technology development tasks and needs. Initiatives currently underway are aimed at enhancing technology development project management. Increased management attention is also being placed on efforts to promote the benefits of the Program through technology transfer and interagency liaison

  8. The Performativity of Risk Management Frameworks and Technologies

    DEFF Research Database (Denmark)

    Neerup Themsen, Tim; Skærbæk, Peter

    2018-01-01

    This article examines the long-term dynamics among a best-practice risk management framework, risk management technologies and the translation of uncertainties into risks by using a longitudinal case study of a large mega-project. We show that the framework and technologies through the visual power...... of impure risks challenges the predictions of the framework causing a false sense of security for the project objectives, and that the continuous readjustment of technologies, in particular, is necessary to ensure the long-term realisation of these predictions. Finally, this article contributes...... of inscriptions and the purifying work of risk consultants as experts establish the boundaries of the forms of uncertainties that are accepted and included as risks. We term the accepted and included risks ‘pure risks’ and the risks excluded after disagreement ‘impure risks’. We also show that the construction...

  9. Security Risk Assessment Process for UAS in the NAS CNPC Architecture

    Science.gov (United States)

    Iannicca, Dennis Christopher; Young, Daniel Paul; Suresh, Thadhani; Winter, Gilbert A.

    2013-01-01

    This informational paper discusses the risk assessment process conducted to analyze Control and Non-Payload Communications (CNPC) architectures for integrating civil Unmanned Aircraft Systems (UAS) into the National Airspace System (NAS). The assessment employs the National Institute of Standards and Technology (NIST) Risk Management framework to identify threats, vulnerabilities, and risks to these architectures and recommends corresponding mitigating security controls. This process builds upon earlier work performed by RTCA Special Committee (SC) 203 and the Federal Aviation Administration (FAA) to roadmap the risk assessment methodology and to identify categories of information security risks that pose a significant impact to aeronautical communications systems. A description of the deviations from the typical process is described in regards to this aeronautical communications system. Due to the sensitive nature of the information, data resulting from the risk assessment pertaining to threats, vulnerabilities, and risks is beyond the scope of this paper

  10. Nuclear energy technology transfer: the security barriers

    International Nuclear Information System (INIS)

    Rinne, R.L.

    1975-08-01

    The problems presented by security considerations to the transfer of nuclear energy technology are examined. In the case of fusion, the national security barrier associated with the laser and E-beam approaches is discussed; for fission, the international security requirements, due to the possibility of the theft or diversion of special nuclear materials or sabotage of nuclear facilities, are highlighted. The paper outlines the nuclear fuel cycle and terrorist threat, examples of security barriers, and the current approaches to transferring technology. (auth)

  11. Technologies to counter aviation security threats

    Science.gov (United States)

    Karoly, Steve

    2017-11-01

    The Aviation and Transportation Security Act (ATSA) makes TSA responsible for security in all modes of transportation, and requires that TSA assess threats to transportation, enforce security-related regulations and requirements, and ensure the adequacy of security measures at airports and other transportation facilities. Today, TSA faces a significant challenge and must address a wide range of commercial, military grade, and homemade explosives and these can be presented in an infinite number of configurations and from multiple vectors. TSA screens 2 million passengers and crew, and screens almost 5 million carry-on items and 1.2 million checked bags daily. As TSA explores new technologies for improving efficiency and security, those on the forefront of research and development can help identify unique and advanced methods to combat terrorism. Research and Development (R&D) drives the development of future technology investments that can address an evolving adversary and aviation threat. The goal is to rethink the aviation security regime in its entirety, and rather than focusing security at particular points in the enterprise, distribute security from the time a reservation is made to the time a passenger boards the aircraft. The ultimate objective is to reengineer aviation security from top to bottom with a continued focus on increasing security throughout the system.

  12. Making Technology Work for Campus Security

    Science.gov (United States)

    Floreno, Jeff; Keil, Brad

    2010-01-01

    The challenges associated with securing schools from both on- and off-campus threats create constant pressure for law enforcement, campus security professionals, and administrators. And while security technology choices are plentiful, many colleges and universities are operating with limited dollars and information needed to select and integrate…

  13. Risk assessment techniques for civil aviation security

    Energy Technology Data Exchange (ETDEWEB)

    Tamasi, Galileo, E-mail: g.tamasi@enac.rupa.i [Ente Nazionale per l' Aviazione Civile-Direzione Progetti, Studi e Ricerche, Via di Villa Ricotti, 42, 00161 Roma (Italy); Demichela, Micaela, E-mail: micaela.demichela@polito.i [SAfeR-Centro Studi su Sicurezza, Affidabilita e Rischi, Dipartimento di Scienza dei Materiali e Ingegneria Chimica, Politecnico di Torino, Corso Duca degli Abruzzi, 24, 10129 Torino (Italy)

    2011-08-15

    Following the 9/11 terrorists attacks in New York a strong economical effort was made to improve and adapt aviation security, both in infrastructures as in airplanes. National and international guidelines were promptly developed with the objective of creating a security management system able to supervise the identification of risks and the definition and optimization of control measures. Risk assessment techniques are thus crucial in the above process, since an incorrect risk identification and quantification can strongly affect both the security level as the investments needed to reach it. The paper proposes a set of methodologies to qualitatively and quantitatively assess the risk in the security of civil aviation and the risk assessment process based on the threats, criticality and vulnerabilities concepts, highlighting their correlation in determining the level of risk. RAMS techniques are applied to the airport security system in order to analyze the protection equipment for critical facilities located in air-side, allowing also the estimation of the importance of the security improving measures vs. their effectiveness.

  14. Risk assessment techniques for civil aviation security

    International Nuclear Information System (INIS)

    Tamasi, Galileo; Demichela, Micaela

    2011-01-01

    Following the 9/11 terrorists attacks in New York a strong economical effort was made to improve and adapt aviation security, both in infrastructures as in airplanes. National and international guidelines were promptly developed with the objective of creating a security management system able to supervise the identification of risks and the definition and optimization of control measures. Risk assessment techniques are thus crucial in the above process, since an incorrect risk identification and quantification can strongly affect both the security level as the investments needed to reach it. The paper proposes a set of methodologies to qualitatively and quantitatively assess the risk in the security of civil aviation and the risk assessment process based on the threats, criticality and vulnerabilities concepts, highlighting their correlation in determining the level of risk. RAMS techniques are applied to the airport security system in order to analyze the protection equipment for critical facilities located in air-side, allowing also the estimation of the importance of the security improving measures vs. their effectiveness.

  15. Survey of network and information security technology

    International Nuclear Information System (INIS)

    Liu Baoxu; Wang Xiaozhen

    2007-01-01

    With the rapidly development of the computer network technology and informationize working of our Country, Network and Information Security issues becomes the focal point problem that people shows solicitude for. On the basis analysing security threat and challenge of network information and their developing trend. This paper briefly analyses and discusses the main relatively study direction and content about the theory, technology and practice of Network and Information Security. (authors)

  16. Cyber security evaluation of II&C technologies

    Energy Technology Data Exchange (ETDEWEB)

    Thomas, Ken [Idaho National Laboratory (INL), Idaho Falls, ID (United States)

    2014-11-01

    The Light Water Reactor Sustainability (LWRS) Program is a research and development program sponsored by the Department of Energy, which is conducted in close collaboration with industry to provide the technical foundations for licensing and managing the long-term, safe and economical operation of current nuclear power plants The LWRS Program serves to help the US nuclear industry adopt new technologies and engineering solutions that facilitate the continued safe operation of the plants and extension of the current operating licenses. Within the LWRS Program, the Advanced Instrumentation, Information, and Control (II&C) Systems Technologies Pathway conducts targeted research and development (R&D) to address aging and reliability concerns with the legacy instrumentation and control and related information systems of the U.S. operating light water reactor (LWR) fleet. The II&C Pathway is conducted by Idaho National Laboratory (INL). Cyber security is a common concern among nuclear utilities and other nuclear industry stakeholders regarding the digital technologies that are being developed under this program. This concern extends to the point of calling into question whether these types of technologies could ever be deployed in nuclear plants given the possibility that the information in them can be compromised and the technologies themselves can potentially be exploited to serve as attack vectors for adversaries. To this end, a cyber security evaluation has been conducted of these technologies to determine whether they constitute a threat beyond what the nuclear plants already manage within their regulatory-required cyber security programs. Specifically, the evaluation is based on NEI 08-09, which is the industry’s template for cyber security programs and evaluations, accepted by the Nuclear Regulatory Commission (NRC) as responsive to the requirements of the nuclear power plant cyber security regulation found in 10 CFR 73.54. The evaluation was conducted by a

  17. 75 FR 28275 - Homeland Security Science and Technology Advisory Committee

    Science.gov (United States)

    2010-05-20

    ...: The Homeland Security Science and Technology Advisory Committee met on April 20, 2010 from 8:30 a.m... and Technology Directorate, Department of Homeland Security, 245 Murray Lane, Bldg. 410, Washington... for the Under Secretary of Homeland Security for Science and Technology. The Homeland Security Science...

  18. Improving organisational resilience through enterprise security risk management.

    Science.gov (United States)

    Petruzzi, John; Loyear, Rachelle

    Enterprise Security Risk Management (ESRM) is a new philosophy and method of managing security programmes through the use of traditional risk principles. As a philosophy and life cycle, ESRM is focused on creating a business partnership between security practitioners and business leaders to more effectively provide protection against security risks in line with acceptable risk tolerances as defined by business asset owners and stakeholders. This paper explores the basics of the ESRM philosophy and life cycle and also shows how embracing the ESRM philosophy and implementing a risk-based security management model in the business organisation can lead to higher levels of organisational resilience as desired by organisation leaders, executives and the board of directors.

  19. Engineering Principles for Information Technology Security (A Baseline for Achieving Security)

    National Research Council Canada - National Science Library

    Stoneburner, Gary

    2001-01-01

    The purpose of the Engineering Principles for Information Technology (IT) Security (HP-ITS) is to present a list of system-level security principles to he considered in the design, development, and operation of an information system...

  20. RFID Based Security Access Control System with GSM Technology

    OpenAIRE

    Peter Adole; Joseph M. Môm; Gabriel A. Igwue

    2016-01-01

    The security challenges being encountered in many places today require electronic means of controlling access to secured premises in addition to the available security personnel. Various technologies were used in different forms to solve these challenges. The Radio Frequency Identification (RFID) Based Access Control Security system with GSM technology presented in this work helps to prevent unauthorized access to controlled environments (secured premises). This is achieved mainly...

  1. MAVEN Information Security Governance, Risk Management, and Compliance (GRC): Lessons Learned

    Science.gov (United States)

    Takamura, Eduardo; Gomez-Rosa, Carlos A.; Mangum, Kevin; Wasiak, Fran

    2014-01-01

    As the first interplanetary mission managed by the NASA Goddard Space Flight Center, the Mars Atmosphere and Volatile EvolutioN (MAVEN) had three IT security goals for its ground system: COMPLIANCE, (IT) RISK REDUCTION, and COST REDUCTION. In a multiorganizational environment in which government, industry and academia work together in support of the ground system and mission operations, information security governance, risk management, and compliance (GRC) becomes a challenge as each component of the ground system has and follows its own set of IT security requirements. These requirements are not necessarily the same or even similar to each other's, making the auditing of the ground system security a challenging feat. A combination of standards-based information security management based on the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF), due diligence by the Mission's leadership, and effective collaboration among all elements of the ground system enabled MAVEN to successfully meet NASA's requirements for IT security, and therefore meet Federal Information Security Management Act (FISMA) mandate on the Agency. Throughout the implementation of GRC on MAVEN during the early stages of the mission development, the Project faced many challenges some of which have been identified in this paper. The purpose of this paper is to document these challenges, and provide a brief analysis of the lessons MAVEN learned. The historical information documented herein, derived from an internal pre-launch lessons learned analysis, can be used by current and future missions and organizations implementing and auditing GRC.

  2. Asset backed securities : risks, ratings and quantitative modelling

    NARCIS (Netherlands)

    Jönsson, B.H.B.; Schoutens, W.

    2009-01-01

    Asset backed securities (ABSs) are structured finance products backed by pools of assets and are created through a securitisation process. The risks in asset backed securities, such as, credit risk, prepayment risk, market risks, operational risk, and legal risks, are directly connected with the

  3. Information security risk assessment, aggregation, and mitigation

    NARCIS (Netherlands)

    Lenstra, A.K.; Voss, T.; Wang, H.; Pieprzyk, J.; Varadharajan, V.

    2004-01-01

    As part of their compliance process with the Basel 2 operational risk management requirements, banks must define how they deal with information security risk management. In this paper we describe work in progress on a new quantitative model to assess and aggregate information security risks that is

  4. 75 FR 18516 - Homeland Security Science and Technology Advisory Committee

    Science.gov (United States)

    2010-04-12

    ...; notice of closed Federal Advisory Committee meeting SUMMARY: The Homeland Security Science and Technology.... DATES: The Homeland Security Science and Technology Advisory Committee will meet April 20, 2010 from 8...: Ms. Tiwanda Burse, Science and Technology Directorate, Department of Homeland Security, 245 Murray...

  5. 75 FR 2555 - Homeland Security Science and Technology Advisory Committee

    Science.gov (United States)

    2010-01-15

    ... Technology Advisory Committee will meet January 26-28, 2010, at the Department of Homeland Security, 1120..., Science and Technology Directorate, Department of Homeland Security, 245 Murray Lane, Bldg. 410... Burse, Science and Technology Directorate, Department of Homeland Security, 245 Murray Lane, Bldg. 410...

  6. Energy technology evaluation report: Energy security

    Science.gov (United States)

    Koopman, R.; Lamont, A.; Schock, R.

    1992-09-01

    Energy security was identified in the National Energy Strategy (NES) as a major issue for the Department of Energy (DOE). As part of a process designed by the DOE to identify technologies important to implementing the NES, an expert working group was convened to consider which technologies can best contribute to reducing the nation's economic vulnerability to future disruptions of world oil supplies, the working definition of energy security. Other working groups were established to deal with economic growth, environmental quality, and technical foundations. Energy Security working group members were chosen to represent as broad a spectrum of energy supply and end-use technologies as possible and were selected for their established reputations as experienced experts with an ability to be objective. The time available for this evaluation was very short. The group evaluated technologies using criteria taken from the NES which can be summarized for energy security as follows: diversifying sources of world oil supply so as to decrease the increasing monopoly status of the Persian Gulf region; reducing the importance of oil use in the US economy to diminish the impact of future disruptions in oil supply; and increasing the preparedness of the US to deal with oil supply disruptions by having alternatives available at a known price. The result of the first phase of the evaluation process was the identification of technology groups determined to be clearly important for reducing US vulnerability to oil supply disruptions. The important technologies were mostly within the high leverage areas of oil and gas supply and transportation demand but also included hydrogen utilization, biomass, diversion resistant nuclear power, and substitute industrial feedstocks.

  7. A cyber security risk assessment for the design of I and C system in nuclear power plants

    International Nuclear Information System (INIS)

    Song, Jae Gu; Lee, Jung Woon; Lee, Cheal Kwon; Kwon, Kee Choon; Lee, Dong Young

    2012-01-01

    The applications of computers and communication system and network technologies in nuclear power plants have expanded recently. This application of digital technologies to the instrumentation and control systems of nuclear power plants brings with it the cyber security concerns similar to other critical infrastructures. Cyber security risk assessments for digital instrumentation and control systems have become more crucial in the development of new systems and in the operation of existing systems. Although the instrumentation and control systems of nuclear power plants are similar to industrial control systems, the former have specifications that differ from the latter in terms of architecture and function, in order to satisfy nuclear safety requirements, which need different methods for the application of cyber security risk assessment. In this paper, the characteristics of nuclear power plant instrumentation and control systems are described, and the considerations needed when conducting cyber security risk assessments in accordance with the life cycle process of instrumentation and control systems are discussed. For cyber security risk assessments of instrumentation and control systems, the activities and considerations necessary for assessments during the system design phase or component design and equipment supply phase are presented in the following 6 steps: 1) System Identification and Cyber Security Modeling, 2) Asset and Impact Analysis, 3) Threat Analysis, 4) Vulnerability Analysis, 5) Security Control Design, and 6) Penetration test. The results from an application of the method to a digital reactor protection system are described.

  8. A cyber security risk assessment for the design of I and C system in nuclear power plants

    Energy Technology Data Exchange (ETDEWEB)

    Song, Jae Gu; Lee, Jung Woon; Lee, Cheal Kwon; Kwon, Kee Choon; Lee, Dong Young [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of)

    2012-12-15

    The applications of computers and communication system and network technologies in nuclear power plants have expanded recently. This application of digital technologies to the instrumentation and control systems of nuclear power plants brings with it the cyber security concerns similar to other critical infrastructures. Cyber security risk assessments for digital instrumentation and control systems have become more crucial in the development of new systems and in the operation of existing systems. Although the instrumentation and control systems of nuclear power plants are similar to industrial control systems, the former have specifications that differ from the latter in terms of architecture and function, in order to satisfy nuclear safety requirements, which need different methods for the application of cyber security risk assessment. In this paper, the characteristics of nuclear power plant instrumentation and control systems are described, and the considerations needed when conducting cyber security risk assessments in accordance with the life cycle process of instrumentation and control systems are discussed. For cyber security risk assessments of instrumentation and control systems, the activities and considerations necessary for assessments during the system design phase or component design and equipment supply phase are presented in the following 6 steps: 1) System Identification and Cyber Security Modeling, 2) Asset and Impact Analysis, 3) Threat Analysis, 4) Vulnerability Analysis, 5) Security Control Design, and 6) Penetration test. The results from an application of the method to a digital reactor protection system are described.

  9. Acceptance Factors Influencing Adoption of National Institute of Standards and Technology Information Security Standards: A Quantitative Study

    Science.gov (United States)

    Kiriakou, Charles M.

    2012-01-01

    Adoption of a comprehensive information security governance model and security controls is the best option organizations may have to protect their information assets and comply with regulatory requirements. Understanding acceptance factors of the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) comprehensive…

  10. 75 FR 39955 - Homeland Security Science and Technology Advisory Committee

    Science.gov (United States)

    2010-07-13

    ... Homeland Security Science and Technology Advisory Committee meeting will be open to the public on July 20th... Burse, Science and Technology Directorate, Department of Homeland Security, 245 Murray Lane, Bldg. 410... Protection programs in Science & Technology and updates on homeland security sensitive Federally Funded...

  11. Information security risk management and incompatible parts of organization

    OpenAIRE

    Talabeigi, Elham; Naeeini, Seyyed Gholamreza Jalali

    2016-01-01

    Purpose: we prepared a questionnaire to evaluate Incompatible parts and also risk management in University of Science and Technology E-Learning Center and studying the Incompatible parts impacts on utility of organization. Design/methodology/approach: By using coalitional game theory we present a new model to recognize the degrees of incompatibility among independent divisions of an organization with dependent security assets. Based on positive and negative interdependencies in...

  12. Critical infrastructure cyber-security risk management

    OpenAIRE

    Spyridopoulos, T.; Maraslis, K.; Tryfonas, T.; Oikonomou, G.

    2017-01-01

    Traditional IT cyber-security risk management methods are based on the evaluation of risks calculated as the likelihood of cyber-security incidents occurring. However, these probabilities are usually estimations or guesses based on past experience and incomplete data. Incorrect estimations can lead to errors in the evaluation of risks that can ultimately affect the protection of the system. This issue is also transferred to methods used in Industrial Control Systems (ICSs), as they are mainly...

  13. Adversarial risks in social experiments with new technologies

    NARCIS (Netherlands)

    Pieters, Wolter; Dechesne, Francien; van der Poel, Ibo; Asveld, Lotte; Mehos, Donna C.

    2017-01-01

    Studies that approach the deployment of new technologies as social experiments have mostly focused on unintentional effects, notably safety. We argue for the inclusion of adversarial risks or security aspects that are the result of intentional, strategic behavior of actors, who aim at using the

  14. Safeguards and security deficiencies fulfilled through technology development

    International Nuclear Information System (INIS)

    Smoot, W.

    1996-01-01

    The Office of Safeguards and Security (OSS) sponsors research and development activities based on identified field and headquarters customer requirements. Annually, a formal solicitation of safeguards and security user needs is conducted. Currently, there are over 300 valid safeguards and security deficiencies that have been identified. These user needs serve as the basis for formulating the OSS Technology Development Program (TDP). Due to budget constraints, the TDP can only address approximately 47% of these needs in FY 1996. This paper will discuss, in a general sense, the current deficiencies and how the TDP is responding to each. Specifically, the paper will highlight technologies in the areas of Material Control and Accounting, Physical Security, and Information Security. A brief discussion of unfulfilled user requirements will also be presented as a catalyst for leveraging available or developing technologies from other similar programs or from private industry

  15. National security risks? Uncertainty, austerity and other logics of risk in the UK government’s National Security Strategy

    NARCIS (Netherlands)

    Hammerstad, A.; Boas, I.J.C.

    2015-01-01

    Risk scholars within Security Studies have argued that the concept of security has gone through a fundamental transformation away from a threat-based conceptualisation of defence, urgency
    and exceptionality to one of preparedness, precautions and prevention of future risks, some of which are

  16. Priorities for technology development and policy to reduce the risk from radioactive materials

    International Nuclear Information System (INIS)

    Duggan, Ruth Ann

    2010-01-01

    The Standing Committee on International Security of Radioactive and Nuclear Materials in the Nonproliferation and Arms Control Division conducted its fourth annual workshop in February 2010 on Reducing the Risk from Radioactive and Nuclear Materials. This workshop examined new technologies in real-time tracking of radioactive materials, new risks and policy issues in transportation security, the best practices and challenges found in addressing illicit radioactive materials trafficking, industry leadership in reducing proliferation risk, and verification of the Nuclear Nonproliferation Treaty, Article VI. Technology gaps, policy gaps, and prioritization for addressing the identified gaps were discussed. Participants included academia, policy makers, radioactive materials users, physical security and safeguards specialists, and vendors of radioactive sources and transportation services. This paper summarizes the results of this workshop with the recommendations and calls to action for the Institute of Nuclear Materials Management (INMM) membership community.

  17. Applications of nuclear safety probabilistic risk assessment to nuclear security for optimized risk mitigation

    Energy Technology Data Exchange (ETDEWEB)

    Donnelly, S.K.; Harvey, S.B. [Amec Foster Wheeler, Toronto, Ontario (Canada)

    2016-06-15

    Critical infrastructure assets such as nuclear power generating stations are potential targets for malevolent acts. Probabilistic methodologies can be applied to evaluate the real-time security risk based upon intelligence and threat levels. By employing this approach, the application of security forces and other protective measures can be optimized. Existing probabilistic safety analysis (PSA) methodologies and tools employed. in the nuclear industry can be adapted to security applications for this purpose. Existing PSA models can also be adapted and enhanced to consider total plant risk, due to nuclear safety risks as well as security risks. By creating a Probabilistic Security Model (PSM), safety and security practitioners can maximize the safety and security of the plant while minimizing the significant costs associated with security upgrades and security forces. (author)

  18. Improving Information Security Risk Management

    Science.gov (United States)

    Singh, Anand

    2009-01-01

    manaOptimizing risk to information to protect the enterprise as well as to satisfy government and industry mandates is a core function of most information security departments. Risk management is the discipline that is focused on assessing, mitigating, monitoring and optimizing risks to information. Risk assessments and analyses are critical…

  19. National Security Technology Incubation Project Continuation Plan

    Energy Technology Data Exchange (ETDEWEB)

    None

    2008-09-30

    This document contains a project continuation plan for the National Security Technology Incubator (NSTI). The plan was developed as part of the National Security Preparedness Project (NSPP) funded by a Department of Energy (DOE)/National Nuclear Security Administration (NNSA) grant. This continuation plan describes the current status of NSTI (staffing and clients), long-term goals, strategies, and long-term financial solvency goals.The Arrowhead Center of New Mexico State University (NMSU) is the operator and manager of the NSTI. To realize the NSTI, Arrowhead Center must meet several performance objectives related to planning, development, execution, evaluation, and sustainability. This continuation plan is critical to the success of NSTI in its mission of incubating businesses with security technology products and services.

  20. Security Technologies for Open Networking Environments (STONE)

    Energy Technology Data Exchange (ETDEWEB)

    Muftic, Sead

    2005-03-31

    Under this project SETECS performed research, created the design, and the initial prototype of three groups of security technologies: (a) middleware security platform, (b) Web services security, and (c) group security system. The results of the project indicate that the three types of security technologies can be used either individually or in combination, which enables effective and rapid deployment of a number of secure applications in open networking environments. The middleware security platform represents a set of object-oriented security components providing various functions to handle basic cryptography, X.509 certificates, S/MIME and PKCS No.7 encapsulation formats, secure communication protocols, and smart cards. The platform has been designed in the form of security engines, including a Registration Engine, Certification Engine, an Authorization Engine, and a Secure Group Applications Engine. By creating a middleware security platform consisting of multiple independent components the following advantages have been achieved - Object-oriented, Modularity, Simplified Development, and testing, Portability, and Simplified extensions. The middleware security platform has been fully designed and a preliminary Java-based prototype has been created for the Microsoft Windows operating system. The Web services security system, designed in the project, consists of technologies and applications that provide authentication (i.e., single sign), authorization, and federation of identities in an open networking environment. The system is based on OASIS SAML and XACML standards for secure Web services. Its topology comprises three major components: Domain Security Server (DSS) is the main building block of the system Secure Application Server (SAS) Secure Client In addition to the SAML and XACML engines, the authorization system consists of two sets of components An Authorization Administration System An Authorization Enforcement System Federation of identities in multi

  1. 48 CFR 2452.239-71 - Information Technology Virus Security.

    Science.gov (United States)

    2010-10-01

    ... 48 Federal Acquisition Regulations System 6 2010-10-01 2010-10-01 true Information Technology... Provisions and Clauses 2452.239-71 Information Technology Virus Security. As prescribed in 2439.107(b), insert the following clause: Information Technology Virus Security (FEB 2006) (a) The contractor hereby...

  2. Cyber security analytics, technology and automation

    CERN Document Server

    Neittaanmäki, Pekka

    2015-01-01

    Over the last two decades, the Internet and more broadly cyberspace has had a tremendous impact on all parts of society. Governments across the world have started to develop cyber security strategies and to consider cyberspace as an increasingly important international issue. The book, in addition to the cyber threats and technology, processes cyber security from many sides as a social phenomenon and how the implementation of the cyber security strategy is carried out. The book gives a profound idea of the most spoken phenomenon of this time. The book is suitable for a wide-ranging audience from graduate to professionals/practitioners and researchers. Relevant disciplines for the book are  Telecommunications / Network security, Applied mathematics / Data analysis, Mobile systems / Security, Engineering / Security of critical infrastructure and Military science / Security.

  3. Combining overt and covert anti-counterfeiting technologies for securities

    Science.gov (United States)

    Uematsu, Tsuyoshi

    2006-02-01

    The National Printing Bureau of Japan has been developing new anti-counterfeiting technologies as a banknote printer. Some of our technologies have already been effectively introduced into Japan's new banknote series. Anti-counterfeiting technologies can be applied not only to banknotes but also to other security documents depending on desired features. In this presentation, I will introduce three of our newly developed overt and covert security techniques, which are intended for document security and brand protection, as well as banknotes. "Metallic View" is mainly for offset printing. "Copy Check" (micro-structural lines involving luminescence) is for plate making technology. "ImageSwitch" is for a new security solution which has unlimited printing applications. All three techniques create "latent images" (some of which may be better known as "carrier screen images") that are useful in preventing counterfeiting. While each of the techniques is effective by itself, all are more effective when applied together. Combining these techniques could make all security documents harder to copy using IT scanners, and provide cost-effective anti-counterfeiting solutions for all security users.

  4. 76 FR 78009 - Information Collection; Implementation of Information Technology Security Provision

    Science.gov (United States)

    2011-12-15

    ...] Information Collection; Implementation of Information Technology Security Provision AGENCY: General Services... collection requirement regarding Implementation of Information Technology Security Provision. Public comments... Information Collection 3090- 0294, Implementation of Information Technology Security Provision, by any of the...

  5. Review of the model of technological pragmatism considering privacy and security

    Directory of Open Access Journals (Sweden)

    Kovačević-Lepojević Marina M.

    2013-01-01

    Full Text Available The model of technological pragmatism assumes awareness that technological development involves both benefits and dangers. Most modern security technologies represent citizens' mass surveillance tools, which can lead to compromising a significant amount of personal data due to the lack of institutional monitoring and control. On the other hand, people are interested in improving crime control and reducing the fear of potential victimization which this framework provides as a rational justification for the apparent loss of privacy, personal rights and freedoms. Citizens' perception on the categories of security and privacy, and their balancing, can provide the necessary guidelines to regulate the application of security technologies in the actual context. The aim of this paper is to analyze the attitudes of students at the University of Belgrade (N = 269 toward the application of security technology and identification of the key dimensions. On the basis of the relevant research the authors have formed assumptions about the following dimensions: security, privacy, trust in institutions and concern about the misuse of security technology. The Prise Questionnaire on Security Technology and Privacy was used for data collection. Factor analysis abstracted eight factors which together account for 58% of variance, with the highest loading of the four factors that are identified as security, privacy, trust and concern. The authors propose a model of technological pragmatism considering security and privacy. The data also showed that students are willing to change their privacy for the purpose of improving security and vice versa.

  6. Climate Change and Risks to National Security

    Science.gov (United States)

    Titley, D.

    2017-12-01

    Climate change impacts national security in three ways: through changes in the operating environments of the military; by increasing risks to security infrastructure, specifically bases and training ranges; and by exacerbating and accelerating the risks of state collapse and conflict in regions that are already fragile and unstable. Additionally there will be unique security challenges in the Arctic as sea-ice melts out and human activities increase across multiple dimensions. Military forces will also likely see increased demand for Humanitarian Assistance and Disaster Relief resulting from a combination of increased human population, rising sea-level, and potentially stronger and wetter storms. The talk will explore some of the lesser known aspects of these changes, examine selected climate-driven 'wild cards' that have the potential to disrupt regional and global security, and explore how migration in the face of a changing climate may heighten security issues. I will assess the positions U.S. executive and legislative branches with respect to climate & security, and how those positions have evolved since the November 2016 election, sometimes in counter-intuitive ways. The talk will close with some recommended courses of action the security enterprise can take to manage this climate risk.

  7. New Technology's Surprising Security Threats. Building Digital Libraries

    Science.gov (United States)

    Huwe, Terence

    2005-01-01

    In recent years, security issues have increasingly come to dominate the technological development process--although still in a more reactive than proactive mode. It now seems more important than ever to monitor security trends and policy developments, especially if technology is regarded as a potential community builder. This article suggests…

  8. Emerging Technological Risk Underpinning the Risk of Technology Innovation

    CERN Document Server

    Anderson, Stuart

    2012-01-01

    Classes of socio-technical hazards allow a characterization of the risk in technology innovation and clarify the mechanisms underpinning emergent technological risk. Emerging Technological Risk provides an interdisciplinary account of risk in socio-technical systems including hazards which highlight: ·         How technological risk crosses organizational boundaries, ·         How technological trajectories and evolution develop from resolving tensions emerging between social aspects of organisations and technologies and ·         How social behaviour shapes, and is shaped by, technology. Addressing an audience from a range of academic and professional backgrounds, Emerging Technological Risk is a key source for those who wish to benefit from a detail and methodical exposure to multiple perspectives on technological risk. By providing a synthesis of recent work on risk that captures the complex mechanisms that characterize the emergence of risk in technology innovation, Emerging Tec...

  9. Restricted access processor - An application of computer security technology

    Science.gov (United States)

    Mcmahon, E. M.

    1985-01-01

    This paper describes a security guard device that is currently being developed by Computer Sciences Corporation (CSC). The methods used to provide assurance that the system meets its security requirements include the system architecture, a system security evaluation, and the application of formal and informal verification techniques. The combination of state-of-the-art technology and the incorporation of new verification procedures results in a demonstration of the feasibility of computer security technology for operational applications.

  10. Risk to Water Security on Small Islands

    Science.gov (United States)

    Holding, S. T.; Allen, D. M.

    2013-12-01

    The majority of fresh water available on small islands is shallow groundwater that forms a freshwater lens. Freshwater lenses are generally limited in extent and as such are vulnerable to many stressors that impact water security. These include stressors related to climate change, such as sea level rise, as well as those related to human impacts, such as contamination. Traditionally, water security assessments have focussed on indicators that provide a snapshot of the current condition. However, recent work suggests that in order to effectively manage the water system, it is also important to consider uncertain future impacts to the system by evaluating how different stressors might impact water security. In this study, a framework for assessing risk to water security was developed and tested on Andros Island in The Bahamas. The assessment comprises two main components that characterise the water system: numerical modelling studies and a hazard survey. A baseline numerical model of the freshwater lens throughout Andros Island was developed to simulate the morphology of the freshwater lens and estimate the freshwater resources currently available. The model was prepared using SEAWAT, a density-dependent flow and solute transport code. Various stressors were simulated in the model to evaluate the response of the freshwater lens to predicted future shifts in climate patterns, sea level rise, and changes in water use. A hazard survey was also conducted on the island to collect information related to the storage of contaminants, sanitation infrastructure, waste disposal practices and groundwater abstraction rates. The results of the survey form a geo-spatial database of the location and associated hazards to the freshwater lens. The resulting risk framework provides a ranking of overall risk to water security based on information from the numerical modelling and hazard survey. The risk framework is implemented in a Geographic Information System (GIS) and provides a map

  11. RiskREP: Risk-Based Security Requirements Elicitation and Prioritization (extended version)

    NARCIS (Netherlands)

    Herrmann, Andrea; Morali, A.

    2010-01-01

    Today, companies are required to be in control of the security of their IT assets. This is especially challenging in the presence of limited budgets and conflicting requirements. Here, we present Risk-Based Requirements Elicitation and Prioritization (RiskREP), a method for managing IT security

  12. Towards Agile Security Risk Management in RE and Beyond

    NARCIS (Netherlands)

    Nunes Leal Franqueira, V.; Bakalova, Z.; Tun, Thein Tan; Daneva, Maia

    Little attention has been given so far to the process of security risk management at the early stages of system development. Security has been addressed by isolated security assurance practices, some of which consider risks and mitigations but they do not provide an overview of the overall security

  13. Security Risk Assessment in Software Development Projects

    OpenAIRE

    Svendsen, Heidi

    2017-01-01

    Software security is increasing in importance, linearly with vulnerabilities caused by software flaws. It is not possible to spend all the project s resources on software security. To spend the resources given to security in an effective way, one should know what is most important to protect. By performing a risk analysis the project know which vulnerabilities they face. A risk analysis will prioritise the vulnerabilities, and when the vulnerabilities are prioritised the project know where th...

  14. Aerospace Communications Security Technologies Demonstrated

    Science.gov (United States)

    Griner, James H.; Martzaklis, Konstantinos S.

    2003-01-01

    In light of the events of September 11, 2001, NASA senior management requested an investigation of technologies and concepts to enhance aviation security. The investigation was to focus on near-term technologies that could be demonstrated within 90 days and implemented in less than 2 years. In response to this request, an internal NASA Glenn Research Center Communications, Navigation, and Surveillance Aviation Security Tiger Team was assembled. The 2-year plan developed by the team included an investigation of multiple aviation security concepts, multiple aircraft platforms, and extensively leveraged datalink communications technologies. It incorporated industry partners from NASA's Graphical Weather-in-the-Cockpit research, which is within NASA's Aviation Safety Program. Two concepts from the plan were selected for demonstration: remote "black box," and cockpit/cabin surveillance. The remote "black box" concept involves real-time downlinking of aircraft parameters for remote monitoring and archiving of aircraft data, which would assure access to the data following the loss or inaccessibility of an aircraft. The cockpit/cabin surveillance concept involves remote audio and/or visual surveillance of cockpit and cabin activity, which would allow immediate response to any security breach and would serve as a possible deterrent to such breaches. The datalink selected for the demonstrations was VDL Mode 2 (VHF digital link), the first digital datalink for air-ground communications designed for aircraft use. VDL Mode 2 is beginning to be implemented through the deployment of ground stations and aircraft avionics installations, with the goal of being operational in 2 years. The first demonstration was performed December 3, 2001, onboard the LearJet 25 at Glenn. NASA worked with Honeywell, Inc., for the broadcast VDL Mode 2 datalink capability and with actual Boeing 757 aircraft data. This demonstration used a cockpitmounted camera for video surveillance and a coupling to

  15. On the Horizon: New Advances in Security Technology

    Science.gov (United States)

    Gamble, Cheryl

    2005-01-01

    The worlds of security and technology have been on an intersecting course since the first published account of the use of fingerprint identification made news in 1880 (although unpublished reports suggest its use as early as 1858). In the three and one half years since the September 11 attacks, technological advances across the security field have…

  16. The research of network database security technology based on web service

    Science.gov (United States)

    Meng, Fanxing; Wen, Xiumei; Gao, Liting; Pang, Hui; Wang, Qinglin

    2013-03-01

    Database technology is one of the most widely applied computer technologies, its security is becoming more and more important. This paper introduced the database security, network database security level, studies the security technology of the network database, analyzes emphatically sub-key encryption algorithm, applies this algorithm into the campus-one-card system successfully. The realization process of the encryption algorithm is discussed, this method is widely used as reference in many fields, particularly in management information system security and e-commerce.

  17. Physical security technologies for weapons complex reconfiguration facilities

    International Nuclear Information System (INIS)

    Jaeger, C.D.

    1994-01-01

    Sandia National Laboratories was a member of the Weapons Complex Reconfiguration (WCR) Safeguards and Security (S ampersand S) team providing assistance to the Department of Energy's (DOE) Office of Weapons Complex Reconfiguration. The physical security systems in the new and upgraded facilities being considered for the WCR had to meet DOE orders and other requirements set forth in the WCR Programmatic Design Criteria (PDC), incorporate the latest physical security technologies using proven state-of-the-art systems and meet fundamental security principles. The outcome was to avoid costly retrofits and provide effective and comprehensive protection against current and projected threats with minimal impact on operations, costs and schedule. Physical security requirements for WCR facilities include: (1) reducing S ampersand S life-cycle costs, (2) where feasible automating S ampersand S functions to minimize operational costs, access to critical assets and exposure of people to hazardous environments, (3) increasing the amount of delay to outsider adversary attack, (4) compartmentalizing the facility to minimize the number of personnel requiring access to critical areas and (5) having reliable and maintainable systems. To be most effective against threats physical security must be integrated with facility operations, safety and other S ampersand S activities, such as material control and accountability, nuclear measurements and computer and information security. This paper will discuss the S ampersand S issues, requirements, technology opportunities and needs. Physical security technologies and systems considered in the design effort of the Weapons Complex Reconfiguration facilities will be reviewed

  18. Safety and Security Interface Technology Initiative

    Energy Technology Data Exchange (ETDEWEB)

    Dr. Michael A. Lehto; Kevin J. Carroll; Dr. Robert Lowrie

    2007-05-01

    Safety and Security Interface Technology Initiative Mr. Kevin J. Carroll Dr. Robert Lowrie, Dr. Micheal Lehto BWXT Y12 NSC Oak Ridge, TN 37831 865-576-2289/865-241-2772 carrollkj@y12.doe.gov Work Objective. Earlier this year, the Energy Facility Contractors Group (EFCOG) was asked to assist in developing options related to acceleration deployment of new security-related technologies to assist meeting design base threat (DBT) needs while also addressing the requirements of 10 CFR 830. NNSA NA-70, one of the working group participants, designated this effort the Safety and Security Interface Technology Initiative (SSIT). Relationship to Workshop Theme. “Supporting Excellence in Operations Through Safety Analysis,” (workshop theme) includes security and safety personnel working together to ensure effective and efficient operations. One of the specific workshop elements listed in the call for papers is “Safeguards/Security Integration with Safety.” This paper speaks directly to this theme. Description of Work. The EFCOG Safety Analysis Working Group (SAWG) and the EFCOG Security Working Group formed a core team to develop an integrated process involving both safety basis and security needs allowing achievement of the DBT objectives while ensuring safety is appropriately considered. This effort garnered significant interest, starting with a two day breakout session of 30 experts at the 2006 Safety Basis Workshop. A core team was formed, and a series of meetings were held to develop that process, including safety and security professionals, both contractor and federal personnel. A pilot exercise held at Idaho National Laboratory (INL) in mid-July 2006 was conducted as a feasibility of concept review. Work Results. The SSIT efforts resulted in a topical report transmitted from EFCOG to DOE/NNSA in August 2006. Elements of the report included: Drivers and Endstate, Control Selections Alternative Analysis Process, Terminology Crosswalk, Safety Basis/Security

  19. Information Security: Past, Present and Future - Impact of Developments in Information Technology on Security

    NARCIS (Netherlands)

    Overbeek, P.L.

    1991-01-01

    The development of information security is addressed in relation to the development of information technology. The leading question is: how has information security developed itself so far, and how should it progress to address tomorrow's security needs. An overwiew is given of the use of

  20. Health Security and Risk Aversion.

    Science.gov (United States)

    Herington, Jonathan

    2016-09-01

    Health security has become a popular way of justifying efforts to control catastrophic threats to public health. Unfortunately, there has been little analysis of the concept of health security, nor the relationship between health security and other potential aims of public health policy. In this paper I develop an account of health security as an aversion to risky policy options. I explore three reasons for thinking risk avoidance is a distinctly worthwhile aim of public health policy: (i) that security is intrinsically valuable, (ii) that it is necessary for social planning and (iii) that it is an appropriate response to decision-making in contexts of very limited information. Striking the right balance between securing and maximizing population health thus requires a substantive, and hitherto unrecognized, value judgment. Finally, I critically evaluate the current health security agenda in light of this new account of the concept and its relationship to the other aims of public health policy. © 2016 John Wiley & Sons Ltd.

  1. Safety and security risk assessments--now demystified!

    Science.gov (United States)

    White, Donald E

    2011-01-01

    Safety/security risk assessments no longer need to spook nor baffle healthcare safety/security managers. This grid template provides at-at-glance quick lookup of the possible threats, the affected people and things, a priority ranking of these risks, and a workable solution for each risk. Using the standard document, spreadsheet, or graphics software already available on your computer, you can easily use a scientific method to produce professional looking risk assessments that get quickly understood by both senior managers and first responders alike!

  2. New technology for food systems and security.

    Science.gov (United States)

    Yau, N J Newton

    2009-01-01

    In addition to product trade, technology trade has become one of the alternatives for globalization action around the world. Although not all technologies employed on the technology trade platform are innovative technologies, the data base of international technology trade still is a good indicator for observing innovative technologies around world. The technology trade data base from Sinew Consulting Group (SCG) Ltd. was employed as an example to lead the discussion on security or safety issues that may be caused by these innovative technologies. More technologies related to processing, functional ingredients and quality control technology of food were found in the data base of international technology trade platform. The review was conducted by categorizing technologies into the following subcategories in terms of safety and security issues: (1) agricultural materials/ingredients, (2) processing/engineering, (3) additives, (4) packaging/logistics, (5) functional ingredients, (6) miscellaneous (include detection technology). The author discusses examples listed for each subcategory, including GMO technology, nanotechnology, Chinese medicine based functional ingredients, as well as several innovative technologies. Currently, generation of innovative technology advance at a greater pace due to cross-area research and development activities. At the same time, more attention needs to be placed on the employment of these innovative technologies.

  3. THE MODEL FOR RISK ASSESSMENT ERP-SYSTEMS INFORMATION SECURITY

    Directory of Open Access Journals (Sweden)

    V. S. Oladko

    2016-12-01

    Full Text Available The article deals with the problem assessment of information security risks in the ERP-system. ERP-system functions and architecture are studied. The model malicious impacts on levels of ERP-system architecture are composed. Model-based risk assessment, which is the quantitative and qualitative approach to risk assessment, built on the partial unification 3 methods for studying the risks of information security - security models with full overlapping technique CRAMM and FRAP techniques developed.

  4. Benefits and risks of smart home technologies

    International Nuclear Information System (INIS)

    Wilson, Charlie; Hargreaves, Tom; Hauxwell-Baldwin, Richard

    2017-01-01

    Smart homes are a priority area of strategic energy planning and national policy. The market adoption of smart home technologies (SHTs) relies on prospective users perceiving clear benefits with acceptable levels of risk. This paper characterises the perceived benefits and risks of SHTs from multiple perspectives. A representative national survey of UK homeowners (n=1025) finds prospective users have positive perceptions of the multiple functionality of SHTs including energy management. Ceding autonomy and independence in the home for increased technological control are the main perceived risks. An additional survey of actual SHT users (n=42) participating in a smart home field trial identifies the key role of early adopters in lowering perceived SHT risks for the mass market. Content analysis of SHT marketing material (n=62) finds the SHT industry are insufficiently emphasising measures to build consumer confidence on data security and privacy. Policymakers can play an important role in mitigating perceived risks, and supporting the energy-management potential of a smart-home future. Policy measures to support SHT market development include design and operating standards, guidelines on data and privacy, quality control, and in situ research programmes. Policy experiences with domestic energy efficiency technologies and with national smart meter roll-outs offer useful precedents. - Highlights: • Representative national survey of prospective smart home users. • Comparative analysis of three datasets to analyse perceived benefits and risks of smart home technologies. • Distinctive characteristics identified of early adopters who seed market growth. • Comparison of user perceptions with industry marketing. • Detailed policy recommendations to support energy benefits of smart home technologies.

  5. Promoting Economic Security through Information Technology ...

    African Journals Online (AJOL)

    The problem of economic insecurity is a global threat to national security. In Nigeria today, we have witness a lot of national security issues that risks the continued existence of the country as one indivisible political entity with many calling for disintegration. Hitherto, many terrorist networks have sprang up in many parts of ...

  6. Security Risks: Management and Mitigation in the Software Life Cycle

    Science.gov (United States)

    Gilliam, David P.

    2004-01-01

    A formal approach to managing and mitigating security risks in the software life cycle is requisite to developing software that has a higher degree of assurance that it is free of security defects which pose risk to the computing environment and the organization. Due to its criticality, security should be integrated as a formal approach in the software life cycle. Both a software security checklist and assessment tools should be incorporated into this life cycle process and integrated with a security risk assessment and mitigation tool. The current research at JPL addresses these areas through the development of a Sotfware Security Assessment Instrument (SSAI) and integrating it with a Defect Detection and Prevention (DDP) risk management tool.

  7. Information security awareness in small information technology-dependent business organisations

    OpenAIRE

    2015-01-01

    M.A. (Business Management) Small businesses thrive in the developing economy of South Africa and address the important issue of unemployment and poverty that exist in the country. A large number of these business organisations can be found in the province of Gauteng because of the large and diverse economic contribution the province delivers to the economy of South Africa. With the increased use of technology in the small businesses of Gauteng and South Africa, the risks around cyber-secur...

  8. Food Security, Institutional Framework and Technology: Examining the Nexus in Nigeria Using ARDL Approach.

    Science.gov (United States)

    Osabohien, Romanus; Osabuohien, Evans; Urhie, Ese

    2018-04-01

    Growth in agricultural science and technology is deemed essential for in-creasing agricultural output; reduce the vulnerability of rural poverty and in turn, food security. Food security and growth in agricultural output depends on technological usages, which enhances the pro-ductive capacity of the agricultural sector. The indicators of food security utilised in this study in-clude: dietary energy supply, average value of food production, prevalence of food inadequacy, among others. In this paper, we examined the level of technology and how investment in the agriculture and technology can improve technical know-how in Nigeria with a view to achieving food security. We carried out the analysis on how investment in technology and institutional framework can improve the level of food availability (a key component of food security) in Nigeria using econ-ometric technique based on Autoregressive Distribution Lag (ARDL) framework. The results showed, inter alia, that in Nigeria, there is a high level of food insecurity as a result of low attention on food production occasioned by the pervasive influence of oil that become the major export product. It was noted that the availability of arable land was one of the major factors to increase food production to solve the challenge of food insecurity. Thus, the efforts of reducing the rate of food insecurity are essential in this regards. This can also be achieved, among others, by active interactions between government and farmers, to make contribution to important planning issues that relate to food production in the country and above all, social protection policies should be geared or channelled to agricultural sector to protect farmers who are vulnerable to shocks and avert risks associated with agriculture.

  9. Secure, Mobile, Wireless Network Technology Designed, Developed, and Demonstrated

    Science.gov (United States)

    Ivancic, William D.; Paulsen, Phillip E.

    2004-01-01

    The inability to seamlessly disseminate data securely over a high-integrity, wireless broadband network has been identified as a primary technical barrier to providing an order-of-magnitude increase in aviation capacity and safety. Secure, autonomous communications to and from aircraft will enable advanced, automated, data-intensive air traffic management concepts, increase National Air Space (NAS) capacity, and potentially reduce the overall cost of air travel operations. For the first time ever, secure, mobile, network technology was designed, developed, and demonstrated with state-ofthe- art protocols and applications by a diverse, cooperative Government-industry team led by the NASA Glenn Research Center. This revolutionary technology solution will make fundamentally new airplane system capabilities possible by enabling secure, seamless network connections from platforms in motion (e.g., cars, ships, aircraft, and satellites) to existing terrestrial systems without the need for manual reconfiguration. Called Mobile Router, the new technology autonomously connects and configures networks as they traverse from one operating theater to another. The Mobile Router demonstration aboard the Neah Bay, a U.S. Coast Guard vessel stationed in Cleveland, Ohio, accomplished secure, seamless interoperability of mobile network systems across multiple domains without manual system reconfiguration. The Neah Bay was chosen because of its low cost and communications mission similarity to low-Earth-orbiting satellite platforms. This technology was successfully advanced from technology readiness level (TRL) 2 (concept and/or application formation) to TRL 6 (system model or prototype demonstration in a relevant environment). The secure, seamless interoperability offered by the Mobile Router and encryption device will enable several new, vehicle-specific and systemwide technologies to perform such things as remote, autonomous aircraft performance monitoring and early detection and

  10. The Threat of Security: Hindering Technology Integration in the Classroom

    Science.gov (United States)

    Robinson, LeAnne K.; Brown, Abbie; Green, Tim

    2007-01-01

    For the last year the authors have been gathering examples of how perceived "threats of security" are hampering the integration of technology in teaching and learning. They hope that educators will examine both the challenges of increased security demands and ways in which security might enhance, rather than detract from, the use of technology for…

  11. Optimal security investments and extreme risk.

    Science.gov (United States)

    Mohtadi, Hamid; Agiwal, Swati

    2012-08-01

    In the aftermath of 9/11, concern over security increased dramatically in both the public and the private sector. Yet, no clear algorithm exists to inform firms on the amount and the timing of security investments to mitigate the impact of catastrophic risks. The goal of this article is to devise an optimum investment strategy for firms to mitigate exposure to catastrophic risks, focusing on how much to invest and when to invest. The latter question addresses the issue of whether postponing a risk mitigating decision is an optimal strategy or not. Accordingly, we develop and estimate both a one-period model and a multiperiod model within the framework of extreme value theory (EVT). We calibrate these models using probability measures for catastrophic terrorism risks associated with attacks on the food sector. We then compare our findings with the purchase of catastrophic risk insurance. © 2012 Society for Risk Analysis.

  12. RiskREP : risk-based security requirements elicitation and prioritization

    NARCIS (Netherlands)

    Herrmann, A.; Morali, A.; Etalle, S.; Wieringa, R.J.

    2011-01-01

    Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement "good-enough security" but need to be able to justify their security investment plans. In this paper, we present a Risk-Based

  13. Examining the Relative Influence of Risk and Control on Intention to Adopt Risky Technologies

    Directory of Open Access Journals (Sweden)

    Sumeet Gupta

    2010-12-01

    Full Text Available For technologies such as electronic commerce, mobile payments, internet and mobile banking etc. customers are concerned about security issues that arise as a result of adoption of these technologies. However, in practice, we find that customers forgo their considerations of risk in the technology, if the benefits of using the technology overpower the risks involved in using the technology. Understanding their relative roles in technology adoption will help technology developers focus their efforts on either of them to improve technology adoption. Results of this study reveal that in adopting a technology, customers are guided more by the perception of control rather than by the perception of risk. Implications for theory and practice are discussed.

  14. Microsoft Windows Security Essentials

    CERN Document Server

    Gibson, Darril

    2011-01-01

    Windows security concepts and technologies for IT beginners IT security can be a complex topic, especially for those new to the field of IT. This full-color book, with a focus on the Microsoft Technology Associate (MTA) program, offers a clear and easy-to-understand approach to Windows security risks and attacks for newcomers to the world of IT. By paring down to just the essentials, beginners gain a solid foundation of security concepts upon which more advanced topics and technologies can be built. This straightforward guide begins each chapter by laying out a list of topics to be discussed,

  15. L-Band Digital Aeronautical Communications System Engineering - Initial Safety and Security Risk Assessment and Mitigation

    Science.gov (United States)

    Zelkin, Natalie; Henriksen, Stephen

    2011-01-01

    This document is being provided as part of ITT's NASA Glenn Research Center Aerospace Communication Systems Technical Support (ACSTS) contract NNC05CA85C, Task 7: "New ATM Requirements--Future Communications, C-Band and L-Band Communications Standard Development." ITT has completed a safety hazard analysis providing a preliminary safety assessment for the proposed L-band (960 to 1164 MHz) terrestrial en route communications system. The assessment was performed following the guidelines outlined in the Federal Aviation Administration Safety Risk Management Guidance for System Acquisitions document. The safety analysis did not identify any hazards with an unacceptable risk, though a number of hazards with a medium risk were documented. This effort represents a preliminary safety hazard analysis and notes the triggers for risk reassessment. A detailed safety hazards analysis is recommended as a follow-on activity to assess particular components of the L-band communication system after the technology is chosen and system rollout timing is determined. The security risk analysis resulted in identifying main security threats to the proposed system as well as noting additional threats recommended for a future security analysis conducted at a later stage in the system development process. The document discusses various security controls, including those suggested in the COCR Version 2.0.

  16. Physical security technology base programs for physical security

    International Nuclear Information System (INIS)

    Jacobs, J.

    1986-01-01

    Sandia National Laboratories is the US Department of Energy's lead laboratory for physical security research and development (R and D). In support of this mission, Sandia has maintained for several years an R and D program in each of the following technology areas: Intrusion Detection, Entry Control, CCTV Assessment, Access Delay, Alarm Display, and Guard Equipment and Training. The purpose of the technology base programs is to maintain cognizance of the capabilities of the commercial market, identify improvements and transfer technology to industry and facilities. The output of these programs supports the development of new equipment and advanced system concepts, demonstrations of proof-of-principles and system implementation. This paper will review the status of current developments and discuss trends in new technologies which are being explored for future applications, i.e., artificial intelligence, expert systems, robotics, and more automated systems

  17. Electricity Generation in Fiji: Assessing the Impact of Renewable Technologies on Costs and Financial Risk

    OpenAIRE

    Dornan, Matthew; Jotzo, Frank

    2011-01-01

    In recent years, renewable energy technologies have been advocated in Fiji on the basis that they improve energy security and serve as a risk-mitigation measure against oil price volatility. Despite this, there have been few attempts to measure the impact of renewable technologies on energy security. That analysis is important if the benefits of renewable energy technologies in Fiji are to be adequately evaluated. This paper develops and applies a method for assessing the potential contributi...

  18. An Overview of Computer Network security and Research Technology

    OpenAIRE

    Rathore, Vandana

    2016-01-01

    The rapid development in the field of computer networks and systems brings both convenience and security threats for users. Security threats include network security and data security. Network security refers to the reliability, confidentiality, integrity and availability of the information in the system. The main objective of network security is to maintain the authenticity, integrity, confidentiality, availability of the network. This paper introduces the details of the technologies used in...

  19. Scanning technology with multi-slice helical CT in security inspection domain

    International Nuclear Information System (INIS)

    Wang Jue; Wang Fuquan; Jiang Zenghui

    2008-01-01

    The paper analyzes the technology conditions of security inspection in home and abroad, and expatiates technology of spiral CT and how to define CT value etc, with studying on the key technology of spiral CT scanning way (X-RAY, detector, technology of pulley etc) and mutual relation. By comparing the present products of security inspection, the conclusion was drawn that it is inevitable to develop the tendency of security inspection area with the checking and discerning the substance by using the technology of multi-layer spiral CT. (authors)

  20. Risk-informed, performance-based safety-security interface

    International Nuclear Information System (INIS)

    Mrowca, B.; Eltawila, F.

    2012-01-01

    Safety-security interface is a term that is used as part of the commercial nuclear power security framework to promote coordination of the many potentially adverse interactions between plant security and plant safety. Its object is to prevent the compromise of either. It is also used to describe the concept of building security into a plant's design similar to the long standing practices used for safety therefore reducing the complexity of the operational security while maintaining or enhancing overall security. With this in mind, the concept of safety-security interface, when fully implemented, can influence a plant's design, operation and maintenance. It brings the approach use for plant security to one that is similar to that used for safety. Also, as with safety, the application of risk-informed techniques to fully implement and integrate safety and security is important. Just as designers and operators have applied these techniques to enhance and focus safety, these same techniques can be applied to security to not only enhance and focus the security but also to aid in the implementation of effective techniques to address the safety-security interfaces. Implementing this safety-security concept early within the design process can prevent or reduce security vulnerabilities through low cost solutions that often become difficult and expensive to retrofit later in the design and/or post construction period. These security considerations address many of the same issues as safety in ensuring that the response of equipment and plant personnel are adequate. That is, both safety and security are focused on reaching safe shutdown and preventing radiological release. However, the initiation of challenges and the progression of actions in response these challenges and even the definitions of safe shutdown can be considerably different. This paper explores the techniques and limitations that are employed to fully implement a risk-informed, safety-security interface

  1. Using Financial Instruments to Transfer the Information Security Risks

    Directory of Open Access Journals (Sweden)

    Pankaj Pandey

    2016-05-01

    Full Text Available For many individuals and organizations, cyber-insurance is the most practical and only way of handling a major financial impact of an information security event. However, the cyber-insurance market suffers from the problem of information asymmetry, lack of product diversity, illiquidity, high transaction cost, and so on. On the other hand, in theory, capital market-based financial instruments can provide a risk transfer mechanism with the ability to absorb the adverse impact of an information security event. Thus, this article addresses the limitations in the cyber-(reinsurance markets with a set of capital market-based financial instruments. This article presents a set of information security derivatives, namely options, vanilla options, swap, and futures that can be traded at an information security prediction market. Furthermore, this article demonstrates the usefulness of information security derivatives in a given scenario and presents an evaluation of the same in comparison with cyber-insurance. In our analysis, we found that the information security derivatives can at least be a partial solution to the problems in the cyber-insurance markets. The information security derivatives can be used as an effective tool for information elicitation and aggregation, cyber risk pricing, risk hedging, and strategic decision making for information security risk management.

  2. Clinicians, security and information technology support services in practice settings--a pilot study.

    Science.gov (United States)

    Fernando, Juanita

    2010-01-01

    This case study of 9 information technology (IT) support staff in 3 Australian (Victoria) public hospitals juxtaposes their experiences at the user-level of eHealth security in the Natural Hospital Environment with that previously reported by 26 medical, nursing and allied healthcare clinicians. IT support responsibilities comprised the entire hospital, of which clinician eHealth security needs were only part. IT staff believed their support tasks were often fragmented while work responsibilities were hampered by resources shortages. They perceived clinicians as an ongoing security risk to private health information. By comparison clinicians believed IT staff would not adequately support the private and secure application of eHealth for patient care. Preliminary data analysis suggests the tension between these cohorts manifests as an eHealth environment where silos of clinical work are disconnected from silos of IT support work. The discipline-based silos hamper health privacy outcomes. Privacy and security policies, especially those influencing the audit process, will benefit by further research of this phenomenon.

  3. Technological risks

    International Nuclear Information System (INIS)

    Klinke, A.; Renn, O.

    1998-01-01

    The empirical part about the technological risks deals with different technologies: nuclear energy, early warning systems of nuclear weapons and NBC-weapons, and electromagnetic fields. The potential of damage, the contemporary management strategies and the relevant characteristics will be described for each technology: risks of nuclear energy; risks of early warning systems of nuclear weapons and NBC-weapons; risks of electromagnetic fields. (authors)

  4. Technological risks

    Energy Technology Data Exchange (ETDEWEB)

    Klinke, A.; Renn, O. [Center of Technology Assessment in Baden-Wuerttemberg, Stuttgart (Germany)

    1998-07-01

    The empirical part about the technological risks deals with different technologies: nuclear energy, early warning systems of nuclear weapons and NBC-weapons, and electromagnetic fields. The potential of damage, the contemporary management strategies and the relevant characteristics will be described for each technology: risks of nuclear energy; risks of early warning systems of nuclear weapons and NBC-weapons; risks of electromagnetic fields. (authors)

  5. Development of a cyber security risk model using Bayesian networks

    International Nuclear Information System (INIS)

    Shin, Jinsoo; Son, Hanseong; Khalil ur, Rahman; Heo, Gyunyoung

    2015-01-01

    Cyber security is an emerging safety issue in the nuclear industry, especially in the instrumentation and control (I and C) field. To address the cyber security issue systematically, a model that can be used for cyber security evaluation is required. In this work, a cyber security risk model based on a Bayesian network is suggested for evaluating cyber security for nuclear facilities in an integrated manner. The suggested model enables the evaluation of both the procedural and technical aspects of cyber security, which are related to compliance with regulatory guides and system architectures, respectively. The activity-quality analysis model was developed to evaluate how well people and/or organizations comply with the regulatory guidance associated with cyber security. The architecture analysis model was created to evaluate vulnerabilities and mitigation measures with respect to their effect on cyber security. The two models are integrated into a single model, which is called the cyber security risk model, so that cyber security can be evaluated from procedural and technical viewpoints at the same time. The model was applied to evaluate the cyber security risk of the reactor protection system (RPS) of a research reactor and to demonstrate its usefulness and feasibility. - Highlights: • We developed the cyber security risk model can be find the weak point of cyber security integrated two cyber analysis models by using Bayesian Network. • One is the activity-quality model signifies how people and/or organization comply with the cyber security regulatory guide. • Other is the architecture model represents the probability of cyber-attack on RPS architecture. • The cyber security risk model can provide evidence that is able to determine the key element for cyber security for RPS of a research reactor

  6. The application of data encryption technology in computer network communication security

    Science.gov (United States)

    Gong, Lina; Zhang, Li; Zhang, Wei; Li, Xuhong; Wang, Xia; Pan, Wenwen

    2017-04-01

    With the rapid development of Intemet and the extensive application of computer technology, the security of information becomes more and more serious, and the information security technology with data encryption technology as the core has also been developed greatly. Data encryption technology not only can encrypt and decrypt data, but also can realize digital signature, authentication and authentication and other functions, thus ensuring the confidentiality, integrity and confirmation of data transmission over the network. In order to improve the security of data in network communication, in this paper, a hybrid encryption system is used to encrypt and decrypt the triple DES algorithm with high security, and the two keys are encrypted with RSA algorithm, thus ensuring the security of the triple DES key and solving the problem of key management; At the same time to realize digital signature using Java security software, to ensure data integrity and non-repudiation. Finally, the data encryption system is developed by Java language. The data encryption system is simple and effective, with good security and practicality.

  7. Information security of power enterprises of North-Arctic region

    Science.gov (United States)

    Sushko, O. P.

    2018-05-01

    The role of information technologies in providing technological security for energy enterprises is a component of the economic security for the northern Arctic region in general. Applying instruments and methods of information protection modelling of the energy enterprises' business process in the northern Arctic region (such as Arkhenergo and Komienergo), the authors analysed and identified most frequent risks of information security. With the analytic hierarchy process based on weighting factor estimations, information risks of energy enterprises' technological processes were ranked. The economic estimation of the information security within an energy enterprise considers weighting factor-adjusted variables (risks). Investments in information security systems of energy enterprises in the northern Arctic region are related to necessary security elements installation; current operating expenses on business process protection systems become materialized economic damage.

  8. Risk assessment for sustainable food security in China according to integrated food security--taking Dongting Lake area for example.

    Science.gov (United States)

    Qi, Xiaoxing; Liu, Liming; Liu, Yabin; Yao, Lan

    2013-06-01

    Integrated food security covers three aspects: food quantity security, food quality security, and sustainable food security. Because sustainable food security requires that food security must be compatible with sustainable development, the risk assessment of sustainable food security is becoming one of the most important issues. This paper mainly focuses on the characteristics of sustainable food security problems in the major grain-producing areas in China. We establish an index system based on land resources and eco-environmental conditions and apply a dynamic assessment method based on status assessments and trend analysis models to overcome the shortcomings of the static evaluation method. Using fuzzy mathematics, the risks are categorized into four grades: negligible risk, low risk, medium risk, and high risk. A case study was conducted in one of China's major grain-producing areas: Dongting Lake area. The results predict that the status of the sustainable food security in the Dongting Lake area is unsatisfactory for the foreseeable future. The number of districts at the medium-risk range will increase from six to ten by 2015 due to increasing population pressure, a decrease in the cultivated area, and a decrease in the effective irrigation area. Therefore, appropriate policies and measures should be put forward to improve it. The results could also provide direct support for an early warning system-which could be used to monitor food security trends or nutritional status so to inform policy makers of impending food shortages-to prevent sustainable food security risk based on some classical systematic methods. This is the first research of sustainable food security in terms of risk assessment, from the perspective of resources and the environment, at the regional scale.

  9. 14 CFR 1274.937 - Security requirements for unclassified information technology resources.

    Science.gov (United States)

    2010-01-01

    ... information technology resources. 1274.937 Section 1274.937 Aeronautics and Space NATIONAL AERONAUTICS AND... Conditions § 1274.937 Security requirements for unclassified information technology resources. Security Requirements for Unclassified Information Technology Resources July 2002 (a) The Recipient shall be responsible...

  10. The Algorithm Analysis of E-Commerce Security Issues for Online Payment Transaction System in Banking Technology

    OpenAIRE

    Barskar, Raju; Deen, Anjana Jayant; Bharti, Jyoti; Ahmed, Gulfishan Firdose

    2010-01-01

    E-Commerce offers the banking industry great opportunity, but also creates a set of new risks and vulnerability such as security threats. Information security, therefore, is an essential management and technical requirement for any efficient and effective Payment transaction activities over the internet. Still, its definition is a complex endeavor due to the constant technological and business change and requires a coordinated match of algorithm and technical solutions. Ecommerce is not appro...

  11. Review: Security in Wireless Technologies in Business

    Science.gov (United States)

    Sattarova, F. Y.; Kim, Tai-Hoon

    Wireless technology seems to be everywhere now - but it is still relatively in its infancy. New standards and protocols continue to emerge and problems and bugs are discovered. Nevertheless, wireless networks make many things much more convenient and it appears that wireless networks are here to stay. The differences and similarities of wireless and wired security, the new threats brought by mobility, the security of networks and devices and effects of security, or lack of it are shortly discussed in this review paper.

  12. Agent of opportunity risk mitigation: people, engineering, and security efficacy.

    Science.gov (United States)

    Graham, Margaret E; Tunik, Michael G; Farmer, Brenna M; Bendzans, Carly; McCrillis, Aileen M; Nelson, Lewis S; Portelli, Ian; Smith, Silas; Goldberg, Judith D; Zhang, Meng; Rosenberg, Sheldon D; Goldfrank, Lewis R

    2010-12-01

    Agents of opportunity (AO) are potentially harmful biological, chemical, radiological, and pharmaceutical substances commonly used for health care delivery and research. AOs are present in all academic medical centers (AMC), creating vulnerability in the health care sector; AO attributes and dissemination methods likely predict risk; and AMCs are inadequately secured against a purposeful AO dissemination, with limited budgets and competing priorities. We explored health care workers' perceptions of AMC security and the impact of those perceptions on AO risk. Qualitative methods (survey, interviews, and workshops) were used to collect opinions from staff working in a medical school and 4 AMC-affiliated hospitals concerning AOs and the risk to hospital infrastructure associated with their uncontrolled presence. Secondary to this goal, staff perception concerning security, or opinions about security behaviors of others, were extracted, analyzed, and grouped into themes. We provide a framework for depicting the interaction of staff behavior and access control engineering, including the tendency of staff to "defeat" inconvenient access controls. In addition, 8 security themes emerged: staff security behavior is a significant source of AO risk; the wide range of opinions about "open" front-door policies among AMC staff illustrates a disparity of perceptions about the need for security; interviewees expressed profound skepticism concerning the effectiveness of front-door access controls; an AO risk assessment requires reconsideration of the security levels historically assigned to areas such as the loading dock and central distribution sites, where many AOs are delivered and may remain unattended for substantial periods of time; researchers' view of AMC security is influenced by the ongoing debate within the scientific community about the wisdom of engaging in bioterrorism research; there was no agreement about which areas of the AMC should be subject to stronger access

  13. Risk management in methodologies of information technology and communications projects

    Directory of Open Access Journals (Sweden)

    Jonathan Carrillo

    2013-12-01

    Full Text Available (Received: 2013/10/02 - Accepted: 2013/12/13At present there are methodologies that have several alternatives and methods to manage projects of Information and Communication Technologies. However, these do not cover a solution for the technology events that can occur in the industry, government, education, among others. In the technology market there are several models to identify and analyze risks according to relevant aspects of their area of specialty e.g. projects, in software development, communications, information security and business alignment. For this reason, this research conducted an evaluation of risk management activities of the methodologies used mostly to know which of them includes more correspondence with basic elements of IT using a rating scale.

  14. Safety and Security Interface Technology Initiative

    International Nuclear Information System (INIS)

    Dr. Michael A. Lehto; Kevin J. Carroll; Dr. Robert Lowrie

    2007-01-01

    Earlier this year, the Energy Facility Contractors Group (EFCOG) was asked to assist in developing options related to acceleration deployment of new security-related technologies to assist meeting design base threat (DBT) needs while also addressing the requirements of 10 CFR 830. NNSA NA-70, one of the working group participants, designated this effort the Safety and Security Interface Technology Initiative (SSIT). Relationship to Workshop Theme. ''Supporting Excellence in Operations Through Safety Analysis'', (workshop theme) includes security and safety personnel working together to ensure effective and efficient operations. One of the specific workshop elements listed in the call for papers is ''Safeguards/Security Integration with Safety''. This paper speaks directly to this theme. Description of Work. The EFCOG Safety Analysis Working Group (SAWG) and the EFCOG Security Working Group formed a core team to develop an integrated process involving both safety basis and security needs allowing achievement of the DBT objectives while ensuring safety is appropriately considered. This effort garnered significant interest, starting with a two day breakout session of 30 experts at the 2006 Safety Basis Workshop. A core team was formed, and a series of meetings were held to develop that process, including safety and security professionals, both contractor and federal personnel. A pilot exercise held at Idaho National Laboratory (INL) in mid-July 2006 was conducted as a feasibility of concept review. Work Results. The SSIT efforts resulted in a topical report transmitted from EFCOG to DOE/NNSA in August 2006. Elements of the report included: Drivers and Endstate, Control Selections Alternative Analysis Process, Terminology Crosswalk, Safety Basis/Security Documentation Integration, Configuration Control, and development of a shared ''tool box'' of information/successes. Specific Benefits. The expectation or end state resulting from the topical report and associated

  15. Assessing security technology's impact: old tools for new problems.

    Science.gov (United States)

    Kreissl, Reinhard

    2014-09-01

    The general idea developed in this paper from a sociological perspective is that some of the foundational categories on which the debate about privacy, security and technology rests are blurring. This process is a consequence of a blurring of physical and digital worlds. In order to define limits for legitimate use of intrusive digital technologies, one has to refer to binary distinctions such as private versus public, human versus technical, security versus insecurity to draw differences determining limits for the use of surveillance technologies. These distinctions developed in the physical world and are rooted in a cultural understanding of pre-digital culture. Attempts to capture the problems emerging with the implementation of security technologies using legal reasoning encounter a number of problems since law is by definition oriented backwards, adapting new developments to existing traditions, whereas the intrusion of new technologies in the physical world produces changes and creates fundamentally new problems.

  16. A Model for an Information Security Risk Management (ISRM) Framework for Saudi Arabian Organisations

    Science.gov (United States)

    Alshareef, Naser

    2016-01-01

    Countries in the Gulf represent thriving, globally important commercial centres. They have embraced technology and modern management methods, often originating in the western countries. In adapting to quite different cultures these do not always operate as successfully. The adoption and practices of the Information Security Risk Management (ISRM)…

  17. Positioning of a Peaceful Use of Nuclear Technology in National Security Aspects

    International Nuclear Information System (INIS)

    Kim, Hyun Jun; Chang, Moon Hee; Kim, Hark Rho; Lee, Young Joon; Lee, Sang Heon

    2012-01-01

    Many cases have shown that a peaceful use of nuclear technology should play an important role in national securities such as energy, economic and science and technology securities, etc. It would be interesting to know what the positioning of the peaceful use of nuclear technology is in the national security aspects. In this paper, a positioning of nuclear power on various national security components is intended by using a positioning process that has been widely used for marketing. Findings can be used for directing further R and Ds to develop nuclear power technology

  18. Positioning of a Peaceful Use of Nuclear Technology in National Security Aspects

    Energy Technology Data Exchange (ETDEWEB)

    Kim, Hyun Jun; Chang, Moon Hee; Kim, Hark Rho; Lee, Young Joon [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of); Lee, Sang Heon [Korea National Defense University, Goyang (Korea, Republic of)

    2012-05-15

    Many cases have shown that a peaceful use of nuclear technology should play an important role in national securities such as energy, economic and science and technology securities, etc. It would be interesting to know what the positioning of the peaceful use of nuclear technology is in the national security aspects. In this paper, a positioning of nuclear power on various national security components is intended by using a positioning process that has been widely used for marketing. Findings can be used for directing further R and Ds to develop nuclear power technology

  19. 48 CFR 652.239-70 - Information Technology Security Plan and Accreditation.

    Science.gov (United States)

    2010-10-01

    ... 48 Federal Acquisition Regulations System 4 2010-10-01 2010-10-01 false Information Technology... Clauses 652.239-70 Information Technology Security Plan and Accreditation. As prescribed in 639.107-70(a), insert the following provision: Information Technology Security Plan and Accreditation (SEP 2007) All...

  20. 48 CFR 1252.239-71 - Information technology security plan and accreditation.

    Science.gov (United States)

    2010-10-01

    ... 48 Federal Acquisition Regulations System 5 2010-10-01 2010-10-01 false Information technology... Provisions and Clauses 1252.239-71 Information technology security plan and accreditation. As prescribed in (TAR) 48 CFR 1239.70, insert the following provision: Information Technology Security Plan and...

  1. Systematic, appropriate, and cost-effective application of security technologies in U.S. public schools to reduce crime, violence, and drugs

    Science.gov (United States)

    Green, Mary W.

    1997-01-01

    As problems of violence and crime become more prevalent in our schools, more and more school districts will elect to use security technologies to control these problems. While the desired change in student and community attitudes will require significant systemic change through intense US social programs, security technologies can greatly augment school staff today by providing services similar to having extra adults present. Technologies such as cameras, sensors, drug detection, biometric and personnel identification, lighting, barriers, weapon and explosives detection, anti- graffiti methods, and duress alarms can all be effective, given they are used in appropriate applications, with realistic expectations and an understanding of limitations. Similar to a high-risk government facility, schools must consider a systems approach to security, which includes the use of personnel and procedures as well as security technologies, such that the synergy created by all these elements together contributes more tot he general 'order maintenance' of the facility than could be achieved by separate measures not integrated or related.

  2. Using Common Sense to Effectively Integrate Security Technologies within a School's Security Strategy

    Energy Technology Data Exchange (ETDEWEB)

    Gree, M.W.

    1998-11-03

    Security technologies are not the answer to all school security problems. However, they can be an excellent tool for school administrators and security personnel when incorporated into a total security strategy involving personnel, procedures, and facility layout. Unfortunately, very few of the tougher security problems in schools have solutions that are affordable, effective, and acceptable. Like any other type of facility, a school's security staff must understand the strengths and limitations of the security measures they are csecurity practices, which will rarely increase new building costs if included in the initial planning.

  3. Security Problems of Mobile Technologies

    Directory of Open Access Journals (Sweden)

    A. G. Beltov

    2012-09-01

    Full Text Available The article provides an overview of security problems which exist in the mobile devices. The main technologies aimed to protect the phones from various types of attacks are considered. The authors justify the necessity of developing new improved tools and methods to ensure the safety of such devices.

  4. The Concepts of Risk, Safety, and Security: Applications in Everyday Language.

    Science.gov (United States)

    Boholm, Max; Möller, Niklas; Hansson, Sven Ove

    2016-02-01

    The concepts of risk, safety, and security have received substantial academic interest. Several assumptions exist about their nature and relation. Besides academic use, the words risk, safety, and security are frequent in ordinary language, for example, in media reporting. In this article, we analyze the concepts of risk, safety, and security, and their relation, based on empirical observation of their actual everyday use. The "behavioral profiles" of the nouns risk, safety, and security and the adjectives risky, safe, and secure are coded and compared regarding lexical and grammatical contexts. The main findings are: (1) the three nouns risk, safety, and security, and the two adjectives safe and secure, have widespread use in different senses, which will make any attempt to define them in a single unified manner extremely difficult; (2) the relationship between the central risk terms is complex and only partially confirms the distinctions commonly made between the terms in specialized terminology; (3) whereas most attempts to define risk in specialized terminology have taken the term to have a quantitative meaning, nonquantitative meanings dominate in everyday language, and numerical meanings are rare; and (4) the three adjectives safe, secure, and risky are frequently used in comparative form. This speaks against interpretations that would take them as absolute, all-or-nothing concepts. © 2015 Society for Risk Analysis.

  5. A Layered Trust Information Security Architecture

    Science.gov (United States)

    de Oliveira Albuquerque, Robson; García Villalba, Luis Javier; Sandoval Orozco, Ana Lucila; Buiati, Fábio; Kim, Tai-Hoon

    2014-01-01

    Information can be considered the most important asset of any modern organization. Securing this information involves preserving confidentially, integrity and availability, the well-known CIA triad. In addition, information security is a risk management job; the task is to manage the inherent risks of information disclosure. Current information security platforms do not deal with the different facets of information technology. This paper presents a layered trust information security architecture (TISA) and its creation was motivated by the need to consider information and security from different points of view in order to protect it. This paper also extends and discusses security information extensions as a way of helping the CIA triad. Furthermore, this paper suggests information representation and treatment elements, operations and support components that can be integrated to show the various risk sources when dealing with both information and security. An overview of how information is represented and treated nowadays in the technological environment is shown, and the reason why it is so difficult to guarantee security in all aspects of the information pathway is discussed. PMID:25470490

  6. A layered trust information security architecture.

    Science.gov (United States)

    de Oliveira Albuquerque, Robson; Villalba, Luis Javier García; Orozco, Ana Lucila Sandoval; Buiati, Fábio; Kim, Tai-Hoon

    2014-12-01

    Information can be considered the most important asset of any modern organization. Securing this information involves preserving confidentially, integrity and availability, the well-known CIA triad. In addition, information security is a risk management job; the task is to manage the inherent risks of information disclosure. Current information security platforms do not deal with the different facets of information technology. This paper presents a layered trust information security architecture (TISA) and its creation was motivated by the need to consider information and security from different points of view in order to protect it. This paper also extends and discusses security information extensions as a way of helping the CIA triad. Furthermore, this paper suggests information representation and treatment elements, operations and support components that can be integrated to show the various risk sources when dealing with both information and security. An overview of how information is represented and treated nowadays in the technological environment is shown, and the reason why it is so difficult to guarantee security in all aspects of the information pathway is discussed.

  7. A Layered Trust Information Security Architecture

    Directory of Open Access Journals (Sweden)

    Robson de Oliveira Albuquerque

    2014-12-01

    Full Text Available Information can be considered the most important asset of any modern organization. Securing this information involves preserving confidentially, integrity and availability, the well-known CIA triad. In addition, information security is a risk management job; the task is to manage the inherent risks of information disclosure. Current information security platforms do not deal with the different facets of information technology. This paper presents a layered trust information security architecture (TISA and its creation was motivated by the need to consider information and security from different points of view in order to protect it. This paper also extends and discusses security information extensions as a way of helping the CIA triad. Furthermore, this paper suggests information representation and treatment elements, operations and support components that can be integrated to show the various risk sources when dealing with both information and security. An overview of how information is represented and treated nowadays in the technological environment is shown, and the reason why it is so difficult to guarantee security in all aspects of the information pathway is discussed.

  8. Study of Security Attributes of Smart Grid Systems- Current Cyber Security Issues

    Energy Technology Data Exchange (ETDEWEB)

    Wayne F. Boyer; Scott A. McBride

    2009-04-01

    This document provides information for a report to congress on Smart Grid security as required by Section 1309 of Title XIII of the Energy Independence and Security Act of 2007. The security of any future Smart Grid is dependent on successfully addressing the cyber security issues associated with the nation’s current power grid. Smart Grid will utilize numerous legacy systems and technologies that are currently installed. Therefore, known vulnerabilities in these legacy systems must be remediated and associated risks mitigated in order to increase the security and success of the Smart Grid. The implementation of Smart Grid will include the deployment of many new technologies and multiple communication infrastructures. This report describes the main technologies that support Smart Grid and summarizes the status of implementation into the existing U.S. electrical infrastructure.

  9. Factors Influencing the Adoption of Biometric Security Technologies by Decision Making Information Technology and Security Managers

    OpenAIRE

    Lease, David R.

    2005-01-01

    The research conducted under this study offers an understanding of the reasons why information technology (IT) and/or information assurance (IA) managers choose to recommend or not to recommend particular technologies, specifically biometric security, to their organizations. A review of the relevant literature provided the foundation to develop a set of research questions and factors for this research effort. The research questions became the basis of the study’s stated hypotheses for examini...

  10. Marketing Plan for the National Security Technology Incubator

    Energy Technology Data Exchange (ETDEWEB)

    None

    2008-03-31

    This marketing plan was developed as part of the National Security Preparedness Project by the Arrowhead Center of New Mexico State University. The vision of the National Security Technology Incubator program is to be a successful incubator of technologies and private enterprise that assist the NNSA in meeting new challenges in national safety and security. The plan defines important aspects of developing the incubator, such as defining the target market, marketing goals, and creating strategies to reach the target market while meeting those goals. The three main marketing goals of the incubator are: 1) developing marketing materials for the incubator program; 2) attracting businesses to become incubator participants; and 3) increasing name recognition of the incubator program on a national level.

  11. Denial technology, the neglected security element

    International Nuclear Information System (INIS)

    Mauney, C.H.

    1982-01-01

    Even though there has been an increased concern over providing adequate security during the past decade, and even though some aspects of existing security systems have been enhanced during this period, much remains to be done to provide that balance which is so necessary to have all elements function as an effective unit. The area that primarily has been neglected is the delay element - the part of the system which makes possible the needed time for the security force to respond after an intrustion is detected and prior to the adversary attaining his desired goal. The purpose of this paper is to address the vulnerabilities of a security system which exist without the proper delay elements and to suggest how current technology can provide, through the use of activated barriers, that needed delay time to bring the system into balance. Security managers desire reliability and effectiveness; plant managers require safety, non-interference with operations, cost considerate capability, and aesthetic application - these characteristics will be addressed in the context of providing the required delay. This paper, hopefully, will set the stage for dialogue between developer and user, yielding a mutally acceptable approach to balanced security protection

  12. Center for Coastline Security Technology, Year-2

    National Research Council Canada - National Science Library

    Glegg, Stewart; Glenn, William; Furht, Borko; Beaujean, P. P; Frisk, G; Schock, S; VonEllenrieder, K; Ananthakrishnan, P; An, E; Granata, R

    2007-01-01

    ...), the Imaging Technology Center, the Department of Computer Science and Engineering, and the University Consortium for Intermodal Transportation Safety and Security at Florida Atlantic University...

  13. Modern Quantum Technologies of Information Security

    OpenAIRE

    Korchenko, Oleksandr; Vasiliu, Yevhen; Gnatyuk, Sergiy

    2010-01-01

    In this paper, the systematisation and classification of modern quantum technologies of information security against cyber-terrorist attack are carried out. The characteristic of the basic directions of quantum cryptography from the viewpoint of the quantum technologies used is given. A qualitative analysis of the advantages and disadvantages of concrete quantum protocols is made. The current status of the problem of practical quantum cryptography use in telecommunication networks is consider...

  14. A cooperative model for IS security risk management in distributed environment.

    Science.gov (United States)

    Feng, Nan; Zheng, Chundong

    2014-01-01

    Given the increasing cooperation between organizations, the flexible exchange of security information across the allied organizations is critical to effectively manage information systems (IS) security in a distributed environment. In this paper, we develop a cooperative model for IS security risk management in a distributed environment. In the proposed model, the exchange of security information among the interconnected IS under distributed environment is supported by Bayesian networks (BNs). In addition, for an organization's IS, a BN is utilized to represent its security environment and dynamically predict its security risk level, by which the security manager can select an optimal action to safeguard the firm's information resources. The actual case studied illustrates the cooperative model presented in this paper and how it can be exploited to manage the distributed IS security risk effectively.

  15. Safeguards and Security Technology Development Directory. FY 1993

    Energy Technology Data Exchange (ETDEWEB)

    1993-06-01

    The Safeguards and Security Technology Development Directory is published annually by the Office of Safeguards and Security (OSS) of the US Department of Energy (DOE), and is Intended to inform recipients of the full scope of the OSS R&D program. It is distributed for use by DOE headquarters personnel, DOE program offices, DOE field offices, DOE operating contractors, national laboratories, other federal agencies, and foreign governments. Chapters 1 through 7 of the Directory provide general information regarding the Technology Development Program, including the mission, program description, organizational roles and responsibilities, technology development lifecycle, requirements analysis, program formulation, the task selection process, technology development infrastructure, technology transfer activities, and current research and development tasks. These chapters are followed by a series of appendices which contain more specific information on aspects of the Program. Appendix A is a summary of major technology development accomplishments made during FY 1992. Appendix B lists S&S technology development reports issued during FY 1992 which reflect work accomplished through the OSS Technology Development Program and other relevant activities outside the Program. Finally, Appendix C summarizes the individual task statements which comprise the FY 1993 Technology Development Program.

  16. Infrared: A Key Technology for Security Systems

    OpenAIRE

    Corsi, Carlo

    2012-01-01

    Infrared science and technology has been, since the first applications, mainly dedicated to security and surveillance especially in military field, besides specialized techniques in thermal imaging for medical diagnostic and building structures and recently in energy savings and aerospace context. Till recently the security applications were mainly based on thermal imaging as surveillance and warning military systems. In all these applications the advent of room temperature, more reliable due...

  17. Technologies for security, military police, and professional policing organizations: the Department of Energy perspective

    Science.gov (United States)

    Steele, Basil J.

    1997-01-01

    There are many emerging technologies that can be used to help the law enforcement community protect the public as well as public and private facilities against ever increasing threats to this country and its resources. These technologies include sensors, closed circuit television (CCTV), access control, contraband detection, communications, control and display, barriers, and various component and system modeling techniques. This paper will introduce some of the various technologies that have been examined for the Department of Energy that could be applied to various law enforcement applications. They include: scannerless laser radar; next generation security systems; response force video information helmet system; access delay technologies; rapidly deployable intrusion detection systems; cost risk benefit analysis.

  18. 6 CFR 27.200 - Information regarding security risk for a chemical facility.

    Science.gov (United States)

    2010-01-01

    ... chemical facility. 27.200 Section 27.200 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CHEMICAL FACILITY ANTI-TERRORISM STANDARDS Chemical Facility Security Program § 27.200 Information regarding security risk for a chemical facility. (a) Information to determine security risk. In order to...

  19. 77 FR 59407 - Homeland Security Science and Technology Advisory Committee (HSSTAC)

    Science.gov (United States)

    2012-09-27

    ... Secretary for Science and Technology, such as new developments in systems engineering, cyber-security... Security Challenges; Accelerating Innovation Through Systems Analysis; and Leveraging Industry for Impact... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2012-0053] Homeland Security Science and...

  20. Evolution of Biotechnology and Information Technology and Its Impact on Human Security

    Directory of Open Access Journals (Sweden)

    Elena S. Zinovieva

    2015-01-01

    Full Text Available Abstract: The development of post-industrial society initiates profound economic, technological and cultural change in the way of life of all mankind. The revolutionary breakthroughs in the field of new technologies such as biotechnology and information technology are reflected in all spheres of human activity, directly affecting the human security. The article analyzes the consequences of widespread usage biotechnology and information technology in the foreign policy practice on the basis of the human security theory. The detailed description of the main directions of the use of biometric technology in the foreign policy and consular practices is provided, the challenges and threats to information security associated with biometrics are analyzed, arising from widespread biotechnology are the main challenges and threats to as well as human security threats arising at the present stage of development and application of these technologies. Human security threats associated with the use of biotechnology are placed in the broader context of global trends in scientific and technological development. The recommendations are formulated in the field of foreign policy and international cooperation, which would neutralize new threats to international and personal safety arising at the present stage of development of biotechnology. The authors conclude that in order to ensure ethical regulation of new technologies that address issues of human security, it is necessary to organize multi-stakeholder partnerships at national and international level with the participation of states, representatives of civil society, business and the research community.

  1. 78 FR 66949 - Homeland Security Science and Technology Advisory Committee (HSSTAC)

    Science.gov (United States)

    2013-11-07

    ... Technology, such as new developments in systems engineering, cyber-security, knowledge management and how... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2013-0071] Homeland Security Science and... Management; Notice of Federal Advisory Committee Meeting. SUMMARY: The Homeland Security Science and...

  2. Effective surveillance for homeland security balancing technology and social issues

    CERN Document Server

    Flammini, Francesco; Franceschetti, Giorgio

    2013-01-01

    Effective Surveillance for Homeland Security: Balancing Technology and Social Issues provides a comprehensive survey of state-of-the-art methods and tools for the surveillance and protection of citizens and critical infrastructures against natural and deliberate threats. Focusing on current technological challenges involving multi-disciplinary problem analysis and systems engineering approaches, it provides an overview of the most relevant aspects of surveillance systems in the framework of homeland security. Addressing both advanced surveillance technologies and the related socio-ethical issues, the book consists of 21 chapters written by international experts from the various sectors of homeland security. Part I, Surveillance and Society, focuses on the societal dimension of surveillance-stressing the importance of societal acceptability as a precondition to any surveillance system. Part II, Physical and Cyber Surveillance, presents advanced technologies for surveillance. It considers developing technologie...

  3. Execution of a self-directed risk assessment methodology to address HIPAA data security requirements

    Science.gov (United States)

    Coleman, Johnathan

    2003-05-01

    This paper analyzes the method and training of a self directed risk assessment methodology entitled OCTAVE (Operationally Critical Threat Asset and Vulnerability Evaluation) at over 170 DOD medical treatment facilities. It focuses specifically on how OCTAVE built interdisciplinary, inter-hierarchical consensus and enhanced local capabilities to perform Health Information Assurance. The Risk Assessment Methodology was developed by the Software Engineering Institute at Carnegie Mellon University as part of the Defense Health Information Assurance Program (DHIAP). The basis for its success is the combination of analysis of organizational practices and technological vulnerabilities. Together, these areas address the core implications behind the HIPAA Security Rule and can be used to develop Organizational Protection Strategies and Technological Mitigation Plans. A key component of OCTAVE is the inter-disciplinary composition of the analysis team (Patient Administration, IT staff and Clinician). It is this unique composition of analysis team members, along with organizational and technical analysis of business practices, assets and threats, which enables facilities to create sound and effective security policies. The Risk Assessment is conducted in-house, and therefore the process, results and knowledge remain within the organization, helping to build consensus in an environment of differing organizational and disciplinary perspectives on Health Information Assurance.

  4. NPP physical protection and information security as necessary conditions for reducing nuclear and radiation accident risks

    International Nuclear Information System (INIS)

    Pogosov, O.Yu.; Derevyanko, O.V.

    2017-01-01

    The paper focuses on the fact that nuclear failures and incidents can lead to radioactive contamination of NPP premises. Nuclear and radiation hazard may be caused by malefactors in technological processes when applying computers or inadequate control in case of insufficient level of information security.The researchers performed analysis of factors for reducing risks of nuclear and radiation accidents at NPPs considering specific conditions related to information security of NPP physical protection systems. The paper considers connection of heterogeneous factors that may increase the risk of NPP accidents, possibilities and ways to improve adequate modelling of security of information with limited access directly related to the functioning of automated set of engineering and technical means for NPP physical protection. Within the overall Hutchinson formalization, it is proposed to include additional functional dependencies on indicators specific for NPPs into analysis algorithms.

  5. New trends in science and technology implications for international peace and security

    International Nuclear Information System (INIS)

    1991-01-01

    In December 1988, the General Assembly requested the Secretary-General to follow future scientific and technological developments, especially those with potential military applications, and to evaluate their impact on international security. In resolution 43/77 A it also requested the Secretary-General to report to it at its forty-fifth session. The broad fields in which scientific and technological developments are taking place were identified as: information technology, biotechnology, materials technology, nuclear technology and space technology. These assessments were discussed by a wider group of experts at a high-level conference on ''New trends in science and technology: implications for international peace and security'', held in April 1990 in the city of Sendai, Japan. The Conference, which was attended by nearly 100 participants from over 20 countries, addressed issues of technological change and global security, new technologies and the search for security in the post-cold-war era, and national policy-making and international diplomacy in an era of rapid technological change. General approaches to technology assessment and technology trends in selected areas were also discussed. The positions taken by Member States on the subject of establishing a mechanism for technology assessment were also taken into account. The highlights of the report are summarized

  6. How the Office of Safeguards and Security Technology development program facilitates safeguarding and securing the DOE complex

    International Nuclear Information System (INIS)

    Smoot, W.

    1995-01-01

    The technology development program's (TDP's) mission is to provide technologies or methodologies that address safeguards and security requirements throughout the U.S. DOE complex as well as to meet headquarters' policy needs. This includes developing state-of-the-art technologies or modifying existing technologies in physical security, material control and accountability, information security, and integrated safeguards systems. The TDP has an annual process during which it solicits user requirements from the field. These requirements are analyzed by DOE headquarters and laboratory personnel for technical merit. The requirements are then prioritized at headquarters, and the highest priorities are incorporated into our budget. Although this user-needs process occurs formally once a year, user requirements are accepted at any time. The status of funded technologies is communicated through briefings, programs reviews, and various documents that are available to all interested parties. Participants in several interagency groups allows our program to benefit from what others are doing and to prevent duplications of efforts throughout the federal community. Many technologies are transferred to private industry

  7. 78 FR 14101 - Homeland Security Science and Technology Advisory Committee (HSSTAC)

    Science.gov (United States)

    2013-03-04

    ... Secretary for Science and Technology, such as new developments in systems engineering, cyber-security... HSSTAC input on how to improve that collaboration. --Cyber Security and the evolution of the Cyber... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2013-0014] Homeland Security Science and...

  8. Secure messaging via the cloud and mobile devices: data security issues emerge with new technologies.

    Science.gov (United States)

    Prestigiacomo, Jennifer

    2011-05-01

    The secure messaging space is alive with new innovations that are moving the industry forward. Key in this space is the push toward moving secure messaging to the cloud and pushing it out to mobile devices. Among the examples are solutions that allow physicians to receive encrypted email on mobile devices, as well as ones that allow doctors to securely text-message each other to coordinate care. However, the security issues around these emerging technologies in this very active space must be further explored.

  9. RiskREP: Risk-Based Security Requirements Elicitation and Prioritization

    OpenAIRE

    Herrmann, Andrea; Morali, A.; Etalle, Sandro; Wieringa, Roelf J.; Niedrite, Laila; Strazdina, Renate; Wangler, Benkt

    2011-01-01

    Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement “good-enough security‿ but need to be able to justify their security investment plans. In this paper, we present a Risk-Based Requirements Prioritization method (RiskREP) that extends misuse case-based methods with IT architecture based risk assessment and countermeasure definition and prioritization. Countermeasure prioritizati...

  10. 75 FR 3948 - Big Sky Energy Corp., Biomedical Waste Systems, Inc., Biometrics Security Technology, Inc...

    Science.gov (United States)

    2010-01-25

    ... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] Big Sky Energy Corp., Biomedical Waste Systems, Inc., Biometrics Security Technology, Inc., Biosys, Inc., Bolder Technologies Corp., Boyds Wheels, Inc... securities of Biometrics Security Technology, Inc. because it has not filed any periodic reports since...

  11. Capitalization of Defense Technology Security Administration Equipment

    National Research Council Canada - National Science Library

    Gimble, Thomas

    1996-01-01

    ... $5.2 million in the Equipment in Use account on its trial balance. Starting with FY 1996, Defense Technology Security Administration financial data will be included in consolidated DoD financial statements...

  12. Development of an Automated Security Risk Assessment Methodology Tool for Critical Infrastructures.

    Energy Technology Data Exchange (ETDEWEB)

    Jaeger, Calvin Dell; Roehrig, Nathaniel S.; Torres, Teresa M.

    2008-12-01

    This document presents the security automated Risk Assessment Methodology (RAM) prototype tool developed by Sandia National Laboratories (SNL). This work leverages SNL's capabilities and skills in security risk analysis and the development of vulnerability assessment/risk assessment methodologies to develop an automated prototype security RAM tool for critical infrastructures (RAM-CITM). The prototype automated RAM tool provides a user-friendly, systematic, and comprehensive risk-based tool to assist CI sector and security professionals in assessing and managing security risk from malevolent threats. The current tool is structured on the basic RAM framework developed by SNL. It is envisioned that this prototype tool will be adapted to meet the requirements of different CI sectors and thereby provide additional capabilities.

  13. Hydrocomplexity: Addressing water security and emergent environmental risks

    Science.gov (United States)

    Kumar, Praveen

    2015-07-01

    Water security and emergent environmental risks are among the most significant societal concerns. They are highly interlinked to other global risks such as those related to climate, human health, food, human migration, biodiversity loss, urban sustainability, etc. Emergent risks result from the confluence of unanticipated interactions from evolving interdependencies between complex systems, such as those embedded in the water cycle. They are associated with the novelty of dynamical possibilities that have significant potential consequences to human and ecological systems, and not with probabilities based on historical precedence. To ensure water security we need to be able to anticipate the likelihood of risk possibilities as they present the prospect of the most impact through cascade of vulnerabilities. They arise due to a confluence of nonstationary drivers that include growing population, climate change, demographic shifts, urban growth, and economic expansion, among others, which create novel interdependencies leading to a potential of cascading network effects. Hydrocomplexity aims to address water security and emergent risks through the development of science, methods, and practices with the potential to foster a "Blue Revolution" akin to the Green revolution for food security. It blends both hard infrastructure based solution with soft knowledge driven solutions to increase the range of planning and design, management, mitigation and adaptation strategies. It provides a conceptual and synthetic framework to enable us to integrate discovery science and engineering, observational and information science, computational and communication systems, and social and institutional approaches to address consequential water and environmental challenges.

  14. Technologies for security, military police and professional policing organizations, the Department of Energy perspective

    International Nuclear Information System (INIS)

    Steele, B.J.

    1996-01-01

    There are many technologies emerging from this decade that can be used to help the law enforcement community protect the public as well as public and private facilities against ever increasing threats to this country and its resources. These technologies include sensors, closed circuit television (CCTV), access control, contraband detection, communications, control and display, barriers, and various component and system modeling techniques. This paper will introduce some of the various technologies that have been examined for the Department of Energy that could be applied to various law enforcement applications. They include: (1) scannerless laser radar; (2) next generation security systems; (3) response force video information helmet system; (4) access delay technologies; (5) rapidly deployable intrusion detection systems; and (6) cost risk benefit analysis

  15. AlphaCo: A Teaching Case on Information Technology Audit and Security

    Directory of Open Access Journals (Sweden)

    Hüseyin Tanriverdi

    2006-03-01

    Full Text Available Recent regulations in the United States (U.S. such as the Sarbanes-Oxley Act of 2002 require top management of a public firm to provide reasonable assurance that they institute internal controls that minimize risks over the firm’s operations and financial reporting. External auditors are required to attest to the management’s assertions over the effectiveness of those internal controls. As firms rely more on information technology (IT in conducting business, they also become more vulnerable to IT related risks. IT is critical for initiating, recording, processing, summarizing and reporting accurate financial and non-financial data. Thus, understanding IT related risks and instituting internal control mechanisms that minimize them have become important and created an urgent need for professionals who are equipped with IT audit and security skills and knowledge. However, there is severe shortage of teaching cases that can be used in courses aimed at training such professionals. This teaching case begins to address this gap by fostering classroom discussions around IT audit and security issues. It revolves around a hacking incident that compromised online order processing systems of AlphaCo and led to some fraudulent activity. The hacking incident raises a series of questions about IT security vulnerabilities, internal control deficiencies, integrity of financial statements, and independent auditors’ assessment of fraud in the context of the Sarbanes-Oxley Act. The case places students in the roles of executives, IT managers, and auditors and encourages them to discuss several important questions: how and why did the hacking incident happen; what harm did it cause to the firm; how can the firm prevent such hacking incidents in the future; if they do happen, how can the firm detect hacking incidents and fraud sooner; how do auditors assess the impact of such incidents in the context of a financial statement audit; and whether the management

  16. Interdependent Risk and Cyber Security: An Analysis of Security Investment and Cyber Insurance

    Science.gov (United States)

    Shim, Woohyun

    2010-01-01

    An increasing number of firms rely on highly interconnected information networks. In such environments, defense against cyber attacks is complicated by residual risks caused by the interdependence of information security decisions of firms. IT security is affected not only by a firm's own management strategies but also by those of others. This…

  17. Security breaches: tips for assessing and limiting your risks.

    Science.gov (United States)

    Coons, Leeanne R

    2011-01-01

    As part of their compliance planning, medical practices should undergo a risk assessment to determine any vulnerability within the practice relative to security breaches. Practices should also implement safeguards to limit their risks. Such safeguards include facility access controls, information and electronic media management, use of business associate agreements, and education and enforcement. Implementation of specific policies and procedures to address security incidents is another critical step that medical practices should take as part of their security incident prevention plan. Medical practices should not only develop policies and procedures to prevent, detect, contain, and correct security violations, but should make sure that such policies and procedures are actually implemented in their everyday operations.

  18. Beyond RFID : the NFC Security Landscape

    NARCIS (Netherlands)

    Hoepman, J.H.; Siljee, B.I.J.

    2007-01-01

    For applications like mobile payments for which the use of NFC technology is considered, security is of paramount importance. This whitepaper discusses the main risks associated with using NFC technology, and the possible countermeasures that can be used to mitigate those risks.

  19. Governance and Risk Management of Network and Information Security: The Role of Public Private Partnerships in Managing the Existing and Emerging Risks

    Science.gov (United States)

    Navare, Jyoti; Gemikonakli, Orhan

    Globalisation and new technology has opened the gates to more security risks. As the strategic importance of communication networks and information increased, threats to the security and safety of communication infrastructures, as well as information stored in and/or transmitted increased significantly. The development of the self replicating programmes has become a nightmare for Internet users. Leading companies, strategic organisations were not immune to attacks; they were also "hacked" and overtaken by intruders. Incidents of recent years have also shown that national/regional crisis may also trigger cyber attacks at large scale. Experts forecast that cyber wars are likely to take the stage as tension mounts between developed societies. New risks such as cyber-attacks, network terrorism and disintegration of traditional infrastructures has somewhat blurred the boundaries of operation and control. This paper seeks to consider the risk management and governance and looking more specifically at implications for emerging economies.

  20. Security Risks Management in Selected Academic Libraries in Osun ...

    African Journals Online (AJOL)

    The survival of a library depends to a large extent on how secured its collections are. Security of collections constitutes a critical challenge facing academic libraries in Nigeria. It is against this background that this study investigated the security risks management in selected academic libraries in Osun State, Nigeria.

  1. Security and privacy issues with health care information technology.

    Science.gov (United States)

    Meingast, Marci; Roosta, Tanya; Sastry, Shankar

    2006-01-01

    The face of health care is changing as new technologies are being incorporated into the existing infrastructure. Electronic patient records and sensor networks for in-home patient monitoring are at the current forefront of new technologies. Paper-based patient records are being put in electronic format enabling patients to access their records via the Internet. Remote patient monitoring is becoming more feasible as specialized sensors can be placed inside homes. The combination of these technologies will improve the quality of health care by making it more personalized and reducing costs and medical errors. While there are benefits to technologies, associated privacy and security issues need to be analyzed to make these systems socially acceptable. In this paper we explore the privacy and security implications of these next-generation health care technologies. We describe existing methods for handling issues as well as discussing which issues need further consideration.

  2. The new risk paradigm for chemical process security and safety.

    Science.gov (United States)

    Moore, David A

    2004-11-11

    The world of safety and security in the chemical process industries has certainly changed since 11 September, but the biggest challenges may be yet to come. This paper will explain that there is a new risk management paradigm for chemical security, discuss the differences in interpreting this risk versus accidental risk, and identify the challenges we can anticipate will occur in the future on this issue. Companies need to be ready to manage the new chemical security responsibilities and to exceed the expectations of the public and regulators. This paper will outline the challenge and a suggested course of action.

  3. MODEL-BASED SECURITY ENGINEERING OF SOA SYSTEM USING SECURITY INTENT DSL

    OpenAIRE

    Muhammad Qaiser Saleem; Jafreezal Jaafar; Mohd Fadzil Hassan

    2011-01-01

    Currently most of the enterprises are using SOA and web services technologies to build their web information system. They are using MDA principles for design and development of WIS and using UML as a modelling language for business process modelling. Along with the increased connectivity in SOA environment, security risks rise exponentially. Security is not defined during the early phases of development and left onto developer. Properly configuring security requirements in SOA applications is...

  4. Security training with interactive laser-video-disk technology

    International Nuclear Information System (INIS)

    Wilson, D.

    1988-01-01

    DOE, through its contractor EG and G Energy Measurements, Inc., has developed a state-of-the-art interactive-video system for use at the Department of Energy's Central Training Academy. Called the Security Training and Evaluation Shooting System (STRESS), the computer-driven decision shooting system employs the latest is laservideo-disk technology. STRESS is designed to provide realistic and stressful training for security inspectors employed by the DOE and its contractors. The system uses wide-screen video projection, sophisticated scenario-branching technology, and customized video scenarios especially designed for the DOE. Firing a weapon that has been modified to shoot ''laser bullets,'' and wearing a special vest that detects ''hits'': the security inspector encounters adversaries on the wide screen who can shoot or be shot by the inspector in scenarios that demand fast decisions. Based on those decisions, the computer provides instantaneous branching to different scenes, giving the inspector confrontational training with the realism and variability of real life

  5. Information Uncertainty to Compare Qualitative Reasoning Security Risk Assessment Results

    Energy Technology Data Exchange (ETDEWEB)

    Chavez, Gregory M [Los Alamos National Laboratory; Key, Brian P [Los Alamos National Laboratory; Zerkle, David K [Los Alamos National Laboratory; Shevitz, Daniel W [Los Alamos National Laboratory

    2009-01-01

    The security risk associated with malevolent acts such as those of terrorism are often void of the historical data required for a traditional PRA. Most information available to conduct security risk assessments for these malevolent acts is obtained from subject matter experts as subjective judgements. Qualitative reasoning approaches such as approximate reasoning and evidential reasoning are useful for modeling the predicted risk from information provided by subject matter experts. Absent from these approaches is a consistent means to compare the security risk assessment results. Associated with each predicted risk reasoning result is a quantifiable amount of information uncertainty which can be measured and used to compare the results. This paper explores using entropy measures to quantify the information uncertainty associated with conflict and non-specificity in the predicted reasoning results. The measured quantities of conflict and non-specificity can ultimately be used to compare qualitative reasoning results which are important in triage studies and ultimately resource allocation. Straight forward extensions of previous entropy measures are presented here to quantify the non-specificity and conflict associated with security risk assessment results obtained from qualitative reasoning models.

  6. 48 CFR 1804.470 - Security requirements for unclassified information technology (IT) resources.

    Science.gov (United States)

    2010-10-01

    ... 48 Federal Acquisition Regulations System 6 2010-10-01 2010-10-01 true Security requirements for unclassified information technology (IT) resources. 1804.470 Section 1804.470 Federal Acquisition Regulations... Classified Information Within Industry 1804.470 Security requirements for unclassified information technology...

  7. Risks and threats of tax state security and methods of their neutralization

    Directory of Open Access Journals (Sweden)

    Y.V. Lebedzevych

    2016-12-01

    Full Text Available The article substantiates the relevance of the study to ensure security of the state tax. Scientists studied different approaches to defining the essence of the concept of "security tax" on the key features that would satisfy the interests of all subjects of tax relations and the necessity of legal consolidation of this concept. Analyzed the economic, social and legal nature of the existence of the security tax, identified key indicators of fiscal security of Ukraine. To determine the effectiveness of the tax administration in the interests of the tax security highlights the main threats, tax security risks caused by external and internal factors, and propose measures for their elimination and prevent the possibility of their occurrence. The stages of tax risk management with effective building security tax, designed structurally-logic of the tax risk management security.

  8. Discussion on the Technology and Method of Computer Network Security Management

    Science.gov (United States)

    Zhou, Jianlei

    2017-09-01

    With the rapid development of information technology, the application of computer network technology has penetrated all aspects of society, changed people's way of life work to a certain extent, brought great convenience to people. But computer network technology is not a panacea, it can promote the function of social development, but also can cause damage to the community and the country. Due to computer network’ openness, easiness of sharing and other characteristics, it had a very negative impact on the computer network security, especially the loopholes in the technical aspects can cause damage on the network information. Based on this, this paper will do a brief analysis on the computer network security management problems and security measures.

  9. Global water risks and national security: Building resilience (Invited)

    Science.gov (United States)

    Pulwarty, R. S.

    2013-12-01

    The UN defines water security as the capacity of a population to safeguard sustainable access to adequate quantities of acceptable quality water for sustaining livelihoods, human well-being, and socio-economic development, for ensuring protection against water-borne pollution and water-related disasters, and for preserving ecosystems in a climate of peace and political stability. This definition highlights complex and interconnected challenges and underscores the centrality of water for environmental services and human aactivities. Global risks are expressed at the national level. The 2010 Quadrennial Defense Review and the 2010 National Security Strategy identify climate change as likely to trigger outcomes that will threaten U.S. security including how freshwater resources can become a security issue. Impacts will be felt on the National Security interest through water, food and energy security, and critical infrastructure. This recognition focuses the need to consider the rates of change in climate extremes, in the context of more traditional political, economic, and social indicators that inform security analyses. There is a long-standing academic debate over the extent to which resource constraints and environmental challenges lead to inter-state conflict. It is generally recognized that water resources as a security issue to date exists mainly at the substate level and has not led to physical conflict between nation states. In conflict and disaster zones, threats to water security increase through inequitable and difficult access to water supply and related services, which may aggravate existing social fragility, tensions, violence, and conflict. This paper will (1) Outline the dimensions of water security and its links to national security (2) Analyze water footprints and management risks for key basins in the US and around the world, (3) map the link between global water security and national concerns, drawing lessons from the drought of 2012 and elsewhere

  10. ArgueSecure: Out-of-the-box Risk Assessment

    NARCIS (Netherlands)

    Ionita, Dan; Kegel, Roeland Hendrik,Pieter; Wieringa, Roelf J.; Baltuta, Andrei

    Most established security risk assessment methodologies aim to produce ranked lists of risks. But ranking requires quantification of risks, which in turn relies on data which may not be available or estimations which might not be accurate. As an alternative, we have previously proposed

  11. Development Methodology of a Cyber Security Risk Analysis and Assessment Tool for Digital I and C Systems in Nuclear Power Plant

    International Nuclear Information System (INIS)

    Cha, K. H.; Lee, C. K.; Song, J. G.; Lee, Y. J.; Kim, J. Y.; Lee, J. W.; Lee, D. Y.

    2011-01-01

    With the use of digital computers and communication networks the hot issues on cyber security were raised about 10 years ago. The scope of cyber security application has now been extended from the safety Instrumentation and Control (I and C) system to safety important systems, plant security system, and emergency preparedness system. Therefore, cyber security should be assessed and managed systematically throughout the development life cycle of I and C systems in order for their digital assets to be protected from cyber attacks. Fig. 1 shows the concept of a cyber security risk management of digital I and C systems in nuclear power plants (NPPs). A lot of cyber security risk assessment methods, techniques, and supported tools have been developed for Information Technology (IT) systems, but they have not been utilized widely for cyber security risk assessments of the digital I and C systems in NPPs. The main reason is a difference in goals between IT systems and nuclear I and C systems. Confidentiality is important in IT systems, but availability and integrity are important in nuclear I and C systems. Last year, it was started to develop a software tool to be specialized for the development process of nuclear I and C systems. This paper presents a development methodology of the Cyber Security Risk analysis and Assessment Tool (CSRAT) for the digital I and C systems in NPP

  12. Development Methodology of a Cyber Security Risk Analysis and Assessment Tool for Digital I and C Systems in Nuclear Power Plant

    Energy Technology Data Exchange (ETDEWEB)

    Cha, K. H.; Lee, C. K.; Song, J. G.; Lee, Y. J.; Kim, J. Y.; Lee, J. W.; Lee, D. Y. [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of)

    2011-05-15

    With the use of digital computers and communication networks the hot issues on cyber security were raised about 10 years ago. The scope of cyber security application has now been extended from the safety Instrumentation and Control (I and C) system to safety important systems, plant security system, and emergency preparedness system. Therefore, cyber security should be assessed and managed systematically throughout the development life cycle of I and C systems in order for their digital assets to be protected from cyber attacks. Fig. 1 shows the concept of a cyber security risk management of digital I and C systems in nuclear power plants (NPPs). A lot of cyber security risk assessment methods, techniques, and supported tools have been developed for Information Technology (IT) systems, but they have not been utilized widely for cyber security risk assessments of the digital I and C systems in NPPs. The main reason is a difference in goals between IT systems and nuclear I and C systems. Confidentiality is important in IT systems, but availability and integrity are important in nuclear I and C systems. Last year, it was started to develop a software tool to be specialized for the development process of nuclear I and C systems. This paper presents a development methodology of the Cyber Security Risk analysis and Assessment Tool (CSRAT) for the digital I and C systems in NPP

  13. Understanding the Adoption Process of National Security Technology: An Integration of Diffusion of Innovations and Volitional Behavior Theories.

    Science.gov (United States)

    Iles, Irina A; Egnoto, Michael J; Fisher Liu, Brooke; Ackerman, Gary; Roberts, Holly; Smith, Daniel

    2017-11-01

    After the 9/11 terrorist attacks, the U.S. government initiated several national security technology adoption programs. The American public, however, has been skeptical about these initiatives and adoption of national security technologies has been mandated, rather than voluntary. We propose and test a voluntary behavioral intention formation model for the adoption of one type of new security technology: portable radiation detectors. Portable radiation detectors are an efficient way of detecting radiological and nuclear threats and could potentially prevent loss of life and damage to individuals' health. However, their functioning requires that a critical mass of individuals use them on a daily basis. We combine the explanatory advantages of diffusion of innovation with the predictive power of two volitional behavior frameworks: the theory of reasoned action and the health belief model. A large sample survey (N = 1,482) investigated the influence of factors identified in previous diffusion of innovation research on portable radiation detector adoption intention. Results indicated that nonfinancial incentives, as opposed to financial incentives, should be emphasized in persuasive communications aimed at fostering adoption. The research provides a new integration of diffusion of innovation elements with determinants of volitional behavior from persuasion literature, and offers recommendations on effective communication about new security technologies to motivate public adoption and enhance national safety. © 2017 Society for Risk Analysis.

  14. Soils and food security | Nortcliff | Nigerian Journal of Technological ...

    African Journals Online (AJOL)

    A threat impacting on food security strongly in Africa is nutrient mining where insufficient nutrients are returned to the soil after crop production. The impacts of global change on food security and the potential impacts of global markets for food and land are also briefly discussed. Nigerian Journal of Technological Research ...

  15. A Security Risk Measurement for the RAdAC Model

    National Research Council Canada - National Science Library

    Britton, David W; Brown, Ian A

    2007-01-01

    .... The intent is to quantify the risk involved in a single information transaction. Additionally, this thesis will attempt to identify the risk factors involved when calculating the total security risk measurement...

  16. Risk assessment of security systems based on entropy theory and the Neyman–Pearson criterion

    International Nuclear Information System (INIS)

    Lv, Haitao; Yin, Chao; Cui, Zongmin; Zhan, Qin; Zhou, Hongbo

    2015-01-01

    For a security system, the risk assessment is an important method to verdict whether its protection effectiveness is good or not. In this paper, a security system is regarded abstractly as a network by the name of a security network. A security network is made up of security nodes that are abstract functional units with the ability of detecting, delaying and responding. By the use of risk entropy and the Neyman–Pearson criterion, we construct a model to computer the protection probability of any position in the area where a security network is deployed. We provide a solution to find the most vulnerable path of a security network and the protection probability on the path is considered as the risk measure. Finally, we study the effect of some parameters on the risk and the breach protection probability of a security network. Ultimately, we can gain insight about the risk assessment of a security system. - Highlights: • A security system is regarded abstractly as a network made up of security nodes. • We construct a model to computer the protection probability provided by a security network. • We provide a better solution to find the most vulnerable path of a security network. • We build a risk assessment model for a security network based on the most vulnerable path

  17. Energy systems security

    CERN Document Server

    Voeller, John G

    2014-01-01

    Energy Systems Security features articles from the Wiley Handbook of Science and Technology for Homeland Security covering topics related to electricity transmission grids and their protection, risk assessment of energy systems, analysis of interdependent energy networks. Methods to manage electricity transmission disturbances so as to avoid blackouts are discussed, and self-healing energy system and a nano-enabled power source are presented.

  18. Guidelines for developing NASA (National Aeronautics and Space Administration) ADP security risk management plans

    Science.gov (United States)

    Tompkins, F. G.

    1983-01-01

    This report presents guidance to NASA Computer security officials for developing ADP security risk management plans. The six components of the risk management process are identified and discussed. Guidance is presented on how to manage security risks that have been identified during a risk analysis performed at a data processing facility or during the security evaluation of an application system.

  19. A review of game theory approach to cyber security risk management

    African Journals Online (AJOL)

    A review of game theory approach to cyber security risk management. ... This paper presents a review of game theoretic-based model for cyber security risk management. Specifically, issues on ... AJOL African Journals Online. HOW TO USE ...

  20. The Firewall and Security of Information Systems

    OpenAIRE

    Radut Carmen; Albici Mihaela; Tenovici Cristina Otilia

    2010-01-01

    Information security is a broader concept which refers to ensuring the integrity, confidentiality and availability of information. The dynamics of information technology to induce new risks to which organizations must implement new measures of control. Technological development has been accompanied by security solutions, equipment manufacturers and applications including technical methods of protection performance. However, while in information technology change is exponential, the human comp...

  1. External Service Providers to the National Security Technology Incubator: Formalization of Relationships

    Energy Technology Data Exchange (ETDEWEB)

    None

    2008-04-30

    This report documents the formalization of relationships with external service providers in the development of the National Security Technology Incubator (NSTI). The technology incubator is being developed as part of the National Security Preparedness Project (NSPP), funded by a Department of Energy (DOE)/National Nuclear Security Administration (NNSA) grant. This report summarizes the process in developing and formalizing relationships with those service providers and includes a sample letter of cooperation executed with each provider.

  2. The Search for Security Technology Funding.

    Science.gov (United States)

    Fickes, Michael

    2003-01-01

    Explains that although it is difficult to find money to pay for school security technology, there are places to look. For example, the Department of Education has a list serve that summarizes various funding opportunities. There is also a Federal Register list serve and a site put out by the Department of Justice. A sidebar presents three…

  3. Risk assessment of climate systems for national security.

    Energy Technology Data Exchange (ETDEWEB)

    Backus, George A.; Boslough, Mark Bruce Elrick; Brown, Theresa Jean; Cai, Ximing; Conrad, Stephen Hamilton; Constantine, Paul G; Dalbey, Keith R.; Debusschere, Bert J.; Fields, Richard; Hart, David Blaine; Kalinina, Elena Arkadievna; Kerstein, Alan R.; Levy, Michael; Lowry, Thomas Stephen; Malczynski, Leonard A.; Najm, Habib N.; Overfelt, James Robert; Parks, Mancel Jordan; Peplinski, William J.; Safta, Cosmin; Sargsyan, Khachik; Stubblefield, William Anthony; Taylor, Mark A.; Tidwell, Vincent Carroll; Trucano, Timothy Guy; Villa, Daniel L.

    2012-10-01

    Climate change, through drought, flooding, storms, heat waves, and melting Arctic ice, affects the production and flow of resource within and among geographical regions. The interactions among governments, populations, and sectors of the economy require integrated assessment based on risk, through uncertainty quantification (UQ). This project evaluated the capabilities with Sandia National Laboratories to perform such integrated analyses, as they relate to (inter)national security. The combining of the UQ results from climate models with hydrological and economic/infrastructure impact modeling appears to offer the best capability for national security risk assessments.

  4. Three Essays on Information Technology Security Management in Organizations

    Science.gov (United States)

    Gupta, Manish

    2011-01-01

    Increasing complexity and sophistication of ever evolving information technologies has spurred unique and unprecedented challenges for organizations to protect their information assets. Companies suffer significant financial and reputational damage due to ineffective information technology security management, which has extensively been shown to…

  5. Explore Awareness of Information Security: Insights from Cognitive Neuromechanism.

    Science.gov (United States)

    Han, Dongmei; Dai, Yonghui; Han, Tianlin; Dai, Xingyun

    2015-01-01

    With the rapid development of the internet and information technology, the increasingly diversified portable mobile terminals, online shopping, and social media have facilitated information exchange, social communication, and financial payment for people more and more than ever before. In the meantime, information security and privacy protection have been meeting with new severe challenges. Although we have taken a variety of information security measures in both management and technology, the actual effectiveness depends firstly on people's awareness of information security and the cognition of potential risks. In order to explore the new technology for the objective assessment of people's awareness and cognition on information security, this paper takes the online financial payment as example and conducts an experimental study based on the analysis of electrophysiological signals. Results indicate that left hemisphere and beta rhythms of electroencephalogram (EEG) signal are sensitive to the cognitive degree of risks in the awareness of information security, which may be probably considered as the sign to assess people's cognition of potential risks in online financial payment.

  6. Explore Awareness of Information Security: Insights from Cognitive Neuromechanism

    Directory of Open Access Journals (Sweden)

    Dongmei Han

    2015-01-01

    Full Text Available With the rapid development of the internet and information technology, the increasingly diversified portable mobile terminals, online shopping, and social media have facilitated information exchange, social communication, and financial payment for people more and more than ever before. In the meantime, information security and privacy protection have been meeting with new severe challenges. Although we have taken a variety of information security measures in both management and technology, the actual effectiveness depends firstly on people’s awareness of information security and the cognition of potential risks. In order to explore the new technology for the objective assessment of people’s awareness and cognition on information security, this paper takes the online financial payment as example and conducts an experimental study based on the analysis of electrophysiological signals. Results indicate that left hemisphere and beta rhythms of electroencephalogram (EEG signal are sensitive to the cognitive degree of risks in the awareness of information security, which may be probably considered as the sign to assess people’s cognition of potential risks in online financial payment.

  7. Workshop Summary for Maintaining Innovation and Security in Biotechnology: Lessons Learned from Nuclear, Chemical, and Informational Technologies

    Energy Technology Data Exchange (ETDEWEB)

    Althouse, Paris [Lawrence Livermore National Lab. (LLNL), Livermore, CA (United States)

    2017-10-11

    In the fast-paced field of biotechnology where innovation has such far-reaching impacts on human health and the environment, dealing with the implications of possible illicit activities, accidents or unintended research consequences with potential detrimental societal impacts tends to remain in the background. While controls may be inevitable for the biotech industry, workshop attendees agreed that the way in which controls are implemented will play a major role in the agility and innovation of the biotechnology industry. There is little desire to slow down the pace of the gains while dealing with the security issues that arise. As was seen from the brief examinations of the Nuclear, Chemical, and Information Technology sectors explored in this workshop, establishing a regulatory regime needs to be a partnership between the public, corporate interests, scientists, and the government. Regulation is often written to combat perceived risk rather than actual risk—the public’s perceptions (occasionally even fictional portrayals) can spur regulatory efforts. This leads to the need for a thorough and continuing assessment of the risks posed by modern biotechnology. Inadequate or minimal risk assessment might expedite development in the short term but has potential negative long-term security and economic consequences. Industry and the technical community also often have a large role in setting regulatory policy, especially when well-crafted incentives are incorporated into the regulations. Such incentives might actually lead to enhanced innovation while poorly designed incentives can actually reduce safety and security. Any regulations should be as agile and flexible as the technology they regulate and when applied to biotechnologies they will need a new framework for thinking and implementing. The new framework should consider biotechnology as a technology and not simply a science since it is an extremely complex and adaptive system. This suggests the need to invest

  8. Competitive Technologies for National Security: Review and Recommendations

    National Research Council Canada - National Science Library

    Carafano, James J; Gudgel, Andew; Kochems, Alane

    2008-01-01

    .... Innovation will always be a national security wild card. New technologies may unleash or accelerate social and cultural changes that affect how nations protect themselves on battlefields and behind the scenes...

  9. After Globalization Future Security in a Technology Rich World

    Energy Technology Data Exchange (ETDEWEB)

    Gilmartin,T J

    2001-08-17

    Over the course of the year 2000, five workshops were conducted by the Center for Global Security Research at the Lawrence Livermore National Laboratory on threats to international security in the 2015 to 2020 timeframe due to the global availability of advanced technology. These workshops focused on threats that are enabled by nuclear, missile, and space technology; military technology; information technology; bio technology; and geo systems technology. The participants included US national leaders and experts from the Department of Energy National Laboratories; the Department of Defense: Army, Navy, Air Force, Office of the Secretary of Defense, Defense Threat Reduction Agency, and Defense Advanced Research Projects Agency; the Department of State, NASA, Congressional technical staff, the intelligence community, universities and university study centers, think tanks, consultants on security issues, and private industry. For each workshop the process of analysis involved identification and prioritization of the participants' perceived most severe threat scenarios (worst nightmares), discussion of the technologies which enabled those threats, and ranking of the technologies' threat potentials. The threats ranged from local/regional to global, from intentional to unintended to natural, from merely economic to massively destructive, and from individual and group to state actions. We were not concerned in this exercise with defining responses to the threats, although our assessment of each threat's severity included consideration of the ease or difficulty with which it might be executed or countered. At the concluding review, we brought the various workshops' participants together, added senior participant/reviewers with broad experience and national responsibility, and discussed the workshop findings to determine what is most certain or uncertain, and what might be needed to resolve our uncertainties. This paper summarizes the consenses and

  10. A study of the security technology and a new security model for WiFi network

    Science.gov (United States)

    Huang, Jing

    2013-07-01

    The WiFi network is one of the most rapidly developing wireless communication networks, which makes wireless office and wireless life possible and greatly expands the application form and scope of the internet. At the same time, the WiFi network security has received wide attention, and this is also the key factor of WiFi network development. This paper makes a systematic introduction to the WiFi network and WiFi network security problems, and the WiFi network security technology are reviewed and compared. In order to solve the security problems in WiFi network, this paper presents a new WiFi network security model and the key exchange algorithm. Experiments are performed to test the performance of the model, the results show that the new security model can withstand external network attack and ensure stable and safe operation of WiFi network.

  11. The secret to health information technology's success within the diabetes patient population: a comprehensive privacy and security framework.

    Science.gov (United States)

    Pandya, Sheel M

    2010-05-01

    Congress made an unprecedented investment in health information technology (IT) when it passed the American Recovery and Reinvestment Act in February 2009. Health IT provides enormous opportunities to improve health care quality, reduce costs, and engage patients in their own care. But the potential payoff for use of health IT for diabetes care is magnified given the prevalence, cost, and complexity of the disease. However, without proper privacy and security protections in place, diabetes patient data are at risk of misuse, and patient trust in the system is undermined. We need a comprehensive privacy and security framework that articulates clear parameters for access, use, and disclosure of diabetes patient data for all entities storing and exchanging electronic data. (c) 2010 Diabetes Technology Society.

  12. Using Science Driven Technologies for the Defense and Security Applications

    Science.gov (United States)

    Habib, Shahid; Zukor, Dorthy; Ambrose, Stephen D.

    2004-01-01

    For the past three decades, Earth science remote sensing technologies have been providing enormous amounts of useful data and information in broadening our understanding of our home planet as a system. This research, as it has expanded our learning process, has also generated additional questions. This has further resulted in establishing new science requirements, which have culminated in defining and pushing the state-of-the-art technology needs. NASA s Earth science program has deployed 18 highly complex satellites, with a total of 80 sensors, so far and is in a process of defining and launching multiple observing systems in the next decade. Due to the heightened security alert of the nation, researchers and technologists are paying serious attention to the use of these science driven technologies for dual use. In other words, how such sophisticated observing and measuring systems can be used in detecting multiple types of security concerns with a substantial lead time so that the appropriate law enforcement agencies can take adequate steps to defuse any potential risky scenarios. This paper examines numerous NASA technologies such as laser/lidar systems, microwave and millimeter wave technologies, optical observing systems, high performance computational techniques for rapid analyses, and imaging products that can have a tremendous pay off for security applications.

  13. Data security and risk assessment in cloud computing

    Directory of Open Access Journals (Sweden)

    Li Jing

    2018-01-01

    Full Text Available Cloud computing has attracted more and more attention as it reduces the cost of IT infrastructure of organizations. In our country, business Cloud services, such as Alibaba Cloud, Huawei Cloud, QingCloud, UCloud and so on are gaining more and more uses, especially small or median organizations. In the cloud service scenario, the program and data are migrating into cloud, resulting the lack of trust between customers and cloud service providers. However, the recent study on Cloud computing is mainly focused on the service side, while the data security and trust have not been sufficiently studied yet. This paper investigates into the data security issues from data life cycle which includes five steps when an organization uses Cloud computing. A data management framework is given out, including not only the data classification but also the risk management framework. Concretely, the data is divided into two varieties, business and personal information. And then, four classification levels (high, medium, low, normal according to the different extent of the potential adverse effect is introduced. With the help of classification, the administrators can identify the application or data to implement corresponding security controls. At last, the administrators conduct the risk assessment to alleviate the risk of data security. The trust between customers and cloud service providers will be strengthen through this way.

  14. Risk Analysis and Security Countermeasure Selection

    CERN Document Server

    Norman, Thomas L

    2009-01-01

    Explains how to evaluate the appropriateness of security countermeasures, from a cost-effectiveness perspective. This title guides readers from basic principles to complex processes in a step-by-step fashion, evaluating DHS-approved risk assessment methods, including CARVER, API/NPRA, RAMCAP, and various Sandia methodologies

  15. INFORMATION SECURITY RISK ASSESSMENT USING EXISTING LEGAL AND METHODOLOGICAL BASE

    Directory of Open Access Journals (Sweden)

    A. I. Trubei

    2015-01-01

    Full Text Available The article provides a survey of the existing regulatory framework for information security riskmanagement. Practical methods for information security risk and vulnerability assessment are proposed.

  16. New technologies and the search for security: Prospects for a post-cold-war era

    International Nuclear Information System (INIS)

    Brown, G.E. Jr.

    1990-01-01

    Technology alone will not solve our many environmental, economic and military problems. The search for peace and security must be based on a concept of international security that extends beyond the bounds of military concerns and into the realm of environmental and economic matters. In our efforts to understand how science and technology fit within this security context, we should not look simply at emerging technologies, even those that are sustainable and stabilizing, as being the principal candidates for drastic improvements in peace and security on our planet. One must keep in mind that security for as many as one fourth to one half of the world's inhabitants would be revolutionized if they had access to some of the most basic existing technologies of our times. Equitable access to resources and technology is an age-old problem. Today it must be faced on a global basis. It demands creating a new world economic order that combines the best that the capitalist and socialist economies can offer. We must declare today that a secure global society cannot exist which is half in slavery to poverty and deprived of opportunity, and half free to develop its potential and achieve its dreams

  17. Competition, Speculative Risks, and IT Security Outsourcing

    Science.gov (United States)

    Cezar, Asunur; Cavusoglu, Huseyin; Raghunathan, Srinivasan

    Information security management is becoming a more critical and, simultaneously, a challenging function for many firms. Even though many security managers are skeptical about outsourcing of IT security, others have cited reasons that are used for outsourcing of traditional IT functions for why security outsourcing is likely to increase. Our research offers a novel explanation, based on competitive externalities associated with IT security, for firms' decisions to outsource IT security. We show that if competitive externalities are ignored, then a firm will outsource security if and only if the MSSP offers a quality (or a cost) advantage over in-house operations, which is consistent with the traditional explanation for security outsourcing. However, a higher quality is neither a prerequisite nor a guarantee for a firm to outsource security. The competitive risk environment and the nature of the security function outsourced, in addition to quality, determine firms' outsourcing decisions. If the reward from the competitor's breach is higher than the loss from own breach, then even if the likelihood of a breach is higher under the MSSP the expected benefit from the competitive demand externality may offset the loss from the higher likelihood of breaches, resulting in one or both firms outsourcing security. The incentive to outsource security monitoring is higher than that of infrastructure management because the MSSP can reduce the likelihood of breach on both firms and thus enhance the demand externality effect. The incentive to outsource security monitoring (infrastructure management) is higher (lower) if either the likelihood of breach on both firms is lower (higher) when security is outsourced or the benefit (relative to loss) from the externality is higher (lower). The benefit from the demand externality arising out of a security breach is higher when more of the customers that leave the breached firm switch to the non-breached firm.

  18. Public assessment of new surveillance-oriented security technologies: Beyond the trade-off between privacy and security.

    Science.gov (United States)

    Pavone, Vincenzo; Esposti, Sara Degli

    2012-07-01

    As surveillance-oriented security technologies (SOSTs) are considered security enhancing but also privacy infringing, citizens are expected to trade part of their privacy for higher security. Drawing from the PRISE project, this study casts some light on how citizens actually assess SOSTs through a combined analysis of focus groups and survey data. First, the outcomes suggest that people did not assess SOSTs in abstract terms but in relation to the specific institutional and social context of implementation. Second, from this embedded viewpoint, citizens either expressed concern about government's surveillance intentions and considered SOSTs mainly as privacy infringing, or trusted political institutions and believed that SOSTs effectively enhanced their security. None of them, however, seemed to trade privacy for security because concerned citizens saw their privacy being infringed without having their security enhanced, whilst trusting citizens saw their security being increased without their privacy being affected.

  19. Practical Methods for Information Security Risk Management

    Directory of Open Access Journals (Sweden)

    Cristian AMANCEI

    2011-01-01

    Full Text Available The purpose of this paper is to present some directions to perform the risk man-agement for information security. The article follows to practical methods through question-naire that asses the internal control, and through evaluation based on existing controls as part of vulnerability assessment. The methods presented contains all the key elements that concurs in risk management, through the elements proposed for evaluation questionnaire, list of threats, resource classification and evaluation, correlation between risks and controls and residual risk computation.

  20. New technologies in the management of risk and violence in forensic settings.

    Science.gov (United States)

    Tully, John; Larkin, Fintan; Fahy, Thomas

    2015-06-01

    Novel technological interventions are increasingly used in mental health settings. In this article, we describe 3 novel technological strategies in use for management of risk and violence in 2 forensic psychiatry settings in the United Kingdom: electronic monitoring by GPS-based tracking devices of patients on leave from a medium secure service in London, and closed circuit television (CCTV) monitoring and motion sensor technology at Broadmoor high secure hospital. A common theme is the use of these technologies to improve the completeness and accuracy of data used by clinicians to make clinical decisions. Another common thread is that each of these strategies supports and improves current clinical approaches rather than drastically changing them. The technologies offer a broad range of benefits. These include less restrictive options for patients, improved accountability of both staff and patients, less invasive testing, improved automated record-keeping, and better assurance reporting. Services utilizing technologies need also be aware of limitations. Technologies may be seen as unduly restrictive by patients and advocates, and technical issues may reduce effectiveness. It is vital that the types of technological innovations described in this article should be subject to thorough evaluation that addresses cost effectiveness, qualitative analysis of patients' attitudes, safety, and ethical considerations.

  1. Context-sensitive Information security Risk identification and evaluation techniques

    NARCIS (Netherlands)

    Ionita, Dan

    2014-01-01

    The objective of my research is to improve and support the process of Information security Risk Assessment by designing a scalable Risk argumentation framework for socio-digital-technical Risk. Due to the various types of IT systems, diversity of architectures and dynamic nature of Risk, there is no

  2. Towards a framework for teaching about information technology risk in health care: Simulating threats to health data and patient safety

    Directory of Open Access Journals (Sweden)

    Elizabeth M. Borycki

    2015-09-01

    Full Text Available In this paper the author describes work towards developing an integrative framework for educating health information technology professionals about technology risk. The framework considers multiple sources of risk to health data quality and integrity that can result from the use of health information technology (HIT and can be used to teach health professional students about these risks when using health technologies. This framework encompasses issues and problems that may arise from varied sources, including intentional alterations (e.g. resulting from hacking and security breaches as well as unintentional breaches and corruption of data (e.g. resulting from technical problems, or from technology-induced errors. The framework that is described has several levels: the level of human factors and usability of HIT, the level of monitoring of security and accuracy, the HIT architectural level, the level of operational and physical checks, the level of healthcare quality assurance policies and the data risk management strategies level. Approaches to monitoring and simulation of risk are also discussed, including a discussion of an innovative approach to monitoring potential quality issues. This is followed by a discussion of the application (using computer simulations to educate both students and health information technology professionals about the impact and spread of technology-induced and related types of data errors involving HIT.

  3. 78 FR 41954 - TA-W-82,634, Prudential Global Business Technology Solutions Central Security Services Dresher...

    Science.gov (United States)

    2013-07-12

    ... Business Technology Solutions Central Security Services Iselin, New Jersey; TA-W-82,634B, Prudential Global Business Technology Solutions Central Security Services Plymouth, Minnesota; TA- W-82,634C, Prudential Global Business Technology Solutions Central Security Services Scottsdale, Arizona; TA-W-82,634D...

  4. RiskREP: Risk-Based Security Requirements Elicitation and Prioritization

    NARCIS (Netherlands)

    Herrmann, Andrea; Morali, A.; Etalle, Sandro; Wieringa, Roelf J.; Niedrite, Laila; Strazdina, Renate; Wangler, Benkt

    2011-01-01

    Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement “good-enough security‿ but need to be able to justify their security investment plans. In this paper, we present a Risk-Based

  5. INTERNET SECURITYTECHNOLOGY AND SOCIAL AWARENESS OF THE DANGERS

    Directory of Open Access Journals (Sweden)

    Laskowski Piotr Paweł

    2017-06-01

    Full Text Available The article describes selected issues related to user safety on the Internet. This safety consists of a number of factors such as the technology that we use to communicate and to browse the Internet, and habits and behaviors that we have acquired and through which we can identify at least some typical hazards encountered on the Web. Knowledge of software and the ability to use it and to configure it properly as well as checking regularly for security updates reduces the risk of data loss or identity theft. Public awareness of threats continues to grow, but there are also new, previously unknown threats; that is why it is so important to inform of the dangers by all available channels of communication.

  6. Work-related violence against security guards--who is most at risk?

    Science.gov (United States)

    Leino, Tuula; Selin, Risto; Summala, Heikki; Virtanen, Marianna

    2011-01-01

    Studies on violence in the work of security guards are largely lacking. This study is unique in that it focuses on security guards (n=1,010) in Finland, and assesses the different forms, prevalence, and risk factors of the work-related violence they often face. Information to a survey instrument was obtained by first interviewing 30 volunteers. Then we made a cross-sectional mailed survey that was sent to a randomized group of 2,000 security guards. The response rate was 52. We found the prevalence of verbal aggression, threats of assault, and physical acts against security guards at least once a month to be 39%, 19%, and 15% respectively. As regards risk factors and who is most at risk, our results show that male gender, young age, low work experience, late working hours, and time pressure were associated with all three forms of work-related violence. Unlike other forms of violence, verbal aggression was highly prevalent outside the metropolitan area and directed towards both more and less experienced security guards. In prevention policies for violence, it is important to identify high-risk groups such as those who have less work experience.

  7. Video calls from lay bystanders to dispatch centers - risk assessment of information security.

    Science.gov (United States)

    Bolle, Stein R; Hasvold, Per; Henriksen, Eva

    2011-09-30

    Video calls from mobile phones can improve communication during medical emergencies. Lay bystanders can be instructed and supervised by health professionals at Emergency Medical Communication Centers. Before implementation of video mobile calls in emergencies, issues of information security should be addressed. Information security was assessed for risk, based on the information security standard ISO/IEC 27005:2008. A multi-professional team used structured brainstorming to find threats to the information security aspects confidentiality, quality, integrity, and availability. Twenty security threats of different risk levels were identified and analyzed. Solutions were proposed to reduce the risk level. Given proper implementation, we found no risks to information security that would advocate against the use of video calls between lay bystanders and Emergency Medical Communication Centers. The identified threats should be used as input to formal requirements when planning and implementing video calls from mobile phones for these call centers.

  8. 28 CFR 105.11 - Individuals not requiring a security risk assessment.

    Science.gov (United States)

    2010-07-01

    ... requiring a security risk assessment. (a) Citizens and nationals of the United States. A citizen or national... 28 Judicial Administration 2 2010-07-01 2010-07-01 false Individuals not requiring a security risk assessment. 105.11 Section 105.11 Judicial Administration DEPARTMENT OF JUSTICE (CONTINUED) CRIMINAL HISTORY...

  9. 78 FR 56263 - HydroGen Corp., QueryObject Systems Corp., Security Intelligence Technologies, Inc., Skins, Inc...

    Science.gov (United States)

    2013-09-12

    ... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] HydroGen Corp., QueryObject Systems Corp., Security Intelligence Technologies, Inc., Skins, Inc., SLM Holdings, Inc., Spring Creek Healthcare Systems... securities of Security Intelligence Technologies, Inc. because it has not filed any periodic reports since...

  10. Security technology discussion for emergency command system of nuclear power plant

    International Nuclear Information System (INIS)

    Liu Zhenjun

    2014-01-01

    Nuclear power plant emergency command system can provide valuable data for emergency personnel, such as the unit data, weather data, environmental radiation data. In the course of emergency response, the emergency command system provides decision support to quickly and effectively control and mitigate the consequences of the nuclear accident, to avoid and reduce the dose received by staff and the public, to protect the environment and the public. There are high performance requirements on the security of the system and the data transmission. Based on the previous project and new demand after the Fukushima incident, the security technology design of emergency system in nuclear power plant was discussed. The results show that the introduction of information security technology can effectively ensure the security of emergency systems, and enhance the capacity of nuclear power plant to deal with nuclear accidents. (author)

  11. New technologies and the search for security: Prospects for a post-cold-war era

    Energy Technology Data Exchange (ETDEWEB)

    Brown, Jr, G E

    1991-12-31

    Technology alone will not solve our many environmental, economic and military problems. The search for peace and security must be based on a concept of international security that extends beyond the bounds of military concerns and into the realm of environmental and economic matters. In our efforts to understand how science and technology fit within this security context, we should not look simply at emerging technologies, even those that are sustainable and stabilizing, as being the principal candidates for drastic improvements in peace and security on our planet. One must keep in mind that security for as many as one fourth to one half of the world`s inhabitants would be revolutionized if they had access to some of the most basic existing technologies of our times. Equitable access to resources and technology is an age-old problem. Today it must be faced on a global basis. It demands creating a new world economic order that combines the best that the capitalist and socialist economies can offer. We must declare today that a secure global society cannot exist which is half in slavery to poverty and deprived of opportunity, and half free to develop its potential and achieve its dreams

  12. Technological risk

    Energy Technology Data Exchange (ETDEWEB)

    Dierkes, M; Coppock, R; Edwards, S

    1980-01-01

    The book begins with brief statements from representatives of political organizations. Part II presents an overview of the discussion about the control and management of technological progress. Parts III and IV discuss important elements in citizens' perception of technological risks and the development of consensus on how to deal with them. In Part V practical problems in the application of risk assessment and management, and in Part VI additional points are summarized.

  13. Technological risk

    International Nuclear Information System (INIS)

    Dierkes, M.; Coppock, R.; Edwards, S.

    1980-01-01

    The book begins with brief statements from representatives of political organizations. Part II presents an overview of the discussion about the control and management of technological progress. Parts III and IV discuss important elements in citizens' perception of technological risks and the development of consensus on how to deal with them. In Part V practical problems in the application of risk assessment and management, and in Part VI additional points are summarized. (DG)

  14. Technology scale and supply chains in a secure, affordable and low carbon energy transition

    International Nuclear Information System (INIS)

    Hoggett, Richard

    2014-01-01

    Highlights: • Energy systems need to decarbonise, provide security and remain affordable. • There is uncertainty over which technologies will best enable this to happen. • A strategy to deal with uncertainty is to assess a technologies ability to show resilience, flexibility and adaptability. • Scale is important and smaller scale technologies are like to display the above characteristics. • Smaller scale technologies are therefore more likely to enable a sustainable, secure, and affordable energy transition. - Abstract: This research explores the relationship between technology scale, energy security and decarbonisation within the UK energy system. There is considerable uncertainty about how best to deliver on these goals for energy policy, but a focus on supply chains and their resilience can provide useful insights into the problems uncertainty causes. Technology scale is central to this, and through an analysis of the supply chains of nuclear power and solar photovoltaics, it is suggested that smaller scale technologies are more likely to support and enable a secure, low carbon energy transition. This is because their supply chains are less complex, show more flexibility and adaptability, and can quickly respond to changes within an energy system, and as such they are more resilient than large scale technologies. These characteristics are likely to become increasingly important in a rapidly changing energy system, and prioritising those technologies that demonstrate resilience, flexibility and adaptability will better enable a transition that is rapid, sustainable, secure and affordable

  15. 78 FR 45255 - Homeland Security Science and Technology Advisory Committee (HSSTAC)

    Science.gov (United States)

    2013-07-26

    ..., cyber-security, knowledge management and how best to leverage related technologies funded by other... INFORMATION CONTACT: Mary Hanson, HSSTAC Executive Director, Science and Technology Directorate, Department of... Technology Advisory Committee (HSSTAC) ACTION: Notice of Federal Advisory Committee charter renewal. SUMMARY...

  16. A Cyber Security Risk Assessment Procedure for Digital I and C Systems in NPPs

    International Nuclear Information System (INIS)

    Song, J. G.; Lee, J. W.; Lee, C. K.; Kwon, K. C.; Lee, D. Y.

    2011-01-01

    Digital Instrumentation and Control (I and C) systems in nuclear power plants (NPPs) use general digital technologies similar to those used in IT systems. However, one of significant differences between the two systems resides in the duration of their service life. The I and C systems in NPPs operate for more than 20 years. IT systems, on the other hand, are in service for about 3 to 5 years. Hence, a one-time risk assessment for IT systems is normally acceptable. In contrast, the risk assessment for the I and C systems in NPPs should be recursively performed during their longer operation life. A recursive procedure for cyber security risk assessment of the I and C systems in NPPs is studied and proposed in this paper

  17. A Cyber Security Risk Assessment Procedure for Digital I and C Systems in NPPs

    Energy Technology Data Exchange (ETDEWEB)

    Song, J. G.; Lee, J. W.; Lee, C. K.; Kwon, K. C.; Lee, D. Y. [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of)

    2011-10-15

    Digital Instrumentation and Control (I and C) systems in nuclear power plants (NPPs) use general digital technologies similar to those used in IT systems. However, one of significant differences between the two systems resides in the duration of their service life. The I and C systems in NPPs operate for more than 20 years. IT systems, on the other hand, are in service for about 3 to 5 years. Hence, a one-time risk assessment for IT systems is normally acceptable. In contrast, the risk assessment for the I and C systems in NPPs should be recursively performed during their longer operation life. A recursive procedure for cyber security risk assessment of the I and C systems in NPPs is studied and proposed in this paper

  18. Probabilistic safety assessment technology for commercial nuclear power plant security evaluation

    International Nuclear Information System (INIS)

    Liming, J.K.; Johnson, D.H.; Dykes, A.A.

    2004-01-01

    Commercial nuclear power plant physical security has received much more intensive treatment and regulatory attention since September 11, 2001. In light of advancements made by the nuclear power industry in the field of probabilistic safety assessment (PSA) for its power plants over that last 30 years, and given the many examples of successful applications of risk-informed regulation at U. S. nuclear power plants during recent years, it may well be advisable to apply a 'risk-informed' approach to security management at nuclear power plants from now into the future. In fact, plant PSAs developed in response to NRC Generic Letter 88-20 and related requirements are used to help define target sets of critical plant safety equipment in our current security exercises for the industry. With reasonable refinements, plant PSAs can be used to identify, analyze, and evaluate reasonable and prudent approaches to address security issues and associated defensive strategies at nuclear power plants. PSA is the ultimate scenario-based approach to risk assessment, and thus provides a most powerful tool in identifying and evaluating potential risk management decisions. This paper provides a summary of observations of factors that are influencing or could influence cost-effective or 'cost-reasonable' security management decision-making in the current political environment, and provides recommendations for the application of PSA tools and techniques to the nuclear power plant operational safety response exercise process. The paper presents a proposed framework for nuclear power plant probabilistic terrorist risk assessment that applies these tools and techniques. (authors)

  19. Electrical markets, energy security and technology diversification: nuclear as cover against gas and carbon price risks?

    International Nuclear Information System (INIS)

    Roques, F.A.; Newbery, D.M.; Nuttall, W.J.; Neufville, R. de

    2005-01-01

    Recent tension in the oil and gas markets has brought back the concept of energy offer diversification. Electrical production technology diversification in a country helps improve the security of supply and make up for the negative effects of hydrocarbons price variations. The portfolio and real options theories help to quantify the optimum diversification level for a country or a power company. The cover value of a nuclear investment for a power company facing cost uncertainties (price of gas and of carbon dioxide emission permit) and proceeds (price of electricity) is assessed. A strong link between the prices of gas and electricity reduces incentives to private producers to diversify, disputing the capacity of a liberalized electrical market to achieve optimum technology diversity from a domestic point of view. (authors)

  20. BYOD Security: A New Business Challenge

    OpenAIRE

    Downer, K.; Bhattacharya, Maumita

    2016-01-01

    Bring Your Own Device (BYOD) is a rapidly growing trend in businesses concerned with information technology. BYOD presents a unique list of security concerns for businesses implementing BYOD policies. Recent publications indicate a definite awareness of risks involved in incorporating BYOD into business, however it is still an underrated issue compared to other IT security concerns. This paper focuses on two key BYOD security issues: security challenges and available frameworks. A taxonomy sp...

  1. Clean fuel technology for world energy security

    Energy Technology Data Exchange (ETDEWEB)

    Sunjay, Sunjay

    2010-09-15

    Clean fuel technology is the integral part of geoengineering and green engineering with a view to global warming mitigation. Optimal utilization of natural resources coal and integration of coal & associated fuels with hydrocarbon exploration and development activities is pertinent task before geoscientist with evergreen energy vision with a view to energy security & sustainable development. Value added technologies Coal gasification,underground coal gasification & surface coal gasification converts solid coal into a gas that can be used for power generation, chemical production, as well as the option of being converted into liquid fuels.

  2. High-Performance Secure Database Access Technologies for HEP Grids

    Energy Technology Data Exchange (ETDEWEB)

    Matthew Vranicar; John Weicher

    2006-04-17

    The Large Hadron Collider (LHC) at the CERN Laboratory will become the largest scientific instrument in the world when it starts operations in 2007. Large Scale Analysis Computer Systems (computational grids) are required to extract rare signals of new physics from petabytes of LHC detector data. In addition to file-based event data, LHC data processing applications require access to large amounts of data in relational databases: detector conditions, calibrations, etc. U.S. high energy physicists demand efficient performance of grid computing applications in LHC physics research where world-wide remote participation is vital to their success. To empower physicists with data-intensive analysis capabilities a whole hyperinfrastructure of distributed databases cross-cuts a multi-tier hierarchy of computational grids. The crosscutting allows separation of concerns across both the global environment of a federation of computational grids and the local environment of a physicist’s computer used for analysis. Very few efforts are on-going in the area of database and grid integration research. Most of these are outside of the U.S. and rely on traditional approaches to secure database access via an extraneous security layer separate from the database system core, preventing efficient data transfers. Our findings are shared by the Database Access and Integration Services Working Group of the Global Grid Forum, who states that "Research and development activities relating to the Grid have generally focused on applications where data is stored in files. However, in many scientific and commercial domains, database management systems have a central role in data storage, access, organization, authorization, etc, for numerous applications.” There is a clear opportunity for a technological breakthrough, requiring innovative steps to provide high-performance secure database access technologies for grid computing. We believe that an innovative database architecture where the

  3. High-Performance Secure Database Access Technologies for HEP Grids

    International Nuclear Information System (INIS)

    Vranicar, Matthew; Weicher, John

    2006-01-01

    The Large Hadron Collider (LHC) at the CERN Laboratory will become the largest scientific instrument in the world when it starts operations in 2007. Large Scale Analysis Computer Systems (computational grids) are required to extract rare signals of new physics from petabytes of LHC detector data. In addition to file-based event data, LHC data processing applications require access to large amounts of data in relational databases: detector conditions, calibrations, etc. U.S. high energy physicists demand efficient performance of grid computing applications in LHC physics research where world-wide remote participation is vital to their success. To empower physicists with data-intensive analysis capabilities a whole hyperinfrastructure of distributed databases cross-cuts a multi-tier hierarchy of computational grids. The crosscutting allows separation of concerns across both the global environment of a federation of computational grids and the local environment of a physicist's computer used for analysis. Very few efforts are on-going in the area of database and grid integration research. Most of these are outside of the U.S. and rely on traditional approaches to secure database access via an extraneous security layer separate from the database system core, preventing efficient data transfers. Our findings are shared by the Database Access and Integration Services Working Group of the Global Grid Forum, who states that 'Research and development activities relating to the Grid have generally focused on applications where data is stored in files. However, in many scientific and commercial domains, database management systems have a central role in data storage, access, organization, authorization, etc, for numerous applications'. There is a clear opportunity for a technological breakthrough, requiring innovative steps to provide high-performance secure database access technologies for grid computing. We believe that an innovative database architecture where the secure

  4. Lethal stakes: rig-hand killings show rising security risks abroad

    Energy Technology Data Exchange (ETDEWEB)

    Lorenz, A

    1999-05-03

    The increasing demands for protection money from foreign exploration and pipeline construction companies by left-wing guerrilla groups in various South American countries led to greater attention being focused on security services. This paper discusses the various alternatives to consider when choosing a security service. The experience of a Canadian pipeline company with projects in South America, and in need of security services, is described. The company felt that it was important that the security firm have a Calgary presence. It ended up hiring Calgary Protection Concepts Corporation, which is run by former Canadian police and intelligence officers, who provide a wide range of security services. Staff spend time in the country involved to look over the local security situation, develop contacts with local intelligence officers, and contract overseas agents who arrange for bodyguards, escorts and armored cars. ProCon also helps companies develop crisis management plans, guiding senior personnel through scenarios such as kidnapping, extortion and civil strife. ProCon also has a 24-hour emergency assistance call centre to provide immediate advice, to notify personnel and family members and to monitor the situation. Trust is key to hiring an outside security service since the security firm becomes party to extremely confidential information. Top security firms usually specialize in either security work or political risk analysis, but not both. The reason for this is that there are big differences in mentality, training and capabilities between studying risks and actively guarding against hazards.

  5. Lethal stakes: rig-hand killings show rising security risks abroad

    International Nuclear Information System (INIS)

    Lorenz, A.

    1999-01-01

    The increasing demands for protection money from foreign exploration and pipeline construction companies by left-wing guerrilla groups in various South American countries led to greater attention being focused on security services. This paper discusses the various alternatives to consider when choosing a security service. The experience of a Canadian pipeline company with projects in South America, and in need of security services, is described. The company felt that it was important that the security firm have a Calgary presence. It ended up hiring Calgary Protection Concepts Corporation, which is run by former Canadian police and intelligence officers, who provide a wide range of security services. Staff spend time in the country involved to look over the local security situation, develop contacts with local intelligence officers, and contract overseas agents who arrange for bodyguards, escorts and armored cars. ProCon also helps companies develop crisis management plans, guiding senior personnel through scenarios such as kidnapping, extortion and civil strife. ProCon also has a 24-hour emergency assistance call centre to provide immediate advice, to notify personnel and family members and to monitor the situation. Trust is key to hiring an outside security service since the security firm becomes party to extremely confidential information. Top security firms usually specialize in either security work or political risk analysis, but not both. The reason for this is that there are big differences in mentality, training and capabilities between studying risks and actively guarding against hazards

  6. Flood Risk Assessment Based On Security Deficit Analysis

    Science.gov (United States)

    Beck, J.; Metzger, R.; Hingray, B.; Musy, A.

    Risk is a human perception: a given risk may be considered as acceptable or unac- ceptable depending on the group that has to face that risk. Flood risk analysis of- ten estimates economic losses from damages, but neglects the question of accept- able/unacceptable risk. With input from land use managers, politicians and other stakeholders, risk assessment based on security deficit analysis determines objects with unacceptable risk and their degree of security deficit. Such a risk assessment methodology, initially developed by the Swiss federal authorities, is illustrated by its application on a reach of the Alzette River (Luxembourg) in the framework of the IRMA-SPONGE FRHYMAP project. Flood risk assessment always involves a flood hazard analysis, an exposed object vulnerability analysis, and an analysis combing the results of these two previous analyses. The flood hazard analysis was done with the quasi-2D hydraulic model FldPln to produce flood intensity maps. Flood intensity was determined by the water height and velocity. Object data for the vulnerability analysis, provided by the Luxembourg government, were classified according to their potential damage. Potential damage is expressed in terms of direct, human life and secondary losses. A thematic map was produced to show the object classification. Protection goals were then attributed to the object classes. Protection goals are assigned in terms of an acceptable flood intensity for a certain flood frequency. This is where input from land use managers and politicians comes into play. The perception of risk in the re- gion or country influences the protection goal assignment. Protection goals as used in Switzerland were used in this project. Thematic maps showing the protection goals of each object in the case study area for a given flood frequency were produced. Com- parison between an object's protection goal and the intensity of the flood that touched the object determine the acceptability of the risk and the

  7. Information Technology Security Professionals' Knowledge and Use Intention Based on UTAUT Model

    Science.gov (United States)

    Kassa, Woldeloul

    2016-01-01

    Information technology (IT) security threats and vulnerabilities have become a major concern for organizations in the United States. However, there has been little research on assessing the effect of IT security professionals' knowledge on the use of IT security controls. This study examined the unified theory of acceptance and use of technology…

  8. Agent-Based Modelling for Security Risk Assessment

    NARCIS (Netherlands)

    Janssen, S.A.M.; Sharpans'kykh, Alexei; Bajo, J.; Vale, Z.; Hallenborg, K.; Rocha, A.P.; Mathieu, P.; Pawlewski, P.; Del Val, E.; Novais, P.; Lopes, F.; Duque Méndez, N.D.; Julián, V.; Holmgren, J.

    2017-01-01

    Security Risk Assessment is commonly performed by using traditional methods based on linear probabilistic tools and informal expert judgements. These methods lack the capability to take the inherent dynamic and intelligent nature of attackers into account. To partially address the limitations,

  9. INFORMATION SECURITY RISKS OPTIMIZATION IN CLOUDY SERVICES ON THE BASIS OF LINEAR PROGRAMMING

    Directory of Open Access Journals (Sweden)

    I. A. Zikratov

    2013-01-01

    Full Text Available The paper discusses theoretical aspects of secure cloud services creation for information processing of various confidentiality degrees. A new approach to the reasoning of information security composition in distributed computing structures is suggested, presenting the problem of risk assessment as an extreme problem of decisionmaking. Linear programming method application is proved to minimize the risk of information security for given performance security in compliance with the economic balance for the maintenance of security facilities and cost of services. An example is given to illustrate the obtained theoretical results.

  10. MOBILE DEVICES AND EFFECTIVE INFORMATION SECURITY

    Directory of Open Access Journals (Sweden)

    Igor Bernik

    2013-05-01

    Full Text Available Rapidly increasing numbers of sophisticated mobile devices (smart phones, tab computers, etc. all over the world mean that ensuring information security will only become a more pronounced problem for individuals and organizations. It’s important to effectively protect data stored on or accessed by mobile devices, and also during transmission of data between devices and between device and information system. Technological and other trends show, that the cyber threats are also rapidly developing and spreading. It's crucial to educate users about safe usage and to increase their awareness of security issues. Ideally, users should keep-up with technological trends and be well equipped with knowledge otherwise mobile technology will significantly increase security risks. Most important is that we start educating youth so that our next generations of employees will be part of a culture of data and information security awareness.

  11. The HIPAA Security Rule: implications for biomedical devices.

    Science.gov (United States)

    2004-11-01

    The HIPAA Security Rule, with which hospitals must become compliant by April 2005, is broad in scope. Some aspect of this rule will affect virtually every function and department within a healthcare organization. The functions and departments that deal with biomedical technologies face special challenges due to the great diversity of technologies, the variety of data maintained and transmitted, and the risks associated with compromises to data security--combined with the presence of older technology and the absence of integrated expertise. It is essential that hospitals recognize this challenge and initiate steps now to implement appropriate information security management.

  12. Aviation Security, Risk Assessment, and Risk Aversion for Public Decisionmaking

    Science.gov (United States)

    Stewart, Mark G.; Mueller, John

    2013-01-01

    This paper estimates risk reductions for each layer of security designed to prevent commercial passenger airliners from being commandeered by terrorists, kept under control for some time, and then crashed into specific targets. Probabilistic methods are used to characterize the uncertainty of rates of deterrence, detection, and disruption, as well…

  13. Development of IT-based Cyber Security Technology for Nuclear Power Plant

    International Nuclear Information System (INIS)

    Hong, S. B.; Lee, J. C.; Choi, Y. S.; Choi, Y. R.; Cho, J. W.; Jung, C. E.; Jeong, K. I.; Park, B.; Koo, I. S.

    2009-11-01

    Development and enlargement of the high speed communication network make it possible the user to access online information easily. It generates changing offline activities to online in the economics, expansion of cultural interchanges and convenient life. But it also causes misuse, wiretapping, forgery and alteration of the information via illegal invasion(virus, hacking), and these are derived from the open network characteristic, weakness of the securities of the TCP/IP protocol and information systems. The security of individual and the national foundation facility(industry and government) can be threatened because of these problems, and theses can be used as a instrument of cyber-war. Many cyber security technologies have been developed to corp with the cyber threat. One of the most important national facility is the nuclear power plant and the necessity of the cyber security for the digital I and C of it have been proposed since middle of the 2000. KINS announced the regulation of the cyber security for the digital I and C of the nuclear power plant in 2007. The main concept of the cyber security for it is similar to the IT field that is treated as a leader of the cyber security. Because of the difference of the characteristics between the IT field and the nuclear industry, applying the cyber security technologies developed and used in the IT field to the nuclear industry has some critical constraints. We will analyze these problems and propose a cyber security method based on cryptograph and authentication for the I and C communication network in this report

  14. Development of IT-based Cyber Security Technology for Nuclear Power Plant

    Energy Technology Data Exchange (ETDEWEB)

    Hong, S. B.; Lee, J. C.; Choi, Y. S.; Choi, Y. R.; Cho, J. W.; Jung, C. E.; Jeong, K. I.; Park, B.; Koo, I. S

    2009-11-15

    Development and enlargement of the high speed communication network make it possible the user to access online information easily. It generates changing offline activities to online in the economics, expansion of cultural interchanges and convenient life. But it also causes misuse, wiretapping, forgery and alteration of the information via illegal invasion(virus, hacking), and these are derived from the open network characteristic, weakness of the securities of the TCP/IP protocol and information systems. The security of individual and the national foundation facility(industry and government) can be threatened because of these problems, and theses can be used as a instrument of cyber-war. Many cyber security technologies have been developed to corp with the cyber threat. One of the most important national facility is the nuclear power plant and the necessity of the cyber security for the digital I and C of it have been proposed since middle of the 2000. KINS announced the regulation of the cyber security for the digital I and C of the nuclear power plant in 2007. The main concept of the cyber security for it is similar to the IT field that is treated as a leader of the cyber security. Because of the difference of the characteristics between the IT field and the nuclear industry, applying the cyber security technologies developed and used in the IT field to the nuclear industry has some critical constraints. We will analyze these problems and propose a cyber security method based on cryptograph and authentication for the I and C communication network in this report.

  15. A Survey On Biometric Security Technologies From Cloud Computing Perspective

    Directory of Open Access Journals (Sweden)

    Shivashish Ratnam

    2015-08-01

    Full Text Available Cloud computing is one of the rising technologies that takes set of connections users to the next level. Cloud is a technology where resources are paid as per usage rather than owned. One of the major challenges in this technology is Security. Biometric systems provide the answer to ensure that the rendered services are accessed only by a legal user or an authorized user and no one else. Biometric systems recognize users based on behavioral or physiological characteristics. The advantages of such systems over traditional validation methods such as passwords and IDs are well known and hence biometric systems are progressively gaining ground in terms of usage. This paper brings about a new replica of a security system where in users have to offer multiple biometric finger prints during Enrollment for a service. These templates are stored at the cloud providers section. The users are authenticated based on these finger print designed templates which have to be provided in the order of arbitrary numbers or imaginary numbers that are generated every time continuously. Both finger prints templates and images are present and they provided every time duration are encrypted or modified for enhanced security.

  16. Managing the risks of legacy radioactive sources from a security perspective

    International Nuclear Information System (INIS)

    Alexander, Mark; Murray, Allan

    2008-01-01

    The safety and security risk posed by highly radioactive, long-lived sources at the end of their normal use has not been consistently well-managed in previous decades. The Brazilian Cs-137 accident in 1986 and the Thailand Co-60 accident in 2000 are prime examples of the consequences that ensue from the loss of control of highly dangerous sources after their normal use. With the new international emphasis on security of radioactive sources throughout their life cycle, there is now further incentive to address the management of risks posed by legacy, highly dangerous radioactive sources. The ANSTO South-East Asia Regional Security of Radioactive Sources (RSRS) Project has identified, and is addressing, a number of legacy situations that have arisen as a result of inadequate management practices in the past. Specific examples are provided of these legacy situations and the lessons learned for managing the consequent safety and security risk, and for future complete life-cycle management of highly radioactive sources. (author)

  17. Cyber Security Risk Evaluation of a Nuclear I&C Using BN and ET

    OpenAIRE

    Jinsoo Shin; Hanseong Son; Gyunyoung Heo

    2017-01-01

    Cyber security is an important issue in the field of nuclear engineering because nuclear facilities use digital equipment and digital systems that can lead to serious hazards in the event of an accident. Regulatory agencies worldwide have announced guidelines for cyber security related to nuclear issues, including U.S. NRC Regulatory Guide 5.71. It is important to evaluate cyber security risk in accordance with these regulatory guides. In this study, we propose a cyber security risk evaluatio...

  18. Development of information security and vulnerability risk management system for J-PARC

    International Nuclear Information System (INIS)

    Ishikawa, Hiroyuki; Tate, Akihiro; Murakami, Tadashi

    2012-02-01

    In J-PARC (Japan Proton Accelerator Research Complex) we have set up intra-network (internal network, we will abbreviate it as JLAN, below) to support research activity and communication among users. In JLAN, we set up various kinds of security devices to keep JLAN secure. However, the servers which provide information or service to public are still in danger of being accessed illegally. If there is an illegal access, that may cause defacement of data or information leak. Furthermore, the victim servers are manipulated by the malicious attackers, and they themselves attack the external information equipments. Vulnerability of servers enables unauthorized access. So, vulnerability test with use of a vulnerability tool is one of the most effective ways to take measures for vulnerability of the equipments. However, it is not enough to just conduct a vulnerability test. It is also essential for information security to take measures to cover constantly for the vulnerability of servers. We focused on the points above, and developed the vulnerability testing system for security. It is not only a testing tool for the vulnerability of servers, but also management system which enables the server administrators in charge of taking measures for vulnerabilities to manage risks and handles PDCA (Plan-Do-Check-Action) cycles as countermeasure for vulnerability. In this paper, we report the technologies and ingenuities for the development of the above system. (author)

  19. Reform of the National Security Science and Technology Enterprise

    National Research Council Canada - National Science Library

    Berry, William; Coffey, Timothy; DeYoung, Donald; Kadtke, James; Loeb, Cheryl

    2008-01-01

    A strong science and technology (S&T) program has been vitally important to American national security since World War II and has to date given the United States a strategic advantage over competitors...

  20. RISK MANAGEMENT FROM THE INFORMATION SECURITY PERSPECTIVE

    Directory of Open Access Journals (Sweden)

    Riza Ionuț

    2017-11-01

    Full Text Available Risk management has emerged ever since the appearance of human communities and it has developed at a slow rate. Over time, a significant improvement was made, from accepting hazards to the identification, evaluation and control of unwanted events, threat prevention and exploitation of opportunities through scientific risk management actions. The fundamental role of research in cyber security is to concentrate the efforts on those contexts and conditions which determine the way in which key players reach a common understanding of the way to conceive and eventually answer to certain challenges in cyber security. In order to build a clear perception of these effects, this work presents the main elements which define cyber space, to come to the aid of turning the management process into an efficient one, especially when talking about cyber space as a space for conflicts, both economic and political.

  1. The impact of medical technology on sense of security in the palliative home care setting.

    Science.gov (United States)

    Munck, Berit; Sandgren, Anna

    2017-03-02

    The increase in the use of medical devices in palliative home care requires that patients and next-of-kin feel secure. Therefore, the aim was to describe medical technology's impact on the sense of security for patients, next-of-kin and district nurses. Deductive content analysis was conducted on data from three previous studies, using the theoretical framework 'palliative home care as a secure base'. The use of medical technology was shown to have an impact on the sense of security for all involved. A sense of control was promoted by trust in staff and their competence in managing the technology, which was linked to continuity. Inner peace and being in comfort implied effective symptom relief facilitated by pain pumps and being relieved of responsibility. Health care professionals need to have practical knowledge about medical technology, but at the same time have an awareness of how to create and maintain a sense of security.

  2. Information security risk management for ISO27001/ISO27002

    CERN Document Server

    Calder, A; Watkins, S

    2010-01-01

    Drawing on international best practice, including ISO/IEC 27005, NIST SP800-30 and BS7799-3, the book explains in practical detail how to carry out an information security risk assessment. It covers key topics, such as risk scales, threats and vulnerabilities, selection of controls, and roles and responsibilities, and includes advice on choosing risk assessment software.

  3. 32 CFR 2001.50 - Telecommunications automated information systems and network security.

    Science.gov (United States)

    2010-07-01

    ... NATIONAL SECURITY INFORMATION Safeguarding § 2001.50 Telecommunications automated information systems and... identified in the Committee on National Security Systems (CNSS) issuances and the Intelligence Community Directive (ICD) 503, Intelligence Community Information Technology Systems Security Risk Management...

  4. Conducting an information security audit

    Directory of Open Access Journals (Sweden)

    Prof. Ph.D . Gheorghe Popescu

    2008-05-01

    Full Text Available The rapid and dramatic advances in information technology (IT in recent years have withoutquestion generated tremendous benefits. At the same time, information technology has created significant,nunprecedented risks to government and to entities operations. So, computer security has become muchmore important as all levels of government and entities utilize information systems security measures toavoid data tampering, fraud, disruptions in critical operations, and inappropriate disclosure of sensitiveinformation. Obviously, uses of computer security become essential in minimizing the risk of malicious attacksfrom individuals and groups, considering that there are many current computer systems with onlylimited security precautions in place.As we already know financial audits are the most common examinations that a business manager en-counters.This is a familiar area for most executives: they know that financial auditors are going to examine the financial records and how those records are used. They may even be familiar with physical securityaudits. However, they are unlikely to be acquainted with information security audits; that is an audit ofhow the confidentiality, availability and integrity of an organization’s information are assured. Any way,if not, they should be, especially that an information security audit is one of the best ways to determine thesecurity of an organization’s information without incurring the cost and other associated damages of a securityincident.

  5. 76 FR 31350 - Cruise Vessel Safety and Security Act of 2010, Available Technology

    Science.gov (United States)

    2011-05-31

    ... DEPARTMENT OF HOMELAND SECURITY Coast Guard [Docket No. USCG-2011-0357] Cruise Vessel Safety and Security Act of 2010, Available Technology AGENCY: Coast Guard, DHS. ACTION: Notice of request for comments... Security and Safety Act of 2010(CVSSA), specifically related to video recording and overboard detection...

  6. 76 FR 45645 - 10-Day Notice of Proposed Information Collection: Technology Security/Clearance Plans, Screening...

    Science.gov (United States)

    2011-07-29

    ...: Technology Security/Clearance Plans, Screening Records, and Non-Disclosure Agreements ACTION: Notice of... Information Collection: Technology Security/ Clearance Plans, Screening Records, and Non-Disclosure Agreements...: None. Respondents: Business and Nonprofit Organizations, Foreign Governments. Estimated Number of...

  7. A protect solution for data security in mobile cloud storage

    Science.gov (United States)

    Yu, Xiaojun; Wen, Qiaoyan

    2013-03-01

    It is popular to access the cloud storage by mobile devices. However, this application suffer data security risk, especial the data leakage and privacy violate problem. This risk exists not only in cloud storage system, but also in mobile client platform. To reduce the security risk, this paper proposed a new security solution. It makes full use of the searchable encryption and trusted computing technology. Given the performance limit of the mobile devices, it proposes the trusted proxy based protection architecture. The design basic idea, deploy model and key flows are detailed. The analysis from the security and performance shows the advantage.

  8. Scenario-based approach to risk analysis in support of cyber security

    Energy Technology Data Exchange (ETDEWEB)

    Gertman, D. I.; Folkers, R.; Roberts, J. [Idaho National Laboratory, Roberts and Folkers Associates, LLC, Idaho Falls, ID 83404 (United States)

    2006-07-01

    The US infrastructure is continually challenged by hostile nation states and others who would do us harm. Cyber vulnerabilities and weaknesses are potential targets and are the result of years of construction and technological improvement in a world less concerned with security than is currently the case. As a result, cyber attack presents a class of challenges for which we are just beginning to prepare. What has been done in the nuclear, chemical and energy sectors as a means of anticipating and preparing for randomly occurring accidents and off-normal events is to develop scenarios as a means by which to prioritize and quantify risk and to take action. However, the number of scenarios risk analysts can develop is almost limitless. How do we ascertain which scenario has the greatest merit? One of the more important contributions of probabilistic risk analysis (PRA) has been to quantify the initiating event probability associated with various classes of accidents; and to quantify the occurrence of various conditions, i.e., end-states, as a function of these important accident sequences. Typically, various classes of conditions are represented by scenarios and are quantified in terms of cut sets and binned into end states. For example, the nuclear industry has a well-defined set of initiating events that are studied in assessing risk. The maturation of risk analysis for cyber security from accounting for barriers or looking at conditions statically to one of ascertaining the probability associated with certain events is, in part, dependent upon the adoption of a scenario-based approach. For example, scenarios take into account threats to personnel and public safety; economic damage, and compromises to major operational and safety functions. Scenarios reflect system, equipment, and component configurations as well as key human-system interactions related to event detection, diagnosis, mitigation and restoration of systems. As part of a cyber attack directed toward

  9. Scenario-based approach to risk analysis in support of cyber security

    International Nuclear Information System (INIS)

    Gertman, D. I.; Folkers, R.; Roberts, J.

    2006-01-01

    The US infrastructure is continually challenged by hostile nation states and others who would do us harm. Cyber vulnerabilities and weaknesses are potential targets and are the result of years of construction and technological improvement in a world less concerned with security than is currently the case. As a result, cyber attack presents a class of challenges for which we are just beginning to prepare. What has been done in the nuclear, chemical and energy sectors as a means of anticipating and preparing for randomly occurring accidents and off-normal events is to develop scenarios as a means by which to prioritize and quantify risk and to take action. However, the number of scenarios risk analysts can develop is almost limitless. How do we ascertain which scenario has the greatest merit? One of the more important contributions of probabilistic risk analysis (PRA) has been to quantify the initiating event probability associated with various classes of accidents; and to quantify the occurrence of various conditions, i.e., end-states, as a function of these important accident sequences. Typically, various classes of conditions are represented by scenarios and are quantified in terms of cut sets and binned into end states. For example, the nuclear industry has a well-defined set of initiating events that are studied in assessing risk. The maturation of risk analysis for cyber security from accounting for barriers or looking at conditions statically to one of ascertaining the probability associated with certain events is, in part, dependent upon the adoption of a scenario-based approach. For example, scenarios take into account threats to personnel and public safety; economic damage, and compromises to major operational and safety functions. Scenarios reflect system, equipment, and component configurations as well as key human-system interactions related to event detection, diagnosis, mitigation and restoration of systems. As part of a cyber attack directed toward

  10. Security in a Web 2.0+ World A Standards Based Approach

    CERN Document Server

    Solari , Carlos Curtis

    2010-01-01

    Discover how technology is affecting your business, and why typical security mechanisms are failing to address the issue of risk and trust. Security for a Web 2.0+ World looks at the perplexing issues of cyber security, and will be of interest to those who need to know how to make effective security policy decisions to engineers who design ICT systems - a guide to information security and standards in the Web 2.0+ era. It provides an understanding of IT security in the converged world of communications technology based on the Internet Protocol. Many companies are currently applying security mo

  11. The strategic measures for the industrial security of small and medium business.

    Science.gov (United States)

    Lee, Chang-Moo

    2014-01-01

    The competitiveness of companies increasingly depends upon whether they possess the cutting-edge or core technology. The technology should be protected from industrial espionage or leakage. A special attention needs to be given to SMB (small and medium business), furthermore, because SMB occupies most of the companies but has serious problems in terms of industrial security. The technology leakages of SMB would account for more than 2/3 of total leakages during last five years. The purpose of this study is, therefore, to analyze the problems of SMB in terms of industrial security and suggest the strategic solutions for SMB in South Korea. The low security awareness and financial difficulties, however, make it difficult for SMB to build the effective security management system which would protect the company from industrial espionage and leakage of its technology. The growing dependence of SMB on network such as internet, in addition, puts the SMB at risk of leaking its technology through hacking or similar ways. It requires new measures to confront and control such a risk. Online security control services and technology deposit system are suggested for such measures.

  12. The Strategic Measures for the Industrial Security of Small and Medium Business

    Directory of Open Access Journals (Sweden)

    Chang-Moo Lee

    2014-01-01

    Full Text Available The competitiveness of companies increasingly depends upon whether they possess the cutting-edge or core technology. The technology should be protected from industrial espionage or leakage. A special attention needs to be given to SMB (small and medium business, furthermore, because SMB occupies most of the companies but has serious problems in terms of industrial security. The technology leakages of SMB would account for more than 2/3 of total leakages during last five years. The purpose of this study is, therefore, to analyze the problems of SMB in terms of industrial security and suggest the strategic solutions for SMB in South Korea. The low security awareness and financial difficulties, however, make it difficult for SMB to build the effective security management system which would protect the company from industrial espionage and leakage of its technology. The growing dependence of SMB on network such as internet, in addition, puts the SMB at risk of leaking its technology through hacking or similar ways. It requires new measures to confront and control such a risk. Online security control services and technology deposit system are suggested for such measures.

  13. Information security risk management for computerized health information systems in hospitals: a case study of Iran.

    Science.gov (United States)

    Zarei, Javad; Sadoughi, Farahnaz

    2016-01-01

    In recent years, hospitals in Iran - similar to those in other countries - have experienced growing use of computerized health information systems (CHISs), which play a significant role in the operations of hospitals. But, the major challenge of CHIS use is information security. This study attempts to evaluate CHIS information security risk management at hospitals of Iran. This applied study is a descriptive and cross-sectional research that has been conducted in 2015. The data were collected from 551 hospitals of Iran. Based on literature review, experts' opinion, and observations at five hospitals, our intensive questionnaire was designed to assess security risk management for CHISs at the concerned hospitals, which was then sent to all hospitals in Iran by the Ministry of Health. Sixty-nine percent of the studied hospitals pursue information security policies and procedures in conformity with Iran Hospitals Accreditation Standards. At some hospitals, risk identification, risk evaluation, and risk estimation, as well as risk treatment, are unstructured without any specified approach or methodology. There is no significant structured approach to risk management at the studied hospitals. Information security risk management is not followed by Iran's hospitals and their information security policies. This problem can cause a large number of challenges for their CHIS security in future. Therefore, Iran's Ministry of Health should develop practical policies to improve information security risk management in the hospitals of Iran.

  14. 48 CFR 1252.239-70 - Security requirements for unclassified information technology resources.

    Science.gov (United States)

    2010-10-01

    ... unclassified information technology resources. 1252.239-70 Section 1252.239-70 Federal Acquisition Regulations... of Provisions and Clauses 1252.239-70 Security requirements for unclassified information technology... Unclassified Information Technology Resources (APR 2005) (a) The Contractor shall be responsible for...

  15. Professional Autonomy and Security Risks of Journalists in Colombia

    Directory of Open Access Journals (Sweden)

    Miguel E. Garcés Prettel

    2017-01-01

    Full Text Available This paper analyzes the relationship between professional autonomy and security risks of journalists in Colombia. A correlational-transversal research was conducted with a sample of 751 journalists who filled out the questionnaire “Worlds of Journalism Study”. The results show significant differences on the attacks received by the journalists depending on gender, news beat, region, news media, years of experience, capacity and educational level of journalists. Attacks on journalists correlates positively with the autonomy to publish and write news on governments, armed forces, criminal gangs and structural social problems (poverty, status of ethnic minorities, socioeconomic inequality, environmental damage the latter being a predictor of high risk security.

  16. Risk-based security cost-benefit analysis: method and example applications - 59381

    International Nuclear Information System (INIS)

    Wyss, Gregory; Hinton, John; Clem, John; Silva, Consuelo; Duran, Felicia A.

    2012-01-01

    Document available in abstract form only. Full text of publication follows: Decision makers wish to use risk-based cost-benefit analysis to prioritize security investments. However, understanding security risk requires estimating the likelihood of attack, which is extremely uncertain and depends on unquantifiable psychological factors like dissuasion and deterrence. In addition, the most common performance metric for physical security systems, probability of effectiveness at the design basis threat [P(E)], performs poorly in cost-benefit analysis. It is extremely sensitive to small changes in adversary characteristics when the threat is near a systems breaking point, but very insensitive to those changes under other conditions. This makes it difficult to prioritize investment options on the basis of P(E), especially across multiple targets or facilities. To overcome these obstacles, a Sandia National Laboratories Laboratory Directed Research and Development project has developed a risk-based security cost-benefit analysis method. This approach characterizes targets by how difficult it would be for adversaries to exploit each targets vulnerabilities to induce consequences. Adversaries generally have success criteria (e.g., adequate or desired consequences and thresholds for likelihood of success), and choose among alternative strategies that meet these criteria while considering their degree of difficulty in achieving their successful outcome. Investments reduce security risk as they reduce the severity of consequences available and/or increase the difficulty for an adversary to successfully accomplish their most advantageous attack

  17. Satellite Technology Contribution to Water and Food Security

    Science.gov (United States)

    Brown, Molly E.

    2010-01-01

    This slide presentation reviews the issue of supplies of food, the relationship to food security, the ability of all people to attain sufficient food for an active and healthy life, and the ability to use satellite technology and remote sensing to assist with planning and act as an early warning system.

  18. 48 CFR 3052.204-70 - Security requirements for unclassified information technology resources.

    Science.gov (United States)

    2010-10-01

    ... unclassified information technology resources. 3052.204-70 Section 3052.204-70 Federal Acquisition Regulations... for unclassified information technology resources. As prescribed in (HSAR) 48 CFR 3004.470-3, insert a clause substantially the same as follows: Security Requirements for Unclassified Information Technology...

  19. Implementing an Information Security Program

    Energy Technology Data Exchange (ETDEWEB)

    Glantz, Clifford S.; Lenaeus, Joseph D.; Landine, Guy P.; O' Neil, Lori Ross; Leitch, Rosalyn; Johnson, Christopher; Lewis, John G.; Rodger, Robert M.

    2017-11-01

    The threats to information security have dramatically increased with the proliferation of information systems and the internet. Chemical, biological, radiological, nuclear, and explosives (CBRNe) facilities need to address these threats in order to protect themselves from the loss of intellectual property, theft of valuable or hazardous materials, and sabotage. Project 19 of the European Union CBRN Risk Mitigation Centres of Excellence Initiative is designed to help CBRN security managers, information technology/cybersecurity managers, and other decision-makers deal with these threats through the application of cost-effective information security programs. Project 19 has developed three guidance documents that are publically available to cover information security best practices, planning for an information security management system, and implementing security controls for information security.

  20. Evaluating the Security Risks of System Using Hidden Markov Models

    African Journals Online (AJOL)

    System security assessment tools are either restricted to manual risk evaluation methodologies that are not appropriate for real-time application or used to determine the impact of certain events on the security status of networked systems. In this paper, we determine the strength of computer systems from the perspective of ...

  1. Audit for Information Systems Security

    Directory of Open Access Journals (Sweden)

    Ana-Maria SUDUC

    2010-01-01

    Full Text Available The information and communication technologies advances made available enormous and vast amounts of information. This availability generates also significant risks to computer systems, information and to the critical operations and infrastructures they support. In spite of significant advances in the information security area many information systems are still vulnerable to inside or outside attacks. The existence of an internal audit for information system security increases the probability of adopting adequate security measures and preventing these attacks or lowering the negative consequences. The paper presents an exploratory study on informatics audit for information systems security.

  2. Information security risk management for computerized health information systems in hospitals: a case study of Iran

    Science.gov (United States)

    Zarei, Javad; Sadoughi, Farahnaz

    2016-01-01

    Background In recent years, hospitals in Iran – similar to those in other countries – have experienced growing use of computerized health information systems (CHISs), which play a significant role in the operations of hospitals. But, the major challenge of CHIS use is information security. This study attempts to evaluate CHIS information security risk management at hospitals of Iran. Materials and methods This applied study is a descriptive and cross-sectional research that has been conducted in 2015. The data were collected from 551 hospitals of Iran. Based on literature review, experts’ opinion, and observations at five hospitals, our intensive questionnaire was designed to assess security risk management for CHISs at the concerned hospitals, which was then sent to all hospitals in Iran by the Ministry of Health. Results Sixty-nine percent of the studied hospitals pursue information security policies and procedures in conformity with Iran Hospitals Accreditation Standards. At some hospitals, risk identification, risk evaluation, and risk estimation, as well as risk treatment, are unstructured without any specified approach or methodology. There is no significant structured approach to risk management at the studied hospitals. Conclusion Information security risk management is not followed by Iran’s hospitals and their information security policies. This problem can cause a large number of challenges for their CHIS security in future. Therefore, Iran’s Ministry of Health should develop practical policies to improve information security risk management in the hospitals of Iran. PMID:27313481

  3. Security risk assessment and protection in the chemical and process industry

    OpenAIRE

    Reniers, Genserik; van Lerberghe, Paul; van Gulijk, Coen

    2014-01-01

    This article describes a security risk assessment and protection methodology that was developed for use in the chemical- and process industry in Belgium. The approach of the method follows a risk-based approach that follows desing principles for chemical safety. That approach is beneficial for workers in the chemical industry because they recognize the steps in this model from familiar safety models .The model combines the rings-of-protection approach with generic security practices including...

  4. Satellite Data and Machine Learning for Weather Risk Management and Food Security.

    Science.gov (United States)

    Biffis, Enrico; Chavez, Erik

    2017-08-01

    The increase in frequency and severity of extreme weather events poses challenges for the agricultural sector in developing economies and for food security globally. In this article, we demonstrate how machine learning can be used to mine satellite data and identify pixel-level optimal weather indices that can be used to inform the design of risk transfers and the quantification of the benefits of resilient production technology adoption. We implement the model to study maize production in Mozambique, and show how the approach can be used to produce countrywide risk profiles resulting from the aggregation of local, heterogeneous exposures to rainfall precipitation and excess temperature. We then develop a framework to quantify the economic gains from technology adoption by using insurance costs as the relevant metric, where insurance is broadly understood as the transfer of weather-driven crop losses to a dedicated facility. We consider the case of irrigation in detail, estimating a reduction in insurance costs of at least 30%, which is robust to different configurations of the model. The approach offers a robust framework to understand the costs versus benefits of investment in irrigation infrastructure, but could clearly be used to explore in detail the benefits of more advanced input packages, allowing, for example, for different crop varieties, sowing dates, or fertilizers. © 2017 Society for Risk Analysis.

  5. Threats or threads: from usable security to secure experience

    DEFF Research Database (Denmark)

    Bødker, Susanne; Mathiasen, Niels Raabjerg

    2008-01-01

    While the domain of security dependent technologies brings new challenges to HCI research it seems that the results and breakthroughs of HCI have not been used in design of security dependent technologies. With exceptions, work in the research field of usable security may be criticized for focusing...... mainly on adjusting user behavior to behave securely. With our background in newer HCI perspectives we address secure interaction from the perspective of security technology as experience. We analyze a number of collected user stories to understand what happens when everyday users encounter security...... dependent technologies. We apply McCarthy & Wright's [12] experience framework to the security domain and our collected stories. We point out that there are significant differences between being secure and having a secure experience, and conclude that classical usable security, focus on people's immediate...

  6. Cyber Security Risk Evaluation of a Nuclear I&C Using BN and ET

    Directory of Open Access Journals (Sweden)

    Jinsoo Shin

    2017-04-01

    Full Text Available Cyber security is an important issue in the field of nuclear engineering because nuclear facilities use digital equipment and digital systems that can lead to serious hazards in the event of an accident. Regulatory agencies worldwide have announced guidelines for cyber security related to nuclear issues, including U.S. NRC Regulatory Guide 5.71. It is important to evaluate cyber security risk in accordance with these regulatory guides. In this study, we propose a cyber security risk evaluation model for nuclear instrumentation and control systems using a Bayesian network and event trees. As it is difficult to perform penetration tests on the systems, the evaluation model can inform research on cyber threats to cyber security systems for nuclear facilities through the use of prior and posterior information and backpropagation calculations. Furthermore, we suggest a methodology for the application of analytical results from the Bayesian network model to an event tree model, which is a probabilistic safety assessment method. The proposed method will provide insight into safety and cyber security risks.

  7. Addressing 2030 EU policy framework for energy and climate: Cost, risk and energy security issues

    International Nuclear Information System (INIS)

    Llano-Paz, Fernando de; Martínez Fernandez, Paulino; Soares, Isabel

    2016-01-01

    The different energy sources, their costs and impacts on the environment determine the electricity production process. Energy planning must solve the existence of uncertainty through the diversification of power generation technologies portfolio. The European Union energy and environmental policy has been mainly based on promoting the security of supply, efficiency, energy savings and the promotion of Renewable Energy Sources. The recent European Commission communication “Towards an European Energy Union: A secure, sustainable, competitive and affordable energy for every European” establishes the path for the European future. This study deals with the analysis of the latest EU “Energy Union” goals through the application of Markowitz portfolio theory considering technological real assets. The EU targets are assessed under a double perspective: economic and environmental. The model concludes that implementing a high share of Renewable Energy target in the design of European Policies is not relevant: the maximization of Renewable Energy share could be achieved considering a sole Low Emissions of carbon dioxide policy. Additionally it is confirmed the need of Nuclear energy in 2030: a zero nuclear energy share in 2030 European Mix is not possible, unless the technological limits participation for Renewable Energy Sources were increased. - Highlights: • Implementing a high RES share target in European Policies could not be relevant. • Maximizing RES share could be achieved considering a sole Low Emissions policy. • The EU 2030 Nuclear energy 50% shutting down could be feasible. • Minimizing risk portfolio presents high diversification and energy security levels.

  8. Assessment of the Technological Changes Impact on the Sustainability of State Security System of Ukraine

    Directory of Open Access Journals (Sweden)

    Olexandr Yemelyanov

    2018-04-01

    Full Text Available Currently, the governments of many countries are facing with a lack of funds for financing programs for social protection of population. Among the causes of this problem, we can indicate the high unemployment rate, which, among other things, is due to implementation of labor-saving technologies. The purpose of this work is to study the impact of technological changes on the sustainability of the state social security system in Ukraine. The general approaches to the assessment of the stability of the state social security system are described. The simulation of the effect of economically efficient technological changes on the company’s income and expenses was carried out. Some patterns of such changes are established. The group of productive technological changes types is presented. The model is developed, and an indicator of the impact estimation of efficiently effective technological changes on the stability of the state social security system is proposed. The analysis of the main indicators of the state social security system functioning of Ukraine is carried out. The dynamics of indicators characterizing the labor market of Ukraine is analyzed. The influence of changes in labor productivity on costs and profits by industries of Ukraine is estimated. The evaluation of the impact of economically efficient technological changes in the industries of Ukraine on the stability of its state social security system is carried out. The different state authorities can use the obtained results for developing measures to manage the sustainability of the state social security system.

  9. Security research roadmap; Security-tutkimuksen roadmap

    Energy Technology Data Exchange (ETDEWEB)

    Naumanen, M.; Rouhiainen, V. (eds.)

    2006-02-15

    Requirements for increasing security have arisen in Europe after highly visible and tragic events in Madrid and in London. While responsibility for security rests largely with the national activities, the EU has also started planning a research area .Space and security. as a part of the 7th Framework Programme. As the justification for this research area it has been presented that technology alone can not assure security, but security can not be assured without the support of technology. Furthermore, the justification highlights that security and military research are becoming ever closer. The old separation between civil and military research is decreasing, because it has been noticed that both areas are nowadays utilising the same knowledge. In Finland, there is already now noteworthy entrepreneurship related to security. Although some of the companies are currently only operating in Finland, others are already international leaders in their area. The importance of the security area is increasing and remarkable potential for new growth business areas can already be identified. This however also requires an increase in research efforts. VTT has a broad range of security research ongoing in many technology areas. The main areas have been concentrating on public safety and security, but VTT is participating also in several research projects related to the defence technology. For identifying and defining in more detail the expertise and research goals, the Security research roadmap was developed. The roadmap identified three particularly significant areas related to security. The assurance of critical infrastructure emphasises the protection of energy networks, information networks, water supply, traffic and transport, and obviously also the citizens. For assuring the activities of entrepreneurship, significant areas include the security of production and services, the security of sites and assets, and information security for embedded systems. The most important

  10. Asset Identification for Security Risk Assessment in Web Applications

    OpenAIRE

    Hisham M. Haddad; Brunil D. Romero

    2009-01-01

    As software applications become more complex they require more security, allowing them to reach an appropriate level of quality to manage information, and therefore achieving business objectives. Web applications represent one segment of software industry where security risk assessment is essential. Web engineering must address new challenges to provide new techniques and tools that guarantee high quality application development. This work focuses asset identification, the initial step in sec...

  11. Security engineering: Phisical security measures for high-risk personnel

    Directory of Open Access Journals (Sweden)

    Jelena S. Cice

    2013-06-01

    Full Text Available The design of physical security measures is a specialized technical area that does not fall in the normal skill record and resume of commanders, architects, engineers, and project managers. This document provides guidance to those parties tasked with implementing existing and emerging physical protection system requirements: -    Creation of a single-source reference for the design and construction of physical security measures for high-risk personnel (HRP. -    Promulgation of multi-service standard recommendations and considerations. -    Potential increase of productivity of HRP and reduced temporary housing costs through clarification of considerations, guidance on planning, and provision of design solutions. -    Reduction of facility project costs. -    Better performance of modernized facilities, in terms of force protection, than original facilities. Throughout this process you must ensure: confidentiality, appropriate Public Relations, sustainability, compliance with all industrial guidelines and legal and regulatory requirement, constant review and revision to accommodate new circumstances or threats. Introduction Physical security is an extremely broad topic. It encompasses access control devices such as smart cards, air filtration and fireproofing. It is also heavily reliant on infrastructure. This means that many of the ideal physical security measures may not be economically or physically feasible for existing sites. Many businesses do not have the option of building their own facility from the ground up; thus physical security often must be integrated into an existing structure. This limits the overall set of security measures that can be installed. There is an aspect of physical security that is often overlooked; the humans that interact with it. Humans commit crime for a number of reasons. The document focuses on two building types: the HRP office and the HRP residence. HRP are personnel who are likely to be

  12. Designing a Physical Security System for Risk Reduction in a Hypothetical Nuclear Facility

    International Nuclear Information System (INIS)

    Saleh, A.A.; Abd Elaziz, M.

    2017-01-01

    Physical security in a nuclear facility means detection, prevention and response to threat, the ft, sabotage, unauthorized access and illegal transfer involving radioactive and nuclear material. This paper proposes a physical security system designing concepts to reduce the risk associated with variant threats to a nuclear facility. This paper presents a study of the unauthorized removal and sabotage in a hypothetical nuclear facility considering deter, delay and response layers. More over, the study involves performing any required upgrading to the security system by investigating the nuclear facility layout and considering all physical security layers design to enhance the weakness for risk reduction

  13. Mitigating Docker Security Issues

    OpenAIRE

    Yasrab, Robail

    2018-01-01

    It is very easy to run applications in Docker. Docker offers an ecosystem that offers a platform for application packaging, distributing and managing within containers. However, Docker platform is yet not matured. Presently, Docker is less secured as compare to virtual machines (VM) and most of the other cloud technologies. The key of reason of Docker inadequate security protocols is containers sharing of Linux kernel, which can lead to risk of privileged escalations. This research is going t...

  14. Overseas Risks to China’s Energy Security and Potential Countermeasures

    Directory of Open Access Journals (Sweden)

    Chi Zhang

    2014-12-01

    Full Text Available This article discusses the overseas risks to China’s energy security and provides suggestions for how to safeguard China’s energy security. The key to China’s energy security is supply security. This means obtaining enough and continued energy supply at affordable prices which can be divided into two factors: one is purchasing energy at reasonable prices; the other is having uninterrupted energy import. Accordingly, the major overseas challenges to China’s energy security are the surging international oil prices and the problem of safeguarding energy imports. There are both merits and shortcomings to the energy security concept of realism and that of neo-liberalism. Suggestions for how to secure China’s energy supply should be based on China’s conditions as well as a critique of the two theoretical perspectives and should include three aspects: energy diplomacy, military development and strategic oil reserves.

  15. Risk Management for e-Business

    Directory of Open Access Journals (Sweden)

    2007-01-01

    Full Text Available In the new Internet economy, risk management plays a critical role to protect the organization and its ability to perform their business mission, not just its IT assets. Risk management is the process of identifying risk, assessing risk, and taking steps to reduce risk to an acceptable level. The risk management is an important component of a IT security program. Information and communications technology management and IT security are responsible for ensuring that technology risks are managed appropriately. These risks originate from the deployment and use of IT assets in various ways, such as configuring systems incorrectly or gaining access to restricted software.

  16. Spatio-temporal dynamics of security investments in an interdependent risk environment

    Science.gov (United States)

    Shafi, Kamran; Bender, Axel; Zhong, Weicai; Abbass, Hussein A.

    2012-10-01

    In a globalised world where risks spread through contagion, the decision of an entity to invest in securing its premises from stochastic risks no longer depends solely on its own actions but also on the actions of other interacting entities in the system. This phenomenon is commonly seen in many domains including airline, logistics and computer security and is referred to as Interdependent Security (IDS). An IDS game models this decision problem from a game-theoretic perspective and deals with the behavioural dynamics of risk-reduction investments in such settings. This paper enhances this model and investigates the spatio-temporal aspects of the IDS games. The spatio-temporal dynamics are studied using simple replicator dynamics on a variety of network structures and for various security cost tradeoffs that lead to different Nash equilibria in an IDS game. The simulation results show that the neighbourhood configuration has a greater effect on the IDS game dynamics than network structure. An in-depth empirical analysis of game dynamics is carried out on regular graphs, which leads to the articulation of necessary and sufficient conditions for dominance in IDS games under spatial constraints.

  17. PACFEST 2004 : enabling technologies for maritime security in the Pacific region.

    Energy Technology Data Exchange (ETDEWEB)

    Moore, Judy Hennessey; Whitley, John B.; Chellis, Craig (Pacific Disaster Center, Kihei, HI)

    2005-06-01

    In October of 2003 experts involved in various aspects of homeland security from the Pacific region met to engage in a free-wheeling discussion and brainstorming (a 'fest') on the role that technology could play in winning the war on terrorism in the Pacific region. The result was a concise and relatively thorough definition of the terrorism problem in the Pacific region, emphasizing the issues unique to Island nations in the Pacific setting, along with an action plan for developing working demonstrations of advanced technological solutions to these issues. Since PacFest 2003, the maritime dimensions of the international security environment have garnered increased attention and interest. To this end, PacFest 2004 sought to identify gaps and enabling technologies for maritime domain awareness and responsive decision-making in the Asia-Pacific region. The PacFest 2004 participants concluded that the technologies and basic information building blocks exist to create a system that would enable the Pacific region government and private organizations to effectively collaborate and share their capabilities and information concerning maritime security. The proposed solution summarized in this report integrates national environments in real time, thereby enabling effective prevention and first response to natural and terrorist induced disasters through better use of national and regional investments in people, infrastructure, systems, processes and standards.

  18. Implementing Information Security and Its Technology: A LineManagement Perspective

    Energy Technology Data Exchange (ETDEWEB)

    Barletta, William A.

    2005-08-22

    Assuring the security and privacy of institutionalinformation assets is a complex task for the line manager responsible forinternational and multi-national transactions. In the face of an unsureand often conflicting international legal framework, the line managermust employ all available tools in an Integrated Security and PrivacyManagement framework that ranges from legal obligations, to policy, toprocedure, to cutting edge technology to counter the rapidly evolvingcyber threat to information assets and the physical systems thatinformation systems control.

  19. 76 FR 41274 - Committee Name: Homeland Security Science and Technology Advisory Committee (HSSTAC)

    Science.gov (United States)

    2011-07-13

    ..., cyber-security, knowledge management and how best to leverage related technologies funded by other... Science and Technology Advisory Committee (HSSTAC) ACTION: Committee Management; Notice of Federal... FURTHER INFORMATION CONTACT: Mary Hanson, HSSTAC Executive Director, Science and Technology Directorate...

  20. System security in the space flight operations center

    Science.gov (United States)

    Wagner, David A.

    1988-01-01

    The Space Flight Operations Center is a networked system of workstation-class computers that will provide ground support for NASA's next generation of deep-space missions. The author recounts the development of the SFOC system security policy and discusses the various management and technology issues involved. Particular attention is given to risk assessment, security plan development, security implications of design requirements, automatic safeguards, and procedural safeguards.

  1. Handbook of SCADA/control systems security

    CERN Document Server

    Radvanovsky, Robert

    2013-01-01

    The availability and security of many services we rely upon-including water treatment, electricity, healthcare, transportation, and financial transactions-are routinely put at risk by cyber threats. The Handbook of SCADA/Control Systems Security is a fundamental outline of security concepts, methodologies, and relevant information pertaining to the supervisory control and data acquisition (SCADA) systems and technology that quietly operate in the background of critical utility and industrial facilities worldwide. Divided into five sections, the book examines topics comprising functions within

  2. Factors affecting food security and contribution of modern technologies in food sustainability.

    Science.gov (United States)

    Premanandh, Jagadeesan

    2011-12-01

    The concept of food insecurity is complex and goes beyond the simplistic idea of a country's inability to feed its population. The global food situation is redefined by many driving forces such as population growth, availability of arable lands, water resources, climate change and food availability, accessibility and loss. The combined effect of these factors has undeniably impacted global food production and security. This article reviews the key factors influencing global food insecurity and emphasises the need to adapt science-based technological innovations to address the issue. Although anticipated benefits of modern technologies suggest a level of food production that will sustain the global population, both political will and sufficient investments in modern agriculture are needed to alleviate the food crisis in developing countries. In this globalised era of the 21st century, many determinants of food security are trans-boundary and require multilateral agreements and actions for an effective solution. Food security and hunger alleviation on a global scale are within reach provided that technological innovations are accepted and implemented at all levels. Copyright © 2011 Society of Chemical Industry.

  3. Breach Risk Magnitude: A Quantitative Measure of Database Security.

    Science.gov (United States)

    Yasnoff, William A

    2016-01-01

    A quantitative methodology is described that provides objective evaluation of the potential for health record system breaches. It assumes that breach risk increases with the number of potential records that could be exposed, while it decreases when more authentication steps are required for access. The breach risk magnitude (BRM) is the maximum value for any system user of the common logarithm of the number of accessible database records divided by the number of authentication steps needed to achieve such access. For a one million record relational database, the BRM varies from 5.52 to 6 depending on authentication protocols. For an alternative data architecture designed specifically to increase security by separately storing and encrypting each patient record, the BRM ranges from 1.3 to 2.6. While the BRM only provides a limited quantitative assessment of breach risk, it may be useful to objectively evaluate the security implications of alternative database organization approaches.

  4. After globalization future security in a technology rich world

    Energy Technology Data Exchange (ETDEWEB)

    Gilmartin, T J

    2000-02-12

    Over the course of the year 2000, five one-day workshops were conducted by the Center for Global Security Research at the Lawrence Livermore National Laboratory on threats that might come against the US and its allies in the 2015 to 2020 timeframe due to the global availability of advanced technology. These workshops focused on threats that are enabled by nuclear, missile, and space technology; military technology; information technology; bio technology; and geo systems technology. In December, an Integration Workshop and Senior Review before national leaders and experts were held. The participants and reviewers were invited from the DOE National Laboratories, the DOD Services, OSD, DTRA, and DARPA, the DOS, NASA, Congressional technical staff, the intelligence community, universities and university study centers, think tanks, consultants on national security issues, and private industry. For each workshop the process of analysis involved identification and prioritization of the participants' perceived most severe threat scenarios (worst nightmares), discussion of the technologies which enabled those threats, and ranking of the technologies' threat potentials. We were not concerned in this exercise with defining responses, although our assessment of each threat's severity included consideration of the ease or difficulty with which it might be countered. At the concluding Integration Workshop and Senior Panel Review, we brought the various workshops' participants together, added senior participant/reviewers with broad experience and responsibility, and discussed the workshop findings to determine what is most certain, and uncertain, and what might be needed to resolve our uncertainties. This document reports the consensus and important variations of both the reviewers and the participants. In all, 45 threats over a wide range of lethality and probability of occurrence were identified. Over 60 enabling technologies were also discussed. These are

  5. An exploratory risk perception study of attitudes toward homeland security systems.

    Science.gov (United States)

    Sanquist, Thomas F; Mahy, Heidi; Morris, Frederic

    2008-08-01

    Understanding the issues surrounding public acceptance of homeland security systems is important for balancing security needs and potential civil liberties infringements. A psychometric survey was used in an exploratory study of attitudes regarding homeland security systems. Psychometric rating data were obtained from 182 respondents on psychological attributes associated with 12 distinct types of homeland security systems. An inverse relationship was observed for the overall rating attributes of acceptability and risk of civil liberties infringement. Principal components analysis (PCA) yielded a two-factor solution with the rating scale loading pattern suggesting factors of perceived effectiveness and perceived intrusiveness. These factors also showed an inverse relationship. The 12 different homeland security systems showed significantly different scores on the rating scales and PCA factors. Of the 12 systems studied, airport screening, canine detectors, and radiation monitoring at borders were found to be the most acceptable, while email monitoring, data mining, and global positioning satellite (GPS) tracking were found to be least acceptable. Students rated several systems as more effective than professionals, but the overall pattern of results for both types of subjects was similar. The data suggest that risk perception research and the psychometric paradigm are useful approaches for quantifying attitudes regarding homeland security systems and policies and can be used to anticipate potentially significant public acceptance issues.

  6. Relevance of Clean Coal Technology for India’s Energy Security: A Policy Perspective

    Science.gov (United States)

    Garg, Amit; Tiwari, Vineet; Vishwanathan, Saritha

    2017-07-01

    Climate change mitigation regimes are expected to impose constraints on the future use of fossil fuels in order to reduce greenhouse gas (GHG) emissions. In 2015, 41% of total final energy consumption and 64% of power generation in India came from coal. Although almost a sixth of the total coal based thermal power generation is now super critical pulverized coal technology, the average CO2 emissions from the Indian power sector are 0.82 kg-CO2/kWh, mainly driven by coal. India has large domestic coal reserves which give it adequate energy security. There is a need to find options that allow the continued use of coal while considering the need for GHG mitigation. This paper explores options of linking GHG emission mitigation and energy security from 2000 to 2050 using the AIM/Enduse model under Business-as-Usual scenario. Our simulation analysis suggests that advanced clean coal technologies options could provide promising solutions for reducing CO2 emissions by improving energy efficiencies. This paper concludes that integrating climate change security and energy security for India is possible with a large scale deployment of advanced coal combustion technologies in Indian energy systems along with other measures.

  7. A broadened typology on energy and security

    International Nuclear Information System (INIS)

    Johansson, Bengt

    2013-01-01

    A broadened typology describing the interconnection between energy and security is developed in this paper, with the aim of improving understanding of the relationship between energy and security by applying different research and policy perspectives. One approach involves studying energy as an object exposed to security threats, using concepts such as security of supply or security of demand. Another approach involves studying the role of the energy system as the subject in generating or enhancing insecurity. The latter approach includes studying the conflict-generating potential inherent in the economic value of energy, the risk of accidents and antagonistic attacks to energy infrastructure and the security risks related to the negative environmental impact of the energy system. In order to make a comprehensive analysis of the security consequences of proposed energy policies or strategies, all these aspects should be taken into account to varying degrees. The typology proposed here could be a valuable tool for ensuring that all security aspects have been considered. - Highlights: • The paper presents a broadened typology of energy and security, useful for policy analysis. • The energy system can be an object for security threats and as a subject generating or contributing to insecurity. • Energy as an object for security threats includes the concepts of security of supply and security of demand. • The economic value of energy can contribute to insecurity. • Technological and environmental risks of specific energy systems also provide potential threats to human security

  8. A Study Of Cyber Security Challenges And Its Emerging Trends On Latest Technologies

    OpenAIRE

    Reddy, G. Nikhita; Reddy, G. J. Ugander

    2014-01-01

    Cyber Security plays an important role in the field of information technology .Securing the information have become one of the biggest challenges in the present day. When ever we think about the cyber security the first thing that comes to our mind is cyber crimes which are increasing immensely day by day. Various Governments and companies are taking many measures in order to prevent these cyber crimes. Besides various measures cyber security is still a very big concern to many. This paper ma...

  9. Mobile Technology: The Foundation for an Engaged and Secure Campus Community

    Science.gov (United States)

    Chapel, Edward

    2008-01-01

    Montclair State University, a public New Jersey institution with more than 17,000 students enrolled, has harnessed the cell phone and cellular broadband technology to foster a stronger sense of community and provide students with a safe, secure, and rich learning environment. This paper discusses the potential for new technologies to foster…

  10. Performance Testing of Homeland Security Technologies in U.S. EPA's Environmental Technology Verification (ETV) Program

    National Research Council Canada - National Science Library

    Kelly, Thomas J; Hofacre, Kent C; Derringer, Tricia L; Riggs, Karen B; Koglin, Eric N

    2004-01-01

    ... (reports and test plans available at www.epa.gov/etv). In the aftermath of the terrorist attacks of September 11, 2001, the ETV approach has also been employed in performance tests of technologies relevant to homeland security (HS...

  11. Airports at Risk: The Impact of Information Sources on Security Decisions

    OpenAIRE

    Kirschenbaum, Avi; Mariani, Michele; Van Gulijk, Coen; Rapaport, Carmit; Lubasz, Sharon

    2012-01-01

    Security decisions in high risk organizations such as airports involve obtaining ongoing and frequent information about potential threats. Utilizing questionnaire survey data from a sample of airport\\ud employees in European Airports across the continent, we analyzed \\ud how both formal and informal sources of security information affect employee's decisions to comply with the security rules and\\ud directives. This led us to trace information network flows to assess its impact on the degree e...

  12. Technology-Induced Risks in History

    Science.gov (United States)

    Rabkin, Ya.

    Our perception of risk contains three main aspects: (1) probability of the risk occurring; (2) the extent of possible damage; (3) the degree of voluntary or involuntary exposure to risk. History of risk assessment has been traced in several areas, such as transportation, and has largely focused on insurance. Construction projects constitute one of the oldest areas of technology where accidents continue to occur, while health has always been a fragile commodity. Urbanization has multiplied the risks of illness and death, while natural catastrophes, though still frightening, have ceded their central place to technology-based disasters in the Western perceptions of risk. The human has become the main source of danger to the very survival of the planet. The Enlightenment utopia of scientific progress resulting in social and moral progress of humanity has collided with the awareness of new technology induced risks. Life on Earth began without humans, and it may end without them. Our civilization is the first that faces an end to be brought about by our own technological ingenuity.

  13. Remodeling Strategic Staff Safety and Security Risks Management in Nigerian Tertiary Institutions

    Directory of Open Access Journals (Sweden)

    Sunday S. AKPAN

    2015-10-01

    Full Text Available This paper examined safety and security risk management in tertiary institutions in Nigeria. The frequent attacks at workplace, especially schools, have placed safety and security in the front burner of discussion in both business and political circles. This therefore, forms the imperative for the conduct of this study. The work adopted a cross sectional survey research design and collected data from respondents who are security personnel of the University of Uyo. Analysis of data was done with simple percentage statistics while the research hypotheses were tested with mean and simple regression and correlation statistics. The findings of the study revealed that assassination, kidnappings and bombings were principal risk incidents threatening the safety and security of staff in University of Uyo. A significant positive relationship was found between the funding of security management and workers’ performance. It was discovered specifically that employment screening, regular training of security personnel, regular safety and security meetings and strategic security policy formation were the main strategies for managing safety and security in University of Uyo. The paper concluded that safety and security management and control involves every worker (management and staff of University of Uyo. It was recommended, among others, that management should be more committed to safety and security management in the University by means of making safety and security issues an integral part of University’s strategic plan and also by adopting the management line model – one form of management structure-where safety and security are located, with other general management responsibilities. This way, the resurgent cases of kidnapping, hired assassination, etc. would be reduced if not completely eradicated in the University.

  14. [Occupational risks among public safety and security forces].

    Science.gov (United States)

    Candura, S M; Verni, P; Minelli, C M; Rosso, G L; Cappelli, M I; Strambi, S; Martellosio, V

    2006-01-01

    The present paper tries to identify the occupational risk factors (physical, chemical, biological, psychological), variable depending on jobs and tasks, to which the heterogeneous public safety/security workers are exposed. The fight against criminality and public order maintenance imply (sometimes fatal) traumatic risks, and expose to psychophysical and sensorial tiring, unfavourable macro- and microclimatic conditions, the risk of baropathy (air navigation, underwater activities), noise (generated by firearms and several other sources), vibrations and shakings (automatic weapons, transport vehicles), the risk of electric injury, ionizing (X and gamma rays) and non-inonizing (ultraviolet rays, microwaves and radiofrequencies, electromagnetic fields) radiations. Chemical hazards include carbon monoxide and other combustion products (fires, urban traffic), substances released in chemical accidents, tear gases, lead (firing grounds, metal works, environmental pollution), solvents, lubrificants and cutting oils (mechanic repair and maintenance), laboratory materials and reagents, irritant and/or sensitizing agents contained in gloves. The main biological risks are tetanus, blood-borne diseases (viral hepatitis, AIDS), aerogenous diseases (e.g., tuberculosis, Legionnaire's disease, epidemic cerebrospinal meningitis), dog- or horse-transmitted zoonosis. Finally, emotional, psychosomatic and behavioural stress-related disorders (e.g., burn-out syndrome, post-traumatic stress disorder) are typically frequent. The presence of numerous and diversified hazards among public safety/security forces imposes the adoption of occupational medicine measures, including risk assessment, health education, technical and environmental prevention, personal protective devices, sanitary surveillance and biological monitoring, clinical interventions (diagnosis, therapy and rehabilitation of occupational accidents and illnesses), prompt medico-legal evaluation of occupational

  15. When it comes to securing patient health information from breaches, your best medicine is a dose of prevention: A cybersecurity risk assessment checklist.

    Science.gov (United States)

    Blanke, Sandra J; McGrady, Elizabeth

    2016-07-01

    Health care stakeholders are concerned about the growing risk of protecting sensitive patient health information from breaches. The Federal Emergency Management Agency (FEMA) has identified cyber attacks as an emerging concern, and regulations such as the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH) have increased security requirements and are enforcing compliance through stiff financial penalties. The purpose of this study is to describe health care breaches of protected information, analyze the hazards and vulnerabilities of reported breach cases, and prescribe best practices of managing risk through security controls and countermeasures. Prescriptive findings were used to construct a checklist tool to assess and monitor common risks. This research uses a case methodology to describe specific examples of the 3 major types of cyber breach hazards: portable device, insider, and physical breaches. We utilize a risk management framework to prescribe preventative actions that organizations can take to assess, analyze, and mitigate these risks. The health care sector has the largest number of reported breaches, with 3 major types: portable device, insider, and physical breaches. Analysis of actual cases indicates security gaps requiring prescriptive fixes based on "best practices." Our research culminates in a 25-item checklist that organizations can use to assess existing practices and identify security gaps requiring improvement. © 2016 American Society for Healthcare Risk Management of the American Hospital Association.

  16. Quantitative Model for Economic Analyses of Information Security Investment in an Enterprise Information System

    Directory of Open Access Journals (Sweden)

    Bojanc Rok

    2012-11-01

    Full Text Available The paper presents a mathematical model for the optimal security-technology investment evaluation and decision-making processes based on the quantitative analysis of security risks and digital asset assessments in an enterprise. The model makes use of the quantitative analysis of different security measures that counteract individual risks by identifying the information system processes in an enterprise and the potential threats. The model comprises the target security levels for all identified business processes and the probability of a security accident together with the possible loss the enterprise may suffer. The selection of security technology is based on the efficiency of selected security measures. Economic metrics are applied for the efficiency assessment and comparative analysis of different protection technologies. Unlike the existing models for evaluation of the security investment, the proposed model allows direct comparison and quantitative assessment of different security measures. The model allows deep analyses and computations providing quantitative assessments of different options for investments, which translate into recommendations facilitating the selection of the best solution and the decision-making thereof. The model was tested using empirical examples with data from real business environment.

  17. Cyber security risk evaluation of a nuclear I and C using BN and ET

    Energy Technology Data Exchange (ETDEWEB)

    Shin, Jin Soo; Heo, Gyun Young [Dept. of Nuclear Engineering, Kyung Hee University, Yongin (Korea, Republic of); Son, Han Seong [Computer and Game Science, Joongbu University, Geumsan (Korea, Republic of)

    2017-04-15

    Cyber security is an important issue in the field of nuclear engineering because nuclear facilities use digital equipment and digital systems that can lead to serious hazards in the event of an accident. Regulatory agencies worldwide have announced guidelines for cyber security related to nuclear issues, including U.S. NRC Regulatory Guide 5.71. It is important to evaluate cyber security risk in accordance with these regulatory guides. In this study, we propose a cyber security risk evaluation model for nuclear instrumentation and control systems using a Bayesian network and event trees. As it is difficult to perform penetration tests on the systems, the evaluation model can inform research on cyber threats to cyber security systems for nuclear facilities through the use of prior and posterior information and backpropagation calculations. Furthermore, we suggest a methodology for the application of analytical results from the Bayesian network model to an event tree model, which is a probabilistic safety assessment method. The proposed method will provide insight into safety and cyber security risks.

  18. Cyber security risk evaluation of a nuclear I and C using BN and ET

    International Nuclear Information System (INIS)

    Shin, Jin Soo; Heo, Gyun Young; Son, Han Seong

    2017-01-01

    Cyber security is an important issue in the field of nuclear engineering because nuclear facilities use digital equipment and digital systems that can lead to serious hazards in the event of an accident. Regulatory agencies worldwide have announced guidelines for cyber security related to nuclear issues, including U.S. NRC Regulatory Guide 5.71. It is important to evaluate cyber security risk in accordance with these regulatory guides. In this study, we propose a cyber security risk evaluation model for nuclear instrumentation and control systems using a Bayesian network and event trees. As it is difficult to perform penetration tests on the systems, the evaluation model can inform research on cyber threats to cyber security systems for nuclear facilities through the use of prior and posterior information and backpropagation calculations. Furthermore, we suggest a methodology for the application of analytical results from the Bayesian network model to an event tree model, which is a probabilistic safety assessment method. The proposed method will provide insight into safety and cyber security risks

  19. Trust, Perceived Risk, Perceived Ease of Use and Perceived Usefulness as Factors Related to mHealth Technology Use.

    Science.gov (United States)

    Schnall, Rebecca; Higgins, Tracy; Brown, William; Carballo-Dieguez, Alex; Bakken, Suzanne

    2015-01-01

    Mobile technology use is nearly ubiquitous which affords the opportunity for using these technologies for modifying health related behaviors. At the same time, use of mobile health (mHealth) technology raises privacy and security concerns of consumers. The goal of this analysis was to understand the perceived ease of use, usefulness, risk and trust that contribute to behavioral intention to use a mobile application for meeting the healthcare needs of persons living with HIV (PLWH). To understand these issues, we conducted focus group sessions with 50 persons living with HIV and 30 HIV healthcare providers. We used the e-commerce acceptance model to analyze our focus group data. Findings from the study demonstrated the need for mHealth to be perceived as useful, easy to use, with little perceived risk accompanied by a measure of trust in the creators of the technology. Findings from this work can inform future work on patients and providers' perceptions of risk, trust, ease of use and usefulness of mHealth technology.

  20. Automated procedure for performing computer security risk analysis

    International Nuclear Information System (INIS)

    Smith, S.T.; Lim, J.J.

    1984-05-01

    Computers, the invisible backbone of nuclear safeguards, monitor and control plant operations and support many materials accounting systems. Our automated procedure to assess computer security effectiveness differs from traditional risk analysis methods. The system is modeled as an interactive questionnaire, fully automated on a portable microcomputer. A set of modular event trees links the questionnaire to the risk assessment. Qualitative scores are obtained for target vulnerability, and qualitative impact measures are evaluated for a spectrum of threat-target pairs. These are then combined by a linguistic algebra to provide an accurate and meaningful risk measure. 12 references, 7 figures

  1. Reconciling Malicious and Accidental Risk in Cyber Security

    NARCIS (Netherlands)

    Pieters, Wolter; Lukszo, Zofia; Hadziosmanovic, D.; van den Berg, Jan

    Consider the question whether a cyber security investment is cost-effective. The result will depend on the expected frequency of attacks. Contrary to what is referred to as threat event frequencies or hazard rates in safety risk management, frequencies of targeted attacks are not independent from

  2. Risk evaluation system for facility safeguards and security planning

    International Nuclear Information System (INIS)

    Udell, C.J.; Carlson, R.L.

    1987-01-01

    The Risk Evaluation System (RES) is an integrated approach to determining safeguards and security effectiveness and risk. RES combines the planning and technical analysis into a format that promotes an orderly development of protection strategies, planing assumptions, facility targets, vulnerability and risk determination, enhancement planning, and implementation. In addition, the RES computer database program enhances the capability of the analyst to perform a risk evaluation of the facility. The computer database is menu driven using data input screens and contains an algorithm for determining the probability of adversary defeat and risk. Also, base case and adjusted risk data records can be maintained and accessed easily

  3. Risk evaluation system for facility safeguards and security planning

    International Nuclear Information System (INIS)

    Udell, C.J.; Carlson, R.L.

    1987-01-01

    The Risk Evaluation System (RES) is an integrated approach to determining safeguards and security effectiveness and risk. RES combines the planning and technical analysis into a format that promotes an orderly development of protection strategies, planning assumptions, facility targets, vulnerability and risk determination, enhancement planning, and implementation. In addition, the RES computer database program enhances the capability of the analyst to perform a risk evaluation of the facility. The computer database is menu driven using data input screens and contains an algorithm for determining the probability of adversary defeat and risk. Also, base case and adjusted risk data records can be maintained and accessed easily

  4. Cyber security risk assessment for SCADA and DCS networks.

    Science.gov (United States)

    Ralston, P A S; Graham, J H; Hieb, J L

    2007-10-01

    The growing dependence of critical infrastructures and industrial automation on interconnected physical and cyber-based control systems has resulted in a growing and previously unforeseen cyber security threat to supervisory control and data acquisition (SCADA) and distributed control systems (DCSs). It is critical that engineers and managers understand these issues and know how to locate the information they need. This paper provides a broad overview of cyber security and risk assessment for SCADA and DCS, introduces the main industry organizations and government groups working in this area, and gives a comprehensive review of the literature to date. Major concepts related to the risk assessment methods are introduced with references cited for more detail. Included are risk assessment methods such as HHM, IIM, and RFRM which have been applied successfully to SCADA systems with many interdependencies and have highlighted the need for quantifiable metrics. Presented in broad terms is probability risk analysis (PRA) which includes methods such as FTA, ETA, and FEMA. The paper concludes with a general discussion of two recent methods (one based on compromise graphs and one on augmented vulnerability trees) that quantitatively determine the probability of an attack, the impact of the attack, and the reduction in risk associated with a particular countermeasure.

  5. Security in Internet of Things

    OpenAIRE

    Mohar, Matej

    2017-01-01

    The Internet of Things (IoT) is emerging the Internet and other networks with wireless technologies to make physical objects interact online. The IoT has developed to become a promising technology and receives significant research attention in recent years because of the development of wireless communications and micro-electronics.  Like other immature technological inventions, although IoT will promise their users a better life in the near future, it is a security risk, especially today the ...

  6. Advanced technologies: Trends and implications for security

    International Nuclear Information System (INIS)

    Shaw, A.

    1990-01-01

    As the world moves towards the close of the twentieth century, three technological trends will strongly influence security. In order of importance they are: first, the increasing globalization of the ability to develop and use high technology, much of which has both civilian and military applications; secondly, the broad dissemination of militarily-relevant technology world-wide; and thirdly, the continued development by the United States and the USSR (and a few other nations) of advanced technology for military applications. The military balance between the super-Powers and their allies has been strongly rooted in advancing military technology. Great changes in technology have resulted in adjustments -mostly in limited aspects such as the armour/ anti-armour balance - but have not caused it to change wildly. This seems likely to remain the case for the foreseeable future. There are arguments that Western technology has been a prime causative factor behind Soviet willingness to engage in negotiations to reduce forces. They claim that fear of the Strategic Defense Initiative is behind progress in the Strategic Arms Reduction Talks, and that perceived Western mastery of the technology for systems combining quick reaction, deep strike and high kill probabilities led the Soviet Union to reassess its potential for a successful land campaign in Europe. If current arms control negotiations are successful, the momentum is maintained, and other political changes take hold, the military balance could be taken to a point where ft would not be very sensitive to technological change. One should be aware that the arms control negotiations are very complex, primarily because of technological issues, and we should not yet bank on it all working out well. If it fails, the military technical competition will heat up again. Even under a strict arms control regime we can expect the competition to continue as each side seeks to develop counters to what ft sees as the other side

  7. a review of game theory approach to cyber security risk management

    African Journals Online (AJOL)

    HOD

    Keywords: Cyber Security, Risk Management, Game Theory, Model. 1. INTRODUCTION. Risk is ... behaviors. This implies they are triggered by self- motivated goal .... embrace diligence verification of the recipient of the email as well as lack of ...

  8. Training programs for the systems approach to nuclear security

    International Nuclear Information System (INIS)

    Ellis, D.

    2005-01-01

    Full text: In support of United States Government (USG) and International Atomic Energy Agency (IAEA) nuclear security programs, Sandia National Laboratories (SNL) has advocated and practiced a risk-based, systematic approach to nuclear security. The risk equation has been developed and implemented as the basis for a performance-based methodology for the design and evaluation of physical protection systems against a design basis threat (DBT) for theft and sabotage of nuclear and/or radiological materials. Integrated systems must include technology, people, and the man-machine interface. A critical aspect of the human element is training on the systems-approach for all the stakeholders in nuclear security. Current training courses and workshops have been very beneficial but are still rather limited in scope. SNL has developed two primary international classes - the international training course on the physical protection of nuclear facilities and materials, and the design basis threat methodology workshop. SNL is also completing the development of three new courses that will be offered and presented in the near term. They are vital area identification methodology focused on nuclear power plants to aid in their protection against radiological sabotage, insider threat analysis methodology and protection schemes, and security foundations for competent authority and facility operator stakeholders who are not security professionals. In the long term, we envision a comprehensive nuclear security curriculum that spans policy and technology, regulators and operators, introductory and expert levels, classroom and laboratory/field, and local and offsite training options. This training curriculum will be developed in concert with a nuclear security series of guidance documents that is expected to be forthcoming from the IAEA. It is important to note that while appropriate implementation of systems based on such training and documentation can improve the risk reduction, such a

  9. Microsoft Technology as an Optimization Tool in Promoting Security and Functionality of the Educational System

    Directory of Open Access Journals (Sweden)

    Jelena Jardas Antonic

    2008-10-01

    Full Text Available Abstract - In the cooperation with the City of Rijeka, the project of analysis of the functional and security situation of information infrastructure has been initiated in 24 schools in the authority of the city. Having completed the multicriteria analysis of the collected data, we have built a model of implementing Microsoft service technologies. The implementation should satisfy the elementary security principles that are required by the security standards today, maximizing functionality of infrastructure and minimizing network administration tasks. Server technology that has been used in this solution is Microsoft Widows 2003 Server R2 and Internet Security and Acceleration Server 2006, as well as the GFI WebMonitor and antivirus.

  10. Security Expertise

    DEFF Research Database (Denmark)

    systematic study of security expertise and opens up a productive dialogue between science and technology studies and security studies to investigate the character and consequences of this expertise. In security theory, the study of expertise is crucial to understanding whose knowledge informs security making......This volume brings together scholars from different fields to explore the power, consequences and everyday practices of security expertise. Expertise mediates between different forms of knowledge: scientific and technological, legal, economic and political knowledge. This book offers the first...... and to reflect on the impact and responsibility of security analysis. In science and technology studies, the study of security politics adds a challenging new case to the agenda of research on expertise and policy. The contributors investigate cases such as academic security studies, security think tanks...

  11. For telehealth to succeed, privacy and security risks must be identified and addressed.

    Science.gov (United States)

    Hall, Joseph L; McGraw, Deven

    2014-02-01

    The success of telehealth could be undermined if serious privacy and security risks are not addressed. For example, sensors that are located in a patient's home or that interface with the patient's body to detect safety issues or medical emergencies may inadvertently transmit sensitive information about household activities. Similarly, routine data transmissions from an app or medical device, such as an insulin pump, may be shared with third-party advertisers. Without adequate security and privacy protections for underlying telehealth data and systems, providers and patients will lack trust in the use of telehealth solutions. Although some federal and state guidelines for telehealth security and privacy have been established, many gaps remain. No federal agency currently has authority to enact privacy and security requirements to cover the telehealth ecosystem. This article examines privacy risks and security threats to telehealth applications and summarizes the extent to which technical controls and federal law adequately address these risks. We argue for a comprehensive federal regulatory framework for telehealth, developed and enforced by a single federal entity, the Federal Trade Commission, to bolster trust and fully realize the benefits of telehealth.

  12. Nuclear power: energy security and supply assurances

    International Nuclear Information System (INIS)

    Rogner, H.H.; McDonald, A.

    2008-01-01

    Expectations are high for nuclear power. This paper first summarizes recent global and regional projections for the medium-term, including the 2007 updates of IAEA projections plus International Energy Agency and World Energy Technology Outlook projections to 2030 and 2050. One driving force for nuclear power is concern about energy supply security. Two potential obstacles are concerns about increased nuclear weapon proliferation risks, and concerns by some countries about potential politically motivated nuclear fuel supply interruptions. Concerning supply security, the paper reviews different definitions, strategies and costs. Supply security is not free; nor does nuclear power categorically increase energy supply security in all situations. Concerning proliferation and nuclear fuel cut-off risks, the IAEA and others are exploring possible 'assurance of supply' mechanisms with 2 motivations. First, the possibility of a political fuel supply interruption is a non-market disincentive discouraging investment in nuclear power. Fuel supply assurance mechanisms could reduce this disincentive. Second, the risk of interruption creates an incentive for a country to insure against that risk by developing a national enrichment capability. Assurance mechanisms could reduce this incentive, thereby reducing the possible spread of new national enrichment capabilities and any associated weapon proliferation risks. (orig.)

  13. Europe, Middle East and North Africa Conference on Technology and Security to Support Learning 2016

    CERN Document Server

    Serrhini, Mohammed; Felgueiras, Carlos

    2017-01-01

    This book contains a selection of articles from The Europe, Middle East and North Africa Conference on Technology and Security to Support Learning 2016 (EMENA-TSSL'16), held between the 3th and 5th of October at Saidia, Oujda, Morocco. EMENA-TSSL'16 is a global forum for researchers and practitioners to present and discuss recent results and innovations, current trends, professional experiences and challenges in Information & Communication Technologies, and Security to support Learning. The main topics covered are: A) Online Education; B) Emerging Technologies in Education; C) Artificial Intelligence in Education; D) Gamification and Serious games; E) Network & Web Technologies Applications; F) Online experimentation and Virtual Laboratories; G) Multimedia Systems and Applications; H) Security and Privacy; I) Multimedia, Computer Vision and Image Processing; J) Cloud, Big Data Analytics and Applications; K) Human-Computer Interaction; L) Software Systems, Architectures, Applications and Tools; M) Onli...

  14. Building Psychological Contracts in Security-Risk Environments

    DEFF Research Database (Denmark)

    Ramirez, Jacobo; Madero, Sergio; Vélez-Zapata, Claudia

    2015-01-01

    This paper examines the reciprocal obligations between employers and employees that are framed as psychological contracts in security-risk environments. A total of 30 interviews based on psychological contract frameworks, duty-of-care strategies in terms of human resource management (HRM) systems...... and the impacts of narcoterrorism on firms were conducted with human resources (HR) personnel, line managers and subordinates at eight national and multinational corporations (MNCs) with subsidiaries in Colombia and Mexico. Our findings generally support the existence of a relational psychological contract in our...... sample. Duty-of-care strategies based on both HRM systems and the sensitivities of HR personnel and line managers to the narcoterrorism context, in combination with both explicit and implicit security policies, tend to be the sources of the content of psychological contracts. We propose a psychological...

  15. Security, Privacy, Threats and Risks in Cloud Computing ― A Vital Review

    OpenAIRE

    Goyal, Sumit

    2016-01-01

    Cloud computing is a multi million dollar business. As more and more enterprises are adopting cloud services for their businesses, threat of security has become a big concern for these enterprises and cloud users. This review describes the latest threats and risks associated with cloud computing and suggests techniques for better privacy and security of data in cloud environment. Threats and risks associated with cloud service models (SaaS, PaaS and IaaS) along with cloud deployment models (p...

  16. Risk creation in a technological world

    International Nuclear Information System (INIS)

    Kuhlmann, A.

    1989-01-01

    The question ultimately facing mankind is how to establish an appropriate risk acceptance in a technological world. The systematics of the risk concept is explained in 4 theses. They imply that a heavy use of technology is linked to high risk potentials which place heavy demands on technology in coping with them, and that technology ought as far as possible to be adapted to man and the environment ought to remain under man's influence. (DG) [de

  17. MUSES RT2AE V P/DP: On the Road to Privacy-Friendly Security Technologies in the Workplace

    OpenAIRE

    Van Der Sype, Yung Shin Marleen; Guislain, Jonathan; Seigneur, Jean-Marc; Titi, Xavier

    2016-01-01

    Successful protection of company data assets requires strong technological support. As many security incidents still occur from within, security technologies often include elements to monitor the behaviour of employees. As those security systems are considered as privacy-intrusive, they are hard to align with the privacy and data protection rights of the employees of the company. Even though there is currently no legal obligation for developers to embed privacy and data protection in security...

  18. Statistical security for Social Security.

    Science.gov (United States)

    Soneji, Samir; King, Gary

    2012-08-01

    The financial viability of Social Security, the single largest U.S. government program, depends on accurate forecasts of the solvency of its intergenerational trust fund. We begin by detailing information necessary for replicating the Social Security Administration's (SSA's) forecasting procedures, which until now has been unavailable in the public domain. We then offer a way to improve the quality of these procedures via age- and sex-specific mortality forecasts. The most recent SSA mortality forecasts were based on the best available technology at the time, which was a combination of linear extrapolation and qualitative judgments. Unfortunately, linear extrapolation excludes known risk factors and is inconsistent with long-standing demographic patterns, such as the smoothness of age profiles. Modern statistical methods typically outperform even the best qualitative judgments in these contexts. We show how to use such methods, enabling researchers to forecast using far more information, such as the known risk factors of smoking and obesity and known demographic patterns. Including this extra information makes a substantial difference. For example, by improving only mortality forecasting methods, we predict three fewer years of net surplus, $730 billion less in Social Security Trust Funds, and program costs that are 0.66% greater for projected taxable payroll by 2031 compared with SSA projections. More important than specific numerical estimates are the advantages of transparency, replicability, reduction of uncertainty, and what may be the resulting lower vulnerability to the politicization of program forecasts. In addition, by offering with this article software and detailed replication information, we hope to marshal the efforts of the research community to include ever more informative inputs and to continue to reduce uncertainties in Social Security forecasts.

  19. Enterprise Architecture-Based Risk and Security Modelling and Analysis

    NARCIS (Netherlands)

    Jonkers, Henk; Quartel, Dick; Kordy, Barbara; Ekstedt, Mathias; Seong Kim, Deng

    2016-01-01

    The growing complexity of organizations and the increasing number of sophisticated cyber attacks asks for a systematic and integral approach to Enterprise Risk and Security Management (ERSM). As enterprise architecture offers the necessary integral perspective, including the business and IT aspects

  20. Cyber security

    CERN Document Server

    Voeller, John G

    2014-01-01

    Cyber Security features articles from the Wiley Handbook of Science and Technology for Homeland Security covering topics related to cyber security metrics and measure  and related technologies that meet security needs. Specific applications to web services, the banking and the finance sector, and industrial process control systems are discussed.

  1. The Importance of the Brain Neuro-Programming Technologies in National and Regional Security

    Directory of Open Access Journals (Sweden)

    Vasyl H. Fatkhutdinov

    2018-02-01

    Full Text Available The authors’ understanding of neuro-programming is the result of the impact on the human brain of information and communication technology (including educational one, through which in the human brain the programs of manifestation in the ontogenesis of internal creative potentials are written. This article summarizes the history of the formation of key neuro-programming technologies of the human brain as well as proves that the changes in the society’s worldview are caused by the possibilities and quality of neuro-programming technologies that society uses. Having influence over worldview stereotypes and behaviour set by the society, neuro-programming technologies essentially ensure the national security of any state and the peaceful coexistence of states in the regions and on the planet as a whole. Using historical and philosophical methods, methods of conceptualization, systematization, modeling, etc., the authors have come to the conclusion that the modern world lies in a confrontation of security strategies, in which neuro-programming technologies play a key role.

  2. The Evolving Relationship Between Technology and National Security in China: Innovation, Defense Transformation, and China’s Place in the Global Technology Order

    Science.gov (United States)

    2016-02-12

    Stockmann, Xiao Qiang. Changing Media, Changing China , New York: Oxford University Press, (01 2011) Dieter Ernst. Indigenous Innovation and...2211 China , science, technology, dual use, defense, security, innovation REPORT DOCUMENTATION PAGE 11. SPONSOR/MONITOR’S REPORT NUMBER(S) 10...ABSTRACT Final Report: The Evolving Relationship Between Technology and National Security in China : Innovation , Defense Transformation, and China’s

  3. Embedding security messages in existing processes: a pragmatic and effective approach to information security culture change

    CERN Document Server

    Lopienski, Sebastian

    Companies and organizations world-wide depend more and more on IT infrastructure and operations. Computer systems store vital information and sensitive data; computing services are essential for main business processes. This high dependency comes with a number of security risks, which have to be managed correctly on technological, organizational and human levels. Addressing the human aspects of information security often boils down just to procedures, training and awareness raising. On the other hand, employees and collaborators do not adopt security attitude and habits simply when told to do so – a real change in behaviour requires an established security culture. But how to introduce a security culture? This thesis outlines the need of developing or improving security culture, and discusses how this can be done. The proposed approach is to gradually build security knowledge and awareness, and influence behaviours. The way to achieve this is to make security communication pervasive by embedding security me...

  4. Quantitative Security Risk Assessment of Android Permissions and Applications

    OpenAIRE

    Wang , Yang; Zheng , Jun; Sun , Chen; Mukkamala , Srinivas

    2013-01-01

    Part 6: Mobile Computing; International audience; The booming of the Android platform in recent years has attracted the attention of malware developers. However, the permissions-based model used in Android system to prevent the spread of malware, has shown to be ineffective. In this paper, we propose DroidRisk, a framework for quantitative security risk assessment of both Android permissions and applications (apps) based on permission request patterns from benign apps and malware, which aims ...

  5. Communicating Health Risks under Pressure: Homeland Security Applications

    International Nuclear Information System (INIS)

    Garrahan, K.G.; Collie, S.L.

    2006-01-01

    The U.S. Environmental Protection Agency's (EPA) Office of Research and Development (ORD) Threat and Consequence Assessment Division (TCAD) within the National Homeland Security Research Center (NHSRC) has developed a tool for rapid communication of health risks and likelihood of exposure in preparation for terrorist incidents. The Emergency Consequence Assessment Tool (ECAT) is a secure web-based tool designed to make risk assessment and consequence management faster and easier for high priority terrorist threat scenarios. ECAT has been designed to function as 'defensive play-book' for health advisors, first responders, and decision-makers by presenting a series of evaluation templates for priority scenarios that can be modified for site-specific applications. Perhaps most importantly, the risk communication aspect is considered prior to an actual release event, so that management or legal advisors can concur on general risk communication content in preparation for press releases that can be anticipated in case of an actual emergency. ECAT serves as a one-stop source of information for retrieving toxicological properties for agents of concern, estimating exposure to these agents, characterizing health risks, and determining what actions need to be undertaken to mitigate the risks. ECAT has the capability to be used at a command post where inputs can be checked and communicated while the response continues in real time. This front-end planning is intended to fill the gap most commonly identified during tabletop exercises: a need for concise, timely, and informative risk communication to all parties. Training and customization of existing chemical and biological release scenarios with modeling of exposure to air and water, along with custom risk communication 'messages' intended for public, press, shareholders, and other partners enable more effective communication during times of crisis. For DOE, the ECAT could serve as a prototype that would be amenable to

  6. Information Data Security Specialists' and Business Leaders' Experiences Regarding Communication Challenges

    Science.gov (United States)

    Lopez, Robert H.

    2012-01-01

    The problem addressed was the need to maintain data security in the field of information technology. Specifically, the breakdown of communication between business leaders and data security specialists create risks to data security. The purpose of this qualitative phenomenological study was to determine which factors would improve communication…

  7. Leadership and New Technologies. New Security Issues for Management of Internet Connectivity and Remote Control in Automotive Industry

    Directory of Open Access Journals (Sweden)

    Cosmin Cătălin Olteanu

    2015-05-01

    Full Text Available The main purpose of the paper is to illustrate the importance of implementing new security policies for infotainment systems in automotive industry. A car is full of technology and is easier today to control car systems through an internet connection linked to car system infotainment. This is how it is possible to gain control of critical car systems. More than 84% of users doesn’t even know the risk of remote control of the car in the presence of Internet connection.

  8. Trust, Perceived Risk, Perceived Ease of Use and Perceived Usefulness as Factors Related to mHealth Technology Use

    Science.gov (United States)

    Schnall, Rebecca; Higgins, Tracy; Brown, William; Carballo-Dieguez, Alex; Bakken, Suzanne

    2017-01-01

    Mobile technology use is nearly ubiquitous which affords the opportunity for using these technologies for modifying health related behaviors. At the same time, use of mobile health (mHealth) technology raises privacy and security concerns of consumers. The goal of this analysis was to understand the perceived ease of use, usefulness, risk and trust that contribute to behavioral intention to use a mobile application for meeting the healthcare needs of persons living with HIV (PLWH). To understand these issues, we conducted focus group sessions with 50 persons living with HIV and 30 HIV healthcare providers. We used the e-commerce acceptance model to analyze our focus group data. Findings from the study demonstrated the need for mHealth to be perceived as useful, easy to use, with little perceived risk accompanied by a measure of trust in the creators of the technology. Findings from this work can inform future work on patients and providers’ perceptions of risk, trust, ease of use and usefulness of mHealth technology. PMID:26262094

  9. Energy Assurance: Essential Energy Technologies for Climate Protection and Energy Security

    Energy Technology Data Exchange (ETDEWEB)

    Greene, David L [ORNL; Boudreaux, Philip R [ORNL; Dean, David Jarvis [ORNL; Fulkerson, William [University of Tennessee, Knoxville (UTK); Gaddis, Abigail [University of Tennessee, Knoxville (UTK); Graham, Robin Lambert [ORNL; Graves, Ronald L [ORNL; Hopson, Dr Janet L [University of Tennessee, Knoxville (UTK); Hughes, Patrick [ORNL; Lapsa, Melissa Voss [ORNL; Mason, Thom [ORNL; Standaert, Robert F [ORNL; Wilbanks, Thomas J [ORNL; Zucker, Alexander [ORNL

    2009-12-01

    We present and apply a new method for analyzing the significance of advanced technology for achieving two important national energy goals: climate protection and energy security. Quantitative metrics for U.S. greenhouse gas emissions in 2050 and oil independence in 2030 are specified, and the impacts of 11 sets of energy technologies are analyzed using a model that employs the Kaya identity and incorporates the uncertainty of technological breakthroughs. The goals examined are a 50% to 80% reduction in CO2 emissions from energy use by 2050 and increased domestic hydrocarbon fuels supply and decreased demand that sum to 11 mmbd by 2030. The latter is intended to insure that the economic costs of oil dependence are not more than 1% of U.S. GDP with 95% probability by 2030. Perhaps the most important implication of the analysis is that meeting both energy goals requires a high probability of success (much greater than even odds) for all 11 technologies. Two technologies appear to be indispensable for accomplishment of both goals: carbon capture and storage, and advanced fossil liquid fuels. For reducing CO2 by more than 50% by 2050, biomass energy and electric drive (fuel cell or battery powered) vehicles also appear to be necessary. Every one of the 11 technologies has a powerful influence on the probability of achieving national energy goals. From the perspective of technology policy, conflict between the CO2 mitigation and energy security is negligible. These general results appear to be robust to a wide range of technology impact estimates; they are substantially unchanged by a Monte Carlo simulation that allows the impacts of technologies to vary by 20%.

  10. Risk-based systems analysis for emerging technologies: Applications of a technology risk assessment model to public decision making

    International Nuclear Information System (INIS)

    Quadrel, M.J.; Fowler, K.M.; Cameron, R.; Treat, R.J.; McCormack, W.D.; Cruse, J.

    1995-01-01

    The risk-based systems analysis model was designed to establish funding priorities among competing technologies for tank waste remediation. The model addresses a gap in the Department of Energy's (DOE's) ''toolkit'' for establishing funding priorities among emerging technologies by providing disciplined risk and cost assessments of candidate technologies within the context of a complete remediation system. The model is comprised of a risk and cost assessment and a decision interface. The former assesses the potential reductions in risk and cost offered by new technology relative to the baseline risk and cost of an entire system. The latter places this critical information in context of other values articulated by decision makers and stakeholders in the DOE system. The risk assessment portion of the model is demonstrated for two candidate technologies for tank waste retrieval (arm-based mechanical retrieval -- the ''long reach arm'') and subsurface barriers (close-coupled chemical barriers). Relative changes from the base case in cost and risk are presented for these two technologies to illustrate how the model works. The model and associated software build on previous work performed for DOE's Office of Technology Development and the former Underground Storage Tank Integrated Demonstration, and complement a decision making tool presented at Waste Management 1994 for integrating technical judgements and non-technical (stakeholder) values when making technology funding decisions

  11. Agricultural Technology, Risk, and Gender

    DEFF Research Database (Denmark)

    Arndt, Channing; Tarp, Finn

    2000-01-01

    Interactions between agricultural technology improvements, risk-reducing behavior, and gender roles in agricultural production in Mozambique are examined. The analysis employs a computable general equilibrium (CGE) model that explicitly incorporates key features of the economy. These include......: detailed accounting of marketing margins, home consumption, risk, and gender roles in agricultural production. Our results show that agricultural technology improvements benefit both male and female occupants of rural households. Due to economic interactions, agricultural technology improvements...

  12. Predictors of mother-child interaction quality and child attachment security in at-risk families.

    Science.gov (United States)

    De Falco, Simona; Emer, Alessandra; Martini, Laura; Rigo, Paola; Pruner, Sonia; Venuti, Paola

    2014-01-01

    Child healthy development is largely influenced by parent-child interaction and a secure parent-child attachment is predictively associated with positive outcomes in numerous domains of child development. However, the parent-child relationship can be affected by several psychosocial and socio-demographic risk factors that undermine its quality and in turn play a negative role in short and long term child psychological health. Prevention and intervention programs that support parenting skills in at-risk families can efficiently reduce the impact of risk factors on mother and child psychological health. This study examines predictors of mother-child interaction quality and child attachment security in a sample of first-time mothers with psychosocial and/or socio-demographic risk factors. Forty primiparous women satisfying specific risk criteria participated in a longitudinal study with their children from pregnancy until 18 month of child age. A multiple psychological and socioeconomic assessment was performed. The Emotional Availability Scales were used to measure the quality of emotional exchanges between mother and child at 12 months and the Attachment Q-Sort served as a measure of child attachment security at 18 months. Results highlight both the effect of specific single factors, considered at a continuous level, and the cumulative risk effect of different co-occurring factors, considered at binary level, on mother-child interaction quality and child attachment security. Implication for the selection of inclusion criteria of intervention programs that support parenting skills in at-risk families are discussed.

  13. Predictors of mother-child interaction quality and child attachment security in at-risk families

    Directory of Open Access Journals (Sweden)

    Simona eDe Falco

    2014-08-01

    Full Text Available Child healthy development is largely influenced by parent-child interaction and a secure parent-child attachment is predictively associated with positive outcomes in numerous domains of child development. However, the parent-child relationship can be affected by several psychosocial and socio-demographic risk factors that undermine its quality and in turn play a negative role in short and long term child psychological health. Prevention and intervention programs that support parenting skills in at-risk families can efficiently reduce the impact of risk factors on mother and child psychological health. This study examines predictors of mother-child interaction quality and child attachment security in a sample of first-time mothers with psychosocial and/or socio-demographic risk factors. Forty primiparous women satisfying specific risk criteria participated in a longitudinal study with their children from pregnancy until 18 month of child age. A multiple psychological and socioeconomic assessment was performed. The Emotional Availability Scales were used to measure the quality of emotional exchanges between mother and child at 12 months and the Attachment Q-Sort served as a measure of child attachment security at 18 months. Results highlight both the effect of specific single factors, considered at a continuous level, and the cumulative risk effect of different co-occurring factors, considered at binary level, on mother-child interaction quality and child attachment security. Implication for the selection of inclusion criteria of intervention programs that support parenting skills in at-risk families are discussed.

  14. Development of Cyber Security Scheme for Nuclear Power Plant

    Energy Technology Data Exchange (ETDEWEB)

    Hong, S. B.; Choi, Y. S.; Cho, J. W. (and others)

    2009-12-15

    Nuclear I and C system is considered to be safe on the cyber threat because of the use of exclusive communication network and operating system. But the trend of open architecture and standardization on the equipment of I and C system, it is not safe on the cyber threat such as hacking and cyber terror. It is needed to protect nuclear I and C systems by the cyber attack, Countermeasures of the cyber security is required a lot of time and endeavors because there are many factors on the environment of cyber security and cyber attack. For the nuclear cyber security, we should make structural framework and eliminate cyber vulnerabilities by the analysis of cyber environment. The framework for the cyber security includes planning, embodiment of security technologies, security audit, security management and security maintenance. In this report, we examined IT security technology and the trend of standard in the industrial I and C system, and proposed a method to construct cyber security for the nuclear power plant. We analysed the threat of cyber security, vulnerability and cyber risk, then we present a method for the cyber security structure and the countermeasures.

  15. Development of Cyber Security Scheme for Nuclear Power Plant

    International Nuclear Information System (INIS)

    Hong, S. B.; Choi, Y. S.; Cho, J. W.

    2009-12-01

    Nuclear I and C system is considered to be safe on the cyber threat because of the use of exclusive communication network and operating system. But the trend of open architecture and standardization on the equipment of I and C system, it is not safe on the cyber threat such as hacking and cyber terror. It is needed to protect nuclear I and C systems by the cyber attack, Countermeasures of the cyber security is required a lot of time and endeavors because there are many factors on the environment of cyber security and cyber attack. For the nuclear cyber security, we should make structural framework and eliminate cyber vulnerabilities by the analysis of cyber environment. The framework for the cyber security includes planning, embodiment of security technologies, security audit, security management and security maintenance. In this report, we examined IT security technology and the trend of standard in the industrial I and C system, and proposed a method to construct cyber security for the nuclear power plant. We analysed the threat of cyber security, vulnerability and cyber risk, then we present a method for the cyber security structure and the countermeasures

  16. Risk Assessment Generated by Usage of ICT and Information Security Measures

    Directory of Open Access Journals (Sweden)

    Ilie TAMAS

    2006-01-01

    Full Text Available Information societies involve the usage of information technology and communications (ITC on a large scale. The dependence on ITC is an unquestionable problem in the present, because we assist to a generality of computers usage in all economic and social life activities. That is why organization information systems became accessible at the global level and there are permanently open for a quick exchange of information between different categories of users located by different geographical nods. The ITC usage involves the existing of some risks that should be known, evaluation and based on these, we must have information systems security measure. We consider that the risk is an indicator very important that must be permanently assess in the usage process of the information system based on ITC. Risk management suppose a permanently evaluation of these problems and also restrain by some practical actions who goes to the decrease of its effects. From the expose point of view, in this paper work it is presented the results of research based on specialty literature and current cases from practical activities, regarding the risks of ITC usage and their diminishing measure. There are distinguished the main factors (threat, vulnerability and impact who affect the information risk and on the other way, diminishing measure of the action to these factors for optimum working of an economic and social organism who use ITC. We consider that through proposed measures we assume safety in design process, implement and usage of the informational systems based on ITC.

  17. Security and privacy issues of personal health.

    Science.gov (United States)

    Blobel, Bernd; Pharow, Peter

    2007-01-01

    While health systems in developed countries and increasingly also in developing countries are moving from organisation-centred to person-centred health service delivery, the supporting communication and information technology is faced with new risks regarding security and privacy of stakeholders involved. The comprehensively distributed environment puts special burden on guaranteeing communication security services, but even more on guaranteeing application security services dealing with privilege management, access control and audit regarding social implication and connected sensitivity of personal information recorded, processed, communicated and stored in an even internationally distributed environment.

  18. Mobile Security: A Systems Engineering Framework for Implementing Bring Your Own Device (BYOD) Security through the Combination of Policy Management and Technology

    Science.gov (United States)

    Zahadat, Nima

    2016-01-01

    With the rapid increase of smartphones and tablets, security concerns have also been on the rise. Traditionally, Information Technology (IT) departments set up devices, apply security, and monitor them. Such approaches do not apply to today's mobile devices due to a phenomenon called Bring Your Own Device or BYOD. Employees find it desirable to…

  19. Security research roadmap

    Energy Technology Data Exchange (ETDEWEB)

    Rouhiainen, V. (ed.)

    2007-02-15

    VTT has a broad range of security research ongoing in many areas of technology. The main areas have been concentrating on public safety and security, but VTT is also participating in several research projects related to defence technology. To identify and define expertise and research goals in more detail, the Security research roadmap was developed. The roadmap identified three particularly significant areas related to security. The assurance of a critical infrastructure emphasises the protection of energy networks, information networks, water supply, traffic and transport, and obviously also the citizens. For assuring the activities of entrepreneurship, significant areas include the security of production and services, the security of sites and assets, and information security for embedded systems. The most important security products and technologies needed are, for example, management of total security, detection, identification, localisation and communication, protection of information networks and systems, as well as physical protection. In the EU's Security programme, which aims at ensuring the security of society and its vital functions, it is stated that. Technology alone can not assure security, but security can not be assured without the support of technology. VTT is conducting security research in all its areas of expertise and clusters. The area has a significant research potential. The development of products and systems designed for the improvement of security has just started. There is still room for innovation. This report presents knowledge and development needs in more detail, as well as future development potential seen in the area of security. (orig.)

  20. The process of Risk management for E-business

    Directory of Open Access Journals (Sweden)

    Erion Lekaj

    2017-07-01

    Full Text Available In the new Internet economy, risk management plays a critical role to protect the organization and its ability to perform their business mission, not just its IT assets. Risk management is the process of identifying risk, assessing risk, and taking steps to reduce risk to an acceptable level. The risk management is an important component of an IT security program. Information and communications technology management and IT security are responsible for ensuring that technology risks are managed appropriately. These risks originate from the deployment and use of IT assets in various ways, such as configuring systems incorrectly or gaining access to restricted soft ware.

  1. Cyber Security Risk Assessment for the KNICS Safety Systems

    International Nuclear Information System (INIS)

    Lee, C. K.; Park, G. Y.; Lee, Y. J.; Choi, J. G.; Kim, D. H.; Lee, D. Y.; Kwon, K. C.

    2008-01-01

    In the Korea Nuclear I and C Systems Development (KNICS) project the platforms for plant protection systems are developed, which function as a reactor shutdown, actuation of engineered safety features and a control of the related equipment. Those are fully digitalized through the use of safety-grade programmable logic controllers (PLCs) and communication networks. In 2006 the Regulatory Guide 1.152 (Rev. 02) was published by the U.S. NRC and it describes the application of a cyber security to the safety systems in the Nuclear Power Plant (NPP). Therefore it is required that the new requirements are incorporated into the developed platforms to apply to NPP, and a cyber security risk assessment is performed. The results of the assessment were input for establishing the cyber security policies and planning the work breakdown to incorporate them

  2. Security and Risk Analysis of Nuclear Safeguards Instruments Using Attack Trees

    International Nuclear Information System (INIS)

    Naumann, I.; Wishard, B.

    2015-01-01

    The IAEA's nuclear safeguards instruments must be frequently evaluated against attack vectors, which are extremely varied and, at first approximation, may seem inconsequential, but are not. To accurately analyze the impact of attacks on a multi-component system requires a highly structured and well-documented assessment. Tree structures, such as fault trees, have long been used to assess the consequences of selecting potential solutions and their impact on risk. When applied to security threats by introducing threat agents (adversaries) and vulnerabilities, this approach can be extremely valuable in uncovering previously unidentified risks and identifying mitigation steps. This paper discusses how attack trees can be used for the security analysis of nuclear safeguards instruments. The root node of such a tree represents an objective that negatively impacts security such as disclosing and/or falsifying instrument data or circumventing safeguards methods. Usually, this objective is rather complex and attaining it requires a combination of several security breaches which may vary on how much funding or what capabilities are required in order to execute them. Thus, it is necessary to break the root objective into smaller, less complex units. Once a leaf node describes a reasonably comprehensible action, it is the security experts' task to allocate levels of difficulty and funding to this node. Eventually, the paths from the leaf nodes to the root node describe all possible combinations of actions necessary to carry out a successful attack. The use of a well-structured attack tree facilitates the developer in thinking like the adversary providing more effective security solutions. (author)

  3. AUTOCHTHONOUS APPROACHING IN THE MANAGEMENT OF THE SECURITY RISK

    Directory of Open Access Journals (Sweden)

    Burtescu Emil

    2008-05-01

    Full Text Available An optimal management for a corporation, no matter what size the corporation is, it must contain the management of the security risk. On the importance that is given to the risk management can depend the well functioning of the corporation. An important role in this process has the owner of the business and the way that this one understands the risk. A good understanding of the risk by the owner will have as effect the allocation of sufficient funds to implement controls meant to bring the risk level in order to be an acceptable one. The autochthonous corporations, in a great part even because of the inexistence of reglementations in this domain, have an empiric approach of the phenomena.

  4. Data Security Risk Estimation for Information-Telecommunication Systems on the basis of Cloud Computing

    Directory of Open Access Journals (Sweden)

    Anatoly Valeryevich Tsaregorodtsev

    2014-02-01

    Full Text Available Cloud computing will be one of the most common IT technologies to deploy applications, due to its key features: on-demand network access to a shared pool of configurable computing resources, flexibility and good quality/price ratio. Migrating to cloud architecture enables organizations to reduce the overall cost of implementing and maintaining the infrastructure and reduce development time for new business applications. There are many factors that influence the information security environment of cloud, as its multitenant architecture brings new and more complex problems and vulnerabilities. And the approach to risk estimation used in making decisions about the migration of critical data in the cloud infrastructure of the organization are proposed in the paper.

  5. Coping with global environmental change, disasters and security: threats, challenges, vulnerabilities and risks

    NARCIS (Netherlands)

    Brauch, H.G.; Oswald Spring, Ú.; Mesjasz, C.; Grin, J.; Kameri-Mbote, P.; Chourou, B.; Dunay, P.; Birkmann, J.

    2011-01-01

    This policy-focused Global Environmental and Human Security Handbook for the Anthropo-cene (GEHSHA) addresses new security threats, challenges, vulnerabilities and risks posed by global environmental change and disasters. In 6 forewords, 5 preface essays 95 peer reviewed chapcountries analyse in 10

  6. Between Hype and Understatement: Reassessing Cyber Risks as a Security Strategy

    Directory of Open Access Journals (Sweden)

    Audrey Guinchard

    2011-01-01

    Full Text Available Most of the actions that fall under the trilogy of cyber crime, terrorism,and war exploit pre-existing weaknesses in the underlying technology.Because these vulnerabilities that exist in the network are not themselvesillegal, they tend to be overlooked in the debate on cyber security. A UKreport on the cost of cyber crime illustrates this approach. Its authors chose to exclude from their analysis the costs in anticipation of cyber crime, such as insurance costs and the costs of purchasing anti-virus software on the basis that "these are likely to be factored into normal day-to-day expenditures for the Government, businesses, and individuals. This article contends if these costs had been quantified and integrated into the cost of cyber crime, then the analysis would have revealed that what matters is not so much cyber crime, but the fertile terrain of vulnerabilities that unleash a range of possibilities to whomever wishes to exploit them. By downplaying the vulnerabilities, the threats represented by cyber war, cyber terrorism, and cyber crime are conversely inflated. Therefore, reassessing risk as a strategy for security in cyberspace must include acknowledgment of understated vulnerabilities, as well as a better distributed knowledge about the nature and character of the overhyped threats of cyber crime, cyber terrorism, and cyber war.

  7. A review of cyber security risk assessment methods for SCADA systems

    OpenAIRE

    Cherdantseva, Yulia; Burnap, Peter; Blyth, Andrew; Eden, Peter; Jones, Kevin; Soulsby, Hugh; Stoddart, Kristan

    2016-01-01

    This paper reviews the state of the art in cyber security risk assessment of Supervisory Control and Data Acquisition (SCADA) systems. We select and in-detail examine twenty-four risk assessment methods developed for or applied in the context of a SCADA system. We describe the essence of the methods and then analyse them in terms of aim; application domain; the stages of risk management addressed; key risk management concepts covered; impact measurement; sources of probabilistic data; evaluat...

  8. An analysis of security price risk and return among publicly traded pharmacy corporations.

    Science.gov (United States)

    Gilligan, Adrienne M; Skrepnek, Grant H

    2013-01-01

    Community pharmacies have been subject to intense and increasing competition in the past several decades. To determine the security price risk and rate of return of publicly traded pharmacy corporations present on the major U.S. stock exchanges from 1930 to 2009. The Center of Research in Security Prices (CRSP) database was used to examine monthly security-level stock market prices in this observational retrospective study. The primary outcome of interest was the equity risk premium, with analyses focusing upon financial metrics associated with risk and return based upon modern portfolio theory (MPT) including: abnormal returns (i.e., alpha), volatility (i.e., beta), and percentage of returns explained (i.e., adjusted R(2)). Three equilibrium models were estimated using random-effects generalized least squares (GLS): 1) the Capital Asset Pricing Model (CAPM); 2) Fama-French Three-Factor Model; and 3) Carhart Four-Factor Model. Seventy-five companies were examined from 1930 to 2009, with overall adjusted R(2) values ranging from 0.13 with the CAPM to 0.16 with the Four-Factor model. Alpha was not significant within any of the equilibrium models across the entire 80-year time period, though was found from 1999 to 2009 in the Three- and Four-Factor models to be associated with a large, significant, and negative risk-adjusted abnormal returns of -33.84%. Volatility varied across specific time periods based upon the financial model employed. This investigation of risk and return within publicly listed pharmacy corporations from 1930 to 2009 found that substantial losses were incurred particularly from 1999 to 2009, with risk-adjusted security valuations decreasing by one-third. Copyright © 2013 Elsevier Inc. All rights reserved.

  9. About Security in Contemporary World

    Directory of Open Access Journals (Sweden)

    Ladislav Hofreiter

    2015-06-01

    Full Text Available The task to ensure security in contemporary world is a complicated political, scientific-technological and socio-economic problem. As the security itself is complicated, multifactor and hierarchized phenomen also its investigation has to be of an interdisciplinary character. The character of security environment, the character of security risks and threats and also the character of tools for their elimination are essentially changing. The basis to security of social subject consisted in arrangement of the conditions for their existence, to surviving in the present time and advancement into the future. Assurance of this condition means it provided ability to the social subjects to eliminated threats that are defined. In situations of asymmetrical security, the threats are not always clearly defined. They often consist of their own structure systems, in relationships and status the subjects of internationals relations. Asymmetrical of security, by our opinion, presents a discrepancy, unbalance, non-parity between subjects of the international security environment. The unbalance, discrepancy, non-parity has political, military, economic, law, social and societal dimensions.

  10. A 3S Risk ?3SR? Assessment Approach for Nuclear Power: Safety Security and Safeguards.

    Energy Technology Data Exchange (ETDEWEB)

    Forrest, Robert; Reinhardt, Jason Christian; Wheeler, Timothy A.; Williams, Adam David

    2017-11-01

    Safety-focused risk analysis and assessment approaches struggle to adequately include malicious, deliberate acts against the nuclear power industry's fissile and waste material, infrastructure, and facilities. Further, existing methods do not adequately address non- proliferation issues. Treating safety, security, and safeguards concerns independently is inefficient because, at best, it may not take explicit advantage of measures that provide benefits against multiple risk domains, and, at worst, it may lead to implementations that increase overall risk due to incompatibilities. What is needed is an integrated safety, security and safeguards risk (or "3SR") framework for describing and assessing nuclear power risks that can enable direct trade-offs and interactions in order to inform risk management processes -- a potential paradigm shift in risk analysis and management. These proceedings of the Sandia ePRA Workshop (held August 22-23, 2017) are an attempt to begin the discussions and deliberations to extend and augment safety focused risk assessment approaches to include security concerns and begin moving towards a 3S Risk approach. Safeguards concerns were not included in this initial workshop and are left to future efforts. This workshop focused on four themes in order to begin building out a the safety and security portions of the 3S Risk toolkit: 1. Historical Approaches and Tools 2. Current Challenges 3. Modern Approaches 4. Paths Forward and Next Steps This report is organized along the four areas described above, and concludes with a summary of key points. 2 Contact: rforres@sandia.gov; +1 (925) 294-2728

  11. Enhancing Information Security in Cloud Computing Services using SLA based metrics

    OpenAIRE

    , Nia; Mganga, Ramadianti Putri;; Charles, Medard

    2011-01-01

    Context: Cloud computing is a prospering technology that most organizations are considering for adoption as a cost effective strategy for managing IT. However, organizations also still consider the technology to be associated with many business risks that are not yet resolved. Such issues include security, privacy as well as legal and regulatory risks. As an initiative to address such risks, organizations can develop and implement SLA to establish common expectations and goals between the clo...

  12. Design concept of CSRAS (Cyber Security Risk Analysis and Assessment System) for digital I and C systems

    International Nuclear Information System (INIS)

    Song, J. G.; Lee, J. W.; Lee, D. Y.; Lee, C. K.

    2012-01-01

    The instrumentation and control (I and C) systems in nuclear power plants (NPPs) have been digitalized recently. Hence, cyber security becomes an important feature to be incorporated into the I and C systems. The Regulatory Guide 5.71 published by U.C NRC in 2010 presents a comprehensive set of security controls for the cyber security of I and C systems in NPPs. However, the application of security controls specified in the RG 5.71 in a specific I and C system still requires many analysis efforts based on the understanding of the security controls, since the guideline does not provide the details to system designers or developers regarding what, where, and how to apply the security controls. To apply security controls to I and C systems, cyber security requirements should be identified based on the cyber security policy and program, then the design and implementation of security controls should be performed along with the I and C system development life cycle. It can be assumed that cyber security requirements are identified during the system design(SD) phase and the design and implementation of security controls is performed during the component design(CD) phase. When identifying security requirements and performing the design and implementation of security controls, cyber security risk assessments should be processed with the understanding of the characteristics of target systems. In this study, the Cyber Security Risk Analysis and Assessment System (CSRAS) has been developed as a tool for analyzing security requirements and technical security controls considering based on a general cyber security risk assessment procedure with the consideration of the characteristics of I and C systems and the development phases

  13. Design concept of CSRAS (Cyber Security Risk Analysis and Assessment System) for digital I and C systems

    Energy Technology Data Exchange (ETDEWEB)

    Song, J. G.; Lee, J. W.; Lee, D. Y.; Lee, C. K. [KAERI, Daejeon (Korea, Republic of)

    2012-10-15

    The instrumentation and control (I and C) systems in nuclear power plants (NPPs) have been digitalized recently. Hence, cyber security becomes an important feature to be incorporated into the I and C systems. The Regulatory Guide 5.71 published by U.C NRC in 2010 presents a comprehensive set of security controls for the cyber security of I and C systems in NPPs. However, the application of security controls specified in the RG 5.71 in a specific I and C system still requires many analysis efforts based on the understanding of the security controls, since the guideline does not provide the details to system designers or developers regarding what, where, and how to apply the security controls. To apply security controls to I and C systems, cyber security requirements should be identified based on the cyber security policy and program, then the design and implementation of security controls should be performed along with the I and C system development life cycle. It can be assumed that cyber security requirements are identified during the system design(SD) phase and the design and implementation of security controls is performed during the component design(CD) phase. When identifying security requirements and performing the design and implementation of security controls, cyber security risk assessments should be processed with the understanding of the characteristics of target systems. In this study, the Cyber Security Risk Analysis and Assessment System (CSRAS) has been developed as a tool for analyzing security requirements and technical security controls considering based on a general cyber security risk assessment procedure with the consideration of the characteristics of I and C systems and the development phases.

  14. Arms and technology transfers: Security and economic considerations among importing and exporting states

    International Nuclear Information System (INIS)

    Lodgaard, S.; Pfaltzgraff, R.L. Jr.

    1995-01-01

    The issues of technology and armament transfers are increasingly at the forefront of problems of international security and disarmament. Three major reasons could explain this. First, the disarmament process has been very successful in the last few years, especially in the field of nuclear, as well chemical and conventional, weapons. Second the disarmament effort underway concerns primarily the old partners of the East-West confrontation. Last, the general context, characterized by the opening and widening of exchanges, the increasingly open and transparent circulation of techniques and material, and the globalization of economic relations, must be taken into account. This report, prepared by UNIDIR comprises the following subjects: General trends in defense related transfers; Political/military factors associated with the diffusion of advanced technology; economic and technological consideration; and facilitation of economic growth/maximization of regional security and stability

  15. National Security Science and Technology Initiative: Air Cargo Screening

    Energy Technology Data Exchange (ETDEWEB)

    Bingham, Philip R [ORNL; White, Tim [Pacific Northwest National Laboratory (PNNL); Cespedes, Ernesto [Idaho National Laboratory (INL); Bowerman, Biays [Brookhaven National Laboratory (BNL); Bush, John [Battelle

    2010-11-01

    The non-intrusive inspection (NII) of consolidated air cargo carried on commercial passenger aircraft continues to be a technically challenging, high-priority requirement of the Department of Homeland Security's Science and Technology Directorate (DHS S&T), the Transportation Security Agency and the Federal Aviation Administration. The goal of deploying a screening system that can reliably and cost-effectively detect explosive threats in consolidated cargo without adversely affecting the flow of commerce will require significant technical advances that will take years to develop. To address this critical National Security need, the Battelle Memorial Institute (Battelle), under a Cooperative Research and Development Agreement (CRADA) with four of its associated US Department of Energy (DOE) National Laboratories (Oak Ridge, Pacific Northwest, Idaho, and Brookhaven), conducted a research and development initiative focused on identifying, evaluating, and integrating technologies for screening consolidated air cargo for the presence of explosive threats. Battelle invested $8.5M of internal research and development funds during fiscal years 2007 through 2009. The primary results of this effort are described in this document and can be summarized as follows: (1) Completed a gap analysis that identified threat signatures and observables, candidate technologies for detection, their current state of development, and provided recommendations for improvements to meet air cargo screening requirements. (2) Defined a Commodity/Threat/Detection matrix that focuses modeling and experimental efforts, identifies technology gaps and game-changing opportunities, and provides a means of summarizing current and emerging capabilities. (3) Defined key properties (e.g., elemental composition, average density, effective atomic weight) for basic commodity and explosive benchmarks, developed virtual models of the physical distributions (pallets) of three commodity types and three

  16. Security Risks and Protection in Online Learning: A Survey

    Science.gov (United States)

    Chen, Yong; He, Wu

    2013-01-01

    This paper describes a survey of online learning which attempts to determine online learning providers' awareness of potential security risks and the protection measures that will diminish them. The authors use a combination of two methods: blog mining and a traditional literature search. The findings indicate that, while scholars have…

  17. New technologies and emerging threats: personnel security adjudicative guidelines in the age of social networking

    OpenAIRE

    Festa, James P.

    2012-01-01

    Approved for public release; distribution is unlimited Publicized incidents involving espionage or violence by government employees with security clearances have raised concern for the personnel security community. The guidelines used to adjudicate security clearances were last updated in 2005; since that time, significant technological developments, especially in social media and communications, have emerged. This thesis developed a comprehensive list of current Internet behaviors, and us...

  18. Development of Risk Assessment Methodology for State's Nuclear Security Regime

    International Nuclear Information System (INIS)

    Jang, Sung Soon; Seo, Hyung Min; Lee, Jung Ho; Kwak, Sung Woo

    2011-01-01

    Threats of nuclear terrorism are increasing after 9/11 terrorist attack. Treats include nuclear explosive device (NED) made by terrorist groups, radiological damage caused by a sabotage aiming nuclear facilities, and radiological dispersion device (RDD), which is also called 'dirty bomb'. In 9/11, Al Qaeda planed to cause radiological consequences by the crash of a nuclear power plant and the captured airplane. The evidence of a dirty bomb experiment was found in Afganistan by the UK intelligence agency. Thus, the international communities including the IAEA work substantial efforts. The leaders of 47 nations attended the 2010 nuclear security summit hosted by President Obama, while the next global nuclear summit will be held in Seoul, 2012. Most states established and are maintaining state's nuclear security regime because of the increasing threat and the international obligations. However, each state's nuclear security regime is different and depends on the state's environment. The methodology for the assessment of state's nuclear security regime is necessary to design and implement an efficient nuclear security regime, and to figure out weak points. The IAEA's INPRO project suggests a checklist method for State's nuclear security regime. The IAEA is now researching more quantitative methods cooperatively with several countries including Korea. In this abstract, methodologies to evaluate state's nuclear security regime by risk assessment are addressed

  19. Information security of children and adolescents in the modern world: psychological aspects of the problem

    Directory of Open Access Journals (Sweden)

    Budykin S.V.

    2017-04-01

    Full Text Available The authors focus on identifying the psychological aspects of the problem of information security of children and adolescents in the modern world. It is noted that new technologies are penetrating deeper into our lives, become cultural means of socialization and human development, contribute to the formation of new social practices in everyday life, require a certain style of life. Draws attention to the fact that the impact of these technologies varies in age groups, the most vulnerable are children and adolescents. After Western researchers of problems of information security of children and adolescents, identifies the category of risk associated with Internet communication: 1 risk associated with the content of the materials provided on the Internet; 2 the risk due to contacts with others; 3 the risk arising in connection with the illegal downloading of materials. 4 risks resulting from the use of personal data, children and adolescents often provide personal information. Demonstrates the necessity of analyzing how users of new technologies to diagnose risk associated with the use of technology such as the Internet, and what behavioral strategies they adapt. Stresses the importance and the need to examine how the immediate environment of children and adolescents interpreterpath information security and suggests how to counter the threat, coupled with the use of the Internet.

  20. Proceedings of the 1989 Carnahan conference on security technology

    International Nuclear Information System (INIS)

    DeVore, R.W.

    1989-01-01

    This book contains the proceedings of the 1989 Carnahan conference on security technology and crime countermeasures. Topics covered include: study of methods for the enhancement of classified document control and protection; research and development of a portable microfocus x-ray system capable of providing ultra-high resolution images of improvised explosive devices; and BombCAD - a CAD-based technique for assessing bomb vulnerability and designing and evaluating bomb defense measures

  1. Integrating Security Risk Management into Business Process Management for the Cloud

    OpenAIRE

    Goettelmann , Elio; Mayer , Nicolas; Godart , Claude

    2014-01-01

    International audience; Security issues are still preventing wider adoption of cloud computing, especially for businesses which are handling sensitive information. Indeed, by outsourcing its information system (IS), a company can lose control over its infrastructure, its software or even its data. Therefore, new methods and tools need to be defined to respond to this challenge. In this paper we propose to integrate Security Risk Management approaches into Business Process Management to effect...

  2. An Evaluation Methodology for the Usability and Security of Cloud-based File Sharing Technologies

    Science.gov (United States)

    2012-09-01

    FISMA, ISO 27001 , FIPS 140-2, and ISO 270001) indicate a cloud-based service’s compliance with industry standard security controls, management and...Information Assurance IEEE Institute of Electrical and Electronics Engineers IT Information Technology ITS Insider Threat Study ISO International...effectively, efficiently and with satisfaction” (International Organization for Standardization [ ISO ], 1998). Alternately, information security

  3. Materials for the information security education

    International Nuclear Information System (INIS)

    Yashiro, Shigeo; Aoki, Kazuhisa; Sato, Tomohiko; Tanji, Kazuhiro

    2014-01-01

    With the rapid progress of the utilization of Information Technology (IT), IT infrastructure (network environment and information system) became crucial as a lifeline for promoting business. At the same time, changes in the circumstances surrounding the IT infrastructure globalize the threat of cyber attacks and increase the risk of the information security such as unlawful access to an information system, viral infection, an alteration of a website, disclosure of subtlety information, destruction of an information system and so on. Information security measure is an important issue in Japan Atomic Energy Agency (JAEA). In order to protect the information property of JAEA from the threat, Center for Computational Science and e-Systems (CCSE) has been taking triadic measures for information security: (1) to lay down a set of information security rules, (2) to introduce security equipments to backbone network and (3) to provide information security education. This report is a summary of the contents of the information security education by e-learning. (author)

  4. Risk management and security services interaction--a must in today's health care environment.

    Science.gov (United States)

    Stultz, M S

    1990-01-01

    The author shows why risk managers and security directors are natural partners in the effort of a hospital to reduce risks from such occurrences as baby kidnappings, serial killers, thefts, and rapes/sexual assaults.

  5. Integrated Safety and Security Risk Assessment Methods: A Survey of Key Characteristics and Applications

    OpenAIRE

    Chockalingam, Sabarathinam; Hadziosmanovic, Dina; Pieters, Wolter; Teixeira, Andre; van Gelder, Pieter

    2017-01-01

    Over the last years, we have seen several security incidents that compromised system safety, of which some caused physical harm to people. Meanwhile, various risk assessment methods have been developed that integrate safety and security, and these could help to address the corresponding threats by implementing suitable risk treatment plans. However, an overarching overview of these methods, systematizing the characteristics of such methods, is missing. In this paper, we conduct a systematic l...

  6. ICT security- aspects important for nuclear facilities; Information and Communication Technologies

    Energy Technology Data Exchange (ETDEWEB)

    Thunem, Atoosa P-J.

    2005-09-15

    Rapid application growth of complex Information and Communication Technologies (ICT) in every society and state infrastructure as well as industry has revealed vulnerabilities that eventually have given rise to serious security breaches. These vulnerabilities together with the course of the breaches from cause to consequence are gradually about to convince the field experts that ensuring the security of ICT-driven systems is no longer possible by only relying on the fundaments of computer science, IT, or telecommunications. Appropriating knowledge from other disciplines is not only beneficial, but indeed very necessary. At the same time, it is a common observation today that ICT-driven systems are used everywhere, from the nuclear, aviation, commerce and healthcare domains to camera-equipped web-enabled cellular phones. The increasing interdisciplinary and inter-sectoral aspects of ICT security worldwide have been providing updated and useful information to the nuclear domain, as one of the emerging users of ICT-driven systems. Nevertheless, such aspects have also contributed to new and complicated challenges, as ICT security for the nuclear domain is in a much more delicate manner than for any other domains related to the concept of safety, at least from the public standpoint. This report addresses some important aspects of ICT security that need to be considered at nuclear facilities. It deals with ICT security and the relationship between security and safety from a rather different perspective than usually observed and applied. The report especially highlights the influence on the security of ICT-driven systems by all other dependability factors, and on that basis suggests a framework for ICT security profiling, where several security profiles are assumed to be valid and used in parallel for each ICT-driven system, sub-system or unit at nuclear facilities. The report also covers a related research topic of the Halden Project with focus on cyber threats and

  7. Security risks in nuclear waste management: Exceptionalism, opaqueness and vulnerability.

    Science.gov (United States)

    Vander Beken, Tom; Dorn, Nicholas; Van Daele, Stijn

    2010-01-01

    This paper analyses some potential security risks, concerning terrorism or more mundane forms of crime, such as fraud, in management of nuclear waste using a PEST scan (of political, economic, social and technical issues) and some insights of criminologists on crime prevention. Nuclear waste arises as spent fuel from ongoing energy generation or other nuclear operations, operational contamination or emissions, and decommissioning of obsolescent facilities. In international and EU political contexts, nuclear waste management is a sensitive issue, regulated specifically as part of the nuclear industry as well as in terms of hazardous waste policies. The industry involves state, commercial and mixed public-private bodies. The social and cultural dimensions--risk, uncertainty, and future generations--resonate more deeply here than in any other aspect of waste management. The paper argues that certain tendencies in regulation of the industry, claimed to be justified on security grounds, are decreasing transparency and veracity of reporting, opening up invisible spaces for management frauds, and in doing allowing a culture of impunity in which more serious criminal or terrorist risks could arise. What is needed is analysis of this 'exceptional' industry in terms of the normal cannons of risk assessment - a task that this paper begins. Copyright 2009 Elsevier Ltd. All rights reserved.

  8. Computer Security: Security operations at CERN (4/4)

    CERN Document Server

    CERN. Geneva

    2012-01-01

    Stefan Lueders, PhD, graduated from the Swiss Federal Institute of Technology in Zurich and joined CERN in 2002. Being initially developer of a common safety system used in all four experiments at the Large Hadron Collider, he gathered expertise in cyber-security issues of control systems. Consequently in 2004, he took over responsibilities in securing CERN's accelerator and infrastructure control systems against cyber-threats. Subsequently, he joined the CERN Computer Security Incident Response Team and is today heading this team as CERN's Computer Security Officer with the mandate to coordinate all aspects of CERN's computer security --- office computing security, computer centre security, GRID computing security and control system security --- whilst taking into account CERN's operational needs. Dr. Lueders has presented on these topics at many different occasions to international bodies, governments, and companies, and published several articles. With the prevalence of modern information technologies and...

  9. New technologies and the search for security: Prospects for a post-cold-war era

    International Nuclear Information System (INIS)

    Petrovsky, V.

    1990-01-01

    New technologies are setting a fast pace in our world. Through science and technology we are able to make our world better, richer and more liveable to everyone. However, the new technologies have brought new mans of destruction and have confronted the world with a real prospect of self destruction. This is one of the main challenges of our age. Greater mutual confidence, openness and, if necessary, checks on how scientific and technological co-operation is used must bring down the existing barriers un the area of technological exchanges. The first results are already evident, for instance in the nuclear field. In our age, science and technology are becoming an inherent element in the comprehensive search for a new, post-confrontational system of peace, security and co-operation. United nations, together with its family of specialized agencies, is called upon to play a major positive role in finding approaches in this area. Scientific and technological progress, especially on the eve of a new millennium in the history of mankind, must serve only to enhance international peace and security and, enable everyone to live a full and worthy life

  10. Safety and security in transportation of radioactive material- the perception of risk

    Energy Technology Data Exchange (ETDEWEB)

    Ericsson, A.M.; Jaernry, C. [AMC Konsult AB, Bromma (Sweden)

    2004-07-01

    Since the event of September 11, 2001, the way most people look at transportation risk has changed. There is now a lot more focusing on the security concerns related to the transportation of radioactive material. Most people are now more concerned about the risk of terrorist actions or sabotage than of accidents. This is probably due to the fact that the safety record for transportation of radioactive material has so far been very good and that most people experience terrorism and sabotage more scaring and less controllable than general accidents. This paper will compare the safety and the security regulations and discuss synergies and contradictions between the sets of regulations.

  11. Safety and security in transportation of radioactive material- the perception of risk

    International Nuclear Information System (INIS)

    Ericsson, A.M.; Jaernry, C.

    2004-01-01

    Since the event of September 11, 2001, the way most people look at transportation risk has changed. There is now a lot more focusing on the security concerns related to the transportation of radioactive material. Most people are now more concerned about the risk of terrorist actions or sabotage than of accidents. This is probably due to the fact that the safety record for transportation of radioactive material has so far been very good and that most people experience terrorism and sabotage more scaring and less controllable than general accidents. This paper will compare the safety and the security regulations and discuss synergies and contradictions between the sets of regulations

  12. Marine and Hydrokinetic Technology Development Risk Management Framework

    Energy Technology Data Exchange (ETDEWEB)

    Snowberg, David [National Renewable Energy Lab. (NREL), Golden, CO (United States); Weber, Jochem [National Renewable Energy Lab. (NREL), Golden, CO (United States)

    2015-09-01

    Over the past decade, the global marine and hydrokinetic (MHK) industry has suffered a number of serious technological and commercial setbacks. To help reduce the risks of industry failures and advance the development of new technologies, the U.S. Department of Energy (DOE) and the National Renewable Energy Laboratory (NREL) developed an MHK Risk Management Framework. By addressing uncertainties, the MHK Risk Management Framework increases the likelihood of successful development of an MHK technology. It covers projects of any technical readiness level (TRL) or technical performance level (TPL) and all risk types (e.g. technological risk, regulatory risk, commercial risk) over the development cycle. This framework is intended for the development and deployment of a single MHK technology—not for multiple device deployments within a plant. This risk framework is intended to meet DOE’s risk management expectations for the MHK technology research and development efforts of the Water Power Program (see Appendix A). It also provides an overview of other relevant risk management tools and documentation.1 This framework emphasizes design and risk reviews as formal gates to ensure risks are managed throughout the technology development cycle. Section 1 presents the recommended technology development cycle, Sections 2 and 3 present tools to assess the TRL and TPL of the project, respectively. Section 4 presents a risk management process with design and risk reviews for actively managing risk within the project, and Section 5 presents a detailed description of a risk registry to collect the risk management information into one living document. Section 6 presents recommendations for collecting and using lessons learned throughout the development process.

  13. Optimisation of the securities portfolio as a part of the risk management process

    Directory of Open Access Journals (Sweden)

    Srečko Devjak

    2004-01-01

    Full Text Available Securities of Slovene companies are listed at the Ljubljana Stock Exchange. Market capitalisation at the Ljubljana Stock Exchange has been growing since 1996 due to new listings of equities. On the basis of financial data time series for listed equities, the financial investor can calculate a risk for each individual security with a selected risk measure and can determine an optimal portfolio, subject to selected constraints. In this paper, we shall consequently determine an optimal portfolio of equities for the financial investor, investing his assets only in selected equities listed at the Ljubljana Stock Exchange. Selecting an appropriate risk measure is especially important for a commercial bank in a risk management process. Commercial banks can use internal models in the risk management process and for the purpose of capital charges as well. An optimal portfolio will be calculated, using a non-linear mathematical model.

  14. Risk calculations in the manufacturing technology selection process

    DEFF Research Database (Denmark)

    Farooq, S.; O'Brien, C.

    2010-01-01

    Purpose - The purpose of this paper is to present result obtained from a developed technology selection framework and provide a detailed insight into the risk calculations and their implications in manufacturing technology selection process. Design/methodology/approach - The results illustrated...... in the paper are the outcome of an action research study that was conducted in an aerospace company. Findings - The paper highlights the role of risk calculations in manufacturing technology selection process by elaborating the contribution of risk associated with manufacturing technology alternatives...... in the shape of opportunities and threats in different decision-making environments. Practical implications - The research quantifies the risk associated with different available manufacturing technology alternatives. This quantification of risk crystallises the process of technology selection decision making...

  15. Enabling Technologies for Ultra-Safe and Secure Modular Nuclear Energy

    International Nuclear Information System (INIS)

    Mendez Cruz, Carmen Margarita; Rochau, Gary E.; Middleton, Bobby; Rodriguez, Salvador B.; Rodriguez, Carmelo; Schleicher, Robert

    2016-01-01

    Sandia National Laboratories and General Atomics are pleased to respond to the Advanced Research Projects Agency-Energy (ARPA-e)'s request for information on innovative developments that may overcome various current reactor-technology limitations. The RFI is particularly interested in innovations that enable ultra-safe and secure modular nuclear energy systems. Our response addresses the specific features for reactor designs called out in the RFI, including a brief assessment of the current state of the technologies that would enable each feature and the methods by which they could be best incorporated into a reactor design.

  16. Enabling Technologies for Ultra-Safe and Secure Modular Nuclear Energy

    Energy Technology Data Exchange (ETDEWEB)

    Mendez Cruz, Carmen Margarita [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Rochau, Gary E. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Middleton, Bobby [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Rodriguez, Salvador B. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Rodriguez, Carmelo [General Atomics, San Diego, CA (United States); Schleicher, Robert [General Atomics, San Diego, CA (United States)

    2016-06-01

    Sandia National Laboratories and General Atomics are pleased to respond to the Advanced Research Projects Agency-Energy (ARPA-e)’s request for information on innovative developments that may overcome various current reactor-technology limitations. The RFI is particularly interested in innovations that enable ultra-safe and secure modular nuclear energy systems. Our response addresses the specific features for reactor designs called out in the RFI, including a brief assessment of the current state of the technologies that would enable each feature and the methods by which they could be best incorporated into a reactor design.

  17. THE INFORMATION CONFIDENTIALITY AND CYBER SECURITY IN MEDICAL INSTITUTIONS

    Directory of Open Access Journals (Sweden)

    SABAU-POPA CLAUDIA DIANA

    2015-07-01

    Full Text Available The information confidentiality and cyber security risk affects the right to confidentiality and privacy of the patient, as regulated in Romania by the Law 46/2002. The manifestation of the cyber security risk event affects the reputation of the healthcare institution and is becoming more and more complex and often due to the: development of network technology, the medical equipment connected to wifi and the electronic databases. The databases containing medical records were implemented due to automation. Thus, transforming data into medical knowledge contribute to a better understanding of the disease. Due to these factors, the measures taken by the hospital management for this type of risk are adapted to the cyber changes. The hospital objectives aim: the implementation of a robust information system, the early threats identifications and the incident reporting. Neglecting this type of risk can generate financial loss, inability to continue providing health care services for a certain period of time, providing an erroneous diagnosis, medical equipment errors etc. Thus, in a digital age the appropriate risk management for the information security and cyber risk represent a necessity. The main concern of hospitals worldwide is to align with international requirements and obtain credentials in terms of data security from the International Organisation for Standardization, which regulates the management of this type of risk. Romania is at the beginning in terms of concerns regarding the management, avoidance and mitigation of information security, the health system being most highly exposed to its manifestation. The present paper examines the concerns of the health system to the confidentiality of information and cyber security risk and its management arrangements. Thus, a set of key risk indicators is implemented and monitored for 2011-2013, using a user interface, a Dashboard, which acts as an early warning system of the manifestation of the

  18. TWO-LAYER SECURE PREVENTION MECHANISM FOR REDUCING E-COMMERCE SECURITY RISKS

    OpenAIRE

    Sen-Tarng Lai

    2015-01-01

    E-commerce is an important information system in the network and digital age. However, the network intrusion, malicious users, virus attack and system security vulnerabilities have continued to threaten the operation of the e-commerce, making e-commerce security encounter serious test. How to improve ecommerce security has become a topic worthy of further exploration. Combining routine security test and security event detection procedures, this paper proposes the Two-Layer Secure ...

  19. Analyzing State Security Risks in South China Sea Conflict

    Directory of Open Access Journals (Sweden)

    Дмитрий Владимирович Пивоваров

    2009-09-01

    Full Text Available The article is devoted to the regional security issues in South East Asia. The author analyses the international relations that go closely to the foreign policy and foreign policy strategy problems. The author proposes risk analysis as a new and promising method in political science to generate foreign policy plans and analyze international conflicts and problems.

  20. Managing climatic risks for enhanced food security: Key information capabilities

    NARCIS (Netherlands)

    Balaghi, R.; Badjeck, M.C.; Bakari, D.; Pauw, de E.D.; Wit, de A.J.W.; Defourny, P.; Donato, S.; Gommes, R.; Jlibene, M.; Ravelo, A.C.; Sivakumar, M.V.K.; Telahigue, N.; Tychon, B.

    2010-01-01

    Food security is expected to face increasing challenges from climatic risks that are more and more exacerbated by climate change, especially in the developing world. This document lists some of the main capabilities that have been recently developed, especially in the area of operational

  1. 21st Century Security Manager

    OpenAIRE

    Stelian ARION

    2010-01-01

    We live in world of uncertainty that generates major paradigms changing that affect security risk management. Modern organization’s security risks management can’t be done without a profound knowlegde and daily practice for security governance, security risk management and resilience. 21st Century security manager need to deal with several areas of konwledge in order to succesfully manage security risks. The document presents the advantages, disadvantages and challenges for security managers ...

  2. Development of Risk Management Technology/Development of Risk-Informed Application Technology

    Energy Technology Data Exchange (ETDEWEB)

    Yang, Joon Eon; Kim, K. Y.; Ahn, K. I.; Lee, Y. H.; Lim, H. G.; Jung, W. S.; Choi, S. Y.; Han, S. J.; Ha, J. J.; Hwang, M. J.; Park, S. Y.; Yoon, C

    2007-06-15

    This project aims at developing risk-informed application technologies to enhance the safety and economy of nuclear power plant altogether. For this, the Integrated Level 1 and 2 PSA model is developed. In addition, the fire and internal flooding PSA models are improved according to the PSA standard of U.S.A. To solve the issues of domestic PSA model, the best-estimate thermal hydraulic analyses are preformed for the ATWS and LSSB. In order to reduce the uncertainty of PSA, several new PSA technologies are developed: (1) more exact quantification of large fault tree, (2) importance measure including the effects of external PSA. As feasibility studies of Option 2 and 3, the class of 6 systems' SSC are re-classified based on the risk information and the sensitivity analyses is performed for the EDG starting time, respectively. It is also improved that the methodology to identify the vital area of NPP. The research results of this project can be used in the regulatory body and the industry projects for risk-informed applications.

  3. Development of Risk Management Technology/Development of Risk-Informed Application Technology

    International Nuclear Information System (INIS)

    Yang, Joon Eon; Kim, K. Y.; Ahn, K. I.; Lee, Y. H.; Lim, H. G.; Jung, W. S.; Choi, S. Y.; Han, S. J.; Ha, J. J.; Hwang, M. J.; Park, S. Y.; Yoon, C.

    2007-06-01

    This project aims at developing risk-informed application technologies to enhance the safety and economy of nuclear power plant altogether. For this, the Integrated Level 1 and 2 PSA model is developed. In addition, the fire and internal flooding PSA models are improved according to the PSA standard of U.S.A. To solve the issues of domestic PSA model, the best-estimate thermal hydraulic analyses are preformed for the ATWS and LSSB. In order to reduce the uncertainty of PSA, several new PSA technologies are developed: (1) more exact quantification of large fault tree, (2) importance measure including the effects of external PSA. As feasibility studies of Option 2 and 3, the class of 6 systems' SSC are re-classified based on the risk information and the sensitivity analyses is performed for the EDG starting time, respectively. It is also improved that the methodology to identify the vital area of NPP. The research results of this project can be used in the regulatory body and the industry projects for risk-informed applications

  4. Security threads: effective security devices in the past, present, and future

    Science.gov (United States)

    Wolpert, Gary R.

    2002-04-01

    Security threads were first used to secure banknotes in the mid 1800's. The key to their anti-counterfeiting success was the fact that by being embedded in the paper, they became an integral part of the banknote substrate. Today, all major currencies still utilize this effective security feature. Technological developments have allowed security threads to evolve from a feature authenticated by only visual means to devices that incorporate both visual and machine detectable components. When viewed from the perspective of a thread being a carrier of various security technologies and the fact that they can be incorporated into the core substrate of banknotes, documents, labels, packaging and some high valued articles, it is clear that security threads will remain as effective security devices well into the future. This paper discusses a brief historical background of security threads, current visual and machine authentication technologies incorporated into threads today and a look to the future of threads as effective security devices.

  5. Information Technology Security and Human Risk: Exploring Factors of Unintended Insider Threat and Organizational Resilience

    Science.gov (United States)

    Thompson, Eleanor Elizabeth

    2014-01-01

    That organizations face threats to the security of their computer systems from external hackers is well documented. Intentional or unintentional behaviors by organizational insiders can severely compromise computer security as well. Less is known, however, about the nature of this threat from insiders. The purpose of this study was to bridge this…

  6. Security analysis of Aspiro Music Platform, a digital music streaming service

    OpenAIRE

    Kachanovskiy, Roman

    2010-01-01

    The report is mainly based on recommendations given by the National Institute of Standards and Technology in special publication 800-30 ``Risk Management Guide for Information Technology Systems''. The risk analysis presented in this report emphasizes a qualitative approach. Firstly, the security requirements for Aspiro Music Platform were identified and classified by the level of importance. Secondly, potential threats to the system were discussed. In the next step the potential system ...

  7. SECURITY IN THE ERA OF MOBILE WIRELESS ENTERPRISES

    Directory of Open Access Journals (Sweden)

    STEGĂROIU CARINA-ELENA

    2014-02-01

    Full Text Available In modern times, the mobility of people and data are becoming essential to business. An important role in this development is played by wireless technology, but the risks to users of wireless technology have increased as the service has become more popular. As mobility and the use of smaller, personal devices increases, it is obvious that the security must be implemented as close to the source as possible, meaning in all end devices, but such solutions are difficult to deploy and very hard to manage. Wireless security is just an aspect of computer security, however organizations may be particularly vulnerable to security breaches. There are effective countermeasures (like disabling open switchports during switch configuration and VLAN configuration to limit network access that are available to protect both the network and the information it contains, but such countermeasures must be applied uniformly to all network devices. Consequently, a security policy must be described and written down to allow managers as well as technicians to react correctly to undesired circumstances

  8. The Risks of Strategic Decisions in the Sphere of Financial and Economic Security of Public-Private Partnership

    Directory of Open Access Journals (Sweden)

    Solodovnik Olesia O.

    2017-06-01

    Full Text Available The article is aimed at studying and substantiating the theoretical and methodological aspects of development, analysis and assessment of strategic decisions in the sphere of financial and economic security of public-private partnership (PPP in the context of the risks of their implementation. A study on the essence and characteristics of strategic decisions in the sphere of financial and economic security of PPP has led to the conclusion that each such decision should be considered and assessed in the context of the risks of its implementation, and the risk theory could be seen as the scientific basis for defining strategic alternatives and developing a criteria base for assessing them. The article proposes a list and systematization of the PPP risks that allow to: itemize the risks to the external and internal environment of PPP and to identify the prerequisites and sources of threats to the financial and economic interests of parties to the partnership; analyze and evaluate the strategic alternatives for risk distribution among partners in the context of implications for financial and economic security of PPP; determine the risks of achieving the objectives of the strategy for financial and economic security of PPP and to evaluate alternative strategies in terms of partners; account the potential occurrence and development of systemic risks and threats to the financial and economic security of PPP, as well as the use of complementary protective mechanisms; evaluate the results of a strategy to protect the financial and economic interests of parties to the PPP.

  9. The research on information security technology for the industrial control system of special equipment

    International Nuclear Information System (INIS)

    Chen Ligang; Liu Hongye; Zhang Wei; Sun Jianying; Lan Peng; Dai Sidan

    2014-01-01

    With the rapid development of information technology in enterprise application, industrial control network and management network is becoming more and more closely linked. Development and application of special equipment control system from the traditional industrial control system, not considered when designing communication security problem mainly, therefore, the industrial control system opened at the same time, isolation control system and the outside was weakened, the safety problems of industrial control system had become more and more serious. The practical application combined with the special equipment control system, analysis and elaboration in view of security problems for the control network, also, provide appropriate security solutions for professional characteristics of industrial control network, design on process control system specially, provide security partition protection scheme, in order to improve security ability of industrial control system information. (authors)

  10. Blockchain Technology: A new secured Electronic Health Record System

    OpenAIRE

    Tamazirt , Lotfi; Alilat , Farid; Agoulmine , Nazim

    2018-01-01

    International audience; Nowadays, health systems are looking for effective ways to manage more patients in a shorter time, and to increase the quality of care through better coordination to provide quick, accurate and non-invasive diagnostics to patients. This paper aims to solve the dependence on trusted third parties by proposing a new management strategy, storage and security in a decentralized network through Blockchain technology. The proposed system also aims to offer a solution to help...

  11. Quantifiably secure power grid operation, management, and evolution :

    Energy Technology Data Exchange (ETDEWEB)

    Gray, Genetha Anne.; Watson, Jean-Paul; Silva Monroy, Cesar Augusto; Gramacy, Robert B.

    2013-09-01

    This report summarizes findings and results of the Quantifiably Secure Power Grid Operation, Management, and Evolution LDRD. The focus of the LDRD was to develop decisionsupport technologies to enable rational and quantifiable risk management for two key grid operational timescales: scheduling (day-ahead) and planning (month-to-year-ahead). Risk or resiliency metrics are foundational in this effort. The 2003 Northeast Blackout investigative report stressed the criticality of enforceable metrics for system resiliency the grids ability to satisfy demands subject to perturbation. However, we neither have well-defined risk metrics for addressing the pervasive uncertainties in a renewable energy era, nor decision-support tools for their enforcement, which severely impacts efforts to rationally improve grid security. For day-ahead unit commitment, decision-support tools must account for topological security constraints, loss-of-load (economic) costs, and supply and demand variability especially given high renewables penetration. For long-term planning, transmission and generation expansion must ensure realized demand is satisfied for various projected technological, climate, and growth scenarios. The decision-support tools investigated in this project paid particular attention to tailoriented risk metrics for explicitly addressing high-consequence events. Historically, decisionsupport tools for the grid consider expected cost minimization, largely ignoring risk and instead penalizing loss-of-load through artificial parameters. The technical focus of this work was the development of scalable solvers for enforcing risk metrics. Advanced stochastic programming solvers were developed to address generation and transmission expansion and unit commitment, minimizing cost subject to pre-specified risk thresholds. Particular attention was paid to renewables where security critically depends on production and demand prediction accuracy. To address this

  12. Integrated Safety and Security Risk Assessment Methods: A Survey of Key Characteristics and Applications

    NARCIS (Netherlands)

    Chockalingam, Sabarathinam; Hadziosmanovic, D.; Pieters, Wolter; Texeira, Andre; van Gelder, Pieter

    2016-01-01

    Over the last years, we have seen several security incidents that compromised system safety, of which some caused physical harm to people. Meanwhile, various risk assessment methods have been developed that integrate safety and security, and these could help to address the corresponding threats by

  13. Gerald L. Epstein, PhD: director, center for science, technology, and security policy, American Association for the Advancement of Science (AAAS). Interview by Madeline Drexler.

    Science.gov (United States)

    Epstein, Gerald L

    2009-12-01

    Over his entire career, Gerald Epstein has toiled at the nexus of science, technology, and security. From 2003 to 2009, he was Senior Fellow for Science and Security at the Center for Strategic and International Studies Homeland Security Program, where he worked on reducing biological weapons threats, improving national preparedness, and easing potential tensions between the scientific research and national security communities. Epstein came to CSIS from the Institute for Defense Analyses. From 1996 to 2001, he served in the White House Office of Science and Technology Policy. And from 1983 to 1989, and again from 1991 until its demise in 1995, Epstein worked at the Congressional Office of Technology Assessment, where he directed a study on the proliferation of weapons of mass destruction, alongside research on other global security topics. A recognized expert in biological risk reduction, Epstein was actually trained as a physicist, having received SB degrees in physics and electrical engineering from MIT, and a PhD in physics from the University of California at Berkeley. How, then, did he come to study the evolving threat from bioterrorism? "What compelled me about bioterrorism was that it was a stellar example of a topic that would lead to a train wreck between the scientific community and the security community unless they figured out how to work together," he said. "The distance between a laboratory and a very large consequence event is a lot shorter in biology than in any other field. I got into bioterrorism to help make sure that the security community doesn't get so scared of the science that it shuts it down, and that the science community isn't so oblivious of security concerns that it pays no attention to them." Epstein spoke on November 6, 2009, with contributing writer Madeline Drexler, author of Emerging Epidemics: The Menace of New Infections (Penguin, 2009), an updated version of an earlier volume. Drexler holds a visiting appointment at the

  14. Computers, business, and security the new role for security

    CERN Document Server

    Schweitzer, James A

    1987-01-01

    Computers, Business, and Security: The New Role for Security addresses the professional security manager's responsibility to protect all business resources, with operating environments and high technology in mind. This book discusses the technological aspects of the total security programs.Organized into three parts encompassing 10 chapters, this book begins with an overview of how the developing information age is affecting business management, operations, and organization. This text then examines a number of vulnerabilities that arise in the process of using business computing and communicat

  15. Aspects regarding the implementation of information security standards in organizations

    Directory of Open Access Journals (Sweden)

    Mihai Bârsan

    2017-03-01

    Full Text Available Information security is one of the major challenges of the information and knowledge based society. The preoccupation of organizations to ensure the security of information in the digital environment has led to the emergence of specific standards in the field. Thus, ISO 27000 brings together reference standards in the field. Starting from ISO 27001, which summarizes policies and procedures on physical, legal and technological security risks, this paper looks at the steps the organization must undertake to implement the standards.

  16. Socio-Hydrological Observatory for Water Security (SHOWS): Examples of Adaptation Strategies With Next Challenges from Brazilian Risk Areas

    Science.gov (United States)

    Souza, F. A. A. D.; Mendiondo, E. M.; Taffarello, D.; Guzmán-Arias, D.; Fava, M. C.; Abreu, F.; Freitas, C. C.; de Macedo, M. B.; Estrada, C. R.; do Lago, C. A.

    2017-12-01

    In Brazil, more than 40,000 hot-spot areas, with vulnerable human settlements with ca. 120 million inhabitants and responsible of 60% of Brazilian Gross Net Product, are threatened by hydrological-driven disaster risks. In these areas, local resilient actions and adaptation strategies do integrate the current Brazilian Act and Regulation of Laws of urban waters, climate change and civil protection. However, these initiatives are still under slow progress, especially to cope with floods, landslides, droughts, progressive biodiversity losses and energy burnouts. Here we address these hot-spots through the concept of Socio-Hydrological Observatory for Water Security (SHOWS), with a mix of adaptation strategies, open-source, big data analysis and societal feedbacks. On the one hand, SHOWS merges strategies like the dynamic framework of water security (Srinivasan et al, 2017), drought risk mapping (Rossato et al, 2017) and water securitization under varying water demand and climate change until year 2100 (Mohor & Mendiondo, 2017; Guzmán-Arias et al, 2017). SHOWS acknowledges different perspectives of water insecurity, several spatiotemporal scales and regime shifts in socio-hydrologic systems. On the one hand, SHOWS links field monitoring during water insecurity hazards (Taffarello et al, 2016), ecosystem-based adaptation networks, and decision-making and big data sources to disaster management (Horita et al, 2017). By using selected examples from two Brazilian running interdisciplinary research aliances, i.e. CAPES-ProAlertas CEMADEN-CEPED/USP and the CNPq/FAPESP National Institute of Science & Technology on Climate Change-II Water Security, we also face the limits, the pros and cons of SHOWS' assumptions. Through real-cases paradoxes, (i.e. 2013/2014 drought), water dashboards and coevolution trends (i.e. impacts on river basin committees from scenarios until 2050, 2100 in NE & SE Brazil), SHOWS helps on guiding decisionmaking for next societal steps of water

  17. New flexible origination technology based on electron-beam lithography and its integration into security devices in combination with covert features based on DNA authentication

    Science.gov (United States)

    Drinkwater, John K.; Ryzi, Zbynek; Outwater, Chris S.

    2002-04-01

    Embossed diffractive optically variable devices are becoming increasingly familiar security items on plastic cards, banknotes, security documents and on branded goods and media to protect against counterfeit, protect copyright and to evidence tamper. Equally as this devices become both more widely available there is a pressing requirement for security technology upgrades to keep ahead of technology advances available to potential counterfeiters. This paper describes a new generation electron beam DOVID origination technology particularly suitable for high security applications. Covert marking of security devices is provided using the DNA matrix by creating and verifying unique DNA sequences. This integration of this into practical security features in combination with covert features based on DNA matrix authentication and other more straightforwardly authenticable features to provide multi- technology security solutions will be described.

  18. Development programs of cutting-edge technologies for measurement and detection of nuclear material for safeguards and security

    International Nuclear Information System (INIS)

    Seya, Michio; Wakabayashi, Shuji; Naoi, Yosuke; Ohkubo, Michiaki; Senzaki, Masao

    2011-01-01

    The Integrated Support Center for Nuclear Nonproliferation and Nuclear Security ('ISCN', hereafter) of Japan Atomic Energy Agency (JAEA) has development programs of cutting-edge technologies for measurement and detection of nuclear materials for nuclear safeguards and security, under the sponsorship of Japanese government (MEXT: Ministry of Education, Culture, Sports, Science and Technology). ISCN started development programs of the following technologies this year. (1) NRF (Nuclear Resonance Fluorescence) NDA technology using laser Compton scattering (LCS) gamma-rays, (2) Alternative to 3 He neutron detection technology using inorganic solid scintillator. ISCN is also going to conduct a demonstration test of a spent fuel Pu-NDA system that is to be developed by LANL (Los Alamos National Laboratory) using very sophisticated neutron measurement technologies, under JAEA/USDOE cooperation agreement. This presentation shows the above programs of ISCN. (author)

  19. PREFACE: 1st International Conference on Sensing for Industry, Control, Communication & Security Technologies

    Science.gov (United States)

    Shuja Syed, Ahmed

    2013-12-01

    The 1st International Conference on Sensing for Industry, Control, Communication & Security Technologies (ICSICCST-2013), took place in Karachi, Pakistan, from 24-26 June 2013. It was organized by Indus University, Karachi, in collaboration with HEJ Research Institute of Chemistry, University of Karachi, Karachi. More than 80 abstracts were submitted to the conference and were double blind-reviewed by an international scientific committee. The topics of the Conference were: Video, Image & Voice Sensing Sensing for Industry, Environment, and Health Automation and Controls Laser Sensors and Systems Displays for Innovative Applications Emerging Technologies Unmanned, Robotic, and Layered Systems Sensing for Defense, Homeland Security, and Law Enforcement The title of the conference, 'Sensing for Industry, Control, Communication & Security Technologies' is very apt in capturing the main issues facing the industry of Pakistan and the world. We believe the sensing industry, particularly in Pakistan, is currently at a critical juncture of its development. The future of the industry will depend on how the industry players choose to respond to the challenge of global competition and opportunities arising from strong growth in the Asian region for which we are pleased to note that the conference covered a comprehensive spectrum of issues with an international perspective. This will certainly assist industry players to make informed decisions in shaping the future of the industry. The conference gathered qualified researchers from developed countries like USA, UK, Sweden, Saudi Arabia, China, South Korea and Malaysia etc whose expertise resulting from the research can be drawn upon to build an exploitable area of new technology that has potential Defense, Homeland Security, and Military applicability. More than 250 researchers/students attended the event and made the event great success as the turnout was 100%. An exceptional line-up of speakers spoke at the occasion. We want

  20. Communicating Uncertainty about Climate Change for Application to Security Risk Management

    Science.gov (United States)

    Gulledge, J. M.

    2011-12-01

    The science of climate change has convincingly demonstrated that human activities, including the release of greenhouse gases, land-surface changes, particle emissions, and redistribution of water, are changing global and regional climates. Consequently, key institutions are now concerned about the potential social impacts of climate change. For example, the 2010 Quadrennial Defense Review Report from the U.S. Department of Defense states that "climate change, energy security, and economic stability are inextricably linked." Meanwhile, insured losses from climate and weather-related natural disasters have risen dramatically over the past thirty years. Although these losses stem largely from socioeconomic trends, insurers are concerned that climate change could exacerbate this trend and render certain types of climate risk non-diversifiable. Meanwhile, the climate science community-broadly defined as physical, biological, and social scientists focused on some aspect of climate change-remains largely focused scholarly activities that are valued in the academy but not especially useful to decision makers. On the other hand, climate scientists who engage in policy discussions have generally permitted vested interests who support or oppose climate policies to frame the discussion of climate science within the policy arena. Such discussions focus on whether scientific uncertainties are sufficiently resolved to justify policy and the vested interests overstate or understate key uncertainties to support their own agendas. Consequently, the scientific community has become absorbed defending scientific findings to the near exclusion of developing novel tools to aid in risk-based decision-making. For example, the Intergovernmental Panel on Climate Change (IPCC), established expressly for the purpose of informing governments, has largely been engaged in attempts to reduce unavoidable uncertainties rather than helping the world's governments define a science-based risk

  1. Privacy and Security in Mobile Health (mHealth) Research.

    Science.gov (United States)

    Arora, Shifali; Yttri, Jennifer; Nilse, Wendy

    2014-01-01

    Research on the use of mobile technologies for alcohol use problems is a developing field. Rapid technological advances in mobile health (or mHealth) research generate both opportunities and challenges, including how to create scalable systems capable of collecting unprecedented amounts of data and conducting interventions-some in real time-while at the same time protecting the privacy and safety of research participants. Although the research literature in this area is sparse, lessons can be borrowed from other communities, such as cybersecurity or Internet security, which offer many techniques to reduce the potential risk of data breaches or tampering in mHealth. More research into measures to minimize risk to privacy and security effectively in mHealth is needed. Even so, progress in mHealth research should not stop while the field waits for perfect solutions.

  2. Security Evolution.

    Science.gov (United States)

    De Patta, Joe

    2003-01-01

    Examines how to evaluate school security, begin making schools safe, secure schools without turning them into fortresses, and secure schools easily and affordably; the evolution of security systems into information technology systems; using schools' high-speed network lines; how one specific security system was developed; pros and cons of the…

  3. Development of Integrated Assessment Technology of Risk and Performance

    International Nuclear Information System (INIS)

    Yang, Jun Eon; Kang, Dae Il; Kang, Hyun Gook

    2010-04-01

    The main idea and contents are summarized as below 1) Development of new risk/performance assessment system innovating old labor-intensive risk assessment structure - New consolidated risk assessment technology from various hazard(flood, fire, seismic in NPP) - BOP model development for performance monitoring - Consolidated risk/performance management system for consistency and efficiency of NPP 2) Resolution technology for pending issues in PSA - Base technology for PSA of digital I and C system - Base technology for seismic PSA reflecting domestic seismic characteristics and aging effect - Uncertainty reduction technology for level 2 PSA and best estimation of containment failure frequency 3) Next generation risk/performance assessment technology - Human-induced error reduction technology for efficient operation of a NPP

  4. Selecting RMF Controls for National Security Systems

    Energy Technology Data Exchange (ETDEWEB)

    Witzke, Edward L. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)

    2015-08-01

    In 2014, the United States Department of Defense started tra nsitioning the way it performs risk management and accreditation of informatio n systems to a process entitled Risk Management Framework for DoD Information Technology or RMF for DoD IT. There are many more security and privacy contro ls (and control enhancements) from which to select in RMF, than there w ere in the previous Information Assurance process. This report is an attempt t o clarify the way security controls and enhancements are selected. After a brief overview and comparison of RMF for DoD I T with the previously used process, this report looks at the determination of systems as National Security Systems (NSS). Once deemed to be an NSS, this report addr esses the categorization of the information system with respect to impact level s of the various security objectives and the selection of an initial baseline o f controls. Next, the report describes tailoring the controls through the use of overl ays and scoping considerations. Finally, the report discusses organizatio n-defined values for tuning the security controls to the needs of the information system.

  5. Cyber Security for Smart Grid, Cryptography, and Privacy

    Directory of Open Access Journals (Sweden)

    Swapna Iyer

    2011-01-01

    Full Text Available The invention of “smart grid” promises to improve the efficiency and reliability of the power system. As smart grid is turning out to be one of the most promising technologies, its security concerns are becoming more crucial. The grid is susceptible to different types of attacks. This paper will focus on these threats and risks especially relating to cyber security. Cyber security is a vital topic, since the smart grid uses high level of computation like the IT. We will also see cryptography and key management techniques that are required to overcome these attacks. Privacy of consumers is another important security concern that this paper will deal with.

  6. The spectre of uncertainty in communicating technological risk

    Energy Technology Data Exchange (ETDEWEB)

    Broesius, Michael T. [Univ. of California, Livermore, CA (United States)

    1993-12-01

    The literature does not clearly describe the potential moral and ethical conflicts that can exist between technology sponsors and the technical communicators whose job it is to present potentially risky technology to the non-technical people most likely to be imperiled by such risk. Equally important, the literature does not address the issue of uncertainty -- not the uncertainty likely to be experienced by the community at risk, but the unreliable processes and methodologies used by technology sponsors to define, quantify, and develop strategies to mitigate technological risks. In this paper, the author goes beyond a description of risk communication, the nature of the generally predictable interaction between technology advocates and non-technically trained individuals, and current trends in the field. Although that kind of information is critical to the success of any risk communication activity, and he has included it when necessary to provide background and perspective, without knowing how and why risk assessment is done, it has limited practical applicability outside the sterile, value-free vacuum in which it is usually framed. Technical communicators, particularly those responsible for communicating potential technological risk, must also understand the social, political, economic, statistical, and ethical issues they will invariably encounter.

  7. Accident Precursor Analysis and Management: Reducing Technological Risk Through Diligence

    Science.gov (United States)

    Phimister, James R. (Editor); Bier, Vicki M. (Editor); Kunreuther, Howard C. (Editor)

    2004-01-01

    Almost every year there is at least one technological disaster that highlights the challenge of managing technological risk. On February 1, 2003, the space shuttle Columbia and her crew were lost during reentry into the atmosphere. In the summer of 2003, there was a blackout that left millions of people in the northeast United States without electricity. Forensic analyses, congressional hearings, investigations by scientific boards and panels, and journalistic and academic research have yielded a wealth of information about the events that led up to each disaster, and questions have arisen. Why were the events that led to the accident not recognized as harbingers? Why were risk-reducing steps not taken? This line of questioning is based on the assumption that signals before an accident can and should be recognized. To examine the validity of this assumption, the National Academy of Engineering (NAE) undertook the Accident Precursors Project in February 2003. The project was overseen by a committee of experts from the safety and risk-sciences communities. Rather than examining a single accident or incident, the committee decided to investigate how different organizations anticipate and assess the likelihood of accidents from accident precursors. The project culminated in a workshop held in Washington, D.C., in July 2003. This report includes the papers presented at the workshop, as well as findings and recommendations based on the workshop results and committee discussions. The papers describe precursor strategies in aviation, the chemical industry, health care, nuclear power and security operations. In addition to current practices, they also address some areas for future research.

  8. Alternative security

    International Nuclear Information System (INIS)

    Weston, B.H.

    1990-01-01

    This book contains the following chapters: The Military and Alternative Security: New Missions for Stable Conventional Security; Technology and Alternative Security: A Cherished Myth Expires; Law and Alternative Security: Toward a Just World Peace; Politics and Alternative Security: Toward a More Democratic, Therefore More Peaceful, World; Economics and Alternative Security: Toward a Peacekeeping International Economy; Psychology and Alternative Security: Needs, Perceptions, and Misperceptions; Religion and Alternative Security: A Prophetic Vision; and Toward Post-Nuclear Global Security: An Overview

  9. Spent Nuclear Fuel Alternative Technology Risk Assessment

    Energy Technology Data Exchange (ETDEWEB)

    Perella, V.F.

    1999-11-29

    A Research Reactor Spent Nuclear Fuel Task Team (RRTT) was chartered by the Department of Energy (DOE) Office of Spent Fuel Management with the responsibility to recommend a course of action leading to a final technology selection for the interim management and ultimate disposition of the foreign and domestic aluminum-based research reactor spent nuclear fuel (SNF) under DOE''s jurisdiction. The RRTT evaluated eleven potential SNF management technologies and recommended that two technologies, direct co-disposal and an isotopic dilution alternative, either press and dilute or melt and dilute, be developed in parallel. Based upon that recommendation, the Westinghouse Savannah River Company (WSRC) organized the SNF Alternative Technology Program to further develop the direct co-disposal and melt and dilute technologies and provide a WSRC recommendation to DOE for a preferred SNF alternative management technology. A technology risk assessment was conducted as a first step in this recommendation process to determine if either, or both, of the technologies posed significant risks that would make them unsuitable for further development. This report provides the results of that technology risk assessment.

  10. Spent Nuclear Fuel Alternative Technology Risk Assessment

    International Nuclear Information System (INIS)

    Perella, V.F.

    1999-01-01

    A Research Reactor Spent Nuclear Fuel Task Team (RRTT) was chartered by the Department of Energy (DOE) Office of Spent Fuel Management with the responsibility to recommend a course of action leading to a final technology selection for the interim management and ultimate disposition of the foreign and domestic aluminum-based research reactor spent nuclear fuel (SNF) under DOE''s jurisdiction. The RRTT evaluated eleven potential SNF management technologies and recommended that two technologies, direct co-disposal and an isotopic dilution alternative, either press and dilute or melt and dilute, be developed in parallel. Based upon that recommendation, the Westinghouse Savannah River Company (WSRC) organized the SNF Alternative Technology Program to further develop the direct co-disposal and melt and dilute technologies and provide a WSRC recommendation to DOE for a preferred SNF alternative management technology. A technology risk assessment was conducted as a first step in this recommendation process to determine if either, or both, of the technologies posed significant risks that would make them unsuitable for further development. This report provides the results of that technology risk assessment

  11. Satisfactions, Self-Efficacy, and Compliance in Mandatory Technology Settings

    Science.gov (United States)

    Devgan, Vipan

    2012-01-01

    Many organizations recognize employees as great assets in the efforts to reduce risk related to information security. Employee's compliance with information security rules and regulations of organization is the key to strengthening information security. It is crucial for organizations to understand factors affecting technology compliance to…

  12. Risk Management Technologies With Logic and Probabilistic Models

    CERN Document Server

    Solozhentsev, E D

    2012-01-01

    This book presents intellectual, innovative, information technologies (I3-technologies) based on logical and probabilistic (LP) risk models. The technologies presented here consider such models for structurally complex systems and processes with logical links and with random events in economics and technology.  The volume describes the following components of risk management technologies: LP-calculus; classes of LP-models of risk and efficiency; procedures for different classes; special software for different classes; examples of applications; methods for the estimation of probabilities of events based on expert information. Also described are a variety of training courses in these topics. The classes of risk models treated here are: LP-modeling, LP-classification, LP-efficiency, and LP-forecasting. Particular attention is paid to LP-models of risk of failure to resolve difficult economic and technical problems. Amongst the  discussed  procedures of I3-technologies  are the construction of  LP-models,...

  13. Climate change, nuclear risks and nuclear disarmament. From security threats to sustainable peace

    Energy Technology Data Exchange (ETDEWEB)

    Scheffran, Juergen [Hamburg Univ. (Germany). Research Group Climate Change and Security

    2009-07-01

    In the future, nuclear and climate risks may interfere with each other in a mutually enforcing way. Con-flicts induced by climate change could contribute to global insecurity and create more incentives for states to rely on military force, including nuclear weapons. Rather than being a direct cause of war, cli-mate change significantly affects the delicate balance between social and environmental systems in a way that could undermine human security and societal stability with potentially grave consequences for international security. Increased reliance on nuclear energy to reduce carbon emissions will contribute to the risks of nuclear proliferation. A renewed nuclear arms race would consume considerable resources and undermine the conditions for tackling the problem of climate change in a cooperative manner. Nuclear war itself would severely destabilize human societies and the environment, not to speak of the possibility of a nuclear winter that would disrupt the atmosphere. On the other hand, finding solutions to one problem area could help to find solutions in the other. Pre-venting the dangers of climate change and nuclear war requires an integrated set of strategies that ad-dress the causes as well as the impacts on the natural and social environment. Institutions are needed to strengthen common, ecological and human security, build and reinforce conflict-resolution mechanisms and low-carbon energy alternatives, and create sustainable lifecycles that respect the capabilities of the living world. This article examines the linkages between nuclear and climate risks, identifies areas where both threats converge, and offers an approach to move from living under these security threats to building sustain-able peace. By bringing to light the multidimensional interplay between climate change, nuclear risks and nuclear disarmament, this study aims to help the reader grasp their interconnectedness and recognize its critical implications for the strategic security

  14. Climate change, nuclear risks and nuclear disarmament. From security threats to sustainable peace

    International Nuclear Information System (INIS)

    Scheffran, Juergen

    2009-01-01

    In the future, nuclear and climate risks may interfere with each other in a mutually enforcing way. Con-flicts induced by climate change could contribute to global insecurity and create more incentives for states to rely on military force, including nuclear weapons. Rather than being a direct cause of war, cli-mate change significantly affects the delicate balance between social and environmental systems in a way that could undermine human security and societal stability with potentially grave consequences for international security. Increased reliance on nuclear energy to reduce carbon emissions will contribute to the risks of nuclear proliferation. A renewed nuclear arms race would consume considerable resources and undermine the conditions for tackling the problem of climate change in a cooperative manner. Nuclear war itself would severely destabilize human societies and the environment, not to speak of the possibility of a nuclear winter that would disrupt the atmosphere. On the other hand, finding solutions to one problem area could help to find solutions in the other. Pre-venting the dangers of climate change and nuclear war requires an integrated set of strategies that ad-dress the causes as well as the impacts on the natural and social environment. Institutions are needed to strengthen common, ecological and human security, build and reinforce conflict-resolution mechanisms and low-carbon energy alternatives, and create sustainable lifecycles that respect the capabilities of the living world. This article examines the linkages between nuclear and climate risks, identifies areas where both threats converge, and offers an approach to move from living under these security threats to building sustain-able peace. By bringing to light the multidimensional interplay between climate change, nuclear risks and nuclear disarmament, this study aims to help the reader grasp their interconnectedness and recognize its critical implications for the strategic security

  15. Security Events and Vulnerability Data for Cybersecurity Risk Estimation.

    Science.gov (United States)

    Allodi, Luca; Massacci, Fabio

    2017-08-01

    Current industry standards for estimating cybersecurity risk are based on qualitative risk matrices as opposed to quantitative risk estimates. In contrast, risk assessment in most other industry sectors aims at deriving quantitative risk estimations (e.g., Basel II in Finance). This article presents a model and methodology to leverage on the large amount of data available from the IT infrastructure of an organization's security operation center to quantitatively estimate the probability of attack. Our methodology specifically addresses untargeted attacks delivered by automatic tools that make up the vast majority of attacks in the wild against users and organizations. We consider two-stage attacks whereby the attacker first breaches an Internet-facing system, and then escalates the attack to internal systems by exploiting local vulnerabilities in the target. Our methodology factors in the power of the attacker as the number of "weaponized" vulnerabilities he/she can exploit, and can be adjusted to match the risk appetite of the organization. We illustrate our methodology by using data from a large financial institution, and discuss the significant mismatch between traditional qualitative risk assessments and our quantitative approach. © 2017 Society for Risk Analysis.

  16. Securing a better future for all: making a difference with nuclear technology

    International Nuclear Information System (INIS)

    Mohamad, Daud; )

    2014-01-01

    The IAEA is an inter-governmental organization and the world's centre of cooperation in the nuclear field. As per its mandate, the IAEA shall seek to accelerate and enlarge the contribution of atomic energy to peace, health and prosperity throughout the world. The IAEA executes its mandate on the basis of three pillars: nuclear verification and security, safety and technology transfer. Nuclear technologies and techniques can offer vital assistance in fighting disease, improving food security and safety, and studying and sustainably managing water resources and the environment. The IAEA's Department of Nuclear Sciences and Applications works to address these critical developmental needs by helping Member States to apply nuclear science and technology more effectively where they have a comparative advantage and can have substantial socio-economic impact. The scale of these needs is growing each day as the world's population and life expectancies increase, as global industry and migration multiply the populations of the world's cities and their demands for resources, and as these trends impact human disease, the availability of safe and sufficient supplies of food and water, the health of our terrestrial and marine ecosystems, and the variability of our climate. These are highly complex challenges, and nuclear science and technology, can make impactful contributions in helping Member States to respond to these challenges

  17. Security Engine Management of Router based on Security Policy

    OpenAIRE

    Su Hyung Jo; Ki Young Kim; Sang Ho Lee

    2007-01-01

    Security management has changed from the management of security equipments and useful interface to manager. It analyzes the whole security conditions of network and preserves the network services from attacks. Secure router technology has security functions, such as intrusion detection, IPsec(IP Security) and access control, are applied to legacy router for secure networking. It controls an unauthorized router access and detects an illegal network intrusion. This paper re...

  18. The Department of Energy's safeguards and security technology development program

    International Nuclear Information System (INIS)

    Smith, G.D.; Pocratsky, C.A.

    1995-01-01

    The US DOE has had a program that develops technologies to protect sensitive nuclear weapons facilities for more than thirty years. The mission of the program is overwhelmingly diverse, as it must be to protect an array of assets such as nuclear weapons, special nuclear material in various forms, components of nuclear weapons, and classified nuclear weapons design information. Considering that the nuclear weapons complex consists of dozens of facilities that are scattered all over the US, the technology development mission is very challenging. Complicating matters further is the ever uncertain future of the DOE. Some examples of dramatic Departmental mission changes that directly impact their security technology development program are given. A few development efforts are highlighted as examples of efforts currently being sponsored. They are: automated sensor testing devices to help reduce the requirement for personnel to enter vaults containing highly radioactive nuclear materials; a vehicle inspection portal to screen vehicles for hidden passengers, nuclear material, explosives, and other contraband; non-lead and short-range ammunition as an environmentally safe alternative to lead ammunition; a complex-wide visitor access control system to allow all DOE employees to travel to all sites with a commonly recognized credential; automated nuclear material monitoring technologies to provide assurance that material in storage has not been tampered with; laser radar as a potential solution to early warning deficiencies throughout the Department; performance testing standards for many security products to include an automated and consistent standard for assessing the quality of video; low temperature pyrotechnic smoke as a possible adversary delay mechanism; modular vaults to provide temporary protection for nuclear material during D and D activities, and a protection approach for restricted passage areas such as the volume above a tiled ceiling or within a crawl space

  19. Communications and information infrastructure security

    CERN Document Server

    Voeller, John G

    2014-01-01

    Communication and Information Systems Security features articles from the Wiley Handbook of Science and Technology for Homeland Security covering strategies for protecting the telecommunications sector, wireless security, advanced web based technology for emergency situations. Science and technology for critical infrastructure consequence mitigation are also discussed.

  20. Carboy Security Risk Analysis Model of I and C System Using Bayesian Network

    Energy Technology Data Exchange (ETDEWEB)

    Shin, Jinsoo; Heo, Gyunyoung [Kyung Hee Univ., Yongin (Korea, Republic of); Son, Hanseong [Joongbu Univ., Geumsan (Korea, Republic of); Park, Jaekwan [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of)

    2013-05-15

    The Korea Institute of Nuclear Safety (KINS) as a regulatory agency declares the R. G 8.22 for applying cyber security in Korea in 2011. In nuclear power industrial, ShinUljin 1, 2 unit and Shingori 3, 4 unit are demonstrating the cyber security for the first time. And in terms of research, the National Security Research Institute and the Korea Atomic Energy Research Institute are developing the nuclear power plant cyber security system in Korean. Currently, these cyber securities like regulation, demonstration and research are focused on nuclear power plant. However, cyber security is also important for the nuclear research reactor like a HANARO which is in Daejeon, primarily due to its characteristic as research reactor since since people access more than power plant. Analysis of the key elements of cyber security is possible to study through the activity-quality and architecture analysis model of cyber security. It is possible to analyze the extent reflected final risk by evaluating input score for each checklist. In this way, you can see an important checklist. Further, if the cyber-attack occurs, it is possible to provide an evidentiary material that is able to determine the key check element corresponding to each situation via a reverse calculation of BN. Finally, Utilization is possible to create a simulated penetratio test scenario according to each situation. Analysis of the key elements of cyber security is possible to study through the activity-quality and architecture analysis model of cyber security. It is possible to analyze the extent reflected in the final risk by evaluating input score for each checklist, in this way, you can see an important checklist. Furthermore, if the cyber-attack occurs, it is possible to provide an evidentiary material that enables to determine the key check element corresponding to each situation via a reverse calculation of BN. Finally, Utilization is possible to create a simulated penetration test scenario according to

  1. Carboy Security Risk Analysis Model of I and C System Using Bayesian Network

    International Nuclear Information System (INIS)

    Shin, Jinsoo; Heo, Gyunyoung; Son, Hanseong; Park, Jaekwan

    2013-01-01

    The Korea Institute of Nuclear Safety (KINS) as a regulatory agency declares the R. G 8.22 for applying cyber security in Korea in 2011. In nuclear power industrial, ShinUljin 1, 2 unit and Shingori 3, 4 unit are demonstrating the cyber security for the first time. And in terms of research, the National Security Research Institute and the Korea Atomic Energy Research Institute are developing the nuclear power plant cyber security system in Korean. Currently, these cyber securities like regulation, demonstration and research are focused on nuclear power plant. However, cyber security is also important for the nuclear research reactor like a HANARO which is in Daejeon, primarily due to its characteristic as research reactor since since people access more than power plant. Analysis of the key elements of cyber security is possible to study through the activity-quality and architecture analysis model of cyber security. It is possible to analyze the extent reflected final risk by evaluating input score for each checklist. In this way, you can see an important checklist. Further, if the cyber-attack occurs, it is possible to provide an evidentiary material that is able to determine the key check element corresponding to each situation via a reverse calculation of BN. Finally, Utilization is possible to create a simulated penetratio test scenario according to each situation. Analysis of the key elements of cyber security is possible to study through the activity-quality and architecture analysis model of cyber security. It is possible to analyze the extent reflected in the final risk by evaluating input score for each checklist, in this way, you can see an important checklist. Furthermore, if the cyber-attack occurs, it is possible to provide an evidentiary material that enables to determine the key check element corresponding to each situation via a reverse calculation of BN. Finally, Utilization is possible to create a simulated penetration test scenario according to

  2. Enacting Risk in Independent Technological Innovation

    DEFF Research Database (Denmark)

    Berglund, Henrik; Hellström, Tomas

    2002-01-01

    The present study aims at investigating the role of risk in the activity of independent technological venturing. Altogether, 12 deep-interviews were conducted with technological entrepreneurs, who had taken part in the inventive, developmental and the commercialisation phases of a technology......-based innovation process. The interviews revealed a number of enactment approaches through which these innovators encountered and affected (dealt with or transformed) risk within the innovation process. Factors thus developed from the empirical material included human capital, pace and priority, the world moves...... for the benefit of innovation management....

  3. Environmental and climate security: improving scenario methodologies for science and risk assessment

    Science.gov (United States)

    Briggs, C. M.; Carlsen, H.

    2010-12-01

    Governments and popular discussions have increasingly referred to concepts of ‘climate security’, often with reference to IPCC data. Development of effective methodologies to translate complex, scientific data into risk assessments has lagged, resulting in overly simplistic political assumptions of potential impacts. Climate security scenarios have been developed for use by security and military agencies, but effective engagement by scientific communities requires an improved framework. Effective use of data requires improvement both of climate projections, and the mapping of cascading impacts across interlinked, complex systems. In this research we propose a process for systematic generation of subsets of scenarios (of arbitrary size) from a given set of variables with possible interlinkages. The variables could include climatic changes as well as other global changes of concerns in a security context. In coping with possible challenges associated with the nexus of climate change and security - where deep structural uncertainty and possible irreversible changes are of primary interest - it is important to explore the outer limits of the relevant uncertainties. Therefore the proposed process includes a novel method that will help scenario developers in generating scenario sets where the scenarios are in a quantifiable sense maximally different and therefore best ‘span’ the whole set of scenarios. When downscaled onto a regional level, this process can provide guidance to potentially significant and abrupt geophysical changes, where high uncertainty has often prevented communication of risks. Potential physical changes can then be used as starting points for mapping cascading effects across networks, including topological analysis to identify critically vulnerable nodes and fragile systems, the existence of positive or negative feedback loops, and possible intervention points. Advanced knowledge of both potential geo-physical shifts and related non

  4. 21st Century Security Manager

    Directory of Open Access Journals (Sweden)

    Stelian ARION

    2010-11-01

    Full Text Available We live in world of uncertainty that generates major paradigms changing that affect security risk management. Modern organization’s security risks management can’t be done without a profound knowlegde and daily practice for security governance, security risk management and resilience. 21st Century security manager need to deal with several areas of konwledge in order to succesfully manage security risks. The document presents the advantages, disadvantages and challenges for security managers thah have government backgroud, or IT security backgroud, or are promoted from organization’s inside leaders. There are six different areas of knowledge that successful security programs of the future must incorporate, either in the knowledge base of their leaders or in the collective knowledge of the leading staff. They are government elements, security organization, emerging issue awareness, IT security, business elements and executive leadership.

  5. A Risk-Sensitive Portfolio Optimization Problem with Fixed Incomes Securities

    OpenAIRE

    Goel, Mayank; Kumar, K. Suresh

    2007-01-01

    We discuss a class of risk-sensitive portfolio optimization problems. We consider the portfolio optimization model investigated by Nagai in 2003. The model by its nature can include fixed income securities as well in the portfolio. Under fairly general conditions, we prove the existence of optimal portfolio in both finite and infinite horizon problems.

  6. 48 CFR 352.239-72 - Security requirements for Federal information technology resources.

    Science.gov (United States)

    2010-10-01

    ..., Security Self-Assessment Guide for Information Technology Systems and FIPS 200, on an annual basis. (C) HHS... basis, the Contractor shall provide to the Contracting Officer verification that the IT-SP remains valid... Contracting Officer verification that the IT-SC&A remains valid. Evidence of a valid system accreditation...

  7. Risk - interface between law and technology

    International Nuclear Information System (INIS)

    1982-01-01

    Due to the rapid developments of technology, the subject of this congress has received central significance. It basically deals with the question of how advantages created by technology can be utilized by simultaneously avoiding any possible disadvantages that may arise from them. In the first part of this meeting, engineers present their considerations concerning risk assessment and risk comparisons, while the second part deals with the significance of scientific standardization. The third part elaborates on the evaluation of technical risks from the legal point of view. (orig./HP) [de

  8. Research on information security system of waste terminal disposal process

    Science.gov (United States)

    Zhou, Chao; Wang, Ziying; Guo, Jing; Guo, Yajuan; Huang, Wei

    2017-05-01

    Informatization has penetrated the whole process of production and operation of electric power enterprises. It not only improves the level of lean management and quality service, but also faces severe security risks. The internal network terminal is the outermost layer and the most vulnerable node of the inner network boundary. It has the characteristics of wide distribution, long depth and large quantity. The user and operation and maintenance personnel technical level and security awareness is uneven, which led to the internal network terminal is the weakest link in information security. Through the implementation of security of management, technology and physics, we should establish an internal network terminal security protection system, so as to fully protect the internal network terminal information security.

  9. Training programs for the systems approach to nuclear security

    International Nuclear Information System (INIS)

    Ellis, Doris E.

    2005-01-01

    In support of the US Government and the International Atomic Energy Agency (IAEA) Nuclear Security Programmes, Sandia National Laboratories (SNL) has advocated and practiced a risk-based, systematic approach to nuclear security. The risk equation has been implemented as the basis for a performance methodology for the design and evaluation of Physical Protection Systems against a Design Basis Threat (DBT) for theft or sabotage of nuclear and/or radiological materials. Since integrated systems must include people as well as technology and the man-machine interface, a critical aspect of the human element is to train all stakeholders in nuclear security on the systems approach. Current training courses have been beneficial but are still limited in scope. SNL has developed two primary international courses and is completing development of three new courses that will be offered and presented in the near term. In the long-term, SNL envisions establishing a comprehensive nuclear security training curriculum that will be developed along with a series of forthcoming IAEA Nuclear Security Series guidance documents.

  10. Economic Evaluation of the Information Security Levels Achieved by Electric Energy Providers in North Arctic Region

    Science.gov (United States)

    Sushko, O. P.; Kaznin, A. A.; Babkin, A. V.; Bogdanov, D. A.

    2017-10-01

    The study we are conducting involves the analysis of information security levels achieved by energy providers operating in the North Arctic Region. We look into whether the energy providers’ current information security levels meet reliability standards and determine what further actions may be needed for upgrading information security in the context of the digital transformation that the world community is undergoing. When developing the information security systems for electric energy providers or selecting the protection means for them, we are governed by the fact that the assets to be protected are process technologies. While information security risk can be assessed using different methods, the evaluation of the economic damage from these risks appears to be a difficult task. The most probable and harmful risks we have identified when evaluating the electric energy providers’ information security will be used by us as variables. To provide the evaluation, it is necessary to calculate the costs relating to elimination of the risks identified. The final stage of the study will involve the development of an operation algorithm for the North Arctic Region’s energy provider’s business information protection security system - a set of information security services, and security software and hardware.

  11. Managing IT-related operational risks

    Directory of Open Access Journals (Sweden)

    Savić Ana

    2008-01-01

    Full Text Available Not so long ago, information technology (IT risk occupied a small corner of operational risk - the opportunity loss from a missed IT development deadline. Today, the success of an entire financial institution may lay on managing a broad landscape of IT risks. IT risk is a potential damage to an organization's value, resulting from inadequate managing of processes and technologies. IT risk includes the failure to respond to security and privacy requirements, as well as many other issues such as: human error, internal fraud through software manipulation, external fraud by intruders, obsolesce in applications and machines, reliability issues or mismanagement. The World Economic Forum provides best information about this problem. They rank a breakdown of critical information infrastructure among the most likely core global risks, with 10-20 % likelihood over the next 10 years and potential worldwide impact of $250 billion. Sustained investment in IT - almost $1.2 trillion or 29% of 2006 private-sector capital investment in the U.S. alone fuels growing exposure to IT risk. Greg Hughes, chief strategy officer in Symantec Corp. recently claimed "IT risk management is more than using technology to solve security problems. With proper planning and broad support, it can give an organization the confidence to innovate, using IT to outdistance competitors".

  12. A comprehensive Network Security Risk Model for process control networks.

    Science.gov (United States)

    Henry, Matthew H; Haimes, Yacov Y

    2009-02-01

    The risk of cyber attacks on process control networks (PCN) is receiving significant attention due to the potentially catastrophic extent to which PCN failures can damage the infrastructures and commodity flows that they support. Risk management addresses the coupled problems of (1) reducing the likelihood that cyber attacks would succeed in disrupting PCN operation and (2) reducing the severity of consequences in the event of PCN failure or manipulation. The Network Security Risk Model (NSRM) developed in this article provides a means of evaluating the efficacy of candidate risk management policies by modeling the baseline risk and assessing expectations of risk after the implementation of candidate measures. Where existing risk models fall short of providing adequate insight into the efficacy of candidate risk management policies due to shortcomings in their structure or formulation, the NSRM provides model structure and an associated modeling methodology that captures the relevant dynamics of cyber attacks on PCN for risk analysis. This article develops the NSRM in detail in the context of an illustrative example.

  13. Risk Informed Approach for Nuclear Security Measures for Nuclear and Other Radioactive Material out of Regulatory Control. Implementing Guide

    International Nuclear Information System (INIS)

    2015-01-01

    This publication provides guidance to States for developing a risk informed approach and for conducting threat and risk assessments as the basis for the design and implementation of sustainable nuclear security systems and measures for prevention of, detection of, and response to criminal and intentional unauthorised acts involving nuclear and other radioactive material out of regulatory control. It describes concepts and methodologies for a risk informed approach, including identification and assessment of threats, targets, and potential consequences; threat and risk assessment methodologies, and the use of risk informed approaches as the basis for informing the development and implementation of nuclear security systems and measures. The publication is an Implementing Guide within the IAEA Nuclear Security Series and is intended for use by national policy makers, law enforcement agencies and experts from competent authorities and other relevant organizations involved in the establishment, implementation, maintenance or sustainability of nuclear security systems and measures related to nuclear and other radioactive material out of regulatory control

  14. Cyber power crime, conflict and security in cyberspace

    CERN Document Server

    Ghernaouti, Solange

    2013-01-01

    Most books on cybercrime are written by national security or political experts, and rarely propose an integrated and comprehensive approach to cybercrime, cyber-terrorism, cyber-war and cyber-security. This work develops approaches to crucial cyber-security issues that are non-political, non-partisan, and non-governmental. It informs readers through high-level summaries and the presentation of a consistent approach to several cyber-risk related domains, both from a civilian and a military perspective. Explaining fundamental principles in an interdisciplinary manner, it sheds light on the societal, economic, political, military, and technical issues related to the use and misuse of information and communication technologies.

  15. Security concept in 'MyAngelWeb' a website for the individual patient at risk of emergency.

    Science.gov (United States)

    Pinciroli, F; Nahaissi, D; Boschini, M; Ferrari, R; Meloni, G; Camnasio, M; Spaggiari, P; Carnerone, G

    2000-11-01

    We describe the Security Plan for the 'MyAngelWeb' service. The different actors involved in the service are subject to different security procedures. The core of the security system is implemented at the host site by means of a DBMS and standard Information Technology tools. Hardware requirements for sustainable security are needed at the web-site construction sites. They are not needed at the emergency physician's site. At the emergency physician's site, a two-way authentication system (password and test phrase method) is implemented.

  16. Conseptual framework of ensuring food security in the Ural federal district

    Directory of Open Access Journals (Sweden)

    Aleksandr Samvelovich Beletskiy

    2011-12-01

    Full Text Available The paper reviews the risks and threats to food security of the Ural Federal District which can significantly reduce its the level. The most significant risks are grouped according to the following classification: macroeconomic, technological, climatic, agro-ecological and foreign trade risks. The main directions of economic policy of the Ural Federal District in the area of food security are defined. Particular attention is paid to the improvement of economic and physical availability of food for all groups of population and to the problems of formation of the state material reserves and food safety. Strategic development priorities in the field of agricultural and fishery products, raw materials and food, sustainable development of rural areas in the field of foreign policy are formulated. Conceptual bases for the implementation mechanism of economic policies to ensure food security in the region are suggested.

  17. Information technology as a tool for the Italian Institute of Social Security (INPS) in the management of social security and civil disability: Pro and cons.

    Science.gov (United States)

    Sammicheli, Michele; Scaglione, Marcella

    2018-01-01

    We examine, from a medical-legal perspective, the pro and cons of the information technology procedures that the Italian Institute of Social Security (INPS) has implemented to manage the provision of social disability assistance, meaning that separate from the payment of pension contributions, being welfare, anchored to an administrative requirement by way of the compulsory payment of a minimum social security contribution.

  18. Secure communication based on multi-input multi-output chaotic system with large message amplitude

    International Nuclear Information System (INIS)

    Zheng, G.; Boutat, D.; Floquet, T.; Barbot, J.P.

    2009-01-01

    This paper deals with the problem of secure communication based on multi-input multi-output (MIMO) chaotic systems. Single input secure communication based on chaos can be easily extended to multiple ones by some combinations technologies, however all the combined inputs possess the same risk to be broken. In order to reduce this risk, a new secure communication scheme based on chaos with MIMO is discussed in this paper. Moreover, since the amplitude of messages in traditional schemes is limited because it would affect the quality of synchronization, the proposed scheme is also improved into an amplitude-independent one.

  19. Anticipating Interruptions. Security and risk in a liberalized electricity infrastructure

    Energy Technology Data Exchange (ETDEWEB)

    Silvast, A.

    2013-11-01

    During the past ten years, a number of social scientists have emphasized the importance of material infrastructures like electricity supply as a research topic for the social sciences. The developing of such new perspectives concerning infrastructures also includes uncertainties and risks. This research analyzes the management of uncertainties in the Finnish electricity infrastructure by posing the following research question: how are electricity interruptions, or blackouts, anticipated in Finland and how are these interruptions managed as risks? The main research methodology of the work is multi-sited field work. The empirical materials include interviews with experts and lay people (33 interviews); participant observation in two electricity control rooms; an electricity consumer survey (115 respondents); and also a number of infrastructure and security policy documents and observations from electricity security seminars. The materials were primarily gathered between 2004 and 2008. Social science research often links risks with major current social changes or socio-cultural risk perceptions. In recent international social science discussions, however, a new research topic has emerged - those styles of reasoning and techniques of governance that are deployed to manage risk as a practical matter. My study explores these themes empirically by focusing on the specific habitual practices of risk management in the Finnish electricity infrastructure. The work develops various also semi-ethnographic inquiries into infrastructure risk techniques like monitor screening of real-time risks in electricity control rooms; the management of risks in a liberalized electricity market; the emergence of Finnish reasoning about blackouts from a specific historical background; and the ways in which electricity consumers respond to blackouts in their homes. In addition, the work reflects upon the position of a risk researcher in those situations when the research subjects do not define

  20. Sustainable Phosphorus Measures: Strategies and Technologies for Achieving Phosphorus Security

    Directory of Open Access Journals (Sweden)

    Stuart White

    2013-01-01

    Full Text Available Phosphorus underpins the world’s food systems by ensuring soil fertility, maximising crop yields, supporting farmer livelihoods and ultimately food security. Yet increasing concerns around long-term availability and accessibility of the world’s main source of phosphorus—phosphate rock, means there is a need to investigate sustainable measures to buffer the world’s food systems against the long and short-term impacts of global phosphorus scarcity. While the timeline of phosphorus scarcity is contested, there is consensus that more efficient use and recycling of phosphorus is required. While the agricultural sector will be crucial in achieving this, sustainable phosphorus measures in sectors upstream and downstream of agriculture from mine to fork will also need to be addressed. This paper presents a comprehensive classification of all potential phosphorus supply- and demand-side measures to meet long-term phosphorus needs for food production. Examples range from increasing efficiency in the agricultural and mining sector, to technologies for recovering phosphorus from urine and food waste. Such measures are often undertaken in isolation from one another rather than linked in an integrated strategy. This integrated approach will enable scientists and policy-makers to take a systematic approach when identifying potential sustainable phosphorus measures. If a systematic approach is not taken, there is a risk of inappropriate investment in research and implementation of technologies and that will not ultimately ensure sufficient access to phosphorus to produce food in the future. The paper concludes by introducing a framework to assess and compare sustainable phosphorus measures and to determine the least cost options in a given context.

  1. Got risk? risk-centric perspective for spacecraft technology decision-making

    Science.gov (United States)

    Feather, Martin S.; Cornford, Steven L.; Moran, Kelly

    2004-01-01

    A risk-based decision-making methodology conceived and developed at JPL and NASA has been used to aid in decision making for spacecraft technology assessment, adoption, development and operation. It takes a risk-centric perspective, through which risks are used as a reasoning step to interpose between mission objectives and risk mitigation measures.

  2. 6 CFR 27.205 - Determination that a chemical facility “presents a high level of security risk.”

    Science.gov (United States)

    2010-01-01

    ... 6 Domestic Security 1 2010-01-01 2010-01-01 false Determination that a chemical facility âpresents... SECURITY, OFFICE OF THE SECRETARY CHEMICAL FACILITY ANTI-TERRORISM STANDARDS Chemical Facility Security Program § 27.205 Determination that a chemical facility “presents a high level of security risk.” (a...

  3. Risk perception and environmental health concerns in conditions of social security threat

    International Nuclear Information System (INIS)

    Kolarova, D.

    1998-01-01

    Full text of publication follows: this study explores the connection between the perception of different societal risk, health concerns and behavioral attitudes of people in condition of social security threat. Two small and two big industrial towns were chosen in order to observe the social and psychological price of the structural changes in the industry such as unemployment and its reflection on the households and the individuals' social attitudes. Key stakeholders were interviewed and questionnaire survey was carried out. The results showed high level of risk sensitivity and health concerns when people felt threatened by lack of social and economic security. The pollution was found to be important problem when it caused direct and obvious risk to human health and the environment. In the same time reverse environmental behavior like insensitiveness and neglectful attitude was observed in cases when the health consequences of the pollution were perceived to be unclear and with delayed effect. In situation of a great socio-economic threat noninvolvement helped the individuals to adapt. The research proved the influence of several risk characteristics on risk perception. It was found a connection between the risk perception and risk controllability, voluntariness of exposure and cost/benefits distribution. In the study areas respondents' judgments on these characteristics reflected directly their social status and material state. The study presented here is in progress - it i's supported by research grant from Open Society Foundation. (author)

  4. Improving industrial process control systems security

    CERN Document Server

    Epting, U; CERN. Geneva. TS Department

    2004-01-01

    System providers are today creating process control systems based on remote connectivity using internet technology, effectively exposing these systems to the same threats as corporate computers. It is becoming increasingly difficult and costly to patch/maintain the technical infrastructure monitoring and control systems to remove these vulnerabilities. A strategy including risk assessment, security policy issues, service level agreements between the IT department and the controls engineering groups must be defined. In addition an increased awareness of IT security in the controls system engineering domain is needed. As consequence of these new factors the control system architectures have to take into account security requirements, that often have an impact on both operational aspects as well as on the project and maintenance cost. Manufacturers of industrial control system equipment do however also propose progressively security related solutions that can be used for our active projects. The paper discusses ...

  5. A global assessment of wildfire risks to human and environmental water security

    Science.gov (United States)

    Robinne, François-Nicolas; Parisien, Marc-André; Flannigan, Mike; Miller, Carol; Bladon, Kevin D.

    2017-04-01

    Extreme wildfire events extensively affect hydrosystem stability and generate an important threat to the reliability of the water supply for human and natural communities. While actively studied at the watershed scale, the development of a global vision of wildfire risk to water security has only been undertaken recently, pointing at potential water security concerns in an era of global changes. In order to address this concern, we propose a global-scale analysis of the wildfire risk to surface water supplies based on the Driving forces-Pressures-States-Impacts-Responses (DPSIR) framework. This framework relies on the cause-and-effect relationships existing between the five categories of the DPSIR chain. Based on the literature, we gathered an extensive set of spatial indicators relevant to fire-induced hydrological hazards and water consumption patterns by human and natural communities. Each indicator was assigned a DPSIR category. Then, we collapsed the information in each category using a principal component analysis in order to extract the most relevant pixel-based information provided by each spatial indicator. Finally, we compiled our five categories using an additive indexation process to produce a spatially-explicit index of the wildfire-water risk (WWR). For comparison purposes, we aggregated index scores by global hydrological regions, or hydrobelts, for analysis. Overall, our results show a distinct pattern of medium-to-high risk levels in areas where sizeable wildfire activity, water resources, and water consumption are concomitant, which mainly encompasses temperate and sub-tropical zones. A closer look at hydrobelts reveals differences in the factors driving the risk, with fire activity being the primary factor of risk in the circumboreal forest, and freshwater resource density being prevalent in tropical areas. We also identified major urban areas across the world whose source waters should be protected from extreme fire events, particularly when

  6. Water security, risk, and economic growth: Insights from a dynamical systems model

    Science.gov (United States)

    Dadson, Simon; Hall, Jim W.; Garrick, Dustin; Sadoff, Claudia; Grey, David; Whittington, Dale

    2017-08-01

    Investments in the physical infrastructure, human capital, and institutions needed for water resources management have been noteworthy in the development of most civilizations. These investments affect the economy in two distinct ways: (i) by improving the factor productivity of water in multiple economic sectors, especially those that are water intensive such as agriculture and energy and (ii) by reducing acute and chronic harmful effects of water-related hazards like floods, droughts, and water-related diseases. The need for capital investment to mitigate risks and promote economic growth is widely acknowledged, but prior conceptual work on the relationship between water-related investments and economic growth has focused on the productive and harmful roles of water in the economy independently. Here the two influences are combined using a simple, dynamical systems model of water-related investment, risk, and growth. In cases where initial water security is low, initial investment in water-related assets enables growth. Without such investment, losses due to water-related hazards exert a drag on economic growth and may create a poverty trap. The presence and location of the poverty trap is context-specific and depends on the exposure of productive water-related assets to water-related risk. Exogenous changes in water-related risk can potentially push an economy away from a growth path toward a poverty trap. Our investigation shows that an inverted-U-shaped investment relation between the level of investment in water security and the current level of water security leads to faster rates of growth than the alternatives that we consider here, and that this relation is responsible for the "S"-curve that is posited in the literature. These results illustrate the importance of accounting for environmental and health risks in economic models and offer insights for the design of robust policies for investment in water-related productive assets to manage risk, in the face

  7. IT Convergence and Security 2012

    CERN Document Server

    Chung, Kyung-Yong

    2013-01-01

    The proceedings approaches the subject matter with problems in technical convergence and convergences of security technology. This approach is new because we look at new issues that arise from techniques converging. The general scope of the proceedings content is convergence security and the latest information technology. The intended readership are societies, enterprises, and research institutes, and intended content level is mid- to highly educated personals. The most important features and benefits of the proceedings are the introduction of the most recent information technology and its related ideas, applications and problems related to technology convergence, and its case studies and finally an introduction of converging existing security techniques through convergence security. Overall, through the proceedings, authors will be able to understand the most state of the art information strategies and technologies of convergence security.

  8. Natural-technological risk assessment and management

    Science.gov (United States)

    Burova, Valentina; Frolova, Nina

    2016-04-01

    EM-DAT statistical data on human impact and economic damages in the 1st semester 2015 are the highest since 2011: 41% of disasters were floods, responsible for 39% of economic damage and 7% of events were earthquakes responsible for 59% of total death toll. This suggests that disaster risk assessment and management still need to be improved and stay the principle issue in national and international related programs. The paper investigates the risk assessment and management practice in the Russian Federation at different levels. The method is proposed to identify the territories characterized by integrated natural-technological hazard. The maps of the Russian Federation zoning according to the integrated natural-technological hazard level are presented, as well as the procedure of updating the integrated hazard level taking into account the activity of separate processes. Special attention is paid to data bases on past natural and technological processes consequences, which are used for verification of current hazard estimation. The examples of natural-technological risk zoning for the country and some regions territory are presented. Different output risk indexes: both social and economic, are estimated taking into account requirements of end-users. In order to increase the safety of population of the Russian Federation the trans-boundaries hazards are also taken into account.

  9. The Effect of Knowledge of Online Security Risks on Consumer Decision Making in B2C e-Commerce

    Science.gov (United States)

    Wang, Ping An

    2010-01-01

    This dissertation research studied how different degrees of knowledge of online security risks affect B2C (business-to-consumer) e-commerce consumer decision making. Online information security risks, such as identity theft, have increasingly become a major factor inhibiting the potential growth of e-commerce. On the other hand, e-commerce…

  10. ORDER SECURITY – NATIONAL SECURITY ADMINISTRATION. NATIONAL SECURITY DEFENSE AS SPECIAL ADMINISTRATION

    OpenAIRE

    Zoltán BALLA

    2009-01-01

    National security administration is the special executivedisposal activity of the national security agencies, the section of the state administration that helps the governmental work by reconnoitering and preventing with secret-servicing methods of the risks that shall harm or endanger the national security’s interests. The main operational principles of national security governing are the followings among others: - controlling the operation of national security organization belongs to the ex...

  11. Use of Persuasive Technology to Change End-Users- IT Security Aware Behaviour: A Pilot Study

    OpenAIRE

    Ai Cheo Yeo; Md. Mahbubur Rahim; Yin Ying Ren

    2008-01-01

    Persuasive technology has been applied in marketing, health, environmental conservation, safety and other domains and is found to be quite effective in changing people-s attitude and behaviours. This research extends the application domains of persuasive technology to information security awareness and uses a theory-driven approach to evaluate the effectiveness of a web-based program developed based on the principles of persuasive technology to improve the information sec...

  12. Creation of security engineering programs by the Southwest Surety Institute

    Science.gov (United States)

    Romero, Van D.; Rogers, Bradley; Winfree, Tim; Walsh, Dan; Garcia, Mary Lynn

    1998-12-01

    The Southwest Surety Institute includes Arizona State University (ASU), Louisiana State University (LSU), New Mexico Institute of Mining and Technology (NM Tech), New Mexico State University (NMSU), and Sandia National Laboratories (SNL). The universities currently offer a full spectrum of post-secondary programs in security system design and evaluation, including an undergraduate minor, a graduate program, and continuing education programs. The programs are based on the methodology developed at Sandia National Laboratories over the past 25 years to protect critical nuclear assets. The programs combine basic concepts and principles from business, criminal justice, and technology to create an integrated performance-based approach to security system design and analysis. Existing university capabilities in criminal justice (NMSU), explosives testing and technology (NM Tech and LSU), and engineering technology (ASU) are leveraged to provide unique science-based programs that will emphasize the use of performance measures and computer analysis tools to prove the effectiveness of proposed systems in the design phase. Facility managers may then balance increased protection against the cost of implementation and risk mitigation, thereby enabling effective business decisions. Applications expected to benefit from these programs include corrections, law enforcement, counter-terrorism, critical infrastructure protection, financial and medical care fraud, industrial security, and border security.

  13. Controller–Pilot Data Link Communication Security

    Science.gov (United States)

    Polishchuk, Tatiana; Wernberg, Max

    2018-01-01

    The increased utilization of the new types of cockpit communications, including controller–pilot data link communications (CPDLC), puts the airplane at higher risk of hacking or interference than ever before. We review the technological characteristics and properties of the CPDLC and construct the corresponding threat model. Based on the limitations imposed by the system parameters, we propose several solutions for the improved security of the data messaging communication used in air traffic management (ATM). We discuss the applicability of elliptical curve cryptography (ECC), protected aircraft communications addressing and reporting systems (PACARs) and the Host Identity Protocol (HIP) as possible countermeasures to the identified security threats. In addition, we consider identity-defined networking (IDN) as an example of a genuine security solution which implies global changes in the whole air traffic communication system. PMID:29783791

  14. Financial security

    NARCIS (Netherlands)

    de Goede, M.; Burgess, J.P.

    2010-01-01

    1. Introduction J. Peter Burgess Part 1: New Security Concepts 2. Civilizational Security Brett Bowden 3. Risk Oliver Kessler 4. Small Arms Keith Krause 5. Critical Human Security Taylor Owen 6. Critical Geopolitics Simon Dalby Part 2: New Security Subjects 7. Biopolitics Michael Dillon 8. Gendered

  15. Security Frameworks for Machine-to-Machine Devices and Networks

    Science.gov (United States)

    Demblewski, Michael

    Attacks against mobile systems have escalated over the past decade. There have been increases of fraud, platform attacks, and malware. The Internet of Things (IoT) offers a new attack vector for Cybercriminals. M2M contributes to the growing number of devices that use wireless systems for Internet connection. As new applications and platforms are created, old vulnerabilities are transferred to next-generation systems. There is a research gap that exists between the current approaches for security framework development and the understanding of how these new technologies are different and how they are similar. This gap exists because system designers, security architects, and users are not fully aware of security risks and how next-generation devices can jeopardize safety and personal privacy. Current techniques, for developing security requirements, do not adequately consider the use of new technologies, and this weakens countermeasure implementations. These techniques rely on security frameworks for requirements development. These frameworks lack a method for identifying next generation security concerns and processes for comparing, contrasting and evaluating non-human device security protections. This research presents a solution for this problem by offering a novel security framework that is focused on the study of the "functions and capabilities" of M2M devices and improves the systems development life cycle for the overall IoT ecosystem.

  16. Science, Technology, Engineering, and Mathematics (STEM) Education Reform to Enhance Security of the Global Cyberspace

    Science.gov (United States)

    2014-05-01

    towards cloud computing technologies and capabilities demand needs for developing new tools that work in ensemble to handle security challenges. A...programs with the schools and/or hire from their pool of students. Therefore, no real STEM standards exist at the tertiary and beyond levels of education ...successful in cyber operations and network security related jobs much early on into the new STEM education model pipeline. Subjects such as computer

  17. 77 FR 57072 - Proposed Information Collection; Comment Request; National Security and Critical Technology...

    Science.gov (United States)

    2012-09-17

    ..., DC 20230 (or via the Internet at [email protected] ). FOR FURTHER INFORMATION CONTACT: Requests for... techniques or other forms of information technology. Comments submitted in response to this notice will be... DEPARTMENT OF COMMERCE Bureau of Industry and Security Proposed Information Collection; Comment...

  18. Cyber security risk management: public policy implications of correlated risk, imperfect ability to prove loss, and observability of self-protection.

    Science.gov (United States)

    Oğüt, Hulisi; Raghunathan, Srinivasan; Menon, Nirup

    2011-03-01

    The correlated nature of security breach risks, the imperfect ability to prove loss from a breach to an insurer, and the inability of insurers and external agents to observe firms' self-protection efforts have posed significant challenges to cyber security risk management. Our analysis finds that a firm invests less than the social optimal levels in self-protection and in insurance when risks are correlated and the ability to prove loss is imperfect. We find that the appropriate social intervention policy to induce a firm to invest at socially optimal levels depends on whether insurers can verify a firm's self-protection levels. If self-protection of a firm is observable to an insurer so that it can design a contract that is contingent on the self-protection level, then self-protection and insurance behave as complements. In this case, a social planner can induce a firm to choose the socially optimal self-protection and insurance levels by offering a subsidy on self-protection. We also find that providing a subsidy on insurance does not provide a similar inducement to a firm. If self-protection of a firm is not observable to an insurer, then self-protection and insurance behave as substitutes. In this case, a social planner should tax the insurance premium to achieve socially optimal results. The results of our analysis hold regardless of whether the insurance market is perfectly competitive or not, implying that solely reforming the currently imperfect insurance market is insufficient to achieve the efficient outcome in cyber security risk management. © 2010 Society for Risk Analysis.

  19. Affect and Acceptability: Exploring Teachers' Technology-Related Risk Perceptions

    Science.gov (United States)

    Howard, Sarah K.

    2011-01-01

    Educational change, such as technology integration, involves risk. Teachers are encouraged to "take risks", but what risks they are asked to take and how do they perceive these risks? Developing an understanding of teachers' technology-related risk perceptions can help explain their choices and behaviours. This paper presents a way to…

  20. Applying the National Industrial Security Program (NISP) in the laboratory environment

    International Nuclear Information System (INIS)

    Bruckner, D.G.

    1995-01-01

    With continuing changes in the world safeguards and security environment the effectiveness of many laboratory operations depends on correctly assessing the risk to its programs and developing protection technologies, research and concepts of operations being employed by the scientific community. This paper explores the opportunities afforded by the National Industrial Security Program (NISP) to uniformly and simply protect Laboratory security assets, sensitive and classified information and matter, during all aspects of a laboratory program. The developments in information systems, program security, physical security and access controls suggest an industrial security approach. This paper's overall objective is to indicate that the Laboratory environment is particularly well suited to take advantage being pursued by NISP and the performance objectives of the new DOE orders

  1. Truck shipment risks for assessing hazardous materials - a new paradigm incorporating safety and security

    Energy Technology Data Exchange (ETDEWEB)

    Greenberg, A.; McSweeney, T.; Allen, J.; Lepofsky, M. [Battelle Memorial Inst., Columbus, OH (United States); Abkowitz, M. [Dept. of Civil Engineering, Vanderbilt Univ., Nashville, TN (United States)

    2004-07-01

    Recent terrorist events, most notably September 11, 2001, have taught us that transportation risk management must be performed with a different lens to accommodate terrorism scenarios that would have previously been considered unlikely to warrant serious attention. Given these circumstances, a new paradigm is needed for managing the risks associated with highway transport of hazardous materials. In particular, this paradigm must: 1) more explicitly consider security threat and vulnerability, and 2) integrate security considerations into an overall framework for addressing natural and man-made disasters, be they accidental or planned. This paper summarizes the results of a study sponsored by the U.S. Department of Transportation, Federal Motor Carrier Safety Administration for the purpose of exploring how a paradigm might evolve in which both safety and security risks can be evaluated as a systematic, integrated process. The work was directed at developing a methodology for assessing the impacts of hazardous materials safety and security incident consequences when transported by highway. This included consideration of the manner in which these materials could be involved in initiating events as well as potential outcomes under a variety of release conditions. The methodology is subsequently applied to various classes of hazardous materials to establish an economic profile of the impacts that might be expected if a major release were to occur. The paper concludes with a discussion of the findings and implications associated with this effort.

  2. Truck shipment risks for assessing hazardous materials - a new paradigm incorporating safety and security

    International Nuclear Information System (INIS)

    Greenberg, A.; McSweeney, T.; Allen, J.; Lepofsky, M.; Abkowitz, M.

    2004-01-01

    Recent terrorist events, most notably September 11, 2001, have taught us that transportation risk management must be performed with a different lens to accommodate terrorism scenarios that would have previously been considered unlikely to warrant serious attention. Given these circumstances, a new paradigm is needed for managing the risks associated with highway transport of hazardous materials. In particular, this paradigm must: 1) more explicitly consider security threat and vulnerability, and 2) integrate security considerations into an overall framework for addressing natural and man-made disasters, be they accidental or planned. This paper summarizes the results of a study sponsored by the U.S. Department of Transportation, Federal Motor Carrier Safety Administration for the purpose of exploring how a paradigm might evolve in which both safety and security risks can be evaluated as a systematic, integrated process. The work was directed at developing a methodology for assessing the impacts of hazardous materials safety and security incident consequences when transported by highway. This included consideration of the manner in which these materials could be involved in initiating events as well as potential outcomes under a variety of release conditions. The methodology is subsequently applied to various classes of hazardous materials to establish an economic profile of the impacts that might be expected if a major release were to occur. The paper concludes with a discussion of the findings and implications associated with this effort

  3. Center for computer security: Computer Security Group conference. Summary

    Energy Technology Data Exchange (ETDEWEB)

    None

    1982-06-01

    Topics covered include: computer security management; detection and prevention of computer misuse; certification and accreditation; protection of computer security, perspective from a program office; risk analysis; secure accreditation systems; data base security; implementing R and D; key notarization system; DOD computer security center; the Sandia experience; inspector general's report; and backup and contingency planning. (GHT)

  4. Security dialogues: building better relationships between security and business

    OpenAIRE

    Ashenden, Debi; Lawrence, Darren

    2016-01-01

    In the real world, there's often a discrepancy between an organization's mandated security processes and what actually happens. The social practice of security flourishes in the space between and around formal organizational security processes. By recognizing the value of risk management as a communication tool, security practitioners can tap opportunities to improve the security dialogue with staff.

  5. Discursive Overlap and Conflictive Fragmentation of Risk and Security in the Geopolitics of Energy

    Directory of Open Access Journals (Sweden)

    Julio E. Rubio

    2013-03-01

    Full Text Available As it touches all aspects of human activity and society in general, energy has become an object of discourse. Two main discourses have formed on the use of energy: risk discourse and security discourse. While environmental changes and oil depletion continue, a new application for the term security has appeared: energy security. This concept can be interpreted within the terms of risk discourse, which is oriented towards rational consensus and decision making, or as an exercise of power, sovereignty and hegemony. The boundaries between interpretations are often unclear. Thus, in an institutional framework that has fragmented principles, norms and rules, opposing discourses will overlap. Political agents and institutions deploy strategies based on these discourses. With this overlapping of discourses, the performative powers of different institutions clash, thus creating conflictive fragmentation in a governance architecture. The purpose of this investigation is to analyze the use of, replication of, and ambiguities surrounding the concept of energy security, so as to understand how and why these discourses overlap and the profound consequences that this overlap may have for present and future energy use, environmental negotiations, and political climate.

  6. The House of Security: Stakeholder Perceptions of Security Assessment and Importance

    OpenAIRE

    Ang, Wee Horng; Deng, Vicki; Lee, Yang; Madnick, Stuart; Mistree, Dinsha; Siegel, Michael; Strong, Diane

    2007-01-01

    In this paper we introduce a methodology for analyzing differences regarding security perceptions within and between stakeholders, and the elements which affect these perceptions. We have designed the €܈ouse of Security€ݬ a security assessment model that provides the basic framework for considering eight different constructs of security: Vulnerability, Accessibility, Confidentiality, Technology Resources for Security, Financial Resources for Security, Business Strategy for Security, Secur...

  7. Symmetry in Social Construction during ERP Implementation: A Systems Security Perspective

    Directory of Open Access Journals (Sweden)

    Kennedy Njenga

    2014-03-01

    Full Text Available The principle of symmetry in enterprise resource planning (ERP systems implementation holds that the researcher should deploy impartial explanation in cases of success as in cases of failure. This article examines the symmetry intrinsic in social construction within the various stages of the ERP development life cycle, from initiation to implementation. Discourse on symmetry focuses on whether social constructs are able to influence ERP implementation positively (success or negatively (failure and whether this exposes ERP systems to information security risk. The theoretical lens of social construction of technology (SCOT theory, a theory premised on social interaction between agents and technology artefacts, is applied for this purpose. The research was quantitative with a survey having been conducted on information technology (IT and information security (IS practitioners. Results of the study highlight the significant role social construction plays because of the direct linkage it has with the implementation of information security controls in ERP systems.  The research delineated five social constructs, namely positional influence, reward influence, coercive influence, expert influence and referent influence. For purposes of this research and on the sampling criteria applied, the construct ‘expert influence’, a typology of social construction, is shown to be more domineering than other typologies of social construction and is seen as providing symmetrical balance between governing ERP security (success and risk (failure. Implications of these results for theory and practice are discussed in the main article.

  8. Food security and cardiovascular disease risk among adults in the United States: findings from the National Health and Nutrition Examination Survey, 2003-2008.

    Science.gov (United States)

    Ford, Earl S

    2013-12-05

    Little is known about the relationship between food security status and predicted 10-year cardiovascular disease risk. The objective of this study was to examine the associations between food security status and cardiovascular disease risk factors and predicted 10-year risk in a national sample of US adults. A cross-sectional analysis using data from 10,455 adults aged 20 years or older from the National Health and Nutrition Examination Survey 2003-2008 was conducted. Four levels of food security status were defined by using 10 questions. Among all participants, 83.9% had full food security, 6.7% had marginal food security, 5.8% had low food security, and 3.6% had very low food security. After adjustment, mean hemoglobin A1c was 0.15% greater and mean concentration of C-reactive protein was 0.8 mg/L greater among participants with very low food security than among those with full food security. The adjusted mean concentration of cotinine among participants with very low food security was almost double that of participants with full food security (112.8 vs 62.0 ng/mL, P security status and systolic blood pressure or concentrations of total cholesterol, high-density lipoprotein cholesterol, or non-high-density lipoprotein cholesterol were observed. Participants aged 30 to 59 years with very low food security were more likely to have a predicted 10-year cardiovascular disease risk greater than 20% than fully food secure participants (adjusted prevalence ratio, 2.38; 95% CI, 1.31-4.31). Adults aged 30 to 59 years with very low food security showed evidence of increased predicted 10-year cardiovascular disease risk.

  9. Using Financial Instruments to Transfer the Information Security Risks

    OpenAIRE

    Pankaj Pandey; Einar Snekkenes

    2016-01-01

    For many individuals and organizations, cyber-insurance is the most practical and only way of handling a major financial impact of an information security event. However, the cyber-insurance market suffers from the problem of information asymmetry, lack of product diversity, illiquidity, high transaction cost, and so on. On the other hand, in theory, capital market-based financial instruments can provide a risk transfer mechanism with the ability to absorb the adverse impact of an information...

  10. LI-FI TECHNOLOGY AND THE NEW CONCEPT OF DATA TRANSFER SECURITY

    Directory of Open Access Journals (Sweden)

    Ramona DUMITRAȘCU

    2017-05-01

    Full Text Available Li-Fi is a wireless technology that transmits high-speed data using visible light communication (VLC, it can achieve speeds of 224 gigabits per second in the lab. The potential Li-Fi technology can change a lot in virtual word considering it can provide transmission at 1 GB per second - that's 100 times faster than current average Wi-Fi speeds. By flickering the light from a single LED, Li-Fi technology can transmit far more data than a cellular tower, using Visible Light Communication (VLC technology - a medium that uses visible light between 400 and 800 terahertz (THz. It works basically like an incredibly advanced form of Morse code - flicking an LED on and off at extreme speeds and can be used to write and transmit things in binary code. The benefit of Li-Fi over Wi-Fi, other than potentially much faster speeds, is that because light cannot pass through walls, it makes it a whole lot more secure.

  11. Framework for generating expert systems to perform computer security risk analysis

    International Nuclear Information System (INIS)

    Smith, S.T.; Lim, J.J.

    1985-01-01

    At Los Alamos we are developing a framework to generate knowledge-based expert systems for performing automated risk analyses upon a subject system. The expert system is a computer program that models experts' knowledge about a topic, including facts, assumptions, insights, and decision rationale. The subject system, defined as the collection of information, procedures, devices, and real property upon which the risk analysis is to be performed, is a member of the class of systems that have three identifying characteristics: a set of desirable assets (or targets), a set of adversaries (or threats) desiring to obtain or to do harm to the assets, and a set of protective mechanisms to safeguard the assets from the adversaries. Risk analysis evaluates both vulnerability to and the impact of successful threats against the targets by determining the overall effectiveness of the subject system safeguards, identifying vulnerabilities in that set of safeguards, and determining cost-effective improvements to the safeguards. As a testbed, we evaluate the inherent vulnerabilities and risks in a system of computer security safeguards. The method considers safeguards protecting four generic targets (physical plant of the computer installation, its hardware, its software, and its documents and displays) against three generic threats (natural hazards, direct human actions requiring the presence of the adversary, and indirect human actions wherein the adversary is not on the premises-perhaps using such access tools as wiretaps, dialup lines, and so forth). Our automated procedure to assess the effectiveness of computer security safeguards differs from traditional risk analysis methods

  12. Exploring the Application of Shared Ledger Technology to Safeguards and other National Security Topics

    Energy Technology Data Exchange (ETDEWEB)

    Frazar, Sarah L.; Winters, Samuel T.; Kreyling, Sean J.; Joslyn, Cliff A.; West, Curtis L.; Schanfein, Mark J.; Sayre, Amanda M.

    2017-07-17

    In 2016, the Office of International Nuclear Safeguards at the National Nuclear Security Administration (NNSA) within the Department of Energy (DOE) commissioned the Pacific Northwest National Laboratory (PNNL) to explore the potential implications of the digital currency bitcoin and its underlying technologies on the safeguards system. The authors found that one category of technologies referred to as Shared Ledger Technology (SLT) offers a spectrum of benefits to the safeguards system. While further research is needed to validate assumptions and findings in the paper, preliminary analysis suggests that both the International Atomic Energy Agency (IAEA) and Member States can use SLT to promote efficient, effective, accurate, and timely reporting, and increase transparency in the safeguards system without sacrificing confidentiality of safeguards data. This increased transparency and involvement of Member States in certain safeguards transactions could lead to increased trust and cooperation among States and the public, which generates a number of benefits. This paper describes these benefits and the analytical framework for assessing SLT applications for specific safeguards problems. The paper will also describe other national security areas where SLT could provide benefits.

  13. Problems in the communication of technological risks

    International Nuclear Information System (INIS)

    Wiedemann, P.M.; Hennen, L.

    1989-01-01

    The authors discuss the problems in the communication of technological risks. They show that - contrary to a current popular belief - acceptance problems are not attributable to information deficits: such problems are caused rather by the fact that risks are perceived differently by the various groups in science, industry, politics and the larger public. Nevertheless, improved information about technology may help to find acceptable compromises and, thus, to prevent social conflicts to erupt over technology and to geopardize the basic political consensus. (orig.) [de

  14. Multi-risk infants: predicting attachment security from sociodemographic, psychosocial, and health risk among African-American preterm infants.

    Science.gov (United States)

    Candelaria, Margo; Teti, Douglas M; Black, Maureen M

    2011-08-01

    Ecological and transactional theories link child outcomes to accumulated risk. This study hypothesized that cumulative risk was negatively related to attachment, and that maternal sensitivity mediated linkages between risk and attachment. One hundred and twelve high-risk African-American premature infant-mother dyads participated. Psychosocial (maternal depression, stress and self-efficacy) and sociodemographic risk (poverty, maternal education, marital status) were maternal self-report (0-4 months). Infant health risk was obtained from hospital charts. Infant-mother attachment (12 months) and maternal sensitivity (4 months) were assessed with Q-sort measures. Psychosocial and sociodemographic risk, but not infant health risk, negatively related to attachment. Both were mediated by maternal sensitivity. The impact of risk domains on attachment security was mediated by maternal sensitivity. Results emphasize the need for early intervention programs targeting premature infants to identify and address environmental and personal factors that place parenting at risk. © 2011 The Authors. Journal of Child Psychology and Psychiatry © 2011 Association for Child and Adolescent Mental Health.

  15. Discussion and acceptance of technology-induced risks

    International Nuclear Information System (INIS)

    Esser, R.

    1986-01-01

    The Gesellschaft fuer Sicherheitswissenschaft (GfS) chose as the main topic of its 7th International Summer Symposium held from May 26-28, 1986 the question of how our highly industrialized society, which not only lives on industry's efficiency, but also has to live with its technological risks, copes with this challenge. About 200 experts gathered for the seminar and discussed about 30 lectures presented, dealing with subjects such as: Technological risks between law and practice; - Risk minimization as a public good; - Risks and related problems, and safety science; - Do the institutionalized procedures create more safety. (orig./HP) [de

  16. Technology development risk assessment and mixed interests

    International Nuclear Information System (INIS)

    Borrelli, G.; Sartori, S.

    1992-05-01

    The main purpose of this work is to demonstrate by means of a critical analysis of the state-of-the-art in technological and environmental risk analysis and decision making, that risk and environmental management decisions involve heterogeneous groups of social actors, each representing conflicting interests. It is argued that risk analyses should therefore be based on social interaction and communication paradigma, as well as, on a new rational way of thinking concerning the optimum choice of suitable technological development strategies leading towards a publicly acceptable balance between national energy-economic strategic necessities and social and individual perception of risk

  17. Technological stigmatism, risk perception, and truth

    International Nuclear Information System (INIS)

    Garrick, B.John

    1998-01-01

    Technological stigmas can be a source of confusion and misunderstandings of the effect on public health and safety of technological activities. The result can be a gross waste of national resources to fix the 'stigma' rather than the real problem. Fueling technological stigmas has become a visible activity, especially among non-technical professionals. Further, it is not clear that these same critics are accountable for their influence on policy and practices that may adversely affect people's lives and financial resources. Their bad news of alleged high risk and incompetent technologists is more appealing to the press than the more technical and apparently boring news of finding engineering solutions to real problems. The issue of technological stigma is especially visible in relation to the environmental and safety effects of the nuclear and chemical industries. These industries are in an extremely defensive position because the stigmatizes put much more emphasis on their risks than on their benefits to society. There is the genuine threat of the denial of important technologies in the nuclear and chemical fields and a resulting loss of lives and resources. The actions required to better tell the whole cost-risk-benefit story of specific technologies have to come from all of the groups involved. The critics and stigmatizers need to be more accountable for their assertions, the technologists need to involve the public more in their consideration of technological solutions to environmental and safety issues, and the press needs to present all of the facts rather than just the sensational or 'outrage' part of the story

  18. Methodology for Applying Cyber Security Risk Evaluation from BN Model to PSA Model

    Energy Technology Data Exchange (ETDEWEB)

    Shin, Jin Soo; Heo, Gyun Young [Kyung Hee University, Youngin (Korea, Republic of); Kang, Hyun Gook [KAIST, Dajeon (Korea, Republic of); Son, Han Seong [Joongbu University, Chubu (Korea, Republic of)

    2014-08-15

    There are several advantages to use digital equipment such as cost, convenience, and availability. It is inevitable to use the digital I and C equipment replaced analog. Nuclear facilities have already started applying the digital system to I and C system. However, the nuclear facilities also have to change I and C system even though it is difficult to use digital equipment due to high level of safety, irradiation embrittlement, and cyber security. A cyber security which is one of important concerns to use digital equipment can affect the whole integrity of nuclear facilities. For instance, cyber-attack occurred to nuclear facilities such as the SQL slammer worm, stuxnet, DUQU, and flame. The regulatory authorities have published many regulatory requirement documents such as U.S. NRC Regulatory Guide 5.71, 1.152, IAEA guide NSS-17, IEEE Standard, and KINS Regulatory Guide. One of the important problem of cyber security research for nuclear facilities is difficulty to obtain the data through the penetration experiments. Therefore, we make cyber security risk evaluation model with Bayesian network (BN) for nuclear reactor protection system (RPS), which is one of the safety-critical systems to trip the reactor when the accident is happened to the facilities. BN can be used for overcoming these problems. We propose a method to apply BN cyber security model to probabilistic safety assessment (PSA) model, which had been used for safety assessment of system, structure and components of facility. The proposed method will be able to provide the insight of safety as well as cyber risk to the facility.

  19. Methodology for Applying Cyber Security Risk Evaluation from BN Model to PSA Model

    International Nuclear Information System (INIS)

    Shin, Jin Soo; Heo, Gyun Young; Kang, Hyun Gook; Son, Han Seong

    2014-01-01

    There are several advantages to use digital equipment such as cost, convenience, and availability. It is inevitable to use the digital I and C equipment replaced analog. Nuclear facilities have already started applying the digital system to I and C system. However, the nuclear facilities also have to change I and C system even though it is difficult to use digital equipment due to high level of safety, irradiation embrittlement, and cyber security. A cyber security which is one of important concerns to use digital equipment can affect the whole integrity of nuclear facilities. For instance, cyber-attack occurred to nuclear facilities such as the SQL slammer worm, stuxnet, DUQU, and flame. The regulatory authorities have published many regulatory requirement documents such as U.S. NRC Regulatory Guide 5.71, 1.152, IAEA guide NSS-17, IEEE Standard, and KINS Regulatory Guide. One of the important problem of cyber security research for nuclear facilities is difficulty to obtain the data through the penetration experiments. Therefore, we make cyber security risk evaluation model with Bayesian network (BN) for nuclear reactor protection system (RPS), which is one of the safety-critical systems to trip the reactor when the accident is happened to the facilities. BN can be used for overcoming these problems. We propose a method to apply BN cyber security model to probabilistic safety assessment (PSA) model, which had been used for safety assessment of system, structure and components of facility. The proposed method will be able to provide the insight of safety as well as cyber risk to the facility

  20. VOIP for Telerehabilitation: A Risk Analysis for Privacy, Security, and HIPAA Compliance

    Science.gov (United States)

    Watzlaf, Valerie J.M.; Moeini, Sohrab; Firouzan, Patti

    2010-01-01

    Voice over the Internet Protocol (VoIP) systems such as Adobe ConnectNow, Skype, ooVoo, etc. may include the use of software applications for telerehabilitation (TR) therapy that can provide voice and video teleconferencing between patients and therapists. Privacy and security applications as well as HIPAA compliance within these protocols have been questioned by information technologists, providers of care and other health care entities. This paper develops a privacy and security checklist that can be used within a VoIP system to determine if it meets privacy and security procedures and whether it is HIPAA compliant. Based on this analysis, specific HIPAA criteria that therapists and health care facilities should follow are outlined and discussed, and therapists must weigh the risks and benefits when deciding to use VoIP software for TR. PMID:25945172